Skybox Securoty Appliance 7000 User manual
Skybox Appliance 7000
Quick Start Guide
11.7.103
CentOS Linux release 7.9.2009 (Core)
Skybox Security, Inc. | 2077 Gateway Place, Suite 200, San Jose, CA 95110 USA | +1 866 675 9269 | skyboxsecurity.com
Skybox version 11.7.100 2
Proprietary and Confidential to Skybox Security. © 2022 Skybox Security, Inc. All rights
reserved.
Due to continued product development, the information contained in this document may
change without notice. The information and intellectual property contained herein are
confidential and remain the exclusive intellectual property of Skybox Security. If you find any
problems in the documentation, please report them to us in writing. Skybox Security does not
warrant that this document is error-free.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in
any form or by any means—electronic, mechanical, photocopying, recording, or otherwise—
without the prior written permission of Skybox Security.
Skybox®, Skybox®Security, Skybox Firewall Assurance, Skybox Network Assurance, Skybox
Vulnerability Control, Skybox Change Manager, Skybox Appliance
5500/6000/7000/8000/8050/11000/12100/12200, and the Skybox Security logo are either
registered trademarks or trademarks of Skybox Security, Inc., in the United States and/or other
countries. All other trademarks are the property of their respective owners.
Skybox version 11.7.100 3
Contents
Contents 3
Overview 5
Basic architecture 5
Related documentation 5
Skybox Appliance specifications 6
Before you open the box 6
What’s in the box 6
Physical specifications 6
Environmental specifications 7
MTBF estimates for Skybox Appliance 8
Front panel 8
Back panel connectors 10
File system partitions 10
Setting up Skybox Appliance 11
Hardware installation 11
Starting Skybox Appliance 12
Available Installation Processes 12
System configuration 13
What’s next 16
Configuring Skybox Appliance 18
Configuration and management options 18
Setting up network interface bonding 19
Setting up SNMP configuration 21
RADIUS authentication 22
LDAP authentication 23
Changing the TLS version 25
Sending CentOS logs to a remote syslog server 27
Customizing the syslog server 28
Setting up TCP and UDP listeners 28
Working with syslog files 28
Skybox Manager Installation 30
Skybox Manager system requirements 30
Installing Skybox Manager 30
Upgrading Skybox Manager 31
Updating the operating system on Skybox Appliance 32
Skybox Appliance 7000 Quick Start Guide
Skybox version 11.7.100 4
ISO burning 34
SSH hardening 35
Firmware updates for Skybox Appliance 36
Checking your firmware revision via the console 36
Checking your firmware revision via RMM 37
Preparing to update 39
Updating via the console 40
Updating via RMM 41
Adding your own certificate 50
Exporting the Server certificate and private key from the Java keystore 51
Selecting the Skybox Appliance Installation 53
Overview 53
Modify the Skybox Server and Collector Parameters 54
Install only the Skybox Collector 55
Install Standalone Elasticsearch Node 56
Monitoring SNMP 57
Troubleshooting 60
Restoring Skybox Appliance to factory defaults 61
Wiping the hard disk drive 62
CIS benchmarks for CentOS 7 63
Regulatory and safety information 71
Product regulatory compliance 71
Regulatory compliance markings 72
Electromagnetic compatibility notices for the server board 75
Skybox version 11.7.100 5
Chapter 1
Overview
Skybox®Appliance is a hardware solution that enables you to deploy Skybox without the
burden of maintaining your own server.
Skybox is an Automated Risk and Compliance Management (ARCM) platform that helps
enterprise IT departments to discover and resolve potential security and compliance risks
before they impact your organization.
Skybox is a multi-tiered platform. Skybox Appliance runs the Skybox Server and users run
Skybox Managers (clients) that connect to the Skybox Server over the network. Skybox also
runs an additional Skybox component, the Skybox Collector, which connects to data sources
and imports the data to the Skybox Server.
The Skybox Server and Skybox Collector are preinstalled on Skybox Appliance and run at
startup.
In this chapter
Basic architecture 5
Related documentation 5
Basic architecture
The Skybox platform consists of a 3-tiered architecture with a centralized server (Skybox
Server), data collectors (Skybox Collectors), and a user interface (Skybox Manager). Skybox
can be scaled to suit the complexity and size of any infrastructure.
See the Skybox architecture topic in the
Skybox Installation and Administration Guide
.
Related documentation
Related documentation includes:
lSkybox online help
lSkybox documentation
Note: If you are not using the latest version of Skybox, you can find the documentation for
your version at https://downloads.skyboxsecurity.com/files/Installers/Skybox_
View/<major version/<minor version>/Docs. For example,
https://downloads.skyboxsecurity.com/files/Installers/Skybox_
View/11.5/11.5.100/Docs
Skybox version 11.7.100 6
Chapter 2
Skybox Appliance specifications
This chapter contains product specifications and packaging information for your Skybox
Appliance.
In this chapter
Before you open the box 6
What’s in the box 6
Physical specifications 6
Environmental specifications 7
MTBF estimates for Skybox Appliance 8
Front panel 8
Back panel connectors 10
File system partitions 10
Before you open the box
Inspect the shipping carton to ensure that the packaging is not damaged and verify that all
tamper evident seals are intact. Verify that the Skybox Appliance serial number, purchase
order number, and FedEx tracking number match the information provided by Skybox
Customer Support.
What’s in the box
The following items are in the shipping carton:
lSkybox Appliance
lRack mount kit
lFront bezel
l2 AC power cords
lRJ45 to DB9 serial console cable
lSkybox Quick Start Guide
l2 DVDs
oSkybox: Installs Skybox on your Skybox Appliance; the DVD contains the Skybox
software and additional Appliance documentation
oRestore Appliance: Restores Skybox Appliance to factory settings
Physical specifications
The physical features of Skybox are listed in the following table.
Skybox Appliance 7000 Quick Start Guide
Skybox version 11.7.100 7
FEATURE DESCRIPTION
Form factor 1U rack mount chassis
Rack dimensions
(H x W x D)
1.7” x 17.25” x 23.84” (43.2 mm x 438.15 mm x 605.56 mm)
Weight lPackaged weight: 28.2 lb (12.8 kg)
lSystem weight: 19.6 lb (8.87 kg)
Power supply 450 W redundant AC
Data storage Embedded Software SATA RAID
lIntel®Rapid Storage Technology enterprise (RSTe) 4
lIntel®Embedded Server RAID Technology 2 (ESRT2) with optional RAID
5 key support
System cooling l3 managed 40 mm single rotor system fans
l2 power supply fans
Front panel features l1 power button with integrated LED
l1 system ID button with integrated LED
l1 system status LED
l2 NIC LEDs
l1 HDD activity LED
l1 system cold reset button
l2 USB 2.0 / 3.0 connectors
lDB-15 video connector
lBezel with lock support
External I/O
connectors
(back panel)
lDB-15 video connector
lDedicated RJ45 server management NIC
l6 RJ-45 1000baseT network interfaces (1 GB Ethernet LAN)
l2 USB 2.0 Ports
l2 USB 3.0 Ports
Compliant standards CE, UL, VCCI, BSMI, GS, ICES-003, FCC Part 15, IEC 60950-1, and more
For detailed information, see Regulatory and safety information.
Environmental specifications
Environmental specifications for Skybox are listed in the following table.
PROPERTY LIMITS
Operating
temperature
lASHRAE Class A2: Continuous Operation. 10ºC to 35ºC (50ºF to 95ºF) with the
maximum rate of change not to exceed 10°C per hour
lASHRAE Class A3: Includes operation up to 40ºC for up to 900 hours per year
Shipping
temperature
-40°C to +70°C (-40°F to 158°F)
Non-operating
humidity
50% to 90%, non-condensing with a maximum wet bulb of 28°C (at temperatures
from 25°C to 35°C)
Shock lOperating: Half sine, 2 g peak, 11 msec
Chapter 2 Skybox Appliance specifications
Skybox version 11.7.100 8
PROPERTY LIMITS
lUnpackaged: Trapezoidal, 25 g, velocity change is based on packaged weight
lPackaged: ISTA (International Safe Transit Association) Test Procedure 3A
2008
Vibration lUnpackaged: 5 Hz to 500 Hz, 2.20 g RMS random
lPackaged: ISTA (International Safe Transit Association) Test Procedure 3A
2008
ESD lAir Discharge: 12.0 kV
lContact Discharge: 8.0 kV
Acoustic sound
power
Servers/rack mount sound power level for the following wattages are all 7.0 dBA
Power in wattage: <300 W, ≥300 W, ≥600 W, ≥1000 W
System cooling
requirement
840.7 BTU/hour
EMI operating Required to meet EMI emission requirements, tested as part of system
MTBF estimates for Skybox Appliance
The estimated mean time between failures (MTBF) and Failures in Time (FIT) for Skybox
Appliance 7000 are listed in the following table.
COMPONENT MTBF (HOURS) ESTIMATED FIT
Hot Swap Backplane 9419052 107
1-Slot Riser Card (per card) 106005093 10
Standard Front Panel 16324108 62
Intel®Server Board 993177 1443
Power Supply 450W 1131559 884
System Fan 370728 2698
System MTBF hrs @ 40°C 94380 10596
System MTBF hrs @ 35°C 117894
System MTBF hrs @ 25°C 181829
Model: Telcordia Issue 2
Method I-D
Duty cycle 100%
Quality Level II
Note: The estimates listed here are for Appliance in 40°C ambient air.
Front panel
Skybox Appliance 7000 front panel includes 2 USB connectors, a power button, and LEDs.
Skybox Appliance 7000 Quick Start Guide
Skybox version 11.7.100 9
Power button and LEDs
LETTER FEATURE
A System ID button with integrated LED
B NMI button (recessed; tool required for use)
C NIC1 and NIC2 activity LEDs
D System cold reset button
E System status LED
F Power button with integrated LED
G Hard drive activity LED
Front panel LED functions
LED COLOR /
STATE
DESCRIPTION
Power/Sleep
Green / on Power on
Green /
blinking
Sleep
Off Power off
NIC LEDs
Green / on Network link but no network activity
Green /
blinking
Network activity
Off No link
Chapter 2 Skybox Appliance specifications
Skybox version 11.7.100 10
LED COLOR /
STATE
DESCRIPTION
System Status
Green / on System ready/no alarm
Green /
blinking
System ready but degraded: Redundancy lost (for example, a power
supply or fan failure); non-critical temperature or voltage threshold
reached; battery failure; or predictive power supply failure.
Amber /
on
Critical Alarm: Critical power modules failure, critical fans failure,
voltage (power supply), critical temperature and voltage
Amber /
blinking
Non-Critical Alarm: Redundant fan failure, redundant power module
failure, non-critical temperature, and voltage
Off Power off: System unplugged
Power on: System powered off and in standby, no prior degraded/non-
critical/critical state
Back panel connectors
Skybox Appliance 7000 back panel includes the connectors shown in the following figure.
By default:
leno1 is enabled and configured as DHCP
leno2 is enabled and configured as static with the IP address: 192.168.1.1 /24
You can change these values.
File system partitions
By default, the Skybox Appliance file system is partitioned as follows:
l/tmp partition – 5%
l/ (root) partition – 10%
l/var partition – 30%
lSwap partition: The swap size is set to half the total RAM but no more than 8% of total
storage
l/opt partition – remainder of storage
Skybox version 11.7.100 11
Chapter 3
Setting up Skybox Appliance
This chapter explains how to set up Skybox Appliance.
In this chapter
Hardware installation 11
Starting Skybox Appliance 12
Available Installation Processes 12
System configuration 13
What’s next 16
Hardware installation
Warning: These Appliance models include high wattage and high clock speed CPUs. Failure
to maintain an ambient operating temperature of 27° C (80° F) or lower voids the
manufacturer’s warranty.
Before you start
Before installing the rack mount kit, observe these safety guidelines:
1. Turn off all peripheral devices connected to Skybox Appliance.
2. Turn off Skybox Appliance by pressing the Power button on the front of the chassis and
then unplug the AC power cords from the chassis or wall outlet.
3. Label and disconnect all peripheral cables and all telecommunications lines connected to
I/O connectors or ports on the back of the chassis.
4. Provide electrostatic discharge (ESD) protection by wearing an antistatic wrist strap
attached to a chassis ground—an unpainted metal surface—when handling components.
Required tools and supplies
lPhillips (cross head) screwdriver (#1 bit and #2 bit)
l(Recommended) Antistatic wrist strap and conductive foam pad
Installation
To install your Skybox Appliance, refer to the installation instructions included with the rack
mount kit.
Skybox Appliance 7000 Quick Start Guide
Skybox version 11.7.100 12
Starting Skybox Appliance
To start Skybox Appliance
1. Connect the AC power cords to the AC connectors on the Skybox Appliance back panel
and connect the other ends to a power supply.
Note: You can use Skybox with either a 110- or 220-volt power supply.
2. On the Skybox Appliance front panel, press the Power button.
3. Lock the front bezel in place using the key provided.
Available Installation Processes
There are several installation options. These options must be selected when Skybox
Appliance is booted up, before Skybox Appliance is configured.
Since these options can change the behavior of your server or change the functionality of
Skybox Appliance, we recommend that they be used only by an advanced user who already is
familiar with Skybox and Skybox Appliances.
We also recommend that the user consults with Skybox Professional Services prior to
selecting any of these installation options.
Advanced Installation Options
Skybox Appliance, by default, boots from a local drive with predefined parameters and is
installed as a Skybox Server, including a local Collector.
Several options are available to modify the default installation process:
lModify the Skybox Server and Collector parameters: Installs Skybox Server with Collector
and allows you to modify several of the parameters in the installation process.
lSkybox Collector only: Installs Skybox Appliance as a Skybox Collector without installing
the Skybox Server. This option optimizes the partitioning scheme for Appliances to run as a
Collector.
lStandalone Elasticsearch node: Installs Skybox Appliance as an Elasticsearch node and
enhances the scalability of the Elasticsearch-based Skybox Web Client
These options are available from the boot menu of the Skybox Appliance ISO.
If you do not select a different installation option, after several seconds Skybox Appliance
performs Boot From Local Drive.
Chapter 3 Setting up Skybox Appliance
Skybox version 11.7.100 13
To install Skybox Appliance as a specific type of server, see Selecting the Skybox Appliance
Installation.
System configuration
Before running the Skybox Server, configure Skybox Appliance to be part of your network and
perform initial system configuration.
Configuring connection
Before using Skybox Appliance Administration, configure connection of Skybox to your
network locally using any of:
lThe RMM interface on your Skybox Appliance
lA console (mouse, keyboard, and screen) connection
lA network connection via static NIC
Note: To view a figure showing the connectors used in the following procedures, see Back
panel connectors.
Configuration via the RMM interface
You can connect to Skybox Appliance via its RMM interface by connecting a network cable to
the RMM port.
The RMM interface is preconfigured to obtain an IP address via DHCP.
Configuring the RMM administrator
You must change the administrator password on RMM.
To change the RMM administrator password
1. Reboot your Skybox Appliance.
2. During the boot process, press F2 to open the BIOS setup.
3. From the menu, select Server Management.
Skybox Appliance 7000 Quick Start Guide
Skybox version 11.7.100 14
4. Select BMC LAN configuration.
5. Select User Configuration to configure the RMM user.
On the User Configuration page:
a. Click User ID and set an unused user ID as the RMM user.
b. Configure the user:
lPrivilege: Select Administrator.
lUser Status: Select Enabled.
lUser Name: Type a name for the user.
Note: You cannot change the name of the anonymous user.
lUser Password: Type the password twice.
6. When you are finished, press F10 to save and exit the configuration.
Skybox Appliance boots with the RMM interface configured with the user that you provided.
Troubleshooting the RMM IP address
To change the IP address of the RMM interface
1. Reboot your Skybox Appliance.
2. During the boot process, press F2 to open the BIOS setup.
3. From the menu, select Server Management.
4. Select BMC LAN configuration:
lIf you are using DHCP: The system assigns a name to the RMM interface and its IP
address; you can configure the name at the bottom of the page, in BMC hostname.
lIf you are using a Static address: Provide the IP address, netmask, and gateway IP
address.
5. When you are finished, press F10 to save and exit the configuration.
Skybox Appliance boots with the RMM interface configured with the user that you provided.
Configuration via console
To configure connection using a mouse, keyboard, and screen
1. Connect one end of a standard network cable to the NIC 1 (eno1) port on the Skybox
Appliance back panel; connect the other end of the cable to a network socket.
2. Connect a mouse, keyboard, and screen to the connectors on the Skybox Appliance back
panel.
3. Log in to Skybox Appliance as the root user. The default password for your 1st login is
skyboxview.
On the initial log in, you must change the default password.
4. Configure a network interface with an IP address, netmask, and default gateway:
a. Run set_appliance_network
b. Select a network interface to configure.
Chapter 3 Setting up Skybox Appliance
Skybox version 11.7.100 15
c. Select the IP mode (static or DHCP).
lIf you select static mode, provide the IP address, netmask, and default gateway.
5. If you are using DHCP, run ifconfig and note the IP address assigned to your Appliance.
You will need it later.
Configuration via network port
You can connect to Skybox Appliance via the preconfigured static network port (eno2), whose
IP address is 192.168.1.1 /24.
To configure connection via eno2
1. Configure the IP address of the client side to a different IP address on the same network.
For example, 192.168.1.50 /24.
2. In your browser, connect via the IP address for eno2: https://192.168.1.1:444/
3. Log in to your Skybox Appliance. The default user name is skyboxview; the default
password is skyboxview.
On the initial login, you are required to change the default password.
The Skybox Appliance Administration main page opens.
4. Configure a network interface with an IP address, netmask, and default gateway:
Note: Network Interfaces includes a tab for docker0. This tab is for an Appliance feature
that is to be added in a future release. Do not change the settings for docker0.
a. Navigate to the Network tab and select Network Configuration.
b. Select a network interface to configure.
c. Select the IP mode (static or DHCP).
lIf you select static mode, provide the IP address, netmask, and default gateway.
5. Select Network Configuration Summary and note the IP address assigned to your Skybox
Appliance. You will need it later.
Configuring Skybox Appliance
To configure Skybox Appliance
1. In a browser, connect to Skybox Appliance Administration using the following URL:
https://<Appliance IP address>:444
where <Appliance IP address> is the IP address that you configured in
Configuring
connection
.
2. The default user name is skyboxview; the default password is skyboxview.
On the initial login, you must change the default password.
The Skybox Appliance Administration main page opens.
Skybox Appliance 7000 Quick Start Guide
Skybox version 11.7.100 16
First-time configuration
There are 2 system users defined at the operating system level: root and skyboxview. The
default password for both is skyboxview.
In the preceding Configuring connection steps, depending on the method used, you changed
the password of one user. Now change the password of the other user. You must also
configure the date and time. Other settings are optional; you can configure them later.
To change the passwords
1. On the Security tab, select Appliance Passwords.
2. To change the root password of the machine, click Change Root Password.
3. To change the Skybox Appliance Administration password, click Change Skyboxview
Password.
To configure the date and time
1. On the System tab, select Date and Time Configuration.
2. To configure the date and time manually:
a. Select Manual Date and Time Configuration.
b. Click Change Date and Time; set the date and time for the Skybox time zone.
c. Click Change Time Zone; set the time zone for the location of your Skybox Appliance,
so that reports and other data are timestamped correctly.
3. To set the date and time from NTP servers:
a. Select Automatic Date and Time Configuration Using NTP Server.
b. Click Change NTP Servers; add the IP address or DNS of up to 3 NTP servers to use.
If you specify multiple NTP servers, Skybox Appliance synchronizes to the average time
of the servers.
c. Click Change Time Zone; set the time zone for the location of your Skybox Appliance,
so that reports and other data are timestamped correctly.
What’s next
After installing and configuring Skybox Appliance, you must install Skybox Manager on at least
one remote machine (see Skybox Manager Installation). Skybox Manager is required to
configure certain admin components in the product. However, almost all user functions are
done in Skybox Web Client and not in Skybox Manager. Skybox Manager is a Java client and
should be installed on a Windows PC. The Skybox Manager installer is obtained directly from
the Support tab of Skybox Appliance Administration.
Using Skybox for change tracking
You can use Skybox to track changes on firewalls. Although much change information can be
collected directly from the firewalls, additional information (including a timestamp and the user
who made the change) is taken from syslog change events that are sent to the syslog server
on your Skybox Appliance. You collect the change events using Change Tracking Events –
Syslog Import tasks.
Chapter 3 Setting up Skybox Appliance
Skybox version 11.7.100 17
syslog server
The syslog server on Skybox Appliance is preconfigured and is enabled by default.
Updates to the configuration files of the syslog server are included in Skybox Appliance
operating system updates.
Skybox version 11.7.100 18
Chapter 4
Configuring Skybox Appliance
This chapter explains how to configure Skybox Appliance.
In this chapter
Configuration and management options 18
Setting up network interface bonding 19
Setting up SNMP configuration 21
RADIUS authentication 22
LDAP authentication 23
Changing the TLS version 25
Sending CentOS logs to a remote syslog server 27
Configuration and management options
Skybox Appliance configuration options are described in the following table.
PANE DESCRIPTION
About tab
System Information Information about Skybox configuration
Network tab
Configuration changes made in this tab are only saved after you click Save Network Configuration.
Network
Configuration
Enables you to configure network settings (connection method, IP address,
netmask, and gateway) and bonding for each network interface connection,
and to configure the DNS servers.
Note: For non-virtual Appliances, this pane includes a link to a figure showing
the back panel to help you to understand the connections.
Note: Network Interfaces includes a tab for docker0. This tab is for an
Appliance feature that is to be added in a future release. Do not change the
settings for docker0.
Network
Configuration
Summary
Displays a summary of the Skybox Appliance configuration.
Click Export to save this information to an HTML file.
System tab
Date and Time
Configuration
Enables you to view and change the date and time in the Skybox Appliance’s
time zone.
Note:
lIf you set this information manually, set the date and time and then
Skybox Appliance 7000 Quick Start Guide
Skybox version 11.7.100 19
PANE DESCRIPTION
the time zone for the location of Skybox Appliance, so that reports
and other data are timestamped correctly.
lAutomatic configuration synchronizes Skybox with an NTP server.
Provide the IP address or DNS of the NTP server to use. (You can
use up to 3 NTP servers.)
Set the time zone after setting the NTP server.
Syslog Server lEnables sending CentOS logs automatically from Skybox Appliance to a
remote syslog server (see Sending CentOS logs to a remote syslog server).
lStarts or stops the Skybox Appliance syslog server service and enables you
to configure TCP and UDP listeners (see Customizing the syslog server).
Host Name Enables you to change the name of the Skybox Appliance.
Change System
Mode
Toggles between Server mode (Skybox Appliance functions as the Skybox
Server and a Skybox Collector) and Collector mode (Skybox Appliance
functions only as a Skybox Collector).
SNMP Select Enable SNMP Service to set up SNMP configuration, host
configuration, and sending traps (see Setting up SNMP configuration).
You can also download the Skybox Appliance MIBs.
Security tab
Appliance
Passwords
Enables you to change the root password for Skybox Appliance, the password
for Skybox Appliance Administration, and the RMM password.
LDAP Enables you to set up Skybox Appliance to support authentication via LDAP
(see LDAP authentication).
SSH Toggles the SSH service on and off and enables the root user to log in via SSH.
Control tab
Skybox Services Toggles the Skybox Server and Skybox Collector on and off.
Appliance
Operations
Enables you to reboot or shut down Skybox Appliance.
Support tab
Logs Enables you to view Server, Collector, and other logs of Skybox Appliance.
Get Packlogs: Runs the packlogs utility and saves the packlogs (ZIP) file to a
local directory so that you can send the logs to Skybox Support.
Skybox Manager Enables you to download Skybox Manager for installation.
Setting up network interface bonding
Skybox Appliances support network interface bonding for redundancy and for higher
bandwidth.
To create a network interface bonding
1. On the Network tab, click Network Configuration.
2. Select Network Interfaces.
Chapter 4 Configuring Skybox Appliance
Skybox version 11.7.100 20
3. Select the interface to add to a network bond and click Add to Network Bond.
4. In the Network Bond Setup dialog box, add a bond interface.
5. Select the interfaces to bond to the new interface (as slaves).
6. Select the method for assigning the IP address for this interface.
lIf you select static mode, provide the IP address, netmask, and gateway.
7. Select the mode in which the bond is to work; we recommend active-backup.
For information about the supported bond modes, see Supported bond modes.
8. Click Save.
To view network interface bonding
lOn the Network tab, click Network Configuration Summary.
Supported bond modes
This section lists supported bond modes.
mode=0 (balance-rr)
Round-robin policy: Transmits packets in sequential order from the 1st available slave to the
last. This mode provides load balancing and fault tolerance.
mode=1 (active-backup)
Active-backup policy: Only one slave in the bond is active. A different slave becomes active if,
and only if, the active slave fails. The bond’s MAC address is externally visible on a single port
(network adapter) to avoid confusing the switch. This mode provides fault tolerance. The
primary option affects the behavior of the mode.
mode=2 (balance-xor)
XOR policy: Transmits based on [(source MAC address XORed with destination MAC
address) modulo slave count]. This selects the same slave for each destination MAC address.
This mode provides load balancing and fault tolerance.
mode=3 (broadcast)
Broadcast policy: Transmits everything on all slave interfaces. This mode provides fault
tolerance.
mode=4 (802.3ad)
IEEE 802.3ad Dynamic link aggregation: Creates aggregation groups that share the same
speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad
Table of contents
