Bonding & VLANs
Link aggregation (bonding) combines multiple physical NICs into a single
logical interface for redundancy, throughput, or both. VLANs (802.1Q) let
you carve a single physical link into multiple isolated broadcast domains.
Bridges connect interfaces at layer 2, and systemd-networkd can manage all
of these declaratively. This guide covers bonding modes, configuration
methods, VLAN tagging, bridging, and the corresponding systemd-networkd
.netdev / .network files.
Back to the Networking hub. Related guides: Network Configuration | NAT & IP Forwarding.
Bonding modes
The Linux bonding driver supports seven modes:
| Mode | Name | Description |
|---|---|---|
| 0 | balance-rr | Round-robin across all slaves. Requires switch support (EtherChannel / port-channel). |
| 1 | active-backup | Only one slave active; failover on link loss. No switch config needed. |
| 2 | balance-xor | XOR of source and destination MAC selects the slave. Requires switch support. |
| 3 | broadcast | Transmits on all slaves simultaneously. Rarely used. |
| 4 | 802.3ad | IEEE LACP (Link Aggregation Control Protocol). Requires switch LACP support. Best throughput. |
| 5 | balance-tlb | Adaptive transmit load balancing. No switch config needed. |
| 6 | balance-alb | Adaptive load balancing (tx + rx). No switch config needed. |
Mode 1 (active-backup) is the safest for environments where switch configuration is not under your control. Mode 4 (802.3ad / LACP) delivers the best aggregate throughput when the switch supports it.
Bonding with modprobe
The bonding module accepts parameters at load time:
# /etc/modprobe.d/bonding.conf
options bonding mode=4 miimon=100 lacp_rate=fast
# Load the module
sudo modprobe bonding
# Verify
cat /proc/net/bonding/bond0
Bonding with nmcli (NetworkManager)
NetworkManager makes bond creation straightforward:
# Create the bond master
nmcli connection add type bond con-name bond0 ifname bond0 bond.options "mode=802.3ad,miimon=100,lacp_rate=fast"
# Add slave interfaces
nmcli connection add type ethernet con-name bond0-port1 ifname eth0 master bond0
nmcli connection add type ethernet con-name bond0-port2 ifname eth1 master bond0
# Assign an IP to the bond
nmcli connection modify bond0 ipv4.addresses 10.0.0.5/24
nmcli connection modify bond0 ipv4.gateway 10.0.0.1
nmcli connection modify bond0 ipv4.method manual
# Bring it up
nmcli connection up bond0
# Verify
nmcli connection show bond0
cat /proc/net/bonding/bond0
Bonding with ip commands (manual)
# Create the bond interface
ip link add bond0 type bond mode 802.3ad miimon 100
# Enslave physical NICs (they must be down)
ip link set eth0 down
ip link set eth1 down
ip link set eth0 master bond0
ip link set eth1 master bond0
# Bring everything up
ip link set bond0 up
ip link set eth0 up
ip link set eth1 up
# Assign an address
ip addr add 10.0.0.5/24 dev bond0
ip route add default via 10.0.0.1
802.1Q VLANs
VLANs let a single physical link carry multiple isolated layer-2 networks. Each VLAN is identified by an integer tag (1-4094).
# Create VLAN 100 on top of eth0
ip link add link eth0 name eth0.100 type vlan id 100
# Bring it up and assign an address
ip link set eth0.100 up
ip addr add 172.16.100.5/24 dev eth0.100
# Create a second VLAN on the same physical interface
ip link add link eth0 name eth0.200 type vlan id 200
ip link set eth0.200 up
ip addr add 172.16.200.5/24 dev eth0.200
# Verify
ip -d link show eth0.100
cat /proc/net/vlan/eth0.100
VLANs on a bond
A common pattern is to create VLANs on top of a bond:
ip link add link bond0 name bond0.100 type vlan id 100
ip link set bond0.100 up
ip addr add 172.16.100.5/24 dev bond0.100
VLANs with nmcli
nmcli connection add type vlan con-name vlan100 ifname eth0.100 dev eth0 id 100 ipv4.addresses 172.16.100.5/24 ipv4.method manual
nmcli connection up vlan100
Bridges
A Linux bridge connects two or more interfaces at layer 2, just like a physical switch:
# Create the bridge
ip link add br0 type bridge
# Add ports
ip link set eth0 master br0
ip link set eth1 master br0
# Bring everything up
ip link set br0 up
ip link set eth0 up
ip link set eth1 up
# Optionally assign an IP to the bridge (for management)
ip addr add 10.0.0.1/24 dev br0
# Show bridge details
bridge link show
bridge fdb show
Bridges are also the foundation of virtual-machine networking (libvirt, KVM) and container networking (Docker bridge mode).
systemd-networkd configuration
For servers managed by systemd-networkd, .netdev files define virtual
devices and .network files assign addresses and other properties.
Bond
# /etc/systemd/network/10-bond0.netdev
[NetDev]
Name=bond0
Kind=bond
[Bond]
Mode=802.3ad
MIIMonitorSec=100ms
LACPTransmitRate=fast
# /etc/systemd/network/20-eth0.network
[Match]
Name=eth0
[Network]
Bond=bond0
# /etc/systemd/network/20-eth1.network
[Match]
Name=eth1
[Network]
Bond=bond0
# /etc/systemd/network/30-bond0.network
[Match]
Name=bond0
[Network]
Address=10.0.0.5/24
Gateway=10.0.0.1
DNS=8.8.8.8
VLAN
# /etc/systemd/network/40-vlan100.netdev
[NetDev]
Name=bond0.100
Kind=vlan
[VLAN]
Id=100
# /etc/systemd/network/30-bond0.network (add VLAN reference)
[Match]
Name=bond0
[Network]
Address=10.0.0.5/24
Gateway=10.0.0.1
VLAN=bond0.100
# /etc/systemd/network/50-vlan100.network
[Match]
Name=bond0.100
[Network]
Address=172.16.100.5/24
Bridge
# /etc/systemd/network/10-br0.netdev
[NetDev]
Name=br0
Kind=bridge
# /etc/systemd/network/20-eth2.network
[Match]
Name=eth2
[Network]
Bridge=br0
# /etc/systemd/network/30-br0.network
[Match]
Name=br0
[Network]
Address=10.0.0.1/24
# Reload after changes
sudo networkctl reload
networkctl status bond0
networkctl status bond0.100