Switching

Expand all | Collapse all

IRB

  • 1.  IRB

    Posted 12-04-2020 15:44
    Would someone be able to give me a general description of what is an IRB and what it is used for and how it is configured?  Maybe direct me to some literature explaining IRBs.

    Would be much appreciated.

    FamFeld


  • 2.  RE: IRB

    Posted 12-04-2020 15:59
    Hi FamFeld.

    I hope everything is going well.

    To get straight to your question, in the juniper world, an interface IRB is like Cisco's VLAN interface, however, there are some Junos devices (Legacy platforms) that call the same as interface VLAN , the config syntax changes a bit but the main purpose is layer 3 connectivity.


    Here some info from the Juniper site for a better understanding.

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/irb-and-bridging.html

    Understanding Integrated Routing and Bridging

    To segment traffic on a LAN into separate broadcast domains, you create separate virtual LANs (VLANs). VLANs limit the amount of traffic flowing across the entire LAN, reducing the possible number of collisions and packet retransmissions within the LAN. For example, you might want to create a VLAN that includes the employees in a department and the resources that they use often, such as printers, servers, and so on

    I hope this helps you to get a better picture of Junos devices.

    Kind regards.



  • 3.  RE: IRB

    Posted 12-05-2020 06:17
    FamFeld,

    Integrated Routing and Bridging (IRB) is the mechanism for which frames outside the local segment are able to be routed via combining Bridging and Routing capabilities into a device. IRB allows the router to configure a layer 3 interface (or IRB groups in some vendors) in a layer 2 domain to allow frames in the segment to exit through the router.

    Let's imagine an example where a router needs to connect a layer 2 segment to the Internet. A topology to represent the role of an IRB interface would be as follows:

    PCA (100.0.0.123/24) ----SWA----irb.100--- RouterA ----- Internet (8.8.8.8)

    In this case, SWA has VLAN 100 created, with multiple hosts connected to it as access ports. Traffic going to the router belongs to VLAN 100 segment. Local communication is governed by layer 2 rules (ARPing and finding the encapsulation information to forward the frames to local Ethernet-enabled devices in the segment), but whenever the 100.0.0.123 PCA wants to communicate outside its local subnet, it needs routing, for this, RouterA will receive the traffic on irb.100 interface, verify the destination IP header and route the packet according to its routing information base.

    This is also called Brdige [Virtual|Domain] Interface (BVI or BDI) in other vendors, but is essentially the same: In a router, connecting a layer 2 domain to the 'outside world' - routing, since routers usually don't use 'VLAN interfaces' for this purpose.

    HTH,

    Elvin


  • 4.  RE: IRB

     
    Posted 12-05-2020 23:46
    Just adding to Elvin's great explanation: 

    Imagine that you replace this: 

    With this: 
    Keep in mind that if you are using an SRX,  to be able to configure a bridge domain, an irb, and L2 interfaces connecting to the bridge domain, you need to change the operation mode to transparent or switching mode.  Support for switching mode depends on the SRX model and Junos version. 

    Transparent mode does not allow routing between the irb and any other L3 interface, so the only reason to have an irb is to allow management of the SRX from the nodes in the subnet.  


    Also, I like to describe the IRB as an point-to-point link that has one end that is L3 and connects to the routing table, and one end that is L2 and connects to the bridge domain/vlan. When you look at it that way, the commands to configure the irb make more sense: 

    Regards, 




    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------



  • 5.  RE: IRB

    Posted 12-07-2020 09:54
    I have a question in the same context  assuming the same setup but with and SRX as router would and IRB be required on SRX and on the Switch or only on the Switch?  I am working on replacing the 3300 with 3400 and it seems with the new Junos version IRB will required is this true?  In my current setup the for the switch stack the default route is the FW set routing-options static route 0.0.0.0/0 next-hop FW IP address , would this require a change to IRB configuration on Switch and SRX? 



    ------------------------------
    ANKUR
    ------------------------------



  • 6.  RE: IRB

    Posted 12-07-2020 10:22
    If you have anything under "show configuration interfaces vlan" in the EX3300, you need to replace that with the same config in the EX3400, just replace the word VLAN with IRB in that context:

    interfaces {
      irb {
     unit 2 {
      family inet {
       address 10.1.3.1/28;
       }
      }
       unit 3 {
       family inet {
      }
       address 10.1.2.1/27;
      }
     }
    }

    If the switch is only switching and the SRX is doing the routing (i.e. is the default gateway for your units on the VLANs), then you don't need an IRB interface in the EX.


  • 7.  RE: IRB

    Posted 10 days ago
    Most of the VLAN that i have are in L2 except the management vlan which will be an IRB, do i need any changes on the SRX side for this change?

    ------------------------------
    ANKUR
    ------------------------------



  • 8.  RE: IRB

     
    Posted 9 days ago
    Sounds like this is what you have: 

    And if that is the case, and all you are doing is replacing the EX3300 with an EX3400, all you need to do is this:
    Regards,

    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------



  • 9.  RE: IRB

    Posted 9 days ago
    Thanks Yasmin , the setup is quiet similar  and as @fb35523 mentioned if i run ​"show configuration interfaces vlan " i only see  the following 

    }
    unit 10 {
    family inet {
    address 10.100.10.2/27;
    }

    And rest of the config 

    set vlans CLIENT vlan-id 17
    set vlans INTERNAL vlan-id 12
    set vlans MGMT vlan-id 10
    set vlans MGMT l3-interface vlan.10
    set interfaces vlan unit 10 family inet address 10.100.10.2/27  --- I believe i only have to change this to "set interfaces IRB ...." 
    set routing-options static route 0.0.0.0/0 next-hop IP of the FW 
    set interfaces ge-0/0/33 unit 0 family ethernet-switching vlan members CLIENT
    set interfaces ge-0/0/44 unit 0 family ethernet-switching vlan members INTERNAL


    ------------------------------
    ANKUR
    ------------------------------



  • 10.  RE: IRB

     
    Posted 9 days ago
    got you! You are only connecting the EX to the SRX for management traffic.   Then , yes, you only need to replace interface vlan with interface irb. 



    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------



  • 11.  RE: IRB

     
    Posted 9 days ago

    Also, I don't understand what you mean by this:  "Most of the VLAN that I have are in L2 except the management vlan which will be an IRB".

    But ALL VLANs are layer 2.   What might be confusing is that you configure a L3 interface to connect the vlan to layer 3 and you call it interface vlan., but that is just a name. 



    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------



  • 12.  RE: IRB

    Posted 9 days ago
    Only 2 logical explanation.
    1. It's a top of rack switch which only requires L2 for all VLANs. the exception is the management which would require a L3 for management.
    2. He has VLANs that does not require routing. i.e storage VLANs.

    ------------------------------
    Lou Rosa
    ------------------------------