ON THIS PAGE
Configuring Integrated Routing and Bridging Interfaces on Switches (CLI Procedure)
Example: Configuring Routing Between VLANs on One Switch Using an IRB Interface
Example: Configuring VLAN with Members Across Two Nodes on a Security Device
Example: Configuring IRB Interfaces on QFX5100 Switches over an MPLS Core Network
Example: Configuring a Large Delay Buffer on a Security Device IRB Interface
Configuring a Set of VLANs to Act as a Switch for a Layer 2 Trunk Port
Excluding an IRB Interface from State Calculations on a QFX Series Switch
Verifying Integrated Routing and Bridging Interface Status and Statistics on EX Series Switches
Integrated Routing and Bridging
Understanding Integrated Routing and Bridging
To segment traffic on a LAN into separate broadcast domains, you create separate virtual LANs (VLANs). VLANs limit the amount of traffic flowing across the entire LAN, reducing the possible number of collisions and packet retransmissions within the LAN. For example, you might want to create a VLAN that includes the employees in a department and the resources that they use often, such as printers, servers, and so on.
Figure 1 illustrates a switch routing VLAN traffic between two access layer switches using one of these interfaces.
Of course, you also want to allow these employees to communicate with people and resources in other VLANs. To forward packets between VLANs, you normally need a router that connects the VLANs. However, you can accomplish this forwarding on a switch without using a router by configuring an integrated routing and bridging (IRB) interface. (These interfaces are also called routed VLAN interfaces, or RVIs). Using this approach reduces complexity and avoids the costs associated with purchasing, installing, managing, powering, and cooling another device.
An IRB is a special type of Layer 3 virtual interface named vlan. Like normal Layer 3 interfaces, the vlan interface
needs a logical unit number with an IP address. In fact, to be useful
an IRB needs at least two logical units and two IP addresses—you
must create units with addresses in each of the subnets associated
with the VLANs between which you want traffic to be routed. That is,
if you have two VLANs (for example, VLAN red and VLAN blue) with corresponding subnets, your IRB must have a logical
unit with an address in the subnet for red and a logical
unit with an address in the subnet for blue. The switch
automatically creates direct routes to these subnets and uses these
routes to forward traffic between VLANs. Packets arriving on a Layer
2 interface that are destined for the device’s MAC address are
classified as Layer 3 traffic while packets that are not destined
for the device’s MAC address are classified as Layer 2 traffic.
Packets destined for the device’s MAC address are sent to the
IRB interface. Packets from the device’s routing engine are
sent out the IRB interface.
If you specify a VLAN identifier list in the VLAN configuration, you cannot configure an IRB interface for the VLAN.
If you are using a version of Junos OS that supports Enhanced
Layer 2 Software (ELS), you can also create a Layer 3 virtual interface
named irb instead of vlan—that is, both
statements are supported by ELS
IRB interfaces supporting the Enhanced Layer 2 Software (ELS) configuration style and RVIs that support non-ELS switches provide the same functionality. Where the functionality for both features is the same, this topic uses the term these interfaces to refer collectively to both IRB interfaces and RVIs. Where differences exist between the two features, this topic calls out the IRB interfaces and RVIs separately.
Table 1 shows values you might use when configuring an IRB:
| Property | Settings |
|---|---|
VLAN names and tags (IDs) |
|
Subnets associated with VLANs |
|
IRB name |
interface |
IRB units and addresses |
logical unit 100: logical unit 200: |
For the sake of consistency and to avoid confusion, Table 1 shows IRB logical unit numbers that match the IDs of the corresponding VLANs. However, you do not have to assign logical unit numbers that match the VLAN IDs—you can use any values for the units. To bind the logical units of the IRB to the appropriate VLANs, you use the l3-interface statement.
Because IRBs operate at Layer 3, you can use Layer 3 services such as firewall filters or CoS rewriting with them.
Table 2 shows the number of IRBs/RVIs that each QFX platform supports.
| Platform | Number of Supported IRBs/RVIs |
QFX3500 |
1200 |
QFX3000-G |
1024 |
QFX3000-M |
1024 |
- IRB Interfaces on SRX Series Devices
- When Should I Use an IRB Interface or RVI?
- How Does an IRB Interface or RVI Work?
- Creating an IRB Interface or RVI
- Viewing IRB Interface and RVI Statistics
- IRB Interfaces and RVI Functions and Other Technologies
IRB Interfaces on SRX Series Devices
On SRX1400, SRX1500, SRX3400, SRX3600, SRX4100, SRX4200, SRX4600, SRX5600, and SRX5800 devices, Juniper supports an IRB interface that allows you to terminate management connections in transparent mode. However, you cannot route traffic on that interface or terminate IPsec VPNs. (Platform support depends on the Junos OS release in your installation.)
You can configure only one IRB logical interface for each VLAN.
On SRX300, SRX320, SRX340, SRX345 devices, and SRX550M on the IRB interface, the following features are not supported:
IS-IS (family ISO)
Encapsulations (Ether CCC, VLAN CCC, VPLS, PPPoE, and so on) on VLAN interfaces
CLNS
DVMRP
VLAN interface MAC change
G-ARP
Change VLAN-Id for VLAN interface
Starting with Junos OS Release 15.1X49-D60 and Junos OS Release 17.3R1, interface statistics are supported on the IRB logical interface for SRX300, SRX320, SRX340, SRX345, and SRX550M devices.
To verify the IRB logical interface statistics, enter the show interfaces irb.<index> extensive and show interfaces irb.<index>statistics commands.
When Should I Use an IRB Interface or RVI?
Configure an IRB interface or an RVI for a VLAN if you need to:
Allow traffic to be routed between VLANs.
Provide Layer 3 IP connectivity to the switch.
Monitor individual VLANs for billing purposes. Service providers often need to monitor traffic for this purpose, but this capability can be useful for enterprises where various groups share the cost of the network.
How Does an IRB Interface or RVI Work?
For an IRB interface, the switch provides the name irb, and for an RVI, the switch provides the name vlan. Like all Layer 3 interfaces, these interfaces require a logical unit number with an IP address assigned to it. In fact, to be useful, the implementation of these interfaces in an enterprise with multiple VLANs requires at least two logical units and two IP addresses—you must create units with addresses in each of the subnets associated with the VLANs between which you want traffic to be routed. That is, if you have two VLANs (for example, VLAN red and VLAN blue) with corresponding subnets, your interfaces must have a logical unit with an address in the subnet for red and a logical unit with an address in the subnet for blue. The switch automatically creates direct routes to these subnets and uses these routes to forward traffic between VLANs.
The interface on the switch detects both MAC addresses and IP addresses, then routes data to other Layer 3 interfaces on routers or other switches. These interfaces detect both IPv4 and IPv6 unicast and multicast virtual routing and forwarding (VRF) traffic. Each logical interface can belong to only one routing instance and is further subdivided into logical interfaces, each with a logical interface number appended as a suffix to the names irb and vlan—for example, irb.10 and vlan.10.
Creating an IRB Interface or RVI
You create an IRB logical interface in a similar manner as a Layer 3 interface, but the IRB interface does not support traffic forwarding or routing. The IRB interface cannot be assigned to a security zone; however, you can configure certain services on a per-zone basis to allow host-inbound traffic for management of the device. This allows you to control the type of traffic that can reach the device from interfaces bound to a specific zone.
There are four basic steps in creating an IRB interface or RVI as shown in Figure 2.
The following explanations correspond to the four steps for creating a VLAN, as depicted in Figure 2.
Configure VLANs—Virtual LANs are groups of hosts that communicate as if they were attached to the same broadcast stream. VLANs are created with software and do not require a physical router to forward traffic. VLANs are Layer 2 constructs.
Create IRB interfaces or RVIs for the VLANs—The switch’s IRB interfaces and RVIs use Layer 3 logical interfaces (unlike routers, which can use either physical or logical interfaces).
Assign an IP address to each VLAN—An IRB interface or RVI cannot be activated unless it is associated with a physical interface.
Bind the VLANs to the logical interfaces—There is a one-to-one mapping between a VLAN and an IRB interface or RVI, which means that only one of these interfaces can be mapped to a VLAN.
For specific instructions for creating an IRB interface, see Configuring Integrated Routing and Bridging Interfaces on Switches (CLI Procedure), and for an RVI, see Configuring Routed VLAN Interfaces on Switches (CLI Procedure).
Viewing IRB Interface and RVI Statistics
Some switches automatically track IRB interface and RVI traffic statistics. Other switches allow you to configure tracking. Table 3 illustrates the IRB interface- and RVI-tracking capability on various switches.
Switch |
Input (ingress) |
Output (Egress) |
|---|---|---|
EX4300 |
Automatic |
Automatic |
EX3200, EX4200 |
Automatic |
– |
EX8200 |
Configurable |
Automatic |
EX2200, EX3300, EX4500, EX6200 |
– |
– |
You can view input (ingress) and output (egress) totals with the following commands:
For IRB interfaces, use the
show interfaces irb extensivecommand. Look at the input and output values in the Transit Statistics field for IRB interface activity values.For RVI, use the
show interfaces vlan extensivecommand. Look at the input and output values in the Logical Interface Transit Statistics field for RVI activity values.
IRB Interfaces and RVI Functions and Other Technologies
IRB interfaces and RVIs are similar to switch virtual interfaces (SVIs) and bridge-group virtual interfaces (BVIs), which are supported on other vendors’ devices. They can also be combined with other functions:
VRF is often used in conjunction with Layer 3 subinterfaces, allowing traffic on a single physical interface to be differentiated and associated with multiple virtual routers. For more information about VRF, see Understanding Virtual Routing Instances on EX Series Switches .
For redundancy, you can combine an IRB interface or RVI with implementations of the Virtual Router Redundancy Protocol (VRRP) in both bridging and virtual private LAN service (VPLS) environments. For more information about VRRP, see Understanding VRRP.
See Also
Configuring IRB Interfaces on Switches
Integrated routing and bridging (IRB) interfaces enable a switch to recognize which packets are being sent to local addresses so that they are bridged whenever possible and are routed only when needed. Whenever packets can be switched instead of routed, several layers of processing are eliminated. Switching also reduces the number of address look-ups.
In versions of Junos OS that do not support Enhanced Layer 2 Software (ELS), this type of interface is called a routed VLAN interface (RVI).
When you upgrade from Junos OS Release
15.1X53 to Junos OS Release 17.3R1, you must define an IRB interface
at both the [edit vlans l3-interface] and [edit interfaces
irb] hierarchies, otherwise there will be a commit error.
To configure the routed VLAN interface:
Layer 3 interfaces on trunk ports allow the interface to transfer traffic between multiple VLANs. Within a VLAN, traffic is bridged, while across VLANs, traffic is routed.
You can display the configuration settings:
user@switch> show interfaces irb terse Interface Admin Link Proto Local Remote vlan up up irb.111 up up inet 10.0.0.0/8
user@switch> show vlans
Name Tag Interfaces
default
None
employee-vlan 20
ge-1/0/0.0, ge-1/0/1.0, ge-1/0/2.0
marketing 40
ge-1/0/10.0, ge-1/0/20.0, ge-1/0/30.0
support 111
ge-0/0/18.0
mgmt
bme0.32769, bme0.32771*
user@switch> show ethernet-switching table Ethernet-switching table: 1 entries, 0 learned VLAN MAC address Type Age Interfaces support 00:19:e2:50:95:a0 Static - Router
Configuring Integrated Routing and Bridging for VLANs
Integrated routing and bridging (IRB) provides simultaneous
support for Layer 2 bridging and Layer 3 routing on the
same interface. IRB enables you to route packets to another routed
interface or to another VLAN that has an IRB interface configured.
You configure a logical routing interface by specifying irb as an interface name at the [edit interfaces] hierarchy
level and including that interface in the VLAN.
You can include only one Layer 3 interface in a VLAN.
To configure a VLAN with IRB support, include the following statements:
[edit]
vlans {
vlan-name {
domain-type bridge;
interface interface-name;
l3-interface (VLAN) interface-name;
vlan-id (none | number);
vlan-tags outer number inner number;
}
}
For each VLAN that you configure, specify a vlan-name. You must also specify the value bridge for the domain-type statement.
For the vlan-id statement, you can specify either
a valid VLAN identifier or the none option.
If you configure a Layer 3 interface to support IRB in
a VLAN, you cannot use the all option for the vlan-id statement.
The vlan-tags statement enables you to specify a
pair of VLAN identifiers; an outer tag and an inner tag.
For a single VLAN, you can include either the vlan-id statement or the vlan-tags statement, but not both.
To include one or more logical interfaces in the VLAN, specify
the interface-name for each Ethernet
interface to include that you configured at the [edit interfaces] hierarchy level.
A maximum of 4096 active logical interfaces are supported for a VLAN or on each mesh group in a VPLS routing instance configured for Layer 2 bridging.
To associate a Layer 3 interface with a VLAN, include the l3-interface interface-name statement
and specify an interface-name you configured
at the [edit interfaces irb] hierarchy level. You can configure
only one Layer 3 interface for each VLAN.
IRB interfaces are supported for multicast snooping.
In multihomed VPLS configurations, you can configure VPLS to
keep a VPLS connection up if only an IRB interface is available by
configuring the irb option for the connectivity-type statement at the [edit routing-instances routing-instance-name protocols vpls] hierarchy level. The connectivity-type statement has the ce and irb options. The ce option is the default and specifies that a CE interface is
required to maintain the VPLS connection. By default, if only an IRB
interface is available, the VPLS connection is brought down.
When you configure IRB interfaces in more than one logical system on a device, all of the IRB logical interfaces share the same MAC address.
Configuring Integrated Routing and Bridging Interfaces on Switches (CLI Procedure)
Integrated routing and bridging (IRB) interfaces allow a switch to recognize packets that are being sent to local addresses so that they are bridged (switched) whenever possible and are routed only when necessary. Whenever packets can be switched instead of routed, several layers of processing are eliminated.
An interface named irb functions as a logical router on which you can configure a Layer 3 logical interface for each virtual LAN (VLAN). For redundancy, you can combine an IRB interface with implementations of the Virtual Router Redundancy Protocol (VRRP) in both bridging and virtual private LAN service (VPLS) environments.
Jumbo frames of up to 9216 bytes are supported on an IRB interface. To route jumbo data packets on the IRB interface, you must configure the jumbo MTU size on the member physical interfaces of the VLAN that you have associated with the IRB interface, as well as on the IRB interface itself (the interface named irb).
Setting or deleting the jumbo MTU size on the IRB interface (the interface named irb) while the switch is transmitting packets might result in dropped packets.
To configure the IRB interface:
Using an IRB Interface in a Private VLAN on a Switch
VLANs limit broadcasts to specified users. Private VLANs (PVLANs) take this concept a step further by splitting the broadcast domain into multiple isolated broadcast subdomains and essentially putting secondary VLANs inside a primary VLAN. PVLANs restrict traffic flows through their member switch ports (called “private ports”) so that these ports communicate only with a specified uplink trunk port or with specified ports within the same VLAN. PVLANs are useful for restricting the flow of broadcast and unknown unicast traffic and for limiting the communication between known hosts. Service providers use PVLANs to keep their customers isolated from one another.
Just like regular VLANs, PVLANs are isolated at Layer 2 and normally require that a Layer 3 device be used if you want to route traffic. Starting with Junos OS 14.1X53-D30, you can use an integrated routing and bridging (IRB) interface to route Layer 3 traffic between devices connected to a PVLAN. Using an IRB interface in this way can also allow the devices in the PVLAN to communicate at Layer 3 with devices outside the PVLAN.
Configuring an IRB Interface in a Private VLAN
Use the following guidelines when configuring an IRB interface in a PVLAN:
You can create only one IRB interface in a PVLAN, regardless of how many switches participate in the PVLAN.
The IRB interface must be a member of the primary VLAN in the PVLAN.
Each host device that you want to connect at Layer 3 must use the IP address of the IRB as its default gateway address.
• Because the host devices are isolated at Layer 2, you must configure the following statement for the IRB interface to allow ARP resolution to occur:
set interfaces irb unit unit-number proxy-arp unrestricted
IRB Interface Limitation in a PVLAN
If your PVLAN includes multiple switches, an issue can occur if the Ethernet switching table is cleared on a switch that does not have an IRB interface. If a Layer 3 packet transits the switch before its destination MAC address is learned again, it is broadcast to all the Layer 3 hosts connected to the PVLAN.
Example: Configuring Routing Between VLANs on One Switch Using an IRB Interface
To segment traffic on a LAN into separate broadcast domains, you create separate virtual LANs (VLANs). For example, you might want to create a VLAN that includes the employees in a department and the resources that they use often, such as printers, servers, and so on.
Of course, you also want to allow these employees to communicate with people and resources in other VLANs. To forward packets between VLANs you normally you need a router that connects the VLANs. However, you can accomplish this on a Juniper Networks switch without using a router by configuring an integrated routing and bridging (IRB) interface (also known as a routed VLAN interface—or RVI—in versions of Junos OS that do not support Enhanced Layer 2 Software). Using this approach reduces complexity and avoids the costs associated with purchasing, installing, managing, powering, and cooling another device.
Requirements
This example uses the following hardware and software components:
One switch
Junos OS Release 11.1 or later
Overview and Topology
This example uses an IRB to route traffic between two VLANs on the same switch. The topology is shown in Figure 3.
This example shows a simple configuration to illustrate the
basic steps for creating two VLANs on a single switch and configuring
an IRB to enable routing between the VLANs. One VLAN, called blue, is for the sales and marketing group, and a second, called red, is for the customer support team. The sales and support
groups each have their own file servers and wireless access points.
Each VLAN must have a unique name, tag (VLAN ID), and distinct IP
subnet. Table 4 lists the components
of the sample topology.
Topology
| Property | Settings |
|---|---|
VLAN names and tag IDs |
|
Subnets associated with VLANs |
|
Interfaces in VLAN |
Sales server port: |
Interfaces in VLAN |
Support server port: |
IRB name |
interface |
IRB units and addresses |
logical unit 100: logical unit 200: |
This configuration example creates two IP subnets, one for the blue VLAN and the second for the red VLAN. The switch bridges traffic within the VLANs. For traffic passing between two VLANs, the switch routes the traffic using an IRB on which you have configured addresses in each IP subnet.
To keep the example simple, the configuration steps show only a few interfaces and VLANs. Use the same configuration procedure to add more interfaces and VLANs. By default, all interfaces are in access mode, so you do not have to configure the port mode.
Configure Layer 2 switching for two VLANs
Procedure
CLI Quick Configuration
To quickly configure Layer 2 switching for
the two VLANs (blue and red) and to quickly
configure Layer 3 routing of traffic between the two VLANs, copy the
following commands and paste them into the switch terminal window:
The following example uses a version of Junos OS that
supports Enhanced Layer 2 Software (ELS). When you use ELS, you create
a Layer 3 virtual interface named irb. If you are using a version of Junos
OS that does not support ELS, you create a Layer 3 virtual interface
named vlan.
[edit] set interfaces xe-0/0/4 unit 0 description “Sales server port” set interfaces xe-0/0/4 unit 0 family ethernet-switching vlan members blue set interfaces xe-0/0/6 unit 0 description “Sales wireless access point port” set interfaces xe-0/0/6 unit 0 family ethernet-switching vlan members blue set interfaces xe-0/0/0 unit 0 description “Support servers” set interfaces xe-0/0/0 unit 0 family ethernet-switching vlan members red set interfaces xe-0/0/2 unit 0 description “Support wireless access point port” set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members red set interfaces irb unit 100 family inet address 192.0.2.1/25 set interfaces irb unit 200 family inet address 192.0.2.129/25 set vlans blue l3-interface irb.100 set vlans blue vlan-id 100 set vlans red vlan-id 200 set vlans red l3-interface irb.200
Step-by-Step Procedure
To configure the switch interfaces and the VLANs to which they belong:
Configure the interface for the sales server in the blue VLAN:
[edit interfaces xe-0/0/4 unit 0] user@switch# set description “Sales server port” user@switch# set family ethernet-switching vlan members blue
Configure the interface for the wireless access point in the blue VLAN:
[edit interfaces xe-0/0/6 unit 0] user@switch# set description “Sales wireless access point port” user@switch# set family ethernet-switching vlan members blue
Configure the interface for the support server in the red VLAN:
[edit interfaces xe-0/0/0 unit 0] user@switch# set description “Support server port” user@switch# set family ethernet-switching vlan members red
Configure the interface for the wireless access point in the red VLAN:
[edit interfaces xe-0/0/2 unit 0] user@switch# set description “Support wireless access point port” user@switch# set family ethernet-switching vlan members red
Step-by-Step Procedure
Now create the VLANs and the IRB. The IRB will have logical units in the broadcast domains of both VLANs.
Create the red and blue VLANs by configuring the VLAN IDs for them:
[edit vlans] user@switch# set blue vlan-id 100 user@switch# set red vlan-id 200
Create the interface named
irbwith a logical unit in the sales broadcast domain (blue VLAN):[edit interfaces] user@switch# set irb unit 100 family inet address 192.0.2.1/25
The unit number is arbitrary and does not have to match the VLAN tag ID. However, configuring the unit number to match the VLAN ID can help avoid confusion.
Add a logical unit in the support broadcast domain (red VLAN) to the
irbinterface:[edit interfaces] user@switch# set irb unit 200 family inet address 192.0.2.129/25
Complete the IRB configuration by binding the red and blue VLANs (Layer 2) with the appropriate logical units of the
irbinterface (Layer 3):[edit vlans] user@switch# set blue l3-interface irb.100 user@switch# set red l3-interface irb.200
Configuration Results
Display the results of the configuration:
user@switch> show configuration
interfaces {
xe-0/0/4 {
unit 0 {
description “Sales server port”;
family ethernet-switching {
vlan members blue;
}
}
}
xe-0/0/6 {
unit 0 {
description “Sales wireless access point port”;
family ethernet-switching {
vlan members blue;
}
}
}
xe-0/0/0 {
unit 0 {
description “Support server port”;
family ethernet-switching {
vlan members red;
}
}
}
xe-0/0/2 {
unit 0 {
description “Support wireless access point port”;
family ethernet-switching {
vlan members red;
}
}
}
irb {
unit 100 {
family inet address 192.0.2.1/25;
}
unit 200 {
family inet address 192.0.2.129/25;
}
}
}
}
vlans {
blue {
vlan-id 100;
interface xe-0/0/4.0:
interface xe-0/0/6.0;
l3-interface irb 100;
}
red {
vlan-id 200;
interface xe-0/0/0.0:
interface xe-0/0/2.0;
l3-interface irb 200;
}
}
To quickly configure the blue and red VLAN interfaces,
issue the load merge terminal command, copy the hierarchy,
and paste it into the switch terminal window.
Verification
To verify that the blue and redVLANs have been created and are operating properly, perform
these tasks:
- Verifying That the VLANs Have Been Created and Associated with the Correct Interfaces
- Verifying That Traffic Can Be Routed Between the Two VLANs
Verifying That the VLANs Have Been Created and Associated with the Correct Interfaces
Purpose
Verify that the VLANs blue and red have been created on the switch and that all connected interfaces
on the switch are members of the correct VLAN.
Action
List all VLANs configured on the switch:
user@switch> show vlans Name Tag Interfaces default xe-0/0/0.0, xe-0/0/2.0, xe-0/0/4.0, xe-0/0/6.0, blue 100 xe-0/0/4.0, xe-0/0/6, red 200 xe-0/0/0.0, xe-0/0/2.0, * mgmt me0.0*
Meaning
The show vlans command lists all VLANs configured
on the switch and which interfaces are members of each VLAN. This
command output shows that the blue and red VLANs
have been created. The blue VLAN has a tag ID of 100 and
is associated with interfaces xe-0/0/4.0 and xe-0/0/6.0. VLAN red has a tag ID of 200 and is associated with
interfaces xe-0/0/0.0 and xe-0/0/2.0.
Verifying That Traffic Can Be Routed Between the Two VLANs
Purpose
Verify routing between the two VLANs.
Action
Verify that the IRB logical units are up:
user@switch> show interfaces terse irb.100 up up inet 192.0.2.1/25 irb.200 up up inet 192.0.2.129/25
At least one port (access or trunk) with an appropriate
VLAN assigned to it must be up for the irb interface to
be up.
Verify that switch has created routes that use the IRB logical units:
user@switch> show route
192.0.2.0/25 *[Direct/0] 1d 03:26:45
> via irb.100
192.0.2.1/32 *[Local/0] 1d 03:26:45
Local via irb.100
192.0.2.128/25 *[Direct/0] 1d 03:26:45
> via irb.200
192.0.2.129/32 *[Local/0] 1d 03:26:45
Local via irb.200List the Layer 3 routes in the switch's Address Resolution Protocol (ARP) table:
user@switch> show arp MAC Address Address Name Flags 00:00:0c:06:2c:0d 192.0.2.7 irb.100 None 00:13:e2:50:62:e0 192.0.2.132 irb.200 None
Meaning
The output of the show interfaces and show route commands show that the
Layer 3 IRB logical units are working and the switch has used them
to create direct routes that it will use to forward traffic between
the VLAN subnets. The show arp command
displays the mappings between the IP addresses and MAC addresses for
devices on both irb.100 (associated with VLAN blue) and irb.200 (associated with VLAN red).These
two devices can communicate.
Example: Configuring an IRB Interface on a Security Device
This example shows how to configure an IRB interface so it can act as a Layer 3 routing interface for a VLAN.
Requirements
Before you begin, configure a VLAN with a single VLAN identifier. See Example: Configuring VLANs on Security Devices.
Overview
In this example, you configure the IRB logical interface unit 0 with the family type inet and IP address 10.1.1.1/24, and then reference the IRB interface irb.10 in the vlan10 configuration. Then you enable Web authentication on the IRB interface and activate the webserver on the device.
To complete the Web authentication configuration, you must perform the following tasks:
Define the access profile and password for a Web authentication client.
Define the security policy that enables Web authentication for the client.
Either a local database or an external authentication server can be used as the Web authentication server.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
copy and paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set interfaces ge-1/0/0 unit 0 family ethernet-switching interface-mode trunk set interfaces ge-1/0/0 unit 0 family ethernet-switching vlan members 10 set interface irb unit 10 family inet address 10.1.1.1/24 web-authentication http set vlans vlan10 vlan-id 10 set vlans vlan10 l3-interface irb.10 set system services web-management http
Procedure
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure an IRB interface:
Create a Layer 2 trunk interface.
[edit] user@host# set interfaces ge-1/0/0 unit 0 family ethernet-switching interface-mode trunk user@host# set interfaces ge-1/0/0 unit 0 family ethernet-switching vlan members 10
Create an IRB logical interface.
[edit] user@host# set interface irb unit 10 family inet address 10.1.1.1/24 web-authentication http
Create a Layer 2 VLAN.
[edit] user@host# set vlans vlan10 vlan-id 10
Associate the IRB interface with the VLAN.
[edit] user@host# set vlans vlan10 l3-interface irb.10
Activate the webserver.
[edit] user@host# set system services web-management http
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Verification
To verify the configuration is working properly,
enter the show interface irb , and show vlans commands.
Example: Configuring VLAN with Members Across Two Nodes on a Security Device
Requirements
This example uses the following hardware and software components:
configure a switching fabric interface on both nodes to configure Ethernet switching-related features on the nodes. See Example: Configuring Switch Fabric Interfaces to Enable Switching in Chassis Cluster Mode on a Security Device
SRX240 security device
Junos OS 12.3X48-D90
interface-mode is supported in 15.1X49 release.
port-mode is supported in 12.1 and 12.3X48 releases.
Overview
This example shows the configuration of a VLAN with members across node 0 and node 1.
Configuration
Procedure
CLI Quick Configuration
To quickly configure this section of the example,
copy the following commands, paste them into a text file, remove any
line breaks, change any details necessary to match your network configuration,
copy and paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from configuration mode.
set interfaces ge-0/0/3 unit 0 family ethernet-switching port-mode access set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members vlan100 set interfaces ge0/0/4 unit 0 family ethernrt-switching port-mode access set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members vlan100 set interfaces ge-7/0/5 unit 0 family ethernet-switching port-mode trunk set interfaces ge-7/0/5 unit 0 family ethernet-switching vlan members vlan100 set interfaces vlan unit 100 family inet address 11.1.1.1/24 set vlans vlan100 vlan-id 100 set vlans vlan100 l3-interface vlan.100
Step-by-Step Procedure
To configure VLAN:
Configure Ethernet switching on the node0 interface.
{primary:node0} [edit] user@host# set interfaces ge-0/0/3 unit 0 family ethernet-switching port-mode access user@host# set interfaces ge0/0/4 unit 0 family ethernet-switching port-mode accessConfigure Ethernet switching on the node1 interface.
{primary:node0} [edit] user@host# set interfaces ge-7/0/5 unit 0 family ethernet-switching port-mode trunkCreate VLAN vlan100 with vlan-id 100.
{primary:node0} [edit] user@host# set vlans vlan100 vlan-id 100Add interfaces from both nodes to the VLAN.
{primary:node0} [edit] user@host# set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members vlan100 user@host# set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members vlan100 user@host# set interfaces ge-7/0/5 unit 0 family ethernet-switching vlan members vlan100Create a VLAN interface.
user@host# set interfaces vlan unit 100 family inet address 11.1.1.1/24
Associate an VLAN interface with the VLAN.
user@host# set vlans vlan100 l3-interface vlan.100
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Results
From configuration mode, confirm your configuration
by entering the show vlans and show interfaces commands. If the output does not display the intended configuration,
repeat the configuration instructions in this example to correct the
configuration.
[edit]
user@host# show vlans
vlan100 {
vlan-id 100;
l3-interface vlan.100;
}
[edit]
user@host# show interfaces
ge-0/0/3 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members vlan100;
}
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members vlan100;
}
}
}
}
ge-7/0/5 {
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members vlan100;
}
}
}
}
Verification
Verifying VLAN
Purpose
Verify that the configuration of VLAN is working properly.
Action
From operational mode, enter the show interfaces
terse ge-0/0/3 command to view the node 0 interface.
user@host> show interfaces terse ge-0/0/3 Interface Admin Link Proto Local Remote ge-0/0/3 up up ge-0/0/3.0 up up eth-switch
From operational mode, enter the show interfaces terse
ge-0/0/4 command to view the node 0 interface.
user@host> show interfaces terse ge-0/0/4 Interface Admin Link Proto Local Remote ge-0/0/4 up up ge-0/0/4.0 up up eth-switch
From operational mode, enter the show interfaces terse
ge-7/0/5 command to view the node1 interface.
user@host> show interfaces terse ge-7/0/5 Interface Admin Link Proto Local Remote ge-7/0/5 up up ge-7/0/5.0 up up eth-switch
From operational mode, enter the show vlans command
to view the VLAN interface.
user@host> show vlans
Routing instance VLAN name Tag Interfaces
default-switch default 1
default-switch vlan100 100 ge-0/0/3.0*
ge-0/0/4.0*
ge-7/0/5.0*From operational mode, enter the show ethernet-switching
interface command to view the information about Ethernet switching
interfaces.
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
LH - MAC limit hit, DN - interface down,
MMAS - Mac-move action shutdown, AS - Autostate-exclude enabled,
SCTL - shutdown by Storm-control )
Logical Vlan TAG MAC STP Logical Tagging
interface members limit state interface flags
ge-0/0/3.0 16383 DN untagged
vlan100 100 1024 Discarding untagged
ge-0/0/4.0 16383 DN untagged
vlan100 100 1024 Discarding untagged
ge-7/0/5.0 16383 DN tagged
vlan100 100 1024 Discarding taggedMeaning
The output shows the VLANs are configured and working fine.
Example: Configuring IRB Interfaces on QFX5100 Switches over an MPLS Core Network
Starting with Junos OS Release 14.1X53-D40 and Junos OS Release 17.1R1, QFX5100 switches support integrated routing and bridging (IRB) interfaces over an MPLS core network. An IRB interface is a logical Layer 3 VLAN interface used to route traffic between VLANs.
By definition, VLANs divide a LAN’s broadcast environment into isolated virtual broadcast domains, thereby limiting the amount of traffic flowing across the entire LAN and reducing the possible number of collisions and packet retransmissions within the LAN. To forward packets between different VLANs, you traditionally needed a router that connects the VLANs. However, using the Junos OS you can accomplish this inter-VLAN forwarding without using a router by simply configuring an IRB interface on the switch.
The IRB interface functions as a logical switch on which you can configure a Layer 3 logical interface for each VLAN. The switch relies on its Layer 3 capabilities to provide this basic routing between VLANs. With an IRB interface, you can configure label-switched paths (LSPs) to enable the switch to recognize which packets are being sent to local addresses, so that they are bridged (switched) whenever possible and are routed only when necessary. Whenever packets can be switched instead of routed, several layers of processing are eliminated.
This example shows how to configure an IRB interface over an MPLS core network using QFX5100 switches.
Requirements
This example uses the following hardware and software components:
Three QFX5100 switches
Junos OS Release 14.1X53-D40 or later
Before you begin, be sure you have:
An understanding of IRB concepts. See Understanding Integrated Routing and Bridging for an overview of IRB.
The required ternary content addressable memory (TCAM) space available on the switch. TCAM rules must be observed while configuring and implementing IRBs. For detailed information, see MPLS Limitations on QFX Series and EX4600 Switches.
Overview and Topology
Figure 4 illustrates a sample topology for configuring IRB over an MPLS core network. In this example, an LSP is established between the ingress provider edge switch (PE1) and the provider edge egress switch (PE2). An IRB Layer 3 interface (irb.0) is configured on switches P and PE2, and associated to VLAN 100. In this configuration, the P switch replaces (swaps) the label at the top of the label stack with a new label, adds the VLAN identifier 100 to the MPLS packet, and then sends the packet out the IRB interface. PE2 receives this vlan-tagged MPLS packet, removes (pops) the label from the top of the label stack, performs a regular IP route lookup, and then forwards the packet with its IP header to the next-hop address.
Configuration
To configure the topology in this example, perform these tasks:
- Configuring the Local Ingress PE Switch
- Configuring the Provider Switch
- Configuring the Remote Egress PE Switch
Configuring the Local Ingress PE Switch
CLI Quick Configuration
To quickly configure the local ingress PE switch (PE1), copy and paste the following commands into the switch terminal window of switch PE1:
set interfaces xe-0/0/12 unit 0 family inet address 10.0.0.1/24 set interfaces xe-0/0/12 unit 0 family mpls set interfaces lo0 unit 0 family inet address 192.168.0.1/32 set routing-options router-id 192.168.0.1 set routing-options autonomous-system 65550 set policy-options policy-statement pplb then load-balance per-packet set routing-options forwarding-table export pplb set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface em0.0 disable set protocols mpls interface all set protocols ldp interface xe-0/0/12.0 set protocols ldp interface lo0.0
Step-by-Step Procedure
To configure the ingress PE switch (PE1):
Configure the interfaces.
[edit interfaces] user@switchPE1# set xe-0/0/12 unit 0 family inet address 10.0.0.1/24 user@switchPE1# set xe-0/0/12 unit 0 family mpls user@switchPE1# set lo0 unit 0 family inet address 192.168.0.1/32
Configure the router ID and autonomous system (AS) number.
Note:We recommend that you explicitly configure the router identifier under the
[edit routing-options]hierarchy level to prevent unpredictable behavior if the interface address on a loopback interface changes.[edit routing-options] user@switchPE1# set router-id 192.168.0.1/32 user@switchPE1# set autonomous-system 65550
Configure and apply an export routing policy to the forwarding table for per-packet load balancing.
[edit policy-options] user@switchPE1# set policy-statement pplb then load-balance per-packet [edit routing-options] user@switchPE1# set forwarding-table export pplb
Create an OSPF area and set the loopback address to be passive.
[edit protocols ospf] user@switchPE1# set area 0.0.0.0 interface all user@switchPE1# set area 0.0.0.0 interface lo0.0 passive user@switchPE1# set area 0.0.0.0 interface em0.0 disable
Enable MPLS on all interfaces.
[edit protocols mpls] user@switchPE1# set interface all
Configure LDP on the provider-facing and loopback interfaces.
[edit protocols ldp] user@switchPE1# set interface xe-0/0/12.0 user@switchPE1# set interface lo0.0
Results
Display the results of the PE1 switch configuration:
user@switchPE1# show
interfaces {
xe-0/0/12 {
unit 0 {
family inet {
address 10.0.0.1/24;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.1/32;
}
}
}
}
}
routing-options {
router-id 192.168.0.1;
autonomous-system 65550;
forwarding-table {
export pplb;
}
}
protocols {
mpls {
interface all;
}
ospf {
area 0.0.0.0 {
interface all;
interface lo0.0 {
passive;
}
interface em0.0 {
disable;
}
}
}
ldp {
interface xe-0/0/12.0
interface lo0.0;
}
}
policy-options {
policy-statement pplb {
then {
load-balance per-packet;
}
}
}
Configuring the Provider Switch
CLI Quick Configuration
To quickly configure the provider switch (P), copy and paste the following commands into the switch terminal window of the P switch:
set interfaces xe-0/0/12 unit 0 family inet address 10.0.0.2/24 set interfaces xe-0/0/12 unit 0 family mpls set interfaces xe-0/0/10 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/10 unit 0 family ethernet-switching vlan members v100 set interfaces lo0 unit 0 family inet address 192.168.0.2/32 set interfaces irb unit 0 family inet address 10.0.1.2/24 set interfaces irb unit 0 family mpls set routing-options router-id 192.168.0.2 set routing-options autonomous-system 65550 set policy-options policy-statement pplb then load-balance per-packet set routing-options forwarding-table export pplb set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface em0.0 disable set protocols mpls interface all set protocols ldp interface all set vlans v100 vlan-id 100 set vlans v100 l3-interface irb.0
Step-by-Step Procedure
To configure the provider switch (P):
Configure the physical and loopback interfaces.
[edit interfaces] user@switchP# set xe-0/0/12 unit 0 family inet address 10.0.0.2/24 user@switchP# set xe-0/0/12 unit 0 family mpls user@switchP# set xe-0/0/10 unit 0 family ethernet-switching interface-mode trunk user@switchP# set xe-0/0/10 unit 0 family ethernet-switching vlan members v100 user@switchP# set lo0 unit 0 family inet address 192.168.0.2/32
Configure an IRB interface.
[edit interfaces] user@switchP# set irb unit 0 family inet address 10.0.1.2/24 user@switchP# set irb unit 0 family mpls
Configure the router ID and AS number.
Note:We recommend that you explicitly configure the router identifier under the
[edit routing-options]hierarchy level to avoid unpredictable behavior if the interface address on a loopback interface changes.[edit routing-options] user@switchP# router-id 192.168.0.2 user@switchP# set autonomous-system 65550
Configure and apply an export routing policy to the forwarding table for per-packet load balancing.
[edit policy-options] user@switchP# set policy-statement pplb then load-balance per-packet [edit routing-options] user@switchP# set forwarding-table export pplb
Enable OSPF and set the loopback address to passive.
[edit protocols ospf] user@switchP# set area 0.0.0.0 interface all user@switchP# set area 0.0.0.0 interface lo0.0 passive user@switchP# set area 0.0.0.0 interface em0.0 disable
Enable MPLS on all interfaces.
[edit protocols mpls] user@switchP# set interface all
Configure LDP to include all interfaces.
[edit protocols ldp] user@switchP# set interface all
Create the VLAN and associate the IRB interface to it.
[edit vlans] user@switchP# set v100 vlan-id 100 user@switchP# set v100 l3-interface irb.0
Note:Layer 3 interfaces on trunk ports allow the interface to transfer traffic between multiple VLANs. Within a VLAN, traffic is switched, while across VLANs, traffic is routed.
Results
Display the results of the provider switch configuration:
user@switchP# show
interfaces {
xe-0/0/10 {
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members v100;
}
}
}
}
xe-0/0/12 {
unit 0
family inet {
address 10.0.0.2/24;
}
family mpls;
}
irb {
unit 0 {
family inet {
address 10.0.1.2/24;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.2/32;
}
}
}
}
routing-options {
router-id 192.168.0.2;
autonomous-system 65550;
forwarding-table {
export pplb;
}
}
protocols {
mpls {
interface all;
}
ospf {
area 0.0.0.0 {
interface all;
interface lo0.0 {
passive;
}
interface em0.0 {
disable;
}
}
}
ldp {
interface all;
}
}
policy-options {
policy-statement pplb {
then {
load-balance per-packet;
}
}
}
vlans {
v100 {
vlan-id 100;
l3-interface irb.0;
}
}
Configuring the Remote Egress PE Switch
CLI Quick Configuration
To quickly configure the remote egress PE switch (PE2), copy and paste the following commands into the switch terminal window of PE2:
set interfaces xe-0/0/10 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/10 unit 0 family ethernet-switching vlan members v100 set interfaces irb unit 0 family inet address 10.0.1.3/24 set interfaces lo0 unit 0 family inet address 192.168.0.3/32 set interfaces irb unit 0 family mpls set routing-options router-id 192.168.0.3 set routing-options autonomous-system 65550 set policy-options policy-statement pplb then load-balance per-packet set routing-options forwarding-table export pplb set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface lo0.0 passive set protocols ospf area 0.0.0.0 interface em0.0 disable set protocols mpls interface all set protocols ldp interface all set vlans v100 vlan-id 100 set vlans v100 l3-interface irb.0
Step-by-Step Procedure
To configure the remote PE switch (PE2):
Configure the physical and loopback interfaces.
[edit interfaces] user@switchPE2# set xe-0/0/10 unit 0 family ethernet-switching interface-mode trunk user@switchPE2# set xe-0/0/10 unit 0 family ethernet-switching vlan members v100 user@switchPE2# set lo0 unit 0 family inet address 192.168.0.3/32
Configure an IRB interface.
[edit interfaces] user@switchPE2# set irb unit 0 family inet address 10.0.1.3/24 user@switchPE2# set irb unit 0 family mpls
Configure the the router ID and AS number.
[edit routing-options] user@switchPE2# set router-id 192.168.0.3/32 user@switchPE2# set autonomous-system 65550
Configure and apply an export routing policy to the forwarding table for per-packet load balancing.
[edit policy-options] user@switchPE2# set policy-statement pplb then load-balance per-packet [edit routing-options] user@switchPE2# set forwarding-table export pplb
Enable OSPF.
[edit protocols ospf] user@switchPE2# set area 0.0.0.0 interface all user@switchPE2# set area 0.0.0.0 interface lo0.0 passive user@switchPE2# set area 0.0.0.0 interface em0.0 disable
Enable MPLS on all interfaces.
[edit protocols mpls] user@switchPE2# set interface all
Configure LDP to include all interfaces.
[edit protocols ldp] user@switchPE2# set interface all
Create the VLAN and associate the IRB interface to it.
[edit vlans] user@switchPE2# set v100 vlan-id 100 user@switchPE2# set v100 l3-interface irb.0
Results
Display the results of the PE2 switch configuration:
user@switchPE2# show
interfaces {
xe-0/0/10 {
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members v100;
}
}
}
irb {
unit 0 {
family inet {
address 10.0.1.3/24;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 192.168.0.3;
}
}
}
}
routing-options {
router-id 192.168.0.3;
autonomous-system 65550;
forwarding-table {
export pplb;
}
}
protocols {
mpls {
interface all;
}
ospf {
area 0.0.0.0 {
interface all;
interface lo0.0 {
passive;
}
interface em0.0 {
disable;
}
}
}
ldp {
interface all;
}
}
policy-options {
policy-statement pplb {
then {
load-balance per-packet;
}
}
}
vlans {
v100 {
vlan-id 100;
l3-interface irb.0;
}
}
Example: Configuring a Large Delay Buffer on a Security Device IRB Interface
This example shows how to configure a large delay buffer on an IRB interface to help slower interfaces avoid congestion and packet dropping when they receive large bursts of traffic.
Requirements
Before you begin, enable the large buffer feature on the IRB interface and then configure a buffer size for each queue in the CoS scheduler. See Scheduler Buffer Size Overview.
Overview
On devices, you can configure large delay buffers on an irb interfaces.
In this example, you configure scheduler map to associate schedulers
to a defined forwarding class be-class, ef-class , af-class, and nc-class using scheduler map large-buf-sched-map. You apply scheduler maps to irb interface,
and define per-unit scheduler for the IRB interface.
Configuration
Procedure
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
copy and paste the commands into the CLI at the [edit] hierarchy
level, and then enter commit from the configuration mode.
set class-of-service scheduler-maps large-buf-sched-map forwarding-class be-class scheduler be-scheduler set class-of-service scheduler-maps large-buf-sched-map forwarding-class ef-class scheduler ef-scheduler set class-of-service scheduler-maps large-buf-sched-map forwarding-class af-class scheduler af-scheduler set class-of-service scheduler-maps large-buf-sched-map forwarding-class nc-class scheduler nc-scheduler set class-of-service interfaces irb unit 0 scheduler-map large-buf-sched-map set interfaces irb per-unit-scheduler
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
To configure a large delay buffer on a channelized T1 interface:
Configure the scheduler map to associate schedulers with defined forwarding classes.
[edit class-of-service] set scheduler-maps large-buf-sched-map forwarding-class be-class scheduler be-scheduler set scheduler-maps large-buf-sched-map forwarding-class ef-class scheduler ef-scheduler set scheduler-maps large-buf-sched-map forwarding-class af-class scheduler af-scheduler set scheduler-maps large-buf-sched-map forwarding-class nc-class scheduler nc-scheduler
Apply the scheduler map to the IRB interface.
[edit ] user@host# set interfaces irb unit 0 scheduler-map large-buf-sched-map
Define the per-unit scheduler for the irb interface.
[edit ] user@host# set interfaces irb per-unit-scheduler
Results
From configuration mode, confirm your configuration
by entering the show class-of-service and show chassis commands. If the output does not display the intended configuration,
repeat the configuration instructions in this example to correct it.
[edit]
user@host# show class-of-service
interfaces {
irb {
unit 0 {
scheduler-map large-buf-sched-map;
}
}
}
scheduler-maps {
large-buf-sched-map {
forwarding-class be-class scheduler be-scheduler;
forwarding-class ef-class scheduler ef-scheduler;
forwarding-class af-class scheduler af-scheduler;
forwarding-class nc-class scheduler nc-scheduler;
}
}
If you are done configuring the device, enter commit from configuration mode.
Verification
Verifying Large Delay Buffers Configuration
Purpose
Verify that the large delay buffers are configured properly.
Action
From configuration mode, enter the show class-of-service
interface irb command.
user@host> show class-of-service interface irb Physical interface: irb, Index: 132 Maximum usable queues: 8, Queues in use: 4Code point type: dscp Scheduler map: <default>, Index :2 Congestion-notification: Disabled Logical interface: irb.10, Index: 73 Object Name Type Index Classifier ipprec-compatibility ip 13
Meaning
The large delay buffers are configured on IRB interface as expected.
Configuring a Set of VLANs to Act as a Switch for a Layer 2 Trunk Port
You can configure a set of VLANs that are associated with a Layer 2 trunk port. The set of VLANs function as a switch. Packets received on a trunk interface are forwarded within a VLAN that has the same VLAN identifier. A trunk interface also provides support for IRB, which provides support for Layer 2 bridging and Layer 3 IP routing on the same interface.
To configure a Layer 2 trunk port and set of VLANs, include the following statements:
[edit interfaces]
interface-name {
unit number {
family ethernet-switching {
interface-mode access;
vlan-members (vlan-name | vlan-tag);
}
}
}
interface-name {
native-vlan-id number;
unit number {
family ethernet-switching {
interface-mode trunk;
vlan-members (vlan-name | vlan-tag);
}
}
}
[edit vlans ]
vlan-name {
vlan-id number;
vlan-id-list [ vlan-id-numbers ];
. . . .
}
You must configure a VLAN and VLAN identifier for each VLAN
associated with the trunk interface. You can configure one or more
trunk or access interfaces at the [edit interfaces] hierarchy
level. An access interface enables you to accept packets with no VLAN
identifier.
Excluding an IRB Interface from State Calculations on a QFX Series Switch
IRB interfaces are used to bind specific VLANs to Layer 3 interfaces, enabling a switch to forward packets between those VLANs— without having to configure another device, such as a router, to connect VLANs. Because an IRB interface often has multiple ports in a single VLAN, the state calculation for a VLAN member might include a port that is down, possibly resulting in traffic loss.
Starting with Junos OS Release 14.1X53-D40 and Junos OS Release 17.3R1 on QFX5100 switches, this feature enables you to exclude a trunk or access interface from the state calculation, which means that as soon as the port assigned to a member VLAN goes down, the IRB interface for the VLAN is also marked as down. In a typical scenario, one port on the interface is assigned to a single VLAN, while a second port on that interface is assigned to a trunk interface that carries traffic between multiple VLANs. A third port is often also assigned to an access interface to connect the VLAN to network devices.
Before you begin:
Configure VLANs
Configure IRB interfaces for the VLANs.
For more information about configuring IRB interfaces, see Example: Configuring Routing Between VLANs on One Switch Using an IRB Interface.
To exclude an access or 802.1Q trunk interface from the state calculations for an IRB interface:
Verifying Integrated Routing and Bridging Interface Status and Statistics on EX Series Switches
Purpose
Determine status information and traffic statistics for integrated routing and bridging (IRB) interfaces.
Action
Display IRB interfaces and their current states:
user@switch> show interfaces irb terse Interface Admin Link Proto Local Remote irb up up irb.111 up up inet 10.111.111.1/24 ...
Display Layer 2 VLANs, including any tags assigned to the VLANs and the interfaces associated with the VLANs:
user@switch> show vlans
Routing instance VLAN name Tag Interfaces
default-switch irb 101
default-switch support 111
ge-0/0/18.0
...
Display Ethernet switching table entries for the VLAN that is attached to the IRB interface:
user@switch> show ethernet-switching table
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned
SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)
Routing instance : default-switch
Vlan MAC MAC Age Logical
Name address flags interface
support 00:01:02:03:04:05 S - ge-0/0/18.0
...
Display the ingress-counting statistics of an IRB interface
with either the show interfaces irb detail command or the show interfaces irb extensive command. Ingress counting is displayed as Input bytes and Input packets and egress counting is displayed as Output
bytes and Output packets under Transit Statistics.
user@switch> show interfaces irb .111 detail Logical interface irb.111 (Index 65) (SNMP ifIndex 503) (HW Token 100) (Generation 131) Flags: SNMP-Traps 0x4000 Encapsulation: ENET2 Bandwidth: 1000mbps Routing Instance: default-switch Bridging Domain: irb+111 Traffic statistics: Input bytes: 17516756 Output bytes: 411764 Input packets: 271745 Output packets: 8256 Local statistics: Input bytes: 3240 Output bytes: 411764 Input packets: 54 Output packets: 8256 Transit statistics: Input bytes: 17513516 0 bps Output bytes: 0 0 bps Input packets: 271745 0 pps Output packets: 0 0 pps Protocol inet, MTU: 1514, Generation: 148, Route table: 0 Flags: None Addresses, Flags: iS-Preferred Is-Primary Destination: 10.1.1/24, Local: 10.1.1.1, Broadcast: 10.1.1.255, Generation: 136
Meaning
show interfaces irb tersedisplays a list of interfaces, including IRB interfaces, and their current states (up, down).show vlansdisplays a list of VLANs, including any tags assigned to the VLANs and the interfaces associated with the VLANs.show ethernet-switching tabledisplays the Ethernet switching table entries, including VLANs attached to the IRB interface.show interfaces irb detaildisplays IRB interface ingress counting asInput BytesandInput PacketsunderTransit Statistics.
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.