How to setup Juniper's Openstack FWaaS Plugin

I have written a tech wiki article on how to install Juniper's OpenStack FWaaS Plugin @ http://forums.juniper.net/t5/Data-Center/How-to...

Tuesday, March 24, 2015

Juniper Inter VLAN routing in 3 ways explored

When inter VLAN routing needs to be configured on Juniper devices the first thing that comes to mind is to use RVI (SVI in cisco land) and be done with it. But, there are certain situations where this approach may not work and this article explores the alternative ways of configuring inter VLAN routing on Juniper devices.

Lets say we have a router on a stick topology where an MX/SRX is acting as the router. Depending upon whether its MX or SRX the approach to configure inter VLAN routing varies. The below picture acts as our reference topology for this article:





In this topology, we have a switch which has two VLANs 100 & 200 and the tagged packets are sent across to MX/SRX on a trunk port ge-0/0/1. VLAN 100 is assigned to a subnet 10.1.0.0/24 having a gateway ip set to 10.1.0.1. Similarly, VLAN 200 is assigned to a subnet 10.2.0.0/24 having a gateway ip set to 10.2.0.1

Note: In this article I will use an RI instead of the global routing table.

Scenario 1 (RVI) : Works on all MX and Low end SRX
On the MX/SRX do the following configuration:

#Create RVI
set interfaces vlan unit 100 family inet address 10.1.0.1/24
set interfaces vlan.200 family inet address 10.2.0.1/24 (shorthand notation)

#Create Vlans
set vlans vlan-100 vlan-id 100 l3-interface vlan.100
set vlans vlan-200 vlan-id 200 l3-interface vlan.200

#Create an RI
set  routing-instance testrouter instance-type virtual-router

#Add the RVI to the RI
set  routing-instance testrouter interface vlan.100
set  routing-instance testrouter interface vlan.200


Scenario 2 : Bridge Domain & IRB

#Create IRB (L3 interfaces)
set interfaces irb.100 family inet address 10.1.0.1/24
set interfaces irb.200 family inet address 10.2.0.1/24

#Create Bridge domains & assign IRB as routing-interface
set bridge-domains bd-100 vlan-id 100 routing-interface irb.100
set bridge-domains bd-200 vlan-id 200 routing-interface irb.200

#Create an RI
set  routing-instance testrouter instance-type virtual-router

#Add the RVI to the RI
set  routing-instance testrouter interface irb.100
set  routing-instance testrouter interface irb.200

Note: IRB can't be assigned to a firewall zone on a SRX.

Scenario 3 : IFLs

#Create IFLs
set interfaces ge-0/0/2.100 vlan-id 100 family inet address 10.1.0.1/24
set interfaces ge-0/0/2.200 vlan-id 200 family inet address 10.2.0.1/24

#Create an RI
set  routing-instance testrouter instance-type virtual-router

#Add the RVI to the RI
set  routing-instance testrouter interface ge-0/0/2.100
set  routing-instance testrouter interface ge-0/0/2.200

That's it. We are all set ping across subnets now.