Creating an aggregated interface

You can combine multiple physical interfaces into one logical interface. Aggregated interfaces allow for increased bandwidth, load balancing and high availability.

You can add up to 48 interfaces to an aggregated interface.

For interfaces that are part of an aggregated interface, you can change only the description and status.

You can create up to 8 aggregated interfaces.

You can create an aggregated interface in a network template or on a Kaspersky NGFW device: An aggregated interface created in a network template is automatically created on all devices that use this template.

To create an aggregated interface:

  1. In the main menu of the Open Single Management Platform Console, go to the Application & Services → NGFW section.
  2. Create an aggregated interface in one of the following ways:
    • If you want to create an aggregated interface in a device template, in the menu, select the Network templates tab, click the device template, and select the Interfaces section.
    • If you want to create an aggregated interface on a Kaspersky NGFW device, select the Devices tab in the menu, click a Kaspersky NGFW device and select the Interfaces section.

    The table of network interfaces is displayed.

  3. Click Create.

    This opens the interface creation window with the General tab selected.

  4. Set an administrative status. The default status is Down.
  5. Specify the Aggregate interface type.
  6. In the Name field, enter a name for the new interface. The interface name must be unique among all interfaces of this device.

    The maximum length is 11 characters. You can use Latin letters and numerals, without spaces.

    After an interface is created, you cannot change its name.

  7. If necessary, in the Description field, enter a description of the interface.
  8. In the Protocol field, select the type of IP address assignment to the interface:
    • None means an IP address is not assigned. This is the default setting.
    • Static IPv4 address means a static IPv4 address is assigned.

      If you select this option, you need to specify the IP addresses of the network interface with a mask in the IPv4 addresses section in the lower part of the page. Click Add to add more than one IP address. You can add up to 20 IP addresses.

      If necessary, you can also delete an added IP address by selecting its row and clicking the Delete button.

    • DHCP client means the IP address is automatically assigned by DHCP.

      To get the DNS server address from a DHCP server, set the corresponding toggle switch to Yes.

      If you select this option, in the DNS servers section in the lower part of the page, you can specify IP addresses with masks of the DNS servers that you want to use. You can add up to 8 DNS servers.

      If the IP address of the default static route is obtained from the DHCP server, you can view it in the static routing RIB table on the command line.

      You can change the protocol only for interfaces included in the L3 security zone. For interfaces included in the L2 security zone, the None value is selected.

  9. In the Security zone drop-down list, select one of the previously created security zones or create a new security zone to add the aggregated interface to it. L2 and L3 security zones are available.
  10. In the Aggregation mode drop-down list, select one of the interface aggregation modes:
    • LACP (active) (Link Aggregation Control Protocol) is a dynamic link aggregation mode, in which links with dynamic balancing are automatically aggregated. Only the active mode of sending LACPDU frames is supported. This is the default setting.
    • Round-Robin is a static mode in which all active interface take turns sending traffic frames This mode can be used for load balancing as well as for high availability.
    • Active-backup is a static mode, in which traffic frames are sent through only one active interface, while the rest of the interfaces remain backup interfaces. If the active interface fails, a backup interface is engaged. This mode can be used for high availability.
    • Broadcast is a static mode, in which identical traffic frames are sent through all active interfaces. This mode can be used to maximize high availability.
    • XOR is a static mode, in which frames are distributed according to the hash function by MAC address. This mode can be used for load balancing as well as for high availability.
  11. If you selected the LACP or XOR mode at the previous step, in the Load balancer drop-down list, select the balancing function to be used to distribute frames between the active physical interfaces included in the aggregated interface:
    • L2 is the default setting. This mode uses source and destination MAC addresses for balancing. In this case, traffic for a certain network host is always sent through the same interface.
    • The L2+L3 mode uses source and destination MAC addresses and IP addresses for balancing.
    • The L3+L4 mode uses source and destination IP addresses and source and destination ports for balancing. We do not recommend using this mode if you have fragmented traffic, because in this case, packets within a session may reach the destination in the wrong order because they are sent through different interfaces.
  12. If necessary, in the Override MTU field, enter the MTU value for the interface that you are creating. You can enter a value from 576 to 9000. The entered value overrides the default MTU. The default value is 1500.

    All interfaces included in this aggregated interface get the same MTU value, which corresponds to the MTU value of the aggregated interface.

  13. Select the Interface members tab.
  14. From the list of interfaces, select the interfaces that you want to add to the aggregated interface by setting the toggle switch next to the relevant interface to On.

    You can add only physical interfaces. We do not recommend adding interfaces with an automatically negotiated speed because it can change over time.

    When adding interfaces to an aggregated interface, consider the limitations that apply to included interfaces.

  15. Click Create.

    The created interface appears in the table of network interfaces.

  16. Apply the OSMP policy changes by clicking the Commit and push button.
Page top