Overview

This section introduces important concepts that you need to understand before configuring transparent bridging. These concepts include:

How Transparent Bridging Works

A transparent bridge is a data-link layer (layer 2) relay device that connects two or more networks or network systems. When a transparent bridge powers up, it automatically begins learning the network topology by examining the media access control (MAC) source address of every incoming packet. The bridge then creates an entry in the forwarding table consisting of the address and associated interface where the packet was received.

More specifically, a transparent bridge performs all of the following actions to learn the network topology:

Bridge Groups and Bridge Group Interfaces

You configure transparent bridging by creating one or more bridge groups on the router. A bridge group is a collection of network interfaces (ports) that forms a broadcast domain. Each bridge group has its own set of forwarding tables and filters and, as such, functions as a logical transparent bridging device. For information about the maximum number of bridge groups that you can configure per E Series router, see JunosE Release Notes, Appendix A, System Maximums.

After you create a bridge group, you associate one or more network interfaces with the bridge group. This association is called a bridge group interface, or simply bridge interface. For information about the maximum number of bridge interfaces that you can configure per line module and per E Series router, see JunosE Release Notes, Appendix A, System Maximums.

Figure 45 shows an example of a simple transparent bridging network configuration that illustrates the concepts discussed so far in this section.

Figure 45: Bridge Group with Fast Ethernet and Gigabit Ethernet Bridge Interfaces

Bridge Group with Fast Ethernet and Gigabit
Ethernet Bridge Interfaces

In Figure 45, a bridge group named westford01 is configured on the E Series router, which allows the router to function as a transparent bridge between a Fast Ethernet LAN segment and a Gigabit Ethernet LAN segment. The bridge group includes two bridge interfaces. The bridge interface associated with port 1 is stacked on a VLAN subinterface over a Fast Ethernet interface. The bridge interface associated with port 2 is stacked on a VLAN subinterface over a Gigabit Ethernet interface.

Table 46 presents a simple representation of the forwarding table for bridge group westford01.

Table 46: Sample Bridge Group Forwarding Table

Port

Source Address

Interface

1

Node A

Fast Ethernet 2/1.1

1

Node B

Fast Ethernet 2/1.1

2

Node C

Gigabit Ethernet 4/0.1

2

Node D

Gigabit Ethernet 4/0.1

Bridge Interface Types and Supported Configurations

A bridge interface can be configured as one of the following types:

You can configure bridge interfaces to add transparent bridging capabilities to your existing network configurations. Currently, bridge interfaces can be stacked on:

For sample configurations that include bridge interfaces, see Configuration Examples. For information about configuring Ethernet, ATM, and bridged Ethernet interfaces, see:

Subscriber Policies

To enable intelligent flooding of packets within a bridge group’s broadcast domain, each bridge group interface you create is associated with a default subscriber policy. A subscriber policy is a set of forwarding and filtering rules that defines how the bridge group interface handles various packet or attribute types, as follows:

The router provides two default subscriber policies: default Subscriber for subscriber (client) bridge interfaces, and default Trunk for trunk (server) bridge interfaces.

Table 47 lists the default values for each packet or attribute type defined in the default Subscriber and default Trunk policies. The only difference between the two policies is how broadcast packets and packets with unknown unicast destination addresses (DAs) are handled.

Table 47: Default Subscriber Policies for Bridge Group Interfaces

Packet/Attribute Type

Default Subscriber Policy

Default Trunk Policy

ARP

Permit

Permit

Broadcast

Deny

Permit

IP

Permit

Permit

MPLS

Permit

Permit

Multicast

Permit

Permit

PPPoE

Permit

Permit

Relearn

Permit

Permit

Unicast (user-to-user)

Permit

Permit

Unknown unicast DA

Deny

Permit

Unknown protocol

Permit

Permit

You cannot change the default subscriber policy values listed in Table 47 for a trunk bridge interface. You can, however, configure a nondefault subscriber policy for a subscriber bridge interface to change the default permit or deny value for one or more packet or attribute types. For details, see Configuring Subscriber Policies.

Concurrent Routing and Bridging

After you create the necessary bridge groups and bridge interfaces for your network configuration, you can use the bridge crb command to enable concurrent routing and bridging (CRB) for all bridge groups configured on your router. When CRB is enabled, the router can route a protocol among a group of interfaces in one bridge group and concurrently bridge the same protocol among a separate group of interfaces in a different bridge group on the router.

The router does not switch the protocol between the two bridge groups. Instead, it confines routed traffic to the routed interfaces and bridged traffic to the bridged interfaces. As a result, a protocol can be either routed or bridged on a particular interface, but cannot be both routed and bridged on the same interface.

By default, CRB is disabled for all bridge groups on the router. When you use the bridge crb command to enable CRB, it takes effect for all bridge groups currently configured on your router; you cannot enable CRB for some bridge groups on the router but not for others.

When you first enable CRB, the router issues an implicit bridge route command for any IP, MPLS, or PPPoE interfaces that are currently configured in the interface stack for the bridge group. This command directs the bridge group to route traffic for these protocols. After CRB has been enabled, you must issue an explicit bridge route command to route any new IP, MPLS, or PPPoE interface that is the first occurrence of this protocol in the bridge group. (See Configuring Explicit Routing for details about using the bridge route command.)

As a result, it is important that you issue the bridge crb command after you configure all bridge group interfaces. In this way, the router can detect all IP, MPLS, or PPPoE interfaces in your configuration and direct the bridge group to route traffic from these protocols.

Transparent Bridging and VPLS

Except for the bridge crb and bridge route commands, you can use the existing transparent bridging commands to configure one or more instances of the Virtual Private LAN Service (VPLS), referred to as VPLS instances, on the router. VPLS employs a layer 2 virtual private network (VPN) to connect multiple individual LANs across a service provider’s MPLS core network. The geographically dispersed multiple LANs functions as a single virtual LAN.

A single VPLS instance is analogous to a bridge group, and performs similar functions. In effect, a VPLS instance is a new or existing bridge group that has additional VPLS attributes configured.

For details about configuring and using VPLS, see Configuring VPLS in JunosE BGP and MPLS Configuration Guide.

Unsupported Features

The current E Series implementation of transparent bridging does not support the spanning-tree algorithm as defined in IEEE 802.1D.

Note: Because the spanning-tree algorithm is not currently supported, make sure that your topology avoids the creation of network loops.