Expand all | Collapse all

Next-hop per IRB?

Jump to Best Answer
  • 1.  Next-hop per IRB?

    Posted 10-19-2017 14:30

    Eventual question --  As a temporary fix, how do I get IRB interfaces (that end users would use as their gateway/router) to switch/route locally to other IRBs if possible and send to a specific address in their subnet as a next-hop for non-local traffic?


    Background -- I've got a bunch of Juniper switches, mostly EX-3400s, all going back to a few EX-4600s.  Nice speed between them.  Niiice.  However (deep sigh).  In the initial installation of this, the subnet gateways for each vlan/subnet (1 subnet per vlan) were put on the underpowered (and non-Juniper) firewall which is has 2xGig connections back to the 4600s.  So, any traffic going from VLAN 632 to VLAN 633 goes out to the firewall and back.


    I would MUCH prefer it to stay on the Juniper side of things if it is going to something else locally.


    If I add IRB interfaces for VLAN 632 and VLAN 633 with IP addresses and use those as the gateway addresses for endpoints, it is much better speeds internally.


    So, currently:


    Is there a way to tell the ex-4600 to do short path forwarding (avoiding the firewall) for traffic to other vlan-related-subnets the ex-4600 knows about without using the ex-4600 as the router for the clients? (VRRP-E backup routers can do this sort of thing quite nicely on Brocade MLX systems, but this isn't using a shared address nor using VRRP(-E) at all)

    Maybe not...  but is there a way to set a next-hop-per-IRB-interface?  I'm thinking of "use the routes you know, but for irb.632 traffic that isn't known to be local, send it to next"

    Ideally, it would be possible to have clients use either the .1 OR the .254 address as their gateway to allow a seamless transition.

    As a side tip -- don't put in a bunch of switches connected at 20 and 40G and then put any cross-vlan traffic through 2 congested 1G links.

  • 2.  RE: Next-hop per IRB?
    Best Answer

    Posted 10-20-2017 08:45

    So I got it to work -- make an irb interface associated with each VLAN, give it an address, and make a routing instance for each irb/vlan/subnet that just points to the default routing table.


    route632 {
    instance-type virtual-router;
    interface irb.632;
    routing-options {
    static {
    route next-hop;
    route next-table inet.0;


    Now I can just change the gateway address for any of the client devices and they'll avoid the firewall for local traffic.  They'll also continue to work when using the firewall as their gateway.  A quick DHCP change and the router change will roll out fairly gracefully.