Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

NSa4700 Active/Active HA and LACP / LLDP capabilities

L3TedL3Ted Newbie ✭
in Mid Range Firewalls

I've become somewhat confused by a certain number of discrepancies between the various pieces of documentation that I've found, relating to a pair of NSa4700's I'm trying to configure/integrate.

This document: 

https://www.sonicwall.com/techdocs/pdf/sonicosx-7-0-0-0-system.pdf

states on Page 40:

"The dynamic Link Aggregation Control Protocol (LACP) is currently not supported. Dynamic, through a protocol to bundle Ethernet ports such as IEEE LACP or Cisco's PAGP,is another way of configuring Ethernet port channels. In this method, LACP or PAGP packets are sent out on the port."

and yet in this document apparently published on the same day:

https://www.sonicwall.com/techdocs/pdf/sonicosx-7-0-0-0-switching.pdf

has an entire section dedicated to LACP configuration.


In addition, the Switching document also has an entire section dedicated to LLDP and its various TLVs.


Meanwhile in this document:

https://www.sonicwall.com/techdocs/pdf/sonicos-7-0-0-0-high_availability.pdf

there's a discussion of the various HA modes, but it's unclear which platforms support which modes. In particular, I've found other documents which indicate that the NSa4700 supports Active/Standby, but seemingly not any of the Active/Active HA modes.

To try and de-confuse me therefore, could I ask the following:

* Is there an up-to-date table on the website somewhere which details all the hardware models, and which HA modes are supported by each under which Licences?

* Does the NSa4700 support Active/Active Clustering at all, and does this need some form of extended Licence?

* Does the NSa4700 support Active/Active DPI at all, and does this need some form of extended Licence?

* Does the NSa4700 support LACP on any or all of its interfaces?

     I've seen various documentation which implies that it is available on 1G interfaces, but not 10G, but this may be historical.

* On an Aggregated interface which doesn't use LACP, does traffic originate from the same Source MAC address on both legs, or from per-leg MACs, and does the answer to this change if HA is set to use a Virtual MAC?

* As above, but what happens with Source MAC's if LACP is available, and in use?

* Is there any Link-Local traffic on an Aggregated interface?

  The implication from the Switching document is that there will be per-leg Link Local LLDP traffic, but I'm not sure. There might even be LLDP traffic associated with the logical aggregated Interface, but I would have thought that this goes against the spirit of LLDP being entirely Link-Local.

Category: Mid Range Firewalls
Reply

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    @Ena

    @Community Manager

    @TIJU

  • Community ManagerCommunity Manager Administrator
    edited June 2023
    https://community.sonicwall.com/technology-and-support/discussion/5206/nsa4700-active-active-ha-and-lacp-lldp-capabilities

    Hi @L3Ted, thank you for bringing this up and I'm sorry for the inconvenience. I've contacted our technical documentation team to provide clarification.

  • Community ManagerCommunity Manager Administrator
    https://community.sonicwall.com/technology-and-support/discussion/5206/nsa4700-active-active-ha-and-lacp-lldp-capabilities

    Hi @L3Ted, thank you for your patience as we work through your questions. Although these documents are for TZs and reference older 7.0 firmware our documentation team is planning to revise them (NSa 2700 was in a later version of 7.0.0 and the NSa 3700 was not until 7.0.1). In the meantime I've provided answers to your questions in-line:

    1. Does the NSa 4700 support Active/Active Clustering at all, and does this need some form of extended license? We do not support Active/Active Clustering on GEN7, this is currently on the roadmap.
    2. Does the NSa 4700 support Active/Active DPI at all, and does this need some form of extended license? We do not support Active/Active Clustering on GEN7, this is currently on the roadmap.
    3. Does the NSa 4700 support LACP on any or all of its interfaces? We do support L2 LAG on NSa 2700 and above which means there is LACP support, we have advanced switching on NSa 2700 and above.
    4. Does the NSa 4700 support LACP on any or all of its interfaces? NSa 3700 and above support LACP when using LAG.
    5. On an aggregated interface which doesn't use LACP, does traffic originate from the same source MAC address on both legs, or from per-leg MACs, and does the answer to this change if HA is set to use a virtual MAC? The same source MAC address is used, it is the runtime MAC address of the aggregator interface. When virtual MAC is enabled, it will change the runtime MAC address but it does not change the behavior.
    6. As above, but what happens with source MAC's if LACP is available, and in use? This is a totally different setup. L3 LAG is configured on the interface and is implemented at L3. LACP is configured on LAG configured in the Switching menu which operates at L2. L2 LAGs use the MAC of the aggregator interface.
    7. Is there any Link-Local traffic on an aggregated interface? The behavior should be the same as other physical interfaces to process any link-local traffic except for LACPDU if LACP is enabled.
Sign In or Register to comment.