Configure teamed NICs

"Teamed NICs" or "link aggregation" describes forming a network link on a computer by using multiple network interface cards (NICs) together. This is useful to increase the total network bandwidth, or to provide link redundancy.

You can configure teamed NICs on Windows or Solaris so that they are compatible with Deep Security Agent.

Windows

On Windows, when you team NICs, it creates a new virtual interface. This virtual interface adopts the MAC address of its first teamed physical interface.

By default, during installation or upgrade, the Windows Agent will bind to all virtual and physical interfaces. This includes the virtual interface created by NIC teaming. However, Deep Security Agent doesn't function properly if multiple interfaces have the same MAC address, which happens with NIC teaming on Windows

To avoid that, bind the agent only to the teamed virtual interface - not the physical interfaces.

NIC teaming with Deep Security Agent requires Windows 2003 requires SP 2 or later.
Don't add or remove network interfaces from a teamed NIC except immediately before running the installer. Otherwise network connectivity may fail or the computer may not be correctly detected by Workload Security. The agent's network driver is bound to network interfaces when you install or upgrade; the agent does not continuously monitor for changes after.

Solaris

IPMP failover (active-standby) mode in Solaris allows two NICs to have the same hardware (MAC) address. Since the Deep Security Agent identifies network adapters by their MAC address, such duplication prevents the agent from functioning properly.

To avoid that, manually assign a unique MAC address to each network adapter.

For example, you could use ifconfig to view the current MAC addresses:

# ifconfig -a
hme0: flags=1000843<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.20.30.40 netmask 0
ether 8:0:20:f7:c3:f

hme1: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 8
inet 0.0.0.0 netmask 0
ether 8:0:20:f7:c3:f

The "ether" line displays the adapter's MAC address. If any interfaces have the same MAC addresses, and are connected to the same subnet, you must manually set new unique MAC addresses:

# ifconfig <interface> ether <new MAC address>

Although the chance of a MAC address conflict is extremely small, you should verify that there isn't one by using the snoop command to search for the MAC address, then use the ping command to test connectivity to the subnet's broadcast address.

On Solaris, if multiple interfaces are on the same subnet, the operating system may route packets through any of the interfaces. Because of this, Workload Security firewall stateful configuration options and IPS rules should be applied to all interfaces equally.