Skip to main content

Juniper Inter VLAN routing in 3 ways explored

When inter VLAN routing needs to be configured on Juniper devices the first thing that comes to mind is to use RVI (SVI in cisco land) and be done with it. But, there are certain situations where this approach may not work and this article explores the alternative ways of configuring inter VLAN routing on Juniper devices.

Lets say we have a router on a stick topology where an MX/SRX is acting as the router. Depending upon whether its MX or SRX the approach to configure inter VLAN routing varies. The below picture acts as our reference topology for this article:





In this topology, we have a switch which has two VLANs 100 & 200 and the tagged packets are sent across to MX/SRX on a trunk port ge-0/0/1. VLAN 100 is assigned to a subnet 10.1.0.0/24 having a gateway ip set to 10.1.0.1. Similarly, VLAN 200 is assigned to a subnet 10.2.0.0/24 having a gateway ip set to 10.2.0.1

Note: In this article I will use an RI instead of the global routing table.

Scenario 1 (RVI) : Works on all MX and Low end SRX
On the MX/SRX do the following configuration:

#Create RVI
set interfaces vlan unit 100 family inet address 10.1.0.1/24
set interfaces vlan.200 family inet address 10.2.0.1/24 (shorthand notation)

#Create Vlans
set vlans vlan-100 vlan-id 100 l3-interface vlan.100
set vlans vlan-200 vlan-id 200 l3-interface vlan.200

#Create an RI
set  routing-instance testrouter instance-type virtual-router

#Add the RVI to the RI
set  routing-instance testrouter interface vlan.100
set  routing-instance testrouter interface vlan.200


Scenario 2 : Bridge Domain & IRB

#Create IRB (L3 interfaces)
set interfaces irb.100 family inet address 10.1.0.1/24
set interfaces irb.200 family inet address 10.2.0.1/24

#Create Bridge domains & assign IRB as routing-interface
set bridge-domains bd-100 vlan-id 100 routing-interface irb.100
set bridge-domains bd-200 vlan-id 200 routing-interface irb.200

#Create an RI
set  routing-instance testrouter instance-type virtual-router

#Add the RVI to the RI
set  routing-instance testrouter interface irb.100
set  routing-instance testrouter interface irb.200

Note: IRB can't be assigned to a firewall zone on a SRX.

Scenario 3 : IFLs

#Create IFLs
set interfaces ge-0/0/2.100 vlan-id 100 family inet address 10.1.0.1/24
set interfaces ge-0/0/2.200 vlan-id 200 family inet address 10.2.0.1/24

#Create an RI
set  routing-instance testrouter instance-type virtual-router

#Add the RVI to the RI
set  routing-instance testrouter interface ge-0/0/2.100
set  routing-instance testrouter interface ge-0/0/2.200

That's it. We are all set ping across subnets now.

Comments

Popular posts from this blog

Solved: Fix for Git clone failure due to GnuTLS recv error (-9)

My devstack installation was failing with an error reported by the GnuTLS module as shown below: $ git clone https://github.com/openstack/horizon.git /opt/stack/horizon --branch master Cloning into '/opt/stack/horizon'... remote: Counting objects: 154213, done. remote: Compressing objects: 100% (11/11), done. error: RPC failed; curl 56 GnuTLS recv error (-9): A TLS packet with unexpected length was received. fatal: The remote end hung up unexpectedly fatal: early EOF fatal: index-pack failed The following Git config changes fixed the issue for me. Am hoping it will be useful for someone out there: $ git config http.sslVerify false $ git config --global http.postBuffer 1048576000

Openstack : Fixing Failed to create network. No tenant network is available for allocation issue.

Assumptions : You are using ML2 plugin configured to use Vlans If you try to create a network for a tenant and it fails with the following error: Error: Failed to create network "Test": 503-{u'NeutronError': {u'message': u'Unable to create the network. No tenant network is available for allocation.', u'type': u'NoNetworkAvailable', u'detail': u''}} The problem can be due to missing configuration in the below files: In /etc/neutron/plugins/ml2/ml2_conf.ini network_vlan_ranges =physnet1:1000:2999 (1000:2999 is the Vlan range allocation) In /etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini bridge_mappings = physnet1:br-eth1 (in OVS we map the physical network to the OVS bridge) Note You should have created a bridge br-eth1 manually and mapped it to a port ovs-vsctl add-br br-eth1 ovs-vsctl add-port br-eth1 eth1 Once configuration is done, restart the neutron ovs agent on the compute node(s): ...

QuickBite: Tap Vs Veth

Linux supports virtual networking via various artifacts such as: Soft Switches (Linux Bridge, OpenVSwitch) Virtual Network Adapters (tun, tap, veth and a few more) In this blog, we will look at the virtual network adapters tap and veth. From a practical view point, both seem to be having the same functionality and its a bit confusing as to where to use what. A quick definition of tap/veth is as follows: TAP A TAP is a simulated interface which exists only in the kernel and has no physical component associated with it. It can be viewed as a simple Point-to-Point or Ethernet device, which instead of receiving packets from a physical media, receives them from user space program and instead of sending packets via physical media writes them to the user space program. When a user space program (in our case the VM) gets attached to the tap interface it gets hold of a file descriptor, reading from which gives it the data being sent on the tap interface. Writing to the file descri...