Ethernet Switching
Highlighted
Ethernet Switching

Adding layer2 interface to routing instance?

3 weeks ago

This should be a simple question. I have a EX4600 that has a few routing instances configured, the type is virtual router. The routing instances are A, B, C.  My production network resides in instances A, B, C.

 

Now, I also have a small flat, isolated layer2 network that I would like to connect to my production network so that machines in routing-instance A can talk directly to this separate flat network.

 

Can I simply create an access interface on the EX4600 and add this interface to routing instance A and then connect this interface to an access interface on a switch in the isolated network?

4 REPLIES 4
Highlighted
Ethernet Switching

Re: Adding layer2 interface to routing instance?

[ Edited ]
3 weeks ago

Hello techuser,

 

Normally to interconnect 2 routing-instances in a L3 you use a FBF https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-filter-option-filter-based...

 

Also in L3 and L2 a physical connection can be added to interconnect the RI.

 

Ex: ge-0/0/0 === ge-0/0/1

then you add the ge-0/0/0 in RI A; and the ge-0/0/1 in RI B and you will have both of them interconnected.

 

Please mark "Accept as solution" if this answers your query. 

 

Hope this helps!

Aldair Z || JNCIS-ENT
Highlighted
Ethernet Switching

Re: Adding layer2 interface to routing instance?

3 weeks ago

My routing instances are already connected. I just want to connect several layer2 switches directly to one routing-instance so that machines in routing instance A can talk to all machines connected to the layer2 switches.  I would see no reason this wouldnt work, but though id ask.  For example, if I want to connect a 24 port layer 2 switch directly to my EX4600 and have devices connected to the 24 port layer2 switch talk to the rest of network, I could just create an access interface (example ge-0/0/1) on the EX4600, connect this interface to the 24 port switch and then add the interface ge-0/0/1 to the routing-instance A?

Highlighted
Ethernet Switching

Re: Adding layer2 interface to routing instance?

[ Edited ]
3 weeks ago

 

Hey techuser,

 

Greetings, If you need your machines from your routing instance to communicate with another layer 2 network they will do it using the layer 2 table and not the routing instance l3 table of your virtual routers hence you should be fine as longs as you configure the layer 2 links between your network and the L2 isolated network with appropriate VLAN tag(s).

 

Also, note that you cannot add a layer 2 interface to a virtual router 

 

NOTE

Do not create a logical interface using the family ethernet-switching option in this step. Binding an interface using the family ethernet-switching option to a routing instance can cause the interface to shutdown.

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/virtual-routing-instances.html

 

Example:

 

 (Network A ) ae22 ===trunk== ae0 (L2 isolated network) 

 

Your network :

 

root@techuser# show routing-instances
A{
instance-type virtual-router;
interface irb.123;
interface lo0.0;
protocols {
ospf {
area 0.0.0.0 {
interface irb.123;
interface lo0.0 {
passive;  

 

root@techuser# show vlans
A{
vlan-id 123;
l3-interface irb.123;
}

root@techuser# run show lldp neighbors
Local Interface Parent Interface Chassis Id Port info System Name
xe-0/0/0 ae0 04:5c:6c:02:6c:80 xe-0/0/0 L2 isolated network
xe-0/0/1 ae0 04:5c:6c:02:6c:80 xe-0/0/1 L2 isolated network

 

root@techuser# show interfaces ae0
aggregated-ether-options {
lacp {
active;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members all;
}
}
}

 

Here you can see the mac addresses I am learning from the isolated network

 

{master:0}[edit]
root@techuser# run show ethernet-switching table

MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static, C - Control MAC
SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)


Ethernet switching table : 6 entries, 6 learned
Routing instance : default-switch
Vlan MAC MAC Age Logical NH RTR
name address flags interface Index ID
A 00:00:01:02:1b:60 D - ae0.0 0 0
A 00:00:01:02:1b:bd D - ae0.0 0 0
A 00:00:01:02:1c:3f D - ae0.0 0 0
A 00:00:01:02:1c:43 D - ae0.0 0 0
A 04:5c:6c:02:6c:80 D - ae0.0 0 0
A ec:3e:f7:9a:e9:c0 D - ae0.0 0 0

 

This mac is from a host in the isolated network ec:3e:f7:9a:e9:c0

{master:0}[edit]


root@techuser# run show route forwarding-table destination ec:3e:f7:9a:e9:c0
Routing table: default-switch.bridge
Bridging domain: A.bridge
VPLS:
Enabled protocols: Bridging, ACKed by all peers,
Destination Type RtRef Next hop Type Index NhRef Netif
ec:3e:f7:9a:e9:c0/48 user 0 ucst 1705 8 ae0.0

 

 

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \:)/

Regards,

Lil Dexx
JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB

Highlighted
Ethernet Switching

Re: Adding layer2 interface to routing instance?

3 weeks ago

Hello,

 


@techuser wrote:

 I just want to connect several layer2 switches directly to one routing-instance so that machines in routing instance A can talk to all machines connected to the layer2 switches.  


 

Here is the JUNOS rule of thumb for You :

 

1/ You can add L2 interface into bridge-domain, "instance-type vpls", or "instance-type virtual-switch", or "instance-type evpn" (not all such instance types are supported on all platforms).

L2 interface is the one which does NOT have an IP address but has "family bridge|familyc ccc|family vpls|family ethernet-switching" configured (not all families are supported on all platforms)

 

2/ You can add L3 interface into "instance-type vrf", "instance-type virtual-router", "instance-type forwarding", "instance-type no-forwarding" (not all such instance types are supported on all platforms, "instance-type no-forwarding" does not allow loopback interfaces).

 

L3 interface is defined as the one which _HAS_ an IPv4/IPv6 address, or at least "family inet"|"family inet6" configured. 

 

 

HTH

Thx

Alex

 

 

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Feedback