Linux network bonding lets you combine multiple physical network interfaces into a single logical one, boosting throughput and providing failover if a link goes down.
Here’s a common setup using two 1Gbps NICs (eth0 and eth1) to create a bonded interface (bond0) with active-backup failover:
# Install necessary tools
sudo apt update
sudo apt install net-tools
# Create the bond interface configuration (Debian/Ubuntu)
sudo nano /etc/network/interfaces.d/bond0
auto bond0
iface bond0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.1
bond-slaves eth0 eth1
bond-mode active-backup
bond-miimon 100
bond-downdelay 200
bond-updelay 200
# Configure the physical interfaces to be part of the bond
sudo nano /etc/network/interfaces.d/eth0
auto eth0
iface eth0 inet manual
bond-master bond0
sudo nano /etc/network/interfaces.d/eth1
auto eth1
iface eth1 inet manual
bond-master bond0
# Restart networking services
sudo systemctl restart networking
This configuration creates bond0 with a static IP. eth0 and eth1 are then configured as "manual" interfaces, meaning they don’t get their own IP addresses, and are assigned as slaves to bond0. bond-mode active-backup means only one interface is active at a time, and if it fails, the other takes over. bond-miimon 100 tells the bonding driver to check link status every 100 milliseconds. bond-downdelay and bond-updelay are timing parameters to prevent flapping.
Let’s say you have a server with two 10Gbps NICs, eno1 and eno2, and you want to use LACP (802.3ad) mode for load balancing. This requires a managed switch that also supports LACP.
# Create the bond interface configuration (RHEL/CentOS/Fedora)
sudo nmcli connection add type bond con-name bond0 ifname bond0 bond.mode 802.3ad bond.options "miimon=100,lacp_rate=fast"
sudo nmcli connection add type ethernet slave-type bond con-name bond0-slave-eno1 ifname eno1 master bond0
sudo nmcli connection add type ethernet slave-type bond con-name bond0-slave-eno2 ifname eno2 master bond0
# Assign an IP address to the bond interface
sudo nmcli connection modify bond0 ipv4.method manual ipv4.addresses 192.168.1.101/24 ipv4.gateway 192.168.1.1
# Bring up the interfaces
sudo nmcli connection up bond0
sudo nmcli connection up bond0-slave-eno1
sudo nmcli connection up bond0-slave-eno2
Here, bond-mode 802.3ad enables LACP. lacp_rate=fast means LACPDU packets are sent every second, which is quicker than the default. The slaves (eno1, eno2) are added to the bond, and the IP address is assigned to the bond0 interface itself. On the switch side, you’d configure the corresponding ports into an LACP LAG (Link Aggregation Group).
The primary benefit of bonding is resilience. If your server is connected to two different switches, and one switch fails, the server remains online because the other link is active. Or, if a single cable or NIC fails, traffic seamlessly shifts to the remaining healthy link. With LACP, traffic is distributed across multiple links, increasing aggregate bandwidth and providing redundancy.
Bonding modes dictate how traffic is distributed and how failover occurs.
balance-rr(Round-robin): Transmits packets in sequential order from the first available slave. Good for throughput, but can cause out-of-order packets.active-backup: Only one slave is active. If it fails, another becomes active. Provides redundancy but no increased throughput.balance-xor: Transmits based on a hash of the XOR of the source and destination MAC addresses.802.3ad(LACP): Dynamic negotiation of aggregation. Requires switch support. Distributes traffic based on a hash of selected packet fields (source/dest MAC, IP, port).balance-tlb(Transmit Load Balancing): Transmits based on current transmit load. Receives are on the primary interface.balance-alb(Adaptive Transmit Load Balancing): Includes receive load balancing. Requires kernel support.
The hash algorithm used in modes like balance-xor and 802.3ad determines how packets are distributed. Common options include hashing based on MAC addresses, IP addresses, and TCP/UDP ports. For example, xmit_hash_policy=layer3+4 in 802.3ad uses a hash of the IP and port numbers, which is generally good for distributing TCP/UDP traffic evenly.
If you’re using balance-rr or 802.3ad and notice that a single TCP connection isn’t saturating your combined link speed, it’s likely due to the hashing policy. The system uses the hash to pick a specific physical link for a given flow (defined by source/destination IPs and ports). If all your traffic happens to fall into the same hash bucket for a single destination, that one link will be saturated while others remain idle.
The bonding kernel module itself is responsible for managing the aggregation and failover logic, abstracting the multiple physical NICs into a single virtual interface. When you configure a bond, you’re essentially telling this module which physical devices to manage, what mode to operate in, and how to monitor their status. The network configuration tools (like ifupdown or NetworkManager) are just the user-space interface to load and configure this module.
When a slave interface goes down, the bonding driver removes it from the active set. In active-backup, it immediately switches to the next available slave. In LACP, it re-negotiates with the switch to ensure traffic is sent only over the remaining active links. The miimon (MII link monitoring) parameter is crucial for detecting physical link failures quickly by periodically polling the Media Independent Interface (MII) status of the slave devices.
One of the most surprising aspects is how balance-alb works. Unlike other load-balancing modes that rely on switch cooperation or XOR hashing, balance-alb uses the NIC’s own transmit load to decide which link to send packets out on. It also attempts to balance incoming traffic by having the slave NICs listen on their own MAC addresses, which is a clever trick to distribute receive traffic without explicit switch configuration for load balancing.
The next challenge you’ll likely face is configuring a bond that spans across multiple subnets or requires more advanced load balancing policies.