Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

MX Series Router Cloud CPE Multiple Ethernet Interface Services Overview

You can use the multiple Ethernet interfaces to provide your customers with segregation of their LANs. When you use multiple Ethernet interfaces, the subscriber’s LAN is split into multiple VLANs; for example, one for the sales office and one for manufacturing. Each VLAN uses a separate IP subnet. Inter-VLAN communication is done through routing in the Layer 3 CPE. There are a couple of solutions you can implement to achieve this same functionality when you replace the Layer 3 CPE with a Layer 2 CPE.

  • The first solution is to extend subscriber the VLANs out to the PE router, either directly or through Q-in-Q tunnel. — The PE router terminates the VLANs. Inter-VLAN communication is done through routing in the VPN routing instance in the PE router. The main drawback to this solution is that the inter-VLAN traffic uses up WAN bandwidth.

  • The second solution is to configure inter-VLAN communication in the Layer 2 CPE to create a shortcut for inter-VLAN traffic. — Juniper Networks routed VLAN interface (RVI) feature is designed to facilitate inter-VLAN communication. RVI is a virtual Layer 3 interface with an IP address. RVIs allow switches to recognize which packets are being sent to another VLAN’s MAC addresses—then, packets are bridged (switched) whenever the destination is within the same VLAN and are only routed through the RVI when necessary. If there are two VLANs that need to communicate with each other, you need two RVIs with addresses in each subnet associated with the VLANs. The switch automatically creates direct routes to these subnets and uses these routes to forward traffic between VLANs. The RVI is actually Layer 3 technology so it only exists in multi-layer switches.

If subscriber VLANs use the same IP subnet, you can use a bridge domain in the Layer 2 CPE to bridge traffic from different VLANs on different interfaces into the same VLAN. When a bridge domain is defined, a VLAN ID is assigned to it. If incoming packets have a different VLAN ID than the bridge domain VLAN ID, the packets are converted to the bridge domain VLAN ID. For outgoing packets, if the egress interface has a different VLAN ID than the bridge domain VLAN ID, the packets are converted to the egress interface VLAN ID. The bridge domain effectively joins multiple VLANs together. You can configure a Layer 2 forwarding filter in the bridge domain if you need to stop broadcasts from reaching into other VLANs. However, if the subscriber’s VLANs use different IP subnets, inter-VLAN traffic still travels through the WAN link because the default gateway is the PE router.