Discussion:
[j-nsp] Are IRB interfaces still not functional under SRX?
Morgan McLean
2014-04-02 19:46:16 UTC
Permalink
Just double checking that IRB interfaces are not able to be used for
routing under the SRX3k and 5k series? I have a customer asking to have
cabinets uplink directly to the SRX3600 (no cluster), which means I'd have
to use bridge domains.

But, I don't think this will even work. Am I correct?

Thanks,
Morgan
Morgan McLean
2014-04-02 20:07:04 UTC
Permalink
For the record, I disagree with his method for many reasons, but if I'm
correct this seals the coffin to to speak.

Thanks,
Morgan
Post by Morgan McLean
Just double checking that IRB interfaces are not able to be used for
routing under the SRX3k and 5k series? I have a customer asking to have
cabinets uplink directly to the SRX3600 (no cluster), which means I'd have
to use bridge domains.
But, I don't think this will even work. Am I correct?
Thanks,
Morgan
Will O'Brien
2014-04-02 20:11:34 UTC
Permalink
You can create a VLAN and add interfaces to it.
Post by Morgan McLean
Just double checking that IRB interfaces are not able to be used for
routing under the SRX3k and 5k series? I have a customer asking to have
cabinets uplink directly to the SRX3600 (no cluster), which means I'd have
to use bridge domains.
But, I don't think this will even work. Am I correct?
Thanks,
Morgan
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Morgan McLean
2014-04-02 20:16:21 UTC
Permalink
Not on a datacenter series SRX.

Thanks,
Morgan
Post by Will O'Brien
You can create a VLAN and add interfaces to it.
Post by Morgan McLean
Just double checking that IRB interfaces are not able to be used for
routing under the SRX3k and 5k series? I have a customer asking to have
cabinets uplink directly to the SRX3600 (no cluster), which means I'd
have
Post by Morgan McLean
to use bridge domains.
But, I don't think this will even work. Am I correct?
Thanks,
Morgan
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Per Westerlund
2014-04-02 21:05:49 UTC
Permalink
I'm offline right now, but last time I checked, IRBs with bridge domains (SRX in transparent/L2 mode) were only used for management, no forwarding of transit traffic possible.

/Per
Post by Morgan McLean
Just double checking that IRB interfaces are not able to be used for
routing under the SRX3k and 5k series? I have a customer asking to have
cabinets uplink directly to the SRX3600 (no cluster), which means I'd have
to use bridge domains.
But, I don't think this will even work. Am I correct?
Thanks,
Morgan
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Ben Dale
2014-04-02 22:10:41 UTC
Permalink
On the branch at least - if you configure an irb interface, the box will fail commit check unless it is in transparent mode and it is only useable for management
Post by Per Westerlund
I'm offline right now, but last time I checked, IRBs with bridge domains (SRX in transparent/L2 mode) were only used for management, no forwarding of transit traffic possible.
/Per
Post by Morgan McLean
Just double checking that IRB interfaces are not able to be used for
routing under the SRX3k and 5k series? I have a customer asking to have
cabinets uplink directly to the SRX3600 (no cluster), which means I'd have
to use bridge domains.
But, I don't think this will even work. Am I correct?
Thanks,
Morgan
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Klaus Groeger
2014-04-05 12:58:27 UTC
Permalink
On SRX branches one configures :




interfaces {

? ? vlan {

?? ? ? ? unit 123 {

?? ? ? ? ? ? family inet {

? ? ? ? ? ? ? ? ? ? ? ? address 192.168.123.1/24

?? ? ? ? ? ? }

?? ? ? ? }

? ? }

? ? ge-0/0/0 {

? ? ? ? ? unit 0 {

?? ? ? ? ? ? family ethernet-switching

? ? ? ? ? ? ? ? ? vlan {

?? ? ? ? ? ? ? ? ? ? ? members 123

?? ? ? ? ? ? ? ? ? }

?? ? ? ? ? ? }

?? ? ? ? }

? ? }

}




vlan {

? ? onetwothree {

? ? ? ? vlan-id 123

? ? ? ? l3-interface vlan.123

? ? }

}




On SRX IRBs are called RVIs (Routed VLAN Interfaces). This way one gets interfaces configured

?as switching interfaces with a routable address. You may apply most L2 options in branch SRX as needed, even LAGs and all the other stuff.?




Regards,? ? ? Klaus
Morgan McLean
2014-04-05 18:32:57 UTC
Permalink
Klaus,

Yes its RVI on branch but its IRB on datacenter SRX; you can't even
configure vlans on them.

Anyway, thanks all for the answers, just needed to verify I wasn't going
crazy.

Thanks,
Morgan
Post by Klaus Groeger
interfaces {
vlan {
unit 123 {
family inet {
address 192.168.123.1/24
}
}
}
ge-0/0/0 {
unit 0 {
family ethernet-switching
vlan {
members 123
}
}
}
}
}
vlan {
onetwothree {
vlan-id 123
l3-interface vlan.123
}
}
On SRX IRBs are called RVIs (Routed VLAN Interfaces). This way one gets
interfaces configured
as switching interfaces with a routable address. You may apply most L2
options in branch SRX as needed, even LAGs and all the other stuff.
Regards, Klaus
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Keegan Holley
2014-04-06 16:51:22 UTC
Permalink
I?ve often wondered what the point of an IRB on an ethernet only platform is. In the olden days IRB/CRB interfaces were used to bridge TDM interfaces into ethernet vlans to for the purposes of pure evil. With ethernet you can just add your physical interfaces to the same vlan. I suppose you could bridge two vlans together, but that?s better done by moving the physical interfaces.

I say this only to illustrate the fact that IRB?s are different than RVI?s, but probably unnecessary on an ethernet only platform.

The newer feature guide makes no mention of IRB?s. I did find a page for 10.2 which confirms old info.

http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-srx-jseries-support-reference/jd0e5921.html
Post by Morgan McLean
Klaus,
Yes its RVI on branch but its IRB on datacenter SRX; you can't even
configure vlans on them.
Anyway, thanks all for the answers, just needed to verify I wasn't going
crazy.
Thanks,
Morgan
Post by Klaus Groeger
interfaces {
vlan {
unit 123 {
family inet {
address 192.168.123.1/24
}
}
}
ge-0/0/0 {
unit 0 {
family ethernet-switching
vlan {
members 123
}
}
}
}
}
vlan {
onetwothree {
vlan-id 123
l3-interface vlan.123
}
}
On SRX IRBs are called RVIs (Routed VLAN Interfaces). This way one gets
interfaces configured
as switching interfaces with a routable address. You may apply most L2
options in branch SRX as needed, even LAGs and all the other stuff.
Regards, Klaus
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Keegan Holley
2014-04-12 03:35:26 UTC
Permalink
An IRB interface is logical so the member interfaces would have to consist of things that were already in the same layer-2 domain, such as a vlan sub interface.
You can use an IRB to get layer 3 connectivity into a VPLS, which is quite
useful.
Post by Keegan Holley
I?ve often wondered what the point of an IRB on an ethernet only platform
is. In the olden days IRB/CRB interfaces were used to bridge TDM
interfaces into ethernet vlans to for the purposes of pure evil. With
ethernet you can just add your physical interfaces to the same vlan. I
suppose you could bridge two vlans together, but that?s better done by
moving the physical interfaces.
I say this only to illustrate the fact that IRB?s are different than
RVI?s, but probably unnecessary on an ethernet only platform.
The newer feature guide makes no mention of IRB?s. I did find a page for
10.2 which confirms old info.
http://www.juniper.net/techpubs/software/junos-security/junos-security10.2
/junos-srx-jseries-support-reference/jd0e5921.html
Post by Morgan McLean
Klaus,
Yes its RVI on branch but its IRB on datacenter SRX; you can't even
configure vlans on them.
Anyway, thanks all for the answers, just needed to verify I wasn't going
crazy.
Thanks,
Morgan
Post by Klaus Groeger
interfaces {
vlan {
unit 123 {
family inet {
address 192.168.123.1/24
}
}
}
ge-0/0/0 {
unit 0 {
family ethernet-switching
vlan {
members 123
}
}
}
}
}
vlan {
onetwothree {
vlan-id 123
l3-interface vlan.123
}
}
On SRX IRBs are called RVIs (Routed VLAN Interfaces). This way one gets
interfaces configured
as switching interfaces with a routable address. You may apply most L2
options in branch SRX as needed, even LAGs and all the other stuff.
Regards, Klaus
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Phil Fagan
2014-04-14 14:40:26 UTC
Permalink
Not at L2.
Post by Morgan McLean
Just double checking that IRB interfaces are not able to be used for
routing under the SRX3k and 5k series? I have a customer asking to have
cabinets uplink directly to the SRX3600 (no cluster), which means I'd have
to use bridge domains.
But, I don't think this will even work. Am I correct?
Thanks,
Morgan
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
Phil Fagan
Denver, CO
970-480-7618
Loading...