18

after years away from JunOS, working with Foundry (now Brocade) routers, I find myself with a new Juniper MX10. All I want to do is create a simple VLAN such that two ports share one routing interface, which has one IP address. On a Brocade, this is quite simple:

vlan 200 name layer3
 untagged ethe 1/3 to 1/4 
 router-interface ve 200
interface ve 200
 ip address 192.168.1.1/24

On JunOS, I've been googling and reading documentation for days. There are very intricate VLAN options, but, I haven't found anything that drills down to the simple stuff.

Thanks for any help; I'd rather not start any routing loops.

Sebastian Wiesinger
  • 8,107
  • 3
  • 34
  • 60
Matt
  • 181
  • 1
  • 1
  • 3
  • You should read 'Juniper MX Series' book, great reading material, in there is everything that you need, including Enterprise vs ServiceProvider config style for vlans, which is best and when. – Milan Prpic Oct 24 '13 at 06:30
  • This topic confused me at first also....it is different than cisco as you can attach more than one access vlan to an interface, Juniper uses IRB or bridge domains...the MX series doesnt really have the purpose of using VLans however they can be configured to use Irb # the number being the vlan equivalent...independent routing bridge...is what they are callled...just think Routed virtual interface in Cisco. – Ty Smith Sep 13 '16 at 02:34
  • Did any answer help you? If so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you can post and accept your own answer. – Ron Maupin Jan 03 '21 at 02:04

3 Answers3

26

The MX platform does not have the general concept of a "VLAN" that is present on the whole platform. The MX only "sees" VLAN tags on incoming packets and can then act on these tags. What you want is to bridge packets from two ports that have the same VLAN-ID in the L2 header and then add a L3 interface to that bridge.

On the MX platform you have two ways of configuring bridges. Service Provider Style and Enterprise Style. As I'm more familiar with the SP style I'll answer your question that way:

Juniper MX SP Style Bridging

First you configure your interfaces to accept packets with the right VLAN tags:

interfaces {
    ge-0/0/0 {
        vlan-tagging;
        encapsulation extended-vlan-bridge;
        unit 200 {
            vlan-id 200;
        }
    }
    ge-0/0/1 {
        vlan-tagging;
        encapsulation extended-vlan-bridge;
        unit 200 {
            vlan-id 200;
        }
    }
}

Then configure a bridge domain that bridges these two:

bridge-domains {
    vlan-200 {
        vlan-id 200;
        interface ge-0/0/0.200;
        interface ge-0/0/1.200;
    }
}

Now you have a bridged VLAN 200 on these two ports.

Untagged / Access Interfaces

If you have an untagged "access" port that you want to bridge, you can do that too by using this syntax:

interfaces {
    ge-0/0/0 {
        encapsulation ethernet-bridge;
        unit 0 {
            family bridge;
        }
    }
}

Then use ge-0/0/0.0 in your bridge configuration.

L3 Interface / Routing Interface

To add a L3 interface to the mix, first define an Integrated Routing and Bridging Interface (IRB) with your IP:

irb {
    unit 200 {
        family inet {
            address 192.168.1.1/24;
        }
    }
}

And then add this interface to your bridge:

bridge-domains {
    vlan-200 {
        vlan-id 200;
        routing-interface irb.200;
        interface ge-0/0/0.200;
        interface ge-0/0/1.200;
    }
}

That should complete your setup.

It's a bit more complex than the "normal" VLAN concept found on other switches/devices but it's also way more flexible. For example you could have another two ports that also have VLAN-ID 200 configured and they could have their own bridge, completely separated from the first bridge you just configured.

For a lot more information about the MX platform, including great examples, I recommend the MX Series book from O'Reilly/Douglas Hanks: http://shop.oreilly.com/product/0636920023760.do

Sebastian Wiesinger
  • 8,107
  • 3
  • 34
  • 60
6

have you read this? How to setup trunk and access ports in an MX80? - J-Net Community

It explains quickly how to set a bridge domain for your L3 interface, and add ports as either access or trunk. irb.200 would be your ve 200

yeled
  • 469
  • 3
  • 7
1

Sebastian Wiesinger post was good but did not fully work for my set up. I needed to enable flexible-vlan-tagging as well as encapsulation flexible-ethernet-services on each interface in the mx104. I also want to break down the actual configuration commands I ran to make the configuration more clear. Will also include connections to other switches that the VLANs will traverse

I will use the following:

  • VLAN: 222
  • Subnet: 192.168.168.0/24
  • Gateway: 192.168.168.1
  • Topology:
  | QFX01 | xe-0/0/46 -------------- xe-0/0/46 | QFX02 | 
  xe-0/0/47                                    xe-0/0/47
      |                                            |
      |                                            |
      +-------- xe-2/0/0| MX104 | xe-2/0/1 --------+

MX104 Configuration

  • Configure irb as default gateway
set interfaces irb unit 222 family inet address 192.168.222.1/24
  • Add interface to routing instance
set routing-instances data-net interface irb.222
  • Configure bridge domains
set bridge-domains vlan-1920 domain-type bridge
set bridge-domains vlan-1920 vlan-id 222
set bridge-domains vlan-1920 interface xe-2/0/0.222
set bridge-domains vlan-1920 interface xe-2/0/1.222
set bridge-domains vlan-1920 routing-interface irb.222
  • Configure interfaces
set interfaces xe-2/0/0 flexible-vlan-tagging
set interfaces xe-2/0/0 encapsulation flexible-ethernet-services
set interfaces xe-2/0/0 unit 222 encapsulation vlan-bridge
set interfaces xe-2/0/0 unit 222 vlan-id 222
set interfaces xe-2/0/1 flexible-vlan-tagging
set interfaces xe-2/0/1 encapsulation flexible-ethernet-services
set interfaces xe-2/0/1 unit 222 encapsulation vlan-bridge
set interfaces xe-2/0/1 unit 222 vlan-id 222

QFX01

  • Build vlan
set vlan test-222 vlan-id 222
  • Configure trunk interfaces
set interfaces xe-0/0/46 unit 0 family ethernet-switching vlan members data-222
set interfaces xe-0/0/47 unit 0 family ethernet-switching vlan members data-222

QFX02

  • Build vlan
set vlan test-222 vlan-id 222
  • Configure trunk interfaces
set interfaces xe-0/0/46 unit 0 family ethernet-switching vlan members data-222
set interfaces xe-0/0/47 unit 0 family ethernet-switching vlan members data-222

And thats it! Now you can assign the VLANs to any interfaces you want on the QFX systems. If you want to add a new vlan / subnet / irb, just repeate the steps excluding configuring flexible-vlan-tagging and encapsulation flexible-ethernet-services on each MX104 interface.

One very important thing you should know is that in this setup, all traffic routing on the QFX boxes will go though the MX104. If you want to redirect some subnets to ONLY traverse the trunk between the QFX systems (xe-0/0/46 on each) and not route though the MX104 (maybe test traffic?) You need to add vlan spanning tree configurations (VSTP). Be aware this breaks redirection for the specific vlans you specify to use vstp trunk between the two QFX's goes down.

  • Create vlan for test traffic
set vlan test-444 vlan-id 444
  • Configure vstp for test traffic on either or both QFX systems to send traffic only via the trunk.
set protocols vstp interface xe-0/0/46
set protocols vstp vlan 444 interface xe-0/0/46
Dave
  • 111
  • 1