Excluding interfaces from IRB State Calculations

As you know, in order you have an IRB up, you need to have at least one interface up on the VLAN for which the IRB is created.

This condition is sometimes forgot by engineers troubleshooting why an IRB or RVI or SVI(in Cisco terms) is down.

By default all interfaces part of the VLAN contribute to the state of the IRB, but this behavior can be changed to exclude interfaces that contribute to the state of the IRB.

More exactly, you can configure an interface not to be taken in consideration when the switch calculate the state of an IRB.

Juniper provides this feature starting with 14.1X53-D40 on QFX5100.

Let’s see an example.

Two interfaces are part of VLAN100 for which irb.100 is defined:

{master:0}[edit]
root@QFX5100# show vlans
V100 {
    vlan-id 100;
    l3-interface irb.100;
}

{master:0}[edit]
root@QFX5100# show interfaces
et-0/0/49 {
    unit 0 {
        family ethernet-switching {
            vlan {
                members V100;
            }
        }
    }
}
et-0/0/51 {
    unit 0 {
        family ethernet-switching {
            vlan {
                members V100;
            }
        }
    }
}
irb {
    unit 100 {
        family inet {
            address 100.100.100.2/24;
        }
    }
}

{master:0}[edit]
root@QFX5100#

The two physical interfaces are up and as expected, the irb.100 is up as well

{master:0}[edit]
root@QFX5100# run show interfaces terse | match "irb|et-"
et-0/0/49               up    up
et-0/0/49.0             up    up   eth-switch
et-0/0/51               up    up
et-0/0/51.0             up    up   eth-switch
irb                     up    up
irb.100                 up    up   inet     100.100.100.2/24

{master:0}[edit]
root@QFX5100#

Now, let’s configure et-0/0/49 with the autostate-exclude feature:

{master:0}[edit]
root@QFX5100# show interfaces et-0/0/49
unit 0 {
    family ethernet-switching {
        vlan {
            members V100;
        }
    }
}
autostate-exclude;

{master:0}[edit]
root@QFX5100#

You can check the interface and notice that is configured with this feature by looking at the “Logical Interface flags”:

{master:0}[edit]
root@QFX5100# run show ethernet-switching interface et-0/0/49
Routing Instance Name : default-switch
Logical Interface flags (DL - disable learning, AD - packet action drop,
                         LH - MAC limit hit, DN - interface down,
                         SCTL - shutdown by Storm-control,
                         MMAS - Mac-move action shutdown, AS - Autostate-exclude enabled)

Logical          Vlan          TAG     MAC         STP         Logical           Tagging
interface        members               limit       state       interface flags
et-0/0/49.0                            294912                   AS                untagged
                 V100          100     294912      Forwarding                     untagged

{master:0}[edit]
root@QFX5100# 

This feature does not impact in any way the operation of the interface when it’s activated:

{master:0}[edit]
root@QFX5100# run show interfaces terse | match "irb|et-"
et-0/0/49               up    up
et-0/0/49.0             up    up   eth-switch
et-0/0/51               up    up
et-0/0/51.0             up    up   eth-switch
irb                     up    up
irb.100                 up    up   inet     100.100.100.2/24

{master:0}[edit]
root@QFX5100#

And the interface is still part of the VLAN:

{master:0}[edit]
root@QFX5100# run show vlans

Routing instance        VLAN name             Tag          Interfaces
default-switch          V100                  100
                                                           et-0/0/49.0*
                                                           et-0/0/51.0*
default-switch          default               1


{master:0}[edit]
root@QFX5100#

Once you disable the interface that doesn’t have autostate-exclude configured, the IRB goes down:

{master:0}[edit]
root@QFX5100# run show interfaces terse | match "irb|et-"
et-0/0/49               up    up
et-0/0/49.0             up    up   eth-switch
et-0/0/51               down  down
et-0/0/51.0             up    down eth-switch
irb                     up    up
irb.100                 up    down inet     100.100.100.2/24

{master:0}[edit]
root@QFX5100#

This feature on Junos is identical to the SVI Autostate Exclude feature from Cisco platforms.

You can see below some relevant output from a Cisco device that support this feature.

Two interfaces are configured in VLAN 100:

C3750#show vlan | i VLAN0100
100  VLAN0100                         active    Gi1/0/13, Gi1/0/14
C3750#

The SVI is up:

C3750#show ip interface brief vlan100
Interface              IP-Address      OK? Method Status                Protocol 
Vlan100                100.100.100.2   YES NVRAM  up                    up
C3750#

One of the interface is configured with SVI autostate exclude feature:

C3750#show run interface brief GigabitEthernet1/0/13
Building configuration...

Current configuration : 123 bytes
!
interface GigabitEthernet1/0/13
 C3750port access vlan 100
 C3750port autostate exclude
end

C3750#

You can see the feature configured like this:

C3750#show interfaces GigabitEthernet1/0/13 switchport
Name: Gi1/0/13
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: On
Access Mode VLAN: 100 (VLAN0100)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Autostate mode exclude

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
C3750#

After the other interface is brought down, the SVI interface goes down as well:

C3750#show ip interface brief GigabitEthernet1/0/14
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet1/0/14  unassigned      YES unset  administratively down down
C3750#show ip interface brief GigabitEthernet1/0/13
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet1/0/13  unassigned      YES unset  up                    up
C3750#show ip interface brief vlan100
Interface              IP-Address      OK? Method Status                Protocol
Vlan100                100.100.100.2   YES NVRAM  up                    down
C3750#

And this is all about this feature, on both Juniper and Cisco devices that support this feature.

I hope you found this information useful.

The following two tabs change content below.

• Bio
• Latest Posts

Paris ARAU

Paris ARAU is a networking professional with strong background on routing and switching technologies. He is a holder of CCIE R&S and dual JNCIE(SP and ENT). The day to day work allows him to dive deeply in networking technologies. Part of the continuously training, he is focusing on Software Defined Network and cloud computing.

Latest posts by Paris ARAU (see all)

• Junos Fusion – Part IV – Satellite policies and uplink failure detection - 30 July 2018
• Junos Fusion – Part III – Satellite commands and traffic forwarding - 16 July 2018
• Junos Fusion – Part II – Configuration, Administration and Operation - 16 July 2018
• Junos Fusion – Part I – Overview, Components, Ports and Software - 11 July 2018
• Vagrant – Part IV – Network topology using Juniper and Cumulus - 26 April 2018