About Link Aggregation
A link aggregation (LA) interface is a group of physical interfaces that you configure to work together as a single, logical interface. You can use a link aggregation interface to increase the cumulative throughput beyond the capacity of a single physical interface, and to provide redundancy if there is a physical link failure. When you use link aggregation, you connect the link aggregation interfaces to a switch, and configure the connected switch to use the same link aggregation mode and link speed. Fireware supports link aggregation as specified in the IEEE 802.1ax and 803.ad link aggregation specifications.
A link aggregation interface can be configured as an external, trusted, optional, or custom interface, or as a member of a VLAN or bridge interface. You can use a link aggregation interface in most of the same ways that you use a physical interface. For example, you can use it in the configuration of policies, multi-WAN, VPN, DHCP, and PPPoE.
Requirements and Limitations
- Link aggregation is supported only on a Firebox configured in mixed routing mode.
- Link aggregation requires Fireware with a Pro upgrade.
- Link aggregation interfaces do not support Traffic Management, QoS, and some other advanced interface settings.
- Link aggregation is not supported on an active/active FireCluster.
- Link aggregation is not supported on XTM 21, 22, 23, XTMv, FireboxV, or Firebox T10 devices.
- You cannot use a link aggregation interface as an endpoint of a managed branch office VPN tunnel.
- Dynamic link aggregation mode is not supported on XTM 25, XTM 26, and XTM 33 devices.
Link Aggregation Modes
You can configure a link aggregation interface in one of three modes. For all modes, a member interface can be active only when the member interface link status is up. Whether a member interface is active depends on both the link status of the physical interface and the link aggregation mode.
All physical interfaces that are members of the link aggregation interface can be active. The physical interface used for traffic between any source and destination is determined through the use of Link Aggregation Control Protocol (LACP).
All physical interfaces that are members of the link aggregation interface can be active. The same physical interface is always used for traffic between a given source and destination based on source/destination MAC address and source/destination IP address. This mode provides load balancing and fault tolerance.
In this mode, at most only one member interface in the link aggregation group is active at a time. The other member interfaces in the link aggregation group become active only if the active interface fails. This mode provides fault tolerance for connections to network switches that do not support link aggregation.
To use dynamic or static link aggregation, you must also configure link aggregation on the connected switch. To use Active-backup mode it is not necessary to enable link aggregation on your switches.