VPN-Interface-Bridge
You can use the VPN-Interface-Bridge template for all vEdge Cloud and vEdge router devices.
Integrated routing and bridging (IRB) allows vEdge routers in different bridge domains to communicate with each other. To enable IRB, create logical IRB interfaces to connect a bridge domain to a VPN. The VPN provides the Layer 3 routing services necessary so that traffic can be exchanged between different VLANs. Each bridge domain can have a single IRB interface and can connect to a single VPN, and a single VPN can connect to multiple bridge domains on a vEdge router.
To configure a bridge interface using vManage templates:
- Create a VPN-Interface-Bridge feature template to configure parameters for logical IRB interfaces, as described in this article.
- Create a Bridge feature template for each bridging domain, to configure the bridging domain parameters. See the Configuration ► Templates ► Bridge help topic.
- Create a device template that incorporates the VPN-Interface-Bride, Bridge, and VPN feature templates. See the Configuration ► Templates help topic.
Navigate to the Template Screen
- In vManage NMS, select the Configuration ► Templates screen.
- From the Templates title bar, select Feature.
- Click Add Template.
- In the left pane, select one or more devices. The right pane displays the available templates for the selected devices.
- Select the VPN-Interface-Bridge template.
The right pane displays the VPN-Interface-Bridge template form:
- The top of the form contains fields for naming the template.
- The bottom contains fields for defining parameters applicable to that template.
- A drop-down menu to the left of each parameter field defines the scope of the parameter. When you first open a feature template form, for each parameter that has a default value, the scope is set to Default. To edit a parameter field, change the scope to Global or Device Specific. Note that if a parameter's scope is Device Specific, you cannot enter a value for it in the feature template. Instead, you enter a value when you attach the template to a device.
- A plus sign (+) is displayed to the right when you can add multiple entries for the same parameter.
Create an Interface
The following parameters are required (unless otherwise indicated) to enable an interface:
| Step | Parameter Field | Procedure |
|---|---|---|
| 1. | Template Name | Enter a name for the template. It can be up to 128 characters and can contain only alphanumeric characters. |
| 2. | Description (Template) | Enter a description for the template. It can be up to 2048 characters and can contain only alphanumeric characters. |
| 3. | Shutdown | Click No to enable the interface. |
| 4. | Interface name | Enter the name of the interface, in the format irbnumber. The IRB interface number can be from 1 through 63, and must be the same as the VPN identifier configured in the Bridge feature template for the bridging domain that the IRB is connected to. |
| 5. | Description (optional) | Enter a description for the interface. |
| 6. | IPv4 address | Enter the IP address of the router. |
| 7. | IPv6 address | Enter the IPv6 address of the router. |
| 8. | DHCP helper (optional) | Enter up to four IP addresses for DHCP servers in the network, separated by commas, to have the interface be a DHCP helper. A DHCP helper interface forwards BOOTP (Broadcast) DHCP requests that it receives from the specified DHCP servers. |
| 9. | Bandwidth Upstream (optional) | Enter the bandwidth above which to generate notifications regarding traffic received on the interface. Notifications are generated when received traffic exceeds 85% of the configured value Range: 1 through 2147483647 (232 / 2) – 1 kbps |
| 10. | Bandwidth Downstream (optional) | Enter the bandwidth above which to generate notifications regarding traffic transmitted on the interface. Notifications are generated when transmitted traffic exceeds 85% of the configured value Range: 1 through 2147483647 (232 / 2) – 1 kbps |
| 11. | Save | Click Save to save the feature template. |
CLI equivalent:
vpn vpn-id interface irbnumber bandwidth-downstream kbps bandwidth-upstream kbps description "text description" dhcp-helper ip-addresses ip address address/subnet mac-address mac-address mtu bytes [no] shutdown tcp-mss-adjust bytes
Apply Access Lists
To apply access lists to IRB interfaces, select the ACL tab:
| Parameter Name | Description |
|---|---|
| Ingress ACL – IPv4 | Click On, and specify the name of an IPv4 access list to packets being received on the interface. |
| Egress ACL– IPv4 | Click On, and specify the name of an IPv4 access list to packets being transmitted on the interface. |
| Ingress ACL – IPv6 | Click On, and specify the name of an IPv6 access list to packets being received on the interface. |
| Egress ACL– IPv6 | Click On, and specify the name of an IPv6 access list to packets being transmitted on the interface. |
CLI equivalent:
vpn vpn-id interface irbnumber access-list acl-name (in | out) ipv6 access-list acl-name (in | out)
Add ARP Table Entries
To configure static Address Resolution Protocol (ARP) table entries on the interface, select the ARP tab and click the plus sign (+):
| Parameter Name | Description |
|---|---|
| IP Address | Enter the IP address for the ARP entry in dotted decimal notation or as a fully qualified host name. |
| MAC Address | Enter the MAC address in colon-separated hexadecimal notation. |
To add another ARP table entry, click the plus sign (+).
To delete an ARP table entry, click the trash icon on the right side of the entry.
CLI equivalent:
vpn vpn-id interface irbnumber arp ip address ip-address mac mac-address
Configure Other Interface Properties
To configure other interface properties, select the Advanced tab:
| Parameter Name | Description |
|---|---|
| MAC Address | Specify a MAC address to associate with the interface, in colon-separated hexadecimal notation. |
| IP MTU | Specify the maximum MTU size of packets on the interface. Range: 576 through 1804 Default: 1500 bytes |
| TCP MSS | Specify the maximum segment size (MSS) of TPC SYN packets passing through the vEdge router. By default, the MSS is dynamically adjusted based on the interface or tunnel MTU such that TCP SYN packets are never fragmented. Range: 552 to 1460 bytes Default: None |
| Clear-Dont-Fragment | Click On to clear the Don't Fragment (DF) bit in the IPv4 packet header for packets being transmitted out the interface. When the DF bit is cleared, packets larger than that interface's MTU are fragmented before being sent. |
| ARP Timeout | Specify how long it takes for a dynamically learned ARP entry to time out. Range: 0 through 2678400 seconds (744 hours) |
| Autonegotiate | Click Off to turn off autonegotiation. By default, an interface runs in autonegotiation mode. |
CLI equivalent:
vpn vpn-id interface irbnumber arp-timeout seconds autonegotiate clear-dont-fragment mac-address mac-address mtu bytes tcp-mss-adjust bytes
Release Information
Introduced in vManage NMS in Release 15.3.
In Release 16.3, add support for IPv6.