Configuring Bridging and IRB
This article describes how to configuring Layer 2 bridging and Layer 3 integrated routing and bridging (IRB) on vEdge routers.
Configuring Bridging and Bridge Domains
Bridge domains can be marked with a VLAN tag, or they can remain untagged.
Create a Bridge Domain That Uses VLAN Tagging
For a bridge domain that uses VLAN tagging, a tag, called a VLAN ID, is inserted into all frame headers sent by the domain This tag identifies which VLAN the frames belong to, and it is used to determine which interfaces the vEdge router should send broadcast packets to.
To configure a bridge domain that uses VLAN tagging, create a bridging domain, assign a VLAN tag to that domain, and associate an interface with the domain:
- Create a bridging domain:
vEdge(config)# bridge bridge-id
Each domain is identified by a unique integer, in the range 1 through 63. Each vEdge router can have up to 16 bridging domains. - Tag the bridging domain with a VLAN ID:
vEdge(config-bridge)# vlan number
The VLAN identifier can be a value from 1 through 4095. - Associate an interface with the bridging domain, and enable that interface:
vEdge(config-bridge)# interface geslot/port
vEdge(config-interface)# no shutdown
The interface must be a physical interface. You cannot use subinterfaces.
After you have added physical interfaces to a VLAN, if you want to change the VLAN identifier, you must first delete all the interfaces from the VLAN. Then configure a new VLAN identifier, and re-add the interfaces to the VLAN.
You can also configure these optional parameters:
- Configure a description for the VLAN interface, to help identify the interface in operational command output:
vEdge(config-bridge)# interface geslot/port
vEdge(config-interface)# description "text description" - Configure a static MAC address for the VLAN interface:
vEdge(config-interface)# static-mac-address aa:bb:cc:dd:ee:ff - Configure a name for the VLAN, to help identify the VLAN in operational command output:
vEdge(config-bridge)# name "text description" - By default, a bridging domain can learn up to 1024 MAC addresses. You can modify this to a value from 0 through 4096:
vEdge(config-bridge)# max-macs number - By default, MAC table entries age out after 300 seconds (5 minutes). You can modify this to a value from 10 through 4096 seconds:
vEdge(config-bridge)# age-time seconds
Here is an example configuration:
vEdge# config vEdge(config)# bridge 2 vEdge(bridge-2)# vlan 27 vEdge(bridge-2)# interface ge0/4 vEdge(interface-ge0-4)# no shutdown vEdge(interface-ge0-4)# description "VLAN tag = 27" vEdge(interface-ge0/4)# commit and-quit vEdge# show running-config bridge bridge 2 vlan 27 interface ge0/4 description "VLAN tag = 27" no native-vlan no shutdown ! ! vEdge#
After your have configured an interface in a bridge domain, you add or change a VLAN identifier for that domain only by first deleting the bridge domain from the configuration (with a no bridge bridge-id command) and then reconfiguing the domain with the desired interface name and VLAN tag identifier.
To see which interfaces bridging is running on, use the show bridge interface command:
vEdge# show bridge interface
ADMIN OPER ENCAP RX RX TX TX
BRIDGE INTERFACE VLAN STATUS STATUS TYPE IFINDEX MTU PKTS OCTETS PKTS OCTETS
-------------------------------------------------------------------------------------------
2 ge0/4 27 Up Up vlan 41 1500 4 364 0 0 "Up" in the Admin Status column indicates that the interface has been configured, and "Up" in the Oper Status column indicates that bridging is running on the interface.
Create a Bridge Domain with an Untagged VLAN
All frames in an untagged VLAN are sent with no VLAN tag, or VLAN ID, in the frame header. For frames that already contain a tag, the tag is removed before it is sent.
In the minimal configuration for a tagged VLAN, you simply create a bridging domain that contains an interface:
- Create a bridging domain. This domain is identified by a unique integer.
vEdge(config)# bridge number
On each vEdge router, you can configure up to 16 bridging domains. - Associate an interface with the bridging domain, and enable that interface:
vEdge(config-bridge)# interface interface-name
vEdge(config-interface)# no shutdown
You can also configure the optional parameters described in the previous section.
Configure a Native VLAN
In the minimal configuration for a native VLAN, you create a bridging domain that contains an interface, and you mark that interface as a native VLAN interface:
- Create a bridging domain. This domain is identified by a unique integer.
vEdge(config)# bridge number
On each vEdge router, you can configure up to 16 bridging domains. - Associate an interface with the bridging domain, and enable that interface:
vEdge(config-bridge)# interface interface-name
vEdge(config-interface)# no shutdown - Enabled native VLAN on the interface:
vEdge(config-interface)# native-vlan
You can also configure the optional parameters described in the section about creating a tagged VLAN.
Configuring IRB
With bridging, all frame traffic remains within its VLAN. To allow frames to be passed among different VLANs, you enable integrated routing and bridging (IRB). To do this, you create a logical IRB interface in a VPN domain that connects to the bridge domain. Frames with destinations in other VLANs travel over the IRB interface to the VPN domain, and the Layer 3 route table is used to forward the frames toward their destination. The route table learns the routes to other IRB interfaces. With IRB, communication can be established between VLANs that are connected to the same VPN. The VLANs can be both on the local vEdge router and on a remote router.
In a minimal configuration to configure IRB, you create an IRB interface and assign it an IP address:
- In the desired VPN, create an IRB interface:
vEdge(config)# vpn number
vEdge(config-vpn)# interface irbnumber
The VPN number can be any number from 1 through 65530, which correspond to service VPNs, except for 512 (which is the management VPN). You cannot place IRB interfaces in either the transport VPN (VPN 0) or the management VPN (VPN 512).
The IRB interface type is irb. The IRB interface number is a number from 1 through 63, and it must be the same number as the the identifier of the bridging domain that the IRB is connected to. For example, if you configure a bridging domain with an identifier of 2 (with the command bridge 2), the IRB interface number must be 2, and so you must configure interface irb2. - Configure an IP address for the IRB interface. This address is the subnet for the VLAN in the connected bridge domain:
vEdge(config-irb)# ip address prefix/length - Enable the interface:
vEdge(config-irb)# no shutdown
In all respects, the logical IRB interfaces is just another interface. This means, for instance, that you can configure additional interfaces properties as desired. (Note, however, that you cannot configuration autonegotiation on IRB interfaces.) It also means that you can ping a logical IRB interface from another device in the same VPN, and you can ping the interface regardless of whether a corresponding bridge exists for that IRB interface. That is, if you configure interface irb4, but there is no corresponding bridge 4, you are still able to ping irb4.
Here is an example IRB configuration:
vEdge# show running-config vpn 1 vpn 1 interface ge0/4 ip address 10.20.24.15/24 no shutdown ! interface irb1 ip address 1.1.1.15/24 no shutdown access-list IRB_ICMP in access-list IRB_ICMP out ! interface irb50 ip address 3.3.3.15/24 no shutdown ! ! vEdge# show running-config vpn 2 vpn 2 interface irb2 ip address 2.2.2.15/24 no shutdown ! !
To display information about the IRB interfaces, use the show interface command. The IRB interfaces are listed in the Interface column, and the Encapsulation Type columns marks these interfaces as "vlan".
vEdge# show interface
IF IF TCP
ADMIN OPER ENCAP SPEED MSS RX TX
VPN INTERFACE IP ADDRESS STATUS STATUS TYPE PORT TYPE MTU HWADDR MBPS DUPLEX ADJUST UPTIME PACKETS PACKETS
---------------------------------------------------------------------------------------------------------------------------------------------
0 ge0/0 10.1.15.15/24 Up Up null transport 1500 00:0c:29:cb:4f:9c 10 full 0 0:02:48:12 1467 1460
0 ge0/1 - Up Up null service 1500 00:0c:29:cb:4f:a6 10 full 0 0:02:48:12 0 0
0 ge0/2 - Up Up null service 1500 00:0c:29:cb:4f:b0 10 full 0 0:02:48:03 0 0
0 ge0/3 10.0.20.15/24 Up Up null service 1500 00:0c:29:cb:4f:ba 10 full 0 0:02:48:12 0 0
0 ge0/5 - Up Up null service 1500 00:0c:29:cb:4f:ce 10 full 0 0:02:48:03 0 0
0 ge0/6 - Up Up null service 1500 00:0c:29:cb:4f:d8 10 full 0 0:02:48:03 0 0
0 ge0/7 10.0.100.15/24 Up Up null service 1500 00:0c:29:cb:4f:e2 10 full 0 0:02:48:12 0 0
0 system 172.16.255.15/32 Up Up null loopback 1500 00:00:00:00:00:00 10 full 0 0:02:48:12 0 0
1 ge0/4 10.20.24.15/24 Up Up null service 1500 00:0c:29:cb:4f:c4 10 full 0 0:02:48:00 92 14
1 irb1 1.1.1.15/24 Up Up vlan service 1500 00:0c:00:00:aa:00 10 full 0 0:02:48:00 1178 0
1 irb50 3.3.3.15/24 Up Up vlan service 1500 00:0c:00:00:aa:00 10 full 0 0:02:48:00 0 0
2 irb2 2.2.2.15/24 Up Up vlan service 1500 00:0c:00:00:aa:00 10 full 0 0:02:48:01 0 0
512 eth0 10.0.1.15/24 Up Up null service 1500 00:50:56:00:01:05 1000 full 0 0:02:48:01 210 148