Configuring network interfaces

Use bonding to increase the available bandwidth or the fault tolerance of your IBM® QRadar® appliances by combining 2 or more network interfaces into a single channel.

1. On the navigation menu ( ), click Admin.
2. In the System Configuration section, click System and License Management.
3. From the Display menu, click Systems.
4. Select the host for which you want to configure network interfaces.
5. Click Actions > View and Manage System, and click the Network Interfaces tab.
6. To edit a network interface, follow these steps:
   1. Select the device that you want to edit, and click Edit.
   2. In the Role list, select the role for the device:
      • Choose Regular when the device is used for:
        • Data collection (logs/flows(NetFlow/s Flow))
        • Web UI
        • Backup/restore (not limited to iSCSI but can be NFS)

        This interface must have an IP address. The subnet of the interface cannot be the same subnet used by the management interface.

        Tip: Log sources that use the TCP protocol might experience asymmetric routing. If your log sources use the UDP protocol, they are not affected.
      • Choose Monitor when the device is a IBM QRadar QFlow Collector that is used for packet collection. This interface does not require an IP address.
      • Choose Disabled to prevent the device from being used for any network connectivity.
   3. To apply the configuration to the active HA node, click Apply this interface configuration and IP address to the active HA node.
   4. Click Save.
7. To create a bonded network interface, follow these steps:

   You can bond two or more interfaces that have either a regular or monitor role that is assigned to them. You can bond only interfaces that are assigned the same roles.

   1. Select the device and click Bond.
   2. Type the IP address and netmask.
   3. To apply the configuration to the active HA node, click Apply this interface configuration and IP address to the active HA node.
      Note: By selecting this option, you keep the interface active on whichever of the two high-availability (HA) nodes is active. You can use this option on an interface that is used to receive inbound data, such as syslog messages or netflow data records. This option migrates data between the primary and secondary nodes, to whichever one is active.
   4. Enter a bonding option. The default bonding option that is configured on this interface is mode=4.
      Note:

      Bonded interfaces support various modes of operation, depending on the capabilities of the switch that they are connected to. The following table describes the supported bonding modes that you might use.

      Table 1. Bonding modes

      Bonding modes	Bonding name	Description
      mode=1	Active backup	Only one slave is active. Another slave becomes active when the active slave fails.
      mode=4	802.3ad	Uses Link Aggregation Control Protocol (LACP) to create aggregation groups that share duplex settings and speed.

      For more information about configuring specific bonding options, see your vendor-specific operating system documentation.

   5. Click Add and select the interface that you want to add as a slave, and then click OK.
   6. Click Save to create your bonded interface.
8. To break a bonded interface back into single interfaces, select the bonded device, and then click Unbond.