Configure teamed NICs
Does not apply to Deep Security as a Service
Installing the Windows and Solaris Agents in a Teamed NICs Environment
"Teamed NICs" describes using multiple Ethernet adapters in parallel to increase data transfer speed or to provide redundancy. The following information provides guidance for configuring teamed NICs installations in Windows and Solaris so that they are compatible with the Deep Security Agent. If you encounter difficulties, please contact your support provider.
Windows NIC teaming software creates a new virtual master interface which adopts the MAC address of the first slave interface. By default, the Windows Agent will bind to all virtual and physical interfaces during installation. As a result, in a teamed NIC environment the Agent will bind to the physical interfaces as well as the virtual interface created by the teaming software. The Agent cannot function properly with multiple interfaces having the same MAC address. To function properly, the Agent must be bound only to the virtual interface created by the teaming software.
IPMP failover (active-standby) mode in Solaris allows two NICs to have the same hardware (MAC) address. Since the Deep Security Agent identifies adapters by their MAC address, such duplication prevents the Agent from functioning properly.
The solution is to manually assign unique MAC addresses to each adapter.
Sample ifconfig output:
# ifconfig -a
hme0: flags=1000843<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 10.20.30.40 netmask 0
hme1: flags=1000842<BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 8
inet 0.0.0.0 netmask 0
The "ether" line displays the adapter's MAC address. If any interfaces are showing identical MAC addresses and are connected to the same subnet, new unique MAC addresses must be set manually using the following ifconfig command:
# ifconfig <interface> ether <new MAC address>
Although the chance of a MAC address conflict is extremely small, you should verify that there isn't one by using the snoop command to search for the chosen MAC address. Then use the ping command to test connection to the broadcast address of the subnet.