LAGG redesign question

[EHRETic]

Hi there,

I've a question concerning my firewall NIC/LAGG design.

Up to now, I had a single switch (Ubiquiti) and I had 2 physical NICs configured in LACP on my OPNsense firewall. All interfaces were managed by different VLANs (including WAN connectivity)

But to ease the whole firmware patch management and offer redundancy on several systems, I bought a second switch.

Now, as Ubiquiti doesn't offer LACP on several physical switches, I'm wondering what is the best LAGG type I should now configure to have redundancy/a bit of load balancing between both links: would you choose failover, loadbalance or round robin?

My first reflex would be to go to loadbalance, but maybe there is a few things to consider before. Maybe a LAGG is not the best option at all.

Thanks in advance for your advices! ;)

PS: If required/better, I could add 2 physical NICs in the server (but from the load, it is not necessary at all)

[Patrick M. Hausen]

Failover is the only setting that might work. All other settings will lead to packets out of order. Very bad idea.
If you need redundancy, get a pair of switches that support multi-chassis LACP, plain and simple.

[EHRETic]

Failover is the only setting that might work.

Would you know what would mean "If the master port becomes unavailable, the next active port is used."?

Depends really on how the unavailability is defined. The physical connectivity might always be on in case of switch reboot and traffic interrupted anyway ;D

But I guess I'll to try no?

[Patrick M. Hausen]

While the switch reboots the port is not in a forwarding state, so the failure will be detected and a failover occurs. This is not a simple electrical plug. There is signaling and a handshake protocol on the wire for gigabit Ethernet and above.

[EHRETic]

@pmhausen thanks a lot, I think this answers my questions! :)