Aggregated Ethernet interfaces - recommended maximum number of sub-interfaces

cancel
Showing results for 
Search instead for 
Did you mean: 

Aggregated Ethernet interfaces - recommended maximum number of sub-interfaces

L1 Bithead

Hi

I'm just after a bit of advice.

PA3220 - I have configured an aggregated interface and configured a number of sub-interfaces below this for each individual client - is there a maximum recommended number of sub-interfaces that can be configured below the aggregated interface? I am concerned I have over 20 at the moment and I don't want to hinder the PA performance in any way.

Thanks in advance

Jules

Life is not a rehearsal - Enjoy the ride
Football is my passion - IT is a mere sidetrack
3 ACCEPTED SOLUTIONS

Accepted Solutions

Cyber Elite
Cyber Elite

Hi @JulianH 

There is no recommended maximum for subinterfaces. There are only the specification max numbers for interfaces and subinterfaces which are the following for a PA-3220:

802.1q tags per device 4,094
802.1q tags per physical interface 4,094
Max interfaces (logical and physical) 4,096

As these interfaces are used in PAN-OS to decide where to forward traffic and this is all done in hardware you will not see a performance impact even if you go way above your currently 20 subinterfaces. I personally did not use the interfaces until the specified max so far but at least with more than hundret subinterfaces the firewall forwards the traffic as if there would be only one or two interfaces.

Hope this helps,

Remo

View solution in original post

L4 Transporter

Hi @JulianH,

Fully aggree with @vsys_remo. I will only add the possibility to reach the maximum capacity if the aggregated interface.

You may want to consider QoS with separate profile for each sub-interface. Unfortunately here you have limit for of 32 different profiles for each sub-interface. Which means if you plan to go with applying QoS (which probably is good idea to limit the posibility one client to consume most of the interface capacity) you will be limited to 32 sub-interfaces.

 

View solution in original post

Hello,

Another thing to consider is that the other technologies involved. In Hyper-V for example, you are limited to 32 vlans per interface group. 

 

Regards,

View solution in original post

4 REPLIES 4

Cyber Elite
Cyber Elite

Hi @JulianH 

There is no recommended maximum for subinterfaces. There are only the specification max numbers for interfaces and subinterfaces which are the following for a PA-3220:

802.1q tags per device 4,094
802.1q tags per physical interface 4,094
Max interfaces (logical and physical) 4,096

As these interfaces are used in PAN-OS to decide where to forward traffic and this is all done in hardware you will not see a performance impact even if you go way above your currently 20 subinterfaces. I personally did not use the interfaces until the specified max so far but at least with more than hundret subinterfaces the firewall forwards the traffic as if there would be only one or two interfaces.

Hope this helps,

Remo

View solution in original post

L4 Transporter

Hi @JulianH,

Fully aggree with @vsys_remo. I will only add the possibility to reach the maximum capacity if the aggregated interface.

You may want to consider QoS with separate profile for each sub-interface. Unfortunately here you have limit for of 32 different profiles for each sub-interface. Which means if you plan to go with applying QoS (which probably is good idea to limit the posibility one client to consume most of the interface capacity) you will be limited to 32 sub-interfaces.

 

View solution in original post

Hello,

Another thing to consider is that the other technologies involved. In Hyper-V for example, you are limited to 32 vlans per interface group. 

 

Regards,

View solution in original post

L1 Bithead

Thanks all for the responses - much appreciated

Life is not a rehearsal - Enjoy the ride
Football is my passion - IT is a mere sidetrack
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!