redundant NICs

Steve Jibson steve at jibson.com
Thu Jul 21 10:07:45 MDT 2005


We have a few servers with "bonded" NICs and they seem to be working 
quite well.  We have a couple of Linux firewall boxes with 5 Ethernet 
ports.  They have two 2-port GB NICs and an single on-board NIC.  The 
system provides a link between three subnets (the third subnet is not 
really that important so it has not redundancy).  The basic setup is this:

NIC1 - Port 1 --> eth0
NIC1 - Port 2 --> eth1
NIC2 - Port 1 --> eth2
NIC2 - Port 2 --> eth3
NIC3 (on board)--> eth4

eth0 and eth2 are bonded to make bond0
eth1 and eth3 are bonded to make bond1
eth4 is not bonded so it's just eth4

eth0 and eth2 are plugged into separate switches on subnet A
eth1 and eth3 are plugged into separate switches on subnet B
eth4 is plugged in to subnet C

With this configuration, we can lose any of the Ethernet ports (except 
eth4) or even both of the ports on one of the NICs and we are still 
happy.  Losing one of the switches on subnets A or B will not cause any 
problems for the computers connected to the other switch -- they will 
still have connectivity to the other subnet.

This is strictly set up for redundancy.  We do not want/need load-balancing.


On a side note:  (just in case this isn't already enough of a headache) 
we have two identical firewall boxes, both with 5 Ethernet ports as 
described above, running heartbeat (www.linux-ha.org) with one of the 
boxes acting as a hot-standby for the other.




Hans Fugal wrote:
> 1 Server, 1 IP, 2 NICs.  Load balancing would be nice, redundancy is the
> primary goal. i.e. if a NIC dies, life goes on over the alternate NIC
> without interruption.
> 
> Google points me towards bonding the NICs
> (Documentation/networking/bonding.txt) but I wondered if anyone had done
> this and what approach you took.
> 
> Just to make this post educational, they originally set up 2 IP
> addresses - one for each NIC - so that they could always get to the
> server with at least one IP address. This does not work as you would
> think though, if both NICs are on the same subnet, and only one card
> ends up being used for both IP addresses, and its failure is the end for
> both addresses.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> .===================================.
> | This has been a P.L.U.G. mailing. |
> |      Don't Fear the Penguin.      |
> |  IRC: #utah at irc.freenode.net   |
> `==================================='




More information about the PLUG mailing list