[j-nsp] Layer 2 feature on srx
Pavel Lunin
plunin at senetsy.ru
Wed Apr 11 07:10:57 EDT 2012
10.04.2012 20:13, Michael Still wrote:
> OP wanted to use the IRB ints as next hop for their respective
> networks. This is apparently not supported on the SRX platform in
> transparent mode:
Yeah, I mentioned this as well. In my post I just wanted to explain why
these (MX-style L2) commands were successfully committed by SRX (which
is really not obvious and I even think, someone who decided to reuse
this part config for this purpose on SRX needed to think twice or at
least document it more clearly. This is not the first time I see such a
confusion).
> "In this release, the IRB interface on the SRX Series device does not
> support traffic forwarding or routing. In transparent mode, packets
> arriving on a Layer 2 interface that are destined for the device’s MAC
> address are classified as Layer 3 traffic while packets that are not
> destined for the device’s MAC address are classified as Layer 2
> traffic. Packets destined for the device’s MAC address are sent to the
> IRB interface. Packets from the device’s routing engine are sent out
> the IRB interface." So in transparent / IRB mode the IRB int can only
> be used as a management interface. OP needs to do is MX testing using
> an MX device.
IICR, by now they can't even terminate IPSec on IRB. An interesting
question here is whether they are going to make IRBs to be real L3
ifaces. What a mess it would be :)
More information about the juniper-nsp
mailing list