Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Overview
This section introduces important concepts that you need to understand before configuring transparent bridging. These concepts include:
- How Transparent Bridging Works
- Bridge Groups and Bridge Group Interfaces
- Bridge Interface Types and Supported Configurations
- Subscriber Policies
- Concurrent Routing and Bridging
- Transparent Bridging and VPLS
- Unsupported Features
How Transparent Bridging Works
A transparent bridge is a data-link layer (layer 2) relay device that connects two or more networks or network systems. When a transparent bridge powers up, it automatically begins learning the network topology by examining the media access control (MAC) source address of every incoming packet. The bridge then creates an entry in the forwarding table consisting of the address and associated interface where the packet was received.
More specifically, a transparent bridge performs all of the following actions to learn the network topology:
- Learning—The bridge examines the MAC address of every incoming packet, records the MAC address and associated interface in the forwarding table, and manages the database of MAC addresses and their associated interfaces.
- Flooding—When a packet’s destination address does not match any entries in the forwarding table, the bridge transmits (floods) the packet on all bridge interfaces to all network segments except the interface on which the packet was received.
- Forwarding—Once the bridge has learned a packet’s destination address (that is, has a matching entry in its forwarding table), the bridge uses the associated port and interface information to send the packet toward its destination.
- Filtering—If the bridge detects that a packet’s source and destination addresses are on the same network segment, it ignores (filters) that packet. Filtering is the process by which the bridge can screen network traffic for certain characteristics and determine whether to forward or discard (drop) that traffic based on user-defined criteria. On E Series routers, filtering criteria can include the MAC source address, MAC destination address, and protocol type.
- Aging—When a bridge adds a dynamic (learned) MAC address entry to the forwarding table, it assigns an age to the entry. The bridge updates this age each time it receives a packet. To manage MAC entries more efficiently, you can configure an entry’s aging time, which is the maximum time that an entry can remain in the forwarding table before it “ages out.”
Bridge Groups and Bridge Group Interfaces
You configure transparent bridging by creating one or more bridge groups on the router. A bridge group is a collection of network interfaces (ports) that forms a broadcast domain. Each bridge group has its own set of forwarding tables and filters and, as such, functions as a logical transparent bridging device. For information about the maximum number of bridge groups that you can configure per E Series router, see JunosE Release Notes, Appendix A, System Maximums.
After you create a bridge group, you associate one or more network interfaces with the bridge group. This association is called a bridge group interface, or simply bridge interface. For information about the maximum number of bridge interfaces that you can configure per line module and per E Series router, see JunosE Release Notes, Appendix A, System Maximums.
Figure 45 shows an example of a simple transparent bridging network configuration that illustrates the concepts discussed so far in this section.
Figure 45: Bridge Group with Fast Ethernet and Gigabit Ethernet Bridge Interfaces
In Figure 45, a bridge group named westford01 is configured on the E Series router, which allows the router to function as a transparent bridge between a Fast Ethernet LAN segment and a Gigabit Ethernet LAN segment. The bridge group includes two bridge interfaces. The bridge interface associated with port 1 is stacked on a VLAN subinterface over a Fast Ethernet interface. The bridge interface associated with port 2 is stacked on a VLAN subinterface over a Gigabit Ethernet interface.
Table 26 presents a simple representation of the forwarding table for bridge group westford01.
Table 26: Sample Bridge Group Forwarding Table
Port | Source Address | Interface |
|---|---|---|
1 | Node A | Fast Ethernet 2/1.1 |
1 | Node B | Fast Ethernet 2/1.1 |
2 | Node C | Gigabit Ethernet 4/0.1 |
2 | Node D | Gigabit Ethernet 4/0.1 |
Bridge Interface Types and Supported Configurations
A bridge interface can be configured as one of the following types:
- Subscriber (client)—A subscriber (client) bridge interface is downstream from the traffic flow; that is, the traffic flow direction is from the server (trunk) to the client (subscriber). This is the default bridge group interface type.
- Trunk (server)—A trunk (server) bridge interface is upstream from the traffic flow; that is, the traffic flow direction is from the client (subscriber) to the server (trunk). To configure a trunk bridge group interface, you must specify the subscriber-trunk keyword as part of the bridge-group command.
You can configure bridge interfaces to add transparent bridging capabilities to your existing network configurations. Currently, bridge interfaces can be stacked on:
- Bridged Ethernet over ATM 1483 subinterfaces
- Fast Ethernet interfaces
- Gigabit Ethernet interfaces
- 10-Gigabit Ethernet interfaces
- VLAN subinterfaces over Fast Ethernet, Gigabit Ethernet, 10-Gigabit Ethernet, or bridged Ethernet interfaces
For sample configurations that include bridge interfaces, see Configuration Examples. For information about configuring Ethernet, ATM, and bridged Ethernet interfaces, see:
- Configuring ATM
- Configuring VLAN and S-VLAN Subinterfaces
- Configuring Bridged Ethernet
- Chapter Configuring Ethernet Interfaces in JunosE Physical Layer Configuration Guide
Subscriber Policies
To enable intelligent flooding of packets within a bridge group’s broadcast domain, each bridge group interface you create is associated with a default subscriber policy. A subscriber policy is a set of forwarding and filtering rules that defines how the bridge group interface handles various packet or attribute types, as follows:
- For each packet type, the subscriber policy specifies whether you want the bridge group interface to permit (forward) or deny (filter or drop) packets of that type.
- For the relearn attribute, the subscriber policy specifies whether the bridge interface can relearn a MAC address entry on a different interface from the one initially associated with this entry in the forwarding table. Permit indicates that relearning is allowed, and deny indicates that relearning is prohibited.
The router provides two default subscriber policies: default Subscriber for subscriber (client) bridge interfaces, and default Trunk for trunk (server) bridge interfaces.
Table 27 lists the default values for each packet or attribute type defined in the default Subscriber and default Trunk policies. The only difference between the two policies is how broadcast packets and packets with unknown unicast destination addresses (DAs) are handled.
Table 27: Default Subscriber Policies for Bridge Group Interfaces
Packet/Attribute Type | Default Subscriber Policy | Default Trunk Policy |
|---|---|---|
ARP | Permit | Permit |
Broadcast | Deny | Permit |
IP | Permit | Permit |
MPLS | Permit | Permit |
Multicast | Permit | Permit |
PPPoE | Permit | Permit |
Relearn | Permit | Permit |
Unicast (user-to-user) | Permit | Permit |
Unknown unicast DA | Deny | Permit |
Unknown protocol | Permit | Permit |
You cannot change the default subscriber policy values listed in Table 27 for a trunk bridge interface. You can, however, configure a nondefault subscriber policy for a subscriber bridge interface to change the default permit or deny value for one or more packet or attribute types. For details, see Configuring Subscriber Policies.
Concurrent Routing and Bridging
After you create the necessary bridge groups and bridge interfaces for your network configuration, you can use the bridge crb command to enable concurrent routing and bridging (CRB) for all bridge groups configured on your router. When CRB is enabled, the router can route a protocol among a group of interfaces in one bridge group and concurrently bridge the same protocol among a separate group of interfaces in a different bridge group on the router.
The router does not switch the protocol between the two bridge groups. Instead, it confines routed traffic to the routed interfaces and bridged traffic to the bridged interfaces. As a result, a protocol can be either routed or bridged on a particular interface, but cannot be both routed and bridged on the same interface.
By default, CRB is disabled for all bridge groups on the router. When you use the bridge crb command to enable CRB, it takes effect for all bridge groups currently configured on your router; you cannot enable CRB for some bridge groups on the router but not for others.
When you first enable CRB, the router issues an implicit bridge route command for any IP, MPLS, or PPPoE interfaces that are currently configured in the interface stack for the bridge group. This command directs the bridge group to route traffic for these protocols. After CRB has been enabled, you must issue an explicit bridge route command to route any new IP, MPLS, or PPPoE interface that is the first occurrence of this protocol in the bridge group. (See Configuring Explicit Routing for details about using the bridge route command.)
As a result, it is important that you issue the bridge crb command after you configure all bridge group interfaces. In this way, the router can detect all IP, MPLS, or PPPoE interfaces in your configuration and direct the bridge group to route traffic from these protocols.
Transparent Bridging and VPLS
Except for the bridge crb and bridge route commands, you can use the existing transparent bridging commands to configure one or more instances of the Virtual Private LAN Service (VPLS), referred to as VPLS instances, on the router. VPLS employs a layer 2 virtual private network (VPN) to connect multiple individual LANs across a service provider’s MPLS core network. The geographically dispersed multiple LANs functions as a single virtual LAN.
A single VPLS instance is analogous to a bridge group, and performs similar functions. In effect, a VPLS instance is a new or existing bridge group that has additional VPLS attributes configured.
For details about configuring and using VPLS, see Configuring VPLS in JunosE BGP and MPLS Configuration Guide.
Unsupported Features
The current E Series implementation of transparent bridging does not support the spanning-tree algorithm as defined in IEEE 802.1D.
 | Note: Because the spanning-tree algorithm is not currently supported, make sure that your topology avoids the creation of network loops. |
