Skip to main content
Viptela is now part of Cisco.
Support
Product Documentation
Viptela Documentation

VPN-Interface-Bridge

Use the VPN-Interface-Bridge template for all vEdge Cloud and vEdge router devices.

Integrated routing and bridging (IRB) allows vEdge routers in different bridge domains to communicate with each other. To enable IRB, create logical IRB interfaces to connect a bridge domain to a VPN. The VPN provides the Layer 3 routing services necessary so that traffic can be exchanged between different VLANs. Each bridge domain can have a single IRB interface and can connect to a single VPN, and a single VPN can connect to multiple bridge domains on a vEdge router.

To configure a bridge interface using vManage templates:

  1. Create a VPN-Interface-Bridge feature template to configure parameters for logical IRB interfaces, as described in this article.
  2. Create a Bridge feature template for each bridging domain, to configure the bridging domain parameters. See the Bridge help topic.

Navigate to the Template Screen

  1. In vManage NMS, select the Configuration ► Templates screen.
  2. In the Device tab, click Create Template.
  3. From the Create Template drop-down, select From Feature Template.
  4. From the Device Model drop-down, select the type of device for which you are creating the template.
  5. Click the Service VPN tab located directly beneath the Description field, or scroll to the Service VPN section.
  6. Click the Service VPN drop-down.
  7. Under Additional VPN Templates, located to the right of the screen, click VPN Interface Bridge.
  8. From the VPN Interface Bridge drop-down, click Create Template. The VPN-Interface-Bridge template form is displayed. The top of the form contains fields for naming the template, and the bottom contains fields for defining VPN Interface Bridge parameters.

When you first open a feature template, for each parameter that has a default value, the scope is set to Default (indicated by a check mark), and the default setting or value is shown. To change the default or to enter a value, click the scope drop-down to the left of the parameter field and select one of the following:

Parameter Scope

Scope Description

Device Specific (indicated by a host icon)

Use a device-specific value for the parameter. For device-specific parameters, you cannot enter a value in the feature template. You enter the value when you attach a Viptela device to a device template.

When you click Device Specific, the Enter Key box opens. This box displays a key, which is a unique string that identifies the parameter in a CSV file that you create. This file is an Excel spreadsheet that contains one column for each key. The header row contains the key names (one key per column), and each row after that corresponds to a device and defines the values of the keys for that device. You upload the CSV file when you attach a Viptela device to a device template. For more information, see Create a Template Variables Spreadsheet.

To change the default key, type a new string and move the cursor out of the Enter Key box.

Examples of device-specific parameters are system IP address, hostname, GPS location, and site ID.

Global (indicated by a globe icon)

Enter a value for the parameter, and apply that value to all devices.

Examples of parameters that you might apply globally to a group of devices are DNS server, syslog server, and interface MTUs.

Create an Interface

The following parameters are required (unless otherwise indicated) to enable an interface:

Step Parameter Field Procedure
 1. Template Name Enter a name for the template. It can be up to 128 characters and can contain only alphanumeric characters.
 2. Description (Template) Enter a description for the template. It can be up to 2048 characters and can contain only alphanumeric characters.
 3. Shutdown Click No to enable the interface.
 4. Interface name Enter the name of the interface, in the format irbnumber. The IRB interface number can be from 1 through 63, and must be the same as the VPN identifier configured in the Bridge feature template for the bridging domain that the IRB is connected to.
 5. Description (optional) Enter a description for the interface.
 6. IPv4 Address Enter the IP address of the router.
 7. Secondary IP Address (optional, on vEdge routers) Click the plus sign (+) to configure up to four secondary IPv4 addresses for a service-side interface.
 8. IPv6 Address Enter the IPv6 address of the router.
 9. DHCP Helper (optional)

Enter up to four IP addresses for DHCP servers in the network, separated by commas, to have the interface be a DHCP helper. A DHCP helper interface forwards BOOTP (Broadcast) DHCP requests that it receives from the specified DHCP servers.

10. Block Non-Source IP (optional) Click Yes to have the interface forward traffic only if the source IP address of the traffic matches the interface's IP prefix range.
11. Bandwidth Upstream (optional) Enter the bandwidth above which to generate notifications regarding traffic received on the interface. Notifications are generated when received traffic exceeds 85% of the configured value
Range: 1 through 2147483647 (232 / 2) – 1 kbps
12. Bandwidth Downstream (optional) Enter the bandwidth above which to generate notifications regarding traffic transmitted on the interface. Notifications are generated when transmitted traffic exceeds 85% of the configured value
Range: 1 through 2147483647 (232 / 2) – 1 kbps
13. Save Click Save to save the feature template.

CLI equivalent:

vpn vpn-id
  interface irbnumber
    bandwidth-downstream kbps
    bandwidth-upstream kbps
    block-non-source-ip
    description "text description"
    dhcp-helper ip-addresses
    ip address prefix/length 
    ipv6 address prefix/length   
    mac-address mac-address    
    mtu bytes
    secondary-address ipv4-address
    [no] shutdown
    tcp-mss-adjust bytes

Apply Access Lists

To apply access lists to IRB interfaces, select the ACL tab:

Parameter Name Description
Ingress ACL – IPv4

Click On, and specify the name of an IPv4 access list to packets being received on the interface.

Egress ACL– IPv4 Click On, and specify the name of an IPv4 access list to packets being transmitted on the interface.
Ingress ACL – IPv6

Click On, and specify the name of an IPv6 access list to packets being received on the interface.

Egress ACL– IPv6 Click On, and specify the name of an IPv6 access list to packets being transmitted on the interface.

CLI equivalent:

vpn vpn-id
  interface irbnumber
    access-list acl-name (in | out)
    ipv6 access-list acl-name (in | out)

Add ARP Table Entries

To configure static Address Resolution Protocol (ARP) table entries on the interface, select the ARP tab and click the plus sign (+):

Parameter Name Description
IP Address Enter the IP address for the ARP entry in dotted decimal notation or as a fully qualified host name.
MAC Address Enter the MAC address in colon-separated hexadecimal notation.

To add another ARP table entry, click the plus sign (+).

To delete an ARP table entry, click the trash icon on the right side of the entry.

CLI equivalent:

vpn vpn-id
  interface irbnumber
    arp
      ip address ip-address mac mac-address

Configure Other Interface Properties

To configure other interface properties, select the Advanced tab:

Parameter Name Description
MAC Address Specify a MAC address to associate with the interface, in colon-separated hexadecimal notation.
IP MTU Specify the maximum MTU size of packets on the interface.
Range: 576 through 1804
Default: 1500 bytes
TCP MSS Specify the maximum segment size (MSS) of TPC SYN packets passing through the vEdge router. By default, the MSS is dynamically adjusted based on the interface or tunnel MTU such that TCP SYN packets are never fragmented.
Range: 552 to 1460 bytes
Default: None
Clear-Dont-Fragment

Click On to clear the Don't Fragment (DF) bit in the IPv4 packet header for packets being transmitted out the interface. When the DF bit is cleared, packets larger than that interface's MTU are fragmented before being sent.

ARP Timeout

Specify how long it takes for a dynamically learned ARP entry to time out.

Range: 0 through 2678400 seconds (744 hours)
Default: 1200 seconds (20 minutes)

Autonegotiation Click Off to turn off autonegotiation. By default, an interface runs in autonegotiation mode.

CLI equivalent:

vpn vpn-id
  interface irbnumber
    arp-timeout seconds
    autonegotiate
    clear-dont-fragment   
    mac-address mac-address    
    mtu bytes 
    tcp-mss-adjust bytes

Release Information

Introduced in vManage NMS in Release 15.3.
In Release 16.3, add support for IPv6.

  • Was this article helpful?