SRX Services Gateway
Highlighted
SRX Services Gateway

Configuring a l3-interface on a vSRX

‎02-12-2019 08:03 AM

Hello,
I am working with a vSRX appliance and I would like to use a level 3 VLAN with public adresses for NAT

I would like to use this vlan in NAT pool

Then, I declared my vlan-id and my l3-interface :
vlans {
    VLAN210 {
        vlan-id 210;
        l3-interface irb.210;
    }
}

 irb {
        unit 210 {
            family inet {
                address 134.59.21.190/28;
            }
        }
    }

I attached it to a security zone :

 zones {
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
            }
            interfaces {
                ge-0/0 / 1.0;
                irb.210;
            }
        }

vSRX# run show interfaces irb terse
Interface Admin Link Proto Local Remote
irb.210   up    down inet 134.59.21.190/28

 

vSRX# run show route

134.59.21.190/32 *[Local/0] 4d 02:35:35
Reject

 

The irb.210 is not attached to any ge-0 interface.

Is there a way to up this interface ?

 

Thanks

 

Gilles

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: Configuring a l3-interface on a vSRX

‎02-12-2019 10:41 AM
Hi, irb doesn't seem to be supported. Please refer -https://forums.juniper.net/t5/vSRX/IRB-interface-on-VSRX/td-p/347152

Thanks,
Vikas
Highlighted
SRX Services Gateway

Re: Configuring a l3-interface on a vSRX

‎02-12-2019 10:45 AM

You need to have you vlan active on a physical interface for an irb to come up.

 

That said... ethernet-switching with vlans and irb interfaces are not supported on vSRX. So you have to define you public address prefix on a loopback interface, add another NIC to your vSRX VM and have the port group be in vlan 210... or make your VM NIC a vlan-trunk and change your ge-0/0/x to handle vlan tagged traffic.

 

Let me know if you need further input regarding these options.


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
SRX Services Gateway

Re: Configuring a l3-interface on a vSRX

‎02-13-2019 01:57 AM

That's what I thought, I need to add the  vlan on a physical interface for my irb to come up.

But I do not need to complicate the configuration with an additional interface that is useless.

 

Behind the vSRX I have a HP with L3 capatabilities. 

I configured on this HP the L3 VLAN and I added a route on the vSRX with my source adress range (10.0.0.0/16).

I configured the pool and the rules and It works fine with a PC connected to the correct port of HP.

 

Do you think this is a good solution?

 

Thanks for your experience