Prevent Local Switching
Starting in Juniper Cloud-Native Router Release 23.1, JCNR provides support to prevent interfaces in a bridge domain that are a part of the same VLAN group, from transmitting ethernet frame copies in between those interfaces. The noLocalSwitching key provides the option to enable the functionality on the selected VLAN IDs.
To prevent interfaces in a bridge domain from transmitting and receiving ethernet frame copies, enable the noLocalSwitching key and assign a VLAN ID to it to ensure that the interfaces belonging to the VLAN ID do not transmit frames to one another. Note that the noLocalSwitching functionality is enabled only on the access interfaces. To enable noLocalSwitching on a trunk interface that is a part of the same VLAN ID, you have to separately enable the trunk interface by setting the no-local-switching key in the trunk interface to true. Use the noLocalSwitching functionality when you want to block interfaces that are a part of a VLAN group to stop transmitting traffic directly to one another.
Configuration Example
To prevent local switching, perform the steps below prior to the deploy time:
-
Edit the values.yaml file in Juniper_Cloud_Native_Router_<release-number>/helmchart directory.
-
Enable the noLocalSwitching key and provide the VLAN IDs.
noLocalSwitching: [700]
Note:-
The value for the noLocalSwitching key can be an indivdual VLAN ID, or multipe comma-separated VLAN ID values, or a VLAN ID range, or a combination of comma-separated VLAN ID values and a VLAN ID range. For example, noLocalSwitching: [700, 701, 705-710].
-
With this step the feature is enabled for all access interfaces having the specified VLAN ID. You can skip the next step if you do not want to enable the feature on the trunk interface.
-
-
To enable the feature on a trunk interface, add the key no-local-switching and set it to true under the trunk interface configuration.
. For example:fabricInterface: - bond0: ddp: on interface_mode: trunk vlan-id-list: [100, 200, 300, 700-705] storm-control-profile: rate_limit_pf1 #native-vlan-id: 100 no-local-switching: true
-
Install or upgrade JCNR using the values.yaml.
Verify Configuration
To verify the configuration, you can use the purel2cli
utility available
on the vRouter. View the Access vRouter CLI topic to
access the vRouter shell. You can run the purel2cli
commands from the
vRouter CLI. For example:
- Run the command
purel2cli --nolocal show
to know all the interfaces that are enabled for noLocalSwitching functionality on all the VLANs. A sample output is shown below:[root@jcnr-01 /]# purel2cli --nolocal show ============================ vlan no_local_switch_list ============================ 100 1, 2, 4, 200 300 700 701 702 703
- Run the command
purel2cli --nolocal get <VLAN ID>
to check if noLocalSwitching functionality is enabled on a specific VLAN ID. A sample output is shown below:[root@jcnr-01 /]# purel2cli --nolocal get 100 ============================ vlan no_local_switch_list ============================ 100 1, 2, 4,