Skip to main content
Viptela is now part of Cisco.
Support
Product Documentation
Viptela Documentation

Configuring Bridging and IRB

This article describes how to configuring Layer 2 bridging and Layer 3 integrated routing and bridging (IRB) on vEdge routers.

Configuring Bridging and Bridge Domains

Bridge domains can be marked with a VLAN tag, or they can remain untagged.

Create a Bridge Domain That Uses VLAN Tagging

For a bridge domain that uses VLAN tagging, a tag, called a VLAN ID, is inserted into all frame headers sent by the domain This tag identifies which VLAN the frames belong to, and it is used to determine which interfaces the vEdge router should send broadcast packets to.

To configure a bridge domain that uses VLAN tagging, create a bridging domain, assign a VLAN tag to that domain, and associate an interface with the domain:

  1. Create a bridging domain:
    vEdge(config)# bridge bridge-id
    Each domain is identified by a unique integer, in the range 1 through 63. Each vEdge router can have up to 16 bridging domains.
  2. Tag the bridging domain with a VLAN ID:
    vEdge(config-bridge)# vlan number
    The VLAN identifier can be a value from 1 through 4095.
  3. Associate an interface with the bridging domain, and enable that interface:
    vEdge(config-bridge)# interface geslot/port
    vEdge(config-interface)# no shutdown

    The interface must be a physical interface. You cannot use subinterfaces.

After you have added physical interfaces to a VLAN, if you want to change the VLAN identifier, you must first delete all the interfaces from the VLAN. Then configure a new VLAN identifier, and re-add the interfaces to the VLAN.

You can also configure these optional parameters:

  1. Configure a description for the VLAN interface, to help identify the interface in operational command output:
    vEdge(config-bridge)# interface geslot/port
    ​vEdge(config-interface)# description "text description"
  2. Configure a static MAC address for the VLAN interface:
    vEdge(config-interface)# static-mac-address aa:bb:cc:dd:ee:ff
  3. Configure a name for the VLAN, to help identify the VLAN in operational command output:
    vEdge(config-bridge)# name "text description"
  4. By default, a bridging domain can learn up to 1024 MAC addresses. You can modify this to a value from 0 through 4096:
    vEdge(config-bridge)# max-macs number
  5. By default, MAC table entries age out after 300 seconds (5 minutes). You can modify this to a value from 10 through 4096 seconds:
    vEdge(config-bridge)# age-time seconds

Here is an example configuration:

vEdge# config
vEdge(config)# bridge 2
vEdge(bridge-2)# vlan 27
vEdge(bridge-2)# interface ge0/4
vEdge(interface-ge0-4)# no shutdown
vEdge(interface-ge0-4)# description "VLAN tag = 27"
vEdge(interface-ge0/4)# commit and-quit
vEdge# show running-config bridge
bridge 2
 vlan 27
 interface ge0/4
  description "VLAN tag = 27"
  no native-vlan
  no shutdown
 !
!
vEdge#

After your have configured an interface in a bridge domain, you add or change a VLAN identifier for that domain only by first deleting the bridge domain from the configuration (with a no bridge bridge-id command) and then reconfiguing the domain with the desired interface name and VLAN tag identifier.

To see which interfaces bridging is running on, use the show bridge interface command:

vEdge# show bridge interface 

                         ADMIN   OPER    ENCAP                 RX    RX      TX    TX      
BRIDGE  INTERFACE  VLAN  STATUS  STATUS  TYPE   IFINDEX  MTU   PKTS  OCTETS  PKTS  OCTETS  
-------------------------------------------------------------------------------------------
2       ge0/4      27    Up      Up      vlan   41       1500  4     364     0     0

"Up" in the Admin Status column indicates that the interface has been configured, and "Up" in the Oper Status column indicates that bridging is running on the interface.

Create a Bridge Domain with an Untagged VLAN

All frames in an untagged VLAN are sent with no VLAN tag, or VLAN ID, in the frame header. For frames that already contain a tag, the tag is removed before it is sent.

In the minimal configuration for a tagged VLAN, you simply create a bridging domain that contains an interface:

  1. Create a bridging domain. This domain is identified by a unique integer.
    vEdge(config)# bridge number
    On each vEdge router, you can configure up to 16 bridging domains.
  2. Associate an interface with the bridging domain, and enable that interface:
    vEdge(config-bridge)# interface interface-name
    vEdge(config-interface)# no shutdown

You can also configure the optional parameters described in the previous section.

Configure a Native VLAN

In the minimal configuration for a native VLAN, you create a bridging domain that contains an interface, and you mark that interface as a native VLAN interface:

  1. Create a bridging domain. This domain is identified by a unique integer.
    vEdge(config)# bridge number
    On each vEdge router, you can configure up to 16 bridging domains.
  2. Associate an interface with the bridging domain, and enable that interface:
    vEdge(config-bridge)# interface interface-name
    vEdge(config-interface)# no shutdown
  3. Enabled native VLAN on the interface:
    vEdge(config-interface)# native-vlan

You can also configure the optional parameters described in the section about creating a tagged VLAN.

Configuring IRB

With bridging, all frame traffic remains within its VLAN. To allow frames to be passed among different VLANs, you enable integrated routing and bridging (IRB). To do this, you create a logical IRB interface in a VPN domain that connects to the bridge domain. Frames with destinations in other VLANs travel over the IRB interface to the VPN domain, and the Layer 3 route table is used to forward the frames toward their destination. The route table learns the routes to other IRB interfaces. With IRB, communication can be established between VLANs that are connected to the same VPN. The VLANs can be both on the local vEdge router and on a remote router.

In a minimal configuration to configure IRB, you create an IRB interface and assign it an IP address:

  1. In the desired VPN, create an IRB interface:
    vEdge(config)# vpn number
    vEdge(config-vpn)# interface irbnumber

    The VPN number can be any number from 1 through 65530, which correspond to service VPNs, except for 512 (which is the management VPN). You cannot place IRB interfaces in either the transport VPN (VPN 0) or the management VPN (VPN 512).
    The IRB interface type is irb. The IRB interface number is a number from 1 through 63, and it must be the same number as the the identifier of the bridging domain that the IRB is connected to. For example, if you configure a bridging domain with an identifier of 2 (with the command bridge 2), the IRB interface number must be 2, and so you must configure interface irb2.
  2. Configure an IP address for the IRB interface. This address is the subnet for the VLAN in the connected bridge domain:
    vEdge(config-irb)# ip address prefix/length
  3. Enable the interface:
    vEdge(config-irb)# no shutdown

In all respects, the logical IRB interfaces is just another interface. This means, for instance, that you can configure additional interfaces properties as desired. It also means that you can ping a logical IRB interface from another device in the same VPN, and you can ping the interface regardless of whether a corresponding bridge exists for that IRB interface. That is, if you configure interface irb4, but there is no corresponding bridge 4, you are still able to ping irb4.

Here is an example IRB configuration:

vEdge# show running-config vpn 1
vpn 1
 interface ge0/4
  ip address 10.20.24.15/24
  no shutdown
 !
 interface irb1
  ip address 1.1.1.15/24
  no shutdown
  access-list IRB_ICMP in
  access-list IRB_ICMP out
 !
 interface irb50
  ip address 3.3.3.15/24
  no shutdown
 !
!
vEdge# show running-config vpn 2
vpn 2
 interface irb2
  ip address 2.2.2.15/24
  no shutdown
 !
!

To display information about the IRB interfaces, use the show interface command. The IRB interfaces are listed in the Interface column, and the Encapsulation Type columns marks these interfaces as "vlan".

vEdge# show interface

                                  IF      IF                                                                TCP                                   
                                  ADMIN   OPER    ENCAP                                      SPEED          MSS                 RX      TX
VPN  INTERFACE  IP ADDRESS        STATUS  STATUS  TYPE   PORT TYPE  MTU   HWADDR             MBPS   DUPLEX  ADJUST  UPTIME      PACKETS PACKETS
---------------------------------------------------------------------------------------------------------------------------------------------
0    ge0/0      10.1.15.15/24     Up      Up      null   transport  1500  00:0c:29:cb:4f:9c  10     full    0       0:02:48:12  1467    1460
0    ge0/1      -                 Up      Up      null   service    1500  00:0c:29:cb:4f:a6  10     full    0       0:02:48:12  0       0
0    ge0/2      -                 Up      Up      null   service    1500  00:0c:29:cb:4f:b0  10     full    0       0:02:48:03  0       0
0    ge0/3      10.0.20.15/24     Up      Up      null   service    1500  00:0c:29:cb:4f:ba  10     full    0       0:02:48:12  0       0
0    ge0/5      -                 Up      Up      null   service    1500  00:0c:29:cb:4f:ce  10     full    0       0:02:48:03  0       0
0    ge0/6      -                 Up      Up      null   service    1500  00:0c:29:cb:4f:d8  10     full    0       0:02:48:03  0       0
0    ge0/7      10.0.100.15/24    Up      Up      null   service    1500  00:0c:29:cb:4f:e2  10     full    0       0:02:48:12  0       0
0    system     172.16.255.15/32  Up      Up      null   loopback   1500  00:00:00:00:00:00  10     full    0       0:02:48:12  0       0
1    ge0/4      10.20.24.15/24    Up      Up      null   service    1500  00:0c:29:cb:4f:c4  10     full    0       0:02:48:00  92      14
1    irb1       1.1.1.15/24       Up      Up      vlan   service    1500  00:0c:00:00:aa:00  10     full    0       0:02:48:00  1178    0
1    irb50      3.3.3.15/24       Up      Up      vlan   service    1500  00:0c:00:00:aa:00  10     full    0       0:02:48:00  0       0
2    irb2       2.2.2.15/24       Up      Up      vlan   service    1500  00:0c:00:00:aa:00  10     full    0       0:02:48:01  0       0
512  eth0       10.0.1.15/24      Up      Up      null   service    1500  00:50:56:00:01:05  1000   full    0       0:02:48:01  210     148

Additional Information

Bridging Overview

  • Was this article helpful?