Learn Penetration Testing And Ethical Hacking Online.


  • Facebook
  • Popular Posts

    Good morning, today I will comment on something that many people do not know, others are not clear, but that ultimately is too useful: the union of network interfaces or bonding.

    · What is it?

    According to wikipedia:
    In computer networks, the term link aggregation applies to several methods of combining (aggregating) multiple network connections in parallel to increase performance beyond what a single connection could support and provide redundancy in case one of the links fail. A link aggregation group (LAG) combines a series of physical ports to create a single high-bandwidth data path, in order to implement the shared load of traffic between the member ports of the group and improve the reliability of the connection .
    The definition is quite clear, this technique provides parallel network connections to maximize performance, or to allow redundant network connections and maximize network availability. for example, to maximize availability, it allows network connections to "fail over" between a primary network device and any number of secondary devices, or alternatively, by selecting the highest available connection speed. This approach provides automatic configuration of wireless and wired networks with support of removable devices. The above is done using the active-backup mode  (I'll explain the available modes later).

    · Operation and advantages

    To explain the operation, we can build on the definition and also clarify some additional things that will allow and things that do not, the use of this technology:
    • It will not double your connection speed .
    • It allows you, among other things, to have in your computer the possibility of connecting to two different networks by wired and wireless connection, using one of them in a primary way and in case it fails, using the secondary network without suffering disconnections, interruption in the downloads, reconnections in services that require an uninterrupted connection (IRC, XMPP, etc), streaming interruption, among many other things using the active-backup mode that is what we are going to configure in this article.

    · Bonding modes

    This technology, has different modes of operation or bonding, each one of them does a different thing and I will explain them to cotinuación:
    0 (balance-rr) Round-robin policy : Transmit packets in sequential order from the first slave (slave) until the last. This mode provides load balancing and fault tolerance. 

    1 (active-backup) Active-backup policy : only one slave in the link is active. A different slave is activated if, and only if, the active slave fails. The MAC address of the link is externally visible on a single port (network adapter) to avoid confusing the switch. This mode provides fault tolerance. 

    2 (balance-xor) XOR policy :Transmission based on [(MAC address of origin XOR with destination MAC address) slave count in module]. This selects the same slave for each destination MAC address. This mode provides load balancing and fault tolerance. 

    3 (broadcast) Broadcast policy : transmits everything on all slave type interfaces. This mode provides fault tolerance. 

    4 (802.3ad) IEEE 802.3ad Dynamic link aggregation : Creates aggregation groups that share the same speed and duplex configurations. It uses all the slaves in the active aggregator according to the 802.3ad specification.
    (Prerequisites: compatibility with Ethtool in the basic controllers to recover the speed and duplex of each slave) A switch that supports the dynamic aggregation of IEEE 802.3ad links Most of the switches will require some type of configuration to enable the 802.3 mode ad). 

    5 (balance-tlb) Adaptive transmit load balancing : channel link that does not require any special switch support. The outgoing traffic is distributed according to the current load (calculated in relation to the speed) in each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave assumes the MAC address of the failed slave slave.
    (Prerequisite: Ethtool support in the base controllers to recover the speed of each slave). 

    6 (balance-alb) Adaptive load balancing : includes balance-tlb plus load balancing (rlb) for IPV4 traffic, and does not require any special switch support. The load balancing received is achieved through the ARP negotiation. The link controller intercepts the ARP Responses sent by the local system when it leaves and overwrites the source hardware address with the unique hardware address of one of the slaves in the link, so that different pairs use different hardware addresses for the server.

    · Requirements for bonding

    For this article we will use systemd-networkd and two network cards, if you are not using this network administrator, you can do the migration in a simple way (in case you already use it, you can continue to the section " Configuring the union of interfaces. "). 
    1. Disable your current network manager (NetworkManager, wicd, etc) using the systemctl command, for NetworkManager it would be:
      $ sudo systemctl disable NetworkManager.service NetworkManager-wait-online.service # Para Network Manager
      $ sudo systemctl disable wicd.service # Para wicd
    2. The next step is to configure our network interfaces, to know what they are, we will execute:
      $ ls /sys/class/net/
      enp2s0  lo  wlp3s0
    3. In this case we have enp2s0 and wlp3s0 (the interface 'lo' is excluded when the loopback is). Now we proceed to configure them: 

      For the wired interface: we create the file '/etc/systemd/network/20-wired.network' for the wired connection with the following content:
      DNS= # Esta línea te permite usar los servidores DNS seguros y privados de https://www.quad9.net/, si no desea usarlos, elimine esta línea.

      For the wireless network: first we will configure wpa_supplicant for wifi authentication and then we will create the .network file. 

      Configuration of wpa_supplicant:
      # Los siguientes comandos requieren privilegios root (no sudo).
      $ wpa_passphrase "Nombre de la red" 'Contraseña de la red' > /etc/wpa_supplicant/wpa_supplicant-wlp3s0.conf
      $ systemctl enable --now wpa_supplicant@wlp3s0

      We created a file called '/etc/systemd/network/25-wireless.network' with the following content:
      DNS= # Esta línea te permite usar los servidores DNS seguros y privados de https://www.quad9.net/, si no desea usarlos, elimine esta línea.
    4. We stop our previous network services using:
      $ sudo systemctl stop NetworkManager.service NetworkManager-wait-online.service # Para Network Manager
      $ sudo systemctl stop wicd.service # Para wicd
    5. We initiate systemd-network and we enable it to start automatically when the system starts:
      $ sudo systemctl enable --now systemd-networkd.service systemd-resolved.service systemd-networkd-wait-online
    With this we have finished the migration to the systemd network administrator, make sure you have access to the internet with the two interfaces before continuing.

    · Configuring the union of interfaces.

    Once we have systemd-networkd configured and running, we will configure the bonding.
    1. Configuring bonding: the first step is to create a virtual network device for our bond connection. 
      - We create a file called '/etc/systemd/network/10-bond1.netdev' with the following content:
      - We configure the bond interface by creating a file called '/etc/systemd/network/10-bond1.network' with the following content:
      DNS= # Esta línea te permite usar los servidores DNS seguros y privados de https://www.quad9.net/, si no desea usarlos, elimine esta línea.
      With this we finalize this step.
    2. The next thing is to go back to the files '/etc/systemd/network/20-wired.network' and '/etc/systemd/network/25-wireless.network' and edit them in this way so that they point to our bond interface: 

      Note: with the option PrimarySlave = true, we establish the priority of our network interface, this means that if it is connected, the interface in bonding mode will use this as primary and the secondary ones will only be activated in case it fails. Also once it is available again, the bond interface will make the change automatically to use the primary again. 

    3. Now we re-start our network services with:
      $ sudo systemctl restart systemd-networkd.service systemd-resolved.service
    Once this is done, we will have finished, to verify it we execute:
    ➤➤ $ networkctl 
    IDX LINK             TYPE               OPERATIONAL SETUP     
      1 lo               loopback           carrier     unmanaged 
      2 enp2s0           ether              carrier     configured
      3 wlp3s0           wlan               carrier     configured
     66 bond1            bond               routable    configured
    4 links listed.
    We check the status of our bond interface with:
     ➤➤ $ cat /proc/net/bonding/bond1
    Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)
    Bonding Mode: fault-tolerance (active-backup)
    Primary Slave: enp2s0 (primary_reselect always)
    Currently Active Slave: enp2s0
    MII Status: up
    MII Polling Interval (ms): 1000
    Up Delay (ms): 0
    Down Delay (ms): 0
    Slave Interface: wlp3s0
    MII Status: up
    Speed: Unknown
    Duplex: Unknown
    Link Failure Count: 1
    Permanent HW addr: xx:xx:xx:xx:xx:xx
    Slave queue ID: 0
    Slave Interface: enp2s0
    MII Status: up
    Speed: 1000 Mbps
    Duplex: full
    Link Failure Count: 4
    Permanent HW addr: xx:xx:xx:xx:xx:xx
    Slave queue ID: 0
    We can see that the Bonding Mode is correct according to our configurations ( active-backup ) and that our network interface enp2s0 is the primary one.