-
Design: I want to create a virtual interfaces for our subnets on the MX104 (will be used for the default gateways for subnets). I planned to do this through an irb.
-
Problem: I am unable to create create a l3-interface for any irb I created. It seems that irb's can only be added to bridge domains, but a unit that is configured for family inet (example ae1.0) cannot be added to the same bridge domain, bridge domains are only for layer 2 and irbs (I think). On a system like a QFX I could create an irb then run a command like
set vlans vlan-1111 l3-interface irb.1111, after that interface terrace would show the irb as up, there does not seem to be such a command on the MX. Therefore the irb.1111 will always show "down" -
Configuration:
- This a connection to a firewall we have, all traffic will be routed through that IP
set interfaces ae1 aggregated-ether-options lacp activeset interfaces ae1 unit 0 family inet address 10.80.11.1/30 - The IRB
set interfaces irb unit 1111 family inet address 10.1.11.1/24
- This a connection to a firewall we have, all traffic will be routed through that IP
From what I read here https://networkengineering.stackexchange.com/questions/3709/adding-a-simple-vlan-on-a-juniper-mx I would need to either
A) Configure bridge domains and make sure all traffic is tagged to the specific units, this means all traffic will need to be trunked to the firewall connection, and I would have to build interfaces on the firewall side for each L2 tagged interface (really don't want to do this)
B) Configure an inet address on some other physical interface. Don't want to do this either, what if the interface goes down?
How can I accomplish making a virtual interface for a separate vlans but allow for l3 routing between said interface and other interfaces? If its not accomplishable, are there any other options then what I described above?
No comments:
Post a Comment