 Time here for more systems and when I talk about link aggregation with PF sense, it's actually relatively easy to set up I'm going to walk through a couple scenarios and we're going to use a switch that supports LACP if you don't have a switch that supports LACP there are other modes of operation to still give you a little bit more BAM with essentially by tying the ports together or redundancy depending on what you're looking for But it is obviously going to work the best if you have a switch that does support LACP check the documentation for the switch you have to see if that's supported and Let's get started if you can click the like button and first feel like to learn more about me or my company head over to Lawrence systems calm if you like to hire short project There's a hires button right at the top if you'd like to help keep this channel Sponsor-free and thank you to everyone who already has there is a join button here for YouTube and a patreon page Your support is greatly appreciated if you're looking for deals or discounts on products and services We offer on this channel check out the affiliate links down below They're in the description of all of our videos including a link to our shirt store We have a wide variety of shirts that we sell and new designs come out Well randomly so check back frequently and finally our forums forums dot Lawrence systems comm is where you can have a More in-depth discussion about this video and other tech topics you've seen on this channel now back to our content And we'll start here with the manual What is link aggregation and link aggregation is where you're going to essentially tie some ports together to act as one? logical interface inside of pfSense this can be for redundancy this can be for Aggregating bandwidth together, but as a warning they do have this right down here using a lag does not necessarily guarantee full Thoroughput equal to the sum of all interfaces in particular a single flow will not exceed the throughput of a lag member Interface so in this video. We're going to tie two ports together, but that does not Mean the two one gig ports we tie together are going to automatically give us two gigs of bandwidth there is factors involved what that does mean is a Connection from my computer that may loop through this and go to another system and my computer is connected at one gig We're going to do the demo in a video for that. That's no problem. I can get the one gig What are what's the other one doing that? Well, we can have another session that also uses one gig So cumulatively individual flows can use the bandwidth of the ports But if we have a 10 gig connection and we're trying to squeeze it over down to the 2 gig Well, no that's still a single flow So even though we let's stay because we have a 10 gig switch here We started at 10 gig we go across the two it can not automatically Depending on the type of traffic if the each flow of the traffic can't exceed the single link This is where the confusion comes in a lot with how lag works So it's not an automatic you're just going to get the full power because it's assuming that it's one logical interface But it will put the data across there now main reason for doing this of course is you have Multiple flows that are going across and you want them spread across the other common reason for doing this Doesn't make sense when you're doing it with one switch But doing a lag interface between multiple switches for redundancy where you have PF sense Connected with multiple redundancies and you have the other devices behind it other servers Perhaps connected to multiple switches with lag redundancy that prevents a switch failure I've had some people say well shouldn't I use it because I have the extra ports and I need it because what if a cable fails? cable failures not unheard of but are uncommon switch failures way more common than a Failure of cable so if you want to do this in your home lab And you're saying I just wanted to do it because I have the ports and I don't like seeing them empty Awesome, you're not really gaining too much redundancy because the likelihood of a little cable failing less likely But hey it is there, but I'm gonna walk you through how to create the interface and how to set this up So let's go back over here to PF sense and We have a SG 51 hundred with a pretty basic load here in a land Now the first question I've had a few people ask me is can I just convert my land to be lag? Not exactly. So we're gonna go over your interface assignments Lagging when we try to add one here I have IX zero all the way through IX three available, but if we look at the interface assignments We see that lands assigned to IGB one and I can't include it in there This is actually by design. You can't add anything to a lag that already is assigned So you can't just flip a switch and convert your land over to lag yet to actually create a new interface Now I could just delete this right here because I'm actually logged in externally from this I'm logged in through the WAN side. So I can delete the land and just rebuild it. That's absolutely a possibility We're gonna go ahead and just create another interface All together and just walk you through the process For the first thing we need to do is pick out what ports we want to use We're gonna use the last two ports now the nice thing with you get an SG 51 hundred You're gonna have these labeled you have to figure out what parts they are if you built this yourself But the SG 51 hundred has all the port labels down below each individual port makes it really easy to figure out So we're going to use the ports right here on the end the two on the end which are labeled Ix three and Ix two So we're just going to go ahead and choose those like we have here And then we have to choose the lag protocol type now the lag protocol types are any explain They have a nice explainer over here And they're also explained in a manual where you can do failover load balance around Robin Warning if you do round Robin specifically it will try to just keep Sending the data back and forth on there and you actually seem to get a little bit less spam with when I was doing some testing with it Because it's going I'm gonna be helpful and just keep sending these packets some over here and some over there This round robinning actually seem to cut some of the performance. I got what I was doing this load balance might be a little bit more Intuitive for that and failover courses just failover now the other options down here failover load balance from Robin Don't require any special configuration of the switch because you're telling pf sense to handle it at the interface and look for the Outer interfaces, but this can create confusion. So if you set up a Failover and you have two switches and then the switches talk to each other if the link to where the switches talk to each other It becomes broken, but the link stays up between pf sense and the switches Now you have a problem where it goes I don't think I seen a fail because the switch didn't turn off, but it'll be confused as to how to communicate So the best way to do this is going to be LACP for the aggregation of bandwidth not in a failover situation LACP is going to be specifically to aggregate the bandwidth and that does require switch support So that's the one we're going to choose But like I said in the failover situation, you know you can do that for redundant for the switches and That works really well for that redundancy and maybe if someone asks I'll do a video on that But it's really just putting two switches together having them talk to each other and putting one link in each side of the failover I mean build on a bigger lab scenario for a failover demo with storage servers Which is actually an even more common scenario for this, but I have set these up in data centers where They have one leg of each of these going to each switch that way if they have a switch failure in a data center Their pf sense can talk and yes, this does work with the whole HA setup. You can bond together Multiple ones across HA across as it gets very complex very quickly But yes, it is capable of doing it and I'll leave a link to this This is also part of the netgate docs. They walk you through an entire layer to redundancy setup So like I said, you can get pretty advanced with this and it works really well But I'll at least cover the basics on how to get this interface set up and configured. We'll go here We're going to choose those two interfaces IX2, IX3, LACP and Laggy interface Pretty simple Then we're going to go over here to interface assignments because we now group them together now We have to assign the interface. So let's go here and we'll call it the laggy interface Then we click on it here just like any other interface because now they're bonded together And we'll call this Laggy LAN So it'll be our new LAN when we're done. We're going to go static Let's give it a static IP address of one two one six eight dot ninety nine dot whoops 99.1 and from here is pretty much the same standard interface set up So it's going to be LAN static 99.1. It's going to be a slash 24 save apply Firewall rules There's our laggy LAN and we're not going to dive deep into rules I have plenty of videos on that we're just going to do any any open it all up Let it fly let all the data pass through so no restrictions on this Then we're going to go to DHCP server on our laggy LAN here And we'll go from 50 To 250 plenty of range plenty of addresses on here. We've enabled it. We've got rules Save But now here's the important aspect that has to be done We have to go in and configure The switch to work right now We've got these ports doing nothing and if they're doing nothing, that's fine except they're not set up for lag So if you plug in LACP configured ports to these it's going to confuse the switch It's going to say I'm not speaking the same language and it will break So we're going to go in here and we're going to convert these over so currently this is plugged into LAN This is the port for on this right here. So we're actually going to move it over But before we do so I got to push the programming changes to this unified switch I see that because unified switches don't have an interface They use the unified software for the control plane So we're going to push the configuration But if you have a switch where you have a web interface on it It's kind of the same answer before you break it and have access to it You want to make sure you push these changes to it. We're going to go over here and configure port one And we're going to say Laggy PF sense so we're plugging in here And then we're going to go for the profile overrides And we're going to choose Aggregate what are we going to aggregate to ports one and two that means port one and two are going to get assigned the LACP protocol now if we were using all four of the ports We could just change that to a four or even a three if there's three of the ports and so on and it's going to grab All the ones next to it We only need ports one and two because we set up only a two-port setup gonna hit apply And we watch it provision right here and so this time provisioning then we can plug it in and get this set up on the other side So it provisioned the settings have been changed and now if we look at this one We look at profile for port two. It's aggregating from there now comes a pretty simple part we're going to move this over to the other side, so we're going to grab a little cable here and Plug them in like this. So we did port one We did port two And we have them down here Actually, we'll slide the switch down. There we go. So now those two end ports are plugged into port one and two now The order itself doesn't matter This is LACP. This is going to communicate LACP to this This is going to have to take a second to get a new IP address because well we changed IPs We're not using the LAN anymore matter of fact while we're waiting for that to think and get connected Well, I'm going to speed up the process by power cycling it So I pull the power out power it back on while that's doing that. We're going to go back over here to PF sense And remember I'm connected to the LAN so none of this really matters that this part happened at all And you can see that currently LAN is down and if we wanted to we can just go over here to interfaces LAN I could just disable this interface. I don't even need it anymore We're not going to use it and the other one can become everything I do for LAN Jump ahead a couple of minutes while this booted because I Realized and for those closely looking at the detail familiar with this switch that first ports the console port This is port one. I was actually troubleshooting something that I plugged in this way So yes, I did plug it in accidentally to the console port didn't hurt anything But it certainly didn't Allow the two interfaces to work So now that we haven't plugged in their proper interface and the switch is booted up And we have our lag interface configured we can look right here and we see Lag interface ports one and two and this is just the aggregate port interface. So now we got the two redundant interfaces Let's go back over here. We look at the status and we have it set right here So we have laggy LAN auto select and we see that it's up and our LAN is down a couple side nodes over here We're going to go status system logs Now one thing I want to show is We're going to drop an interface. We're just going to take this We're going to accidentally lose an interface plug unplug one and kind of show what pfSense and how that handles it So we get back over here after we unplug it refresh the page We do get a link status down So with the link status down as I mentioned though and laggy LAN here It still shows up because still one of them is up just not both of them are up So technically we do have a connection So plug that back in then go back over here to status system logs System state change back to up So pretty straightforward there next we're going to take this network cable here and plug my laptop in So my laptop is going to get plugged in with the extra ports here not into the console port won't make that mistake again So now my laptop should get an IP address hand it out by the pfSense through the switch through the LACP lag interface or lag LACP so technically LACP is a sub protocol of lag for those that are probably going to call me out on that little detail Let's uh, see if I get an IP address on this move this over and there's the IP address I got 99.101 and let's go ahead and ping the pfSense which is at that 99.1 pretty straightforward it pings so while it's pinging and so you see what I'm doing right here I'm going to drop one of the connections and watch the pings And it's going to pause for a second while it figures out. Oh, you need to go across the other path This is how the redundancy works. It's pretty seamless except this was a packet flow coming from one system So because LACP would be figuring out the flows from different systems and putting them across the connections Which well cable that goes across is going to be a little bit Not the word random isn't there, uh, but now that this one's coming up and down It's going to go over here once it decides which cable is going over it goes over there unless there's a change in topology So now that we know it's going probably across the black cable We'll go ahead and do this unplug it. Oh went back across this one But now that it's going across the other cable now we're going to plug this back in so listen for the click It doesn't pause to start the flow back on the other side This is how LACP works with the lag and the protocols together Once it decides which cable it's going over that flow will continue to go over that cable And it's dynamically figuring it out. That's the advantage of the way this protocol works Now a couple are side notes inside a pf sense of how this works in terms of how about v-lands or everything else Actually no change there So even though the interfaces are bonded together because they're bonded together as They're the physical layer is bonded together to work as a single interface As as we're calling it laggy land we go to interfaces assignments And we do something like a v-land and we add and we say we want a v-land tag I don't know 88 just so we have something 888 sure why not you choose the parent interface and the parent interface is going to be lag zero So all the other rules apply. So by doing that there's the parent interface and we go back to the assignments We can then assign v-land 888 to here and then there's no change inside the unify software when you assign a V-land it still just works the same. It's not going to be any difference Just because you're lagging these together. So you can still and we can edit these ports for example And I have a v-land test 1 2 3 in here I'd have to define it in here if I wanted to use v-land 88 like I did in there But you get the idea you can even assign to lag interfaces the v-land now It's going to be varied how this works with different model switches But it's not a big deal in terms of how it works including when you're building out the storage network Maybe you want a dedicated v-land just for all your storage devices. You can lag those interfaces together You know obviously lacp and that dependency So is required in the switches if you want to use full lacp But it's that easy to set up in pfSense. It's pretty straightforward It's works just as another interface. So any other videos I've done where I'm talking about assigning something to interface Once you build the lag interface the way you go. It just works now one last thing What if you wanted to add one more? Well, you can do that So we're going to go here and first well as I said yet They'll always make sure we have the switch on there. So we have one two three now So we're going to apply this And we're going to let this configuration push while we're doing that. Where's that third interface going to come from? Well, go over here to lag You can edit these because we still haven't assigned anything to ix one So it's still just an empty port and hit save So now it's going to apply this here. We're provisioning the switch So we'll give the switch a second to catch up. But while we're doing that we go over here Snap and they're crisscrossing the cables here, but you get the idea Um, now I've got all three of these ports and all three assigned to this same rules apply and Now it's just lacp is going to talk to you all three ports. Let's see if the switch provisioned Yep, it pushed the provision on there. So now it says Port two port three And that easy now you didn't have to do this now this would disrupt users But you didn't have to do anything Else in pfSense to add more to this aggregation group. We've just added one more We could just as easily drop one from it now when you do this there is a disruption in network So if you're routing a bunch of traffic over it and you change these assignments When it does configure the switches there is a disruption to rebuild them into the link but hey, that's not that big of a deal the disruption is pretty minor And happens pretty much fast. We do this essentially in real time So if there's someone on a void call that are going to be angry at you because it may drop the call But for the most part it's a pause in the internet and everything keeps working So i'll leave links to the pages and the documentation from netgate on this to dive deeper into this and Leave comments below or head over to forums and you know talk about maybe Suggestions you have for having a lab about a larger setup or install But i am going to do another video on this topic related to doing this with storage servers. All right, thanks And thank you for making it to the end of the video If you like this video, please give it a thumbs up If you'd like to see more content from the channel hit the subscribe button and hit the bell icon If you like youtube to notify you when new videos come out If you'd like to hire us head over to laurancesystems.com fill out our contact page And let us know what we can help you with and what projects you'd like us to work together on If you want to carry on the discussion head over to forums.laurancesystems.com Where we can carry on the discussion about this video other videos or other tech topics in general Even suggestions for new videos. They're accepted right there on our forums, which are free Also, if you like to help the channel out in other ways head over to our affiliate page We have a lot of great tech offers for you. And once again, thanks for watching and see you next time