Bridging & IRB Concepts

Bridging & IRB Concepts

Through vEdge Router, switching traffic between VLANs can also be possible, as it can also acts as transparent Bridge. A bridge domain concepts is used to implement bridging. And each bridge domain maps to one single VLAN and has a separate broadcast domain. Each bridge domain has its own Ethernet switching table or MAC table for switching traffic with in Broadcast domain.

On a single vEdge Router, multiple Bridge domain can co-exist. Now to talk to different Bridge domain vEdge router use Integrated Routing and Bridging. This IRB is implemented by using IRB interfaces which connect bridge domain to VPN or we can say it as VPN domain.

So a VN domain is domain which provide L3 routing between bridge domains or between different VLANs. Each bridge domain can have a single IRB interface and can connect to single VPN domain and a single VPN domain can connect to multiple bridge domain on single router.

Below dig describe all the core content mentioned above.

Bridge Domains

A bridge domain is said as single VLAN and all ports which are part of this VLAN are under single broadcast domain. Under a bridge domain , all bridging operations like learning, forwarding , flooding, filtering, and aging are performed to build the Ethernet Switching table ( MAC table ) for that VLAN or Bridge Domain.

Like VLAN ID, each Bridge domain is also identified by a number and the VLAN with in Bridge domain is identified by 802.1Q tag called VLAN ID. Frames within bridge domain are untagged and or it is also possible to configure VLAN ID to tag frames.

Ports which are connected to WAN segments are physical gigabit interfaces on vEdge Routers are associated with a bridge domain. These interface are also said to be base interface.

Each Broadcast domain is identified with combination of bridge domain number and VLAN ID, due to which same VLAN id can be associated with different bridge Domain on single vEdge Router. And if VLAN IS are different for different Bridge Domain, then these Bridge domain can be part of same interface. Example (bridge 2, VLAN 2) and (bridge 10 VLAN 20) can include same int gi0/0 so we can treat this interface as trunk port. However (bridge 1, VLAN 2) can include interface gi0/0 or gi0/1 but these interface can’t be in (bridge 50, VLAN 2).

Native VLAN

Cisco SD-WAN Viptela also supports 802.1Q native VLAN. If an interface is configured with native VLAN that any traffic going through it will not be tagged with same VLAN. If a host connected to an interface enabled for native VLAN, the bridge domain will receive no tagged frames.

This native VLAN is mostly used on trunk ports and this VLAN also provides backwards compatibility for devices that don’t support VLAN tagging. Let’s see an example, native VLAN allow trunk port to accept all traffic regardless of what device is connected to the port. Without native VLAN the trunk port would accept traffic from device which sent tagged traffic.

Integrated Routing & Bridging

With IRB only traffic from one bridge domain to different bridge domain is sent and communicates with each other on same vEdge router and among Bridge domain on remote vEdge Routers but only restriction is that all bridge domain should be part of same VPN in overlay network.

Via IRB interface, a layer 2 Bridge domain connects to layer 3 VPN domain. An IRB interface is a logical interface that inherit the properties of a regular interface but it is not associated to any port or to any physical interface.

Each IRB interface is named as irb and a number that match the bridge domain number. AS example irb2 is logical IRB interface that connect to bridge domain 2. One to one mapping between IRB logical interface and Bridge domain is always to be followed due to which a bridge domain can be part of only one VPN in overlay network. IRB interface cannot have sub interface. A VPN can support multiple irb interfaces.

IP address of IRB interface is subnet of the VLAN that is part of bridge domain.