Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] Troubleshooting Checklist - IRB Interface

1

0

Article ID: KB26488 KB Last Updated: 17 Apr 2020Version: 2.0
Summary:

A basic checklist for troubleshooting IRB (Integrated Bridging and Routing) interfaces on MX Series devices.

To troubleshoot Physical interface or VLAN interfaces, refer to KB26486: Troubleshooting Checklist - Ethernet Physical Interface or KB26487: Troubleshooting Checklist - VLAN & Bridging.

Symptoms:
  • Troubleshoot IRB Interface on MX device
  • IRB interface is down
Solution:

Use the following checklist to troubleshoot IRB interfaces:

Step 1. Verify the configuration of the IRB interface.

For details on IRB interfaces and its configuration on a MX router, refer to the technical documentation:

Ethernet Networking:
http://www.juniper.net/techpubs/en_US/junos/information-products/pathway-pages/mx-solutions/ethernet-networking.html#configuration

Layer 2 Services — Bridging, Address Learning, and Forwarding
http://www.juniper.net/techpubs/en_US/junos12.2/information-products/pathway-pages/layer-2/layer-2-bridging-learning-forwarding.html#configuration

Tips:

  • By default the interface speed of an IRB physical interface is set to 1GB.
  • The IRB logical interface MTU is the lowest of the Layer-2 logical interfaces in the bridge-domain.
     

Step 2. Verify that the IRB interface is in the UP UP state.

To do this, run the command 'show interfaces terse irb' command to verify the status of an IRB interface:

user@router> show interfaces terse irb* 
Interface               Admin Link Proto    Local                 Remote
irb                     up    up  
irb.0                   up    up   inet     172.22.1.254/24 
                                   
irb.1                   up    up   inet     172.22.2.254/24 

In the output above, the IRB  interface Admin and Link states as in the UP & UP state.

Tips:

  • The IRB logical interface is operationally up if at least one Layer-2 logical interface is up in the bridge-domain.
  • The IRB logical interface is operationally down if all L2 logical interfaces are operationally down in the bridge-domian.

If the Admin status of the IRB logical interface is down, then verify the configuration and correct the problem.  As per the above tips, the IRB logical interface Link status is down if all the l2-interfaces are down in the bridge-domain.

 

Step 3. Verify L2-interface associations with the bridge-domains and their operational status.

Next, check if the correct interfaces are associated with the correct VLANs and are in the correct bridge-domains.

To do this, run the command 'show bridge domain' and 'show bridge domain <vlan> detail'.

For example:

user@router> show bridge domain 
Routing instance        Bridge domain            VLAN ID     Interfaces
default-switch          vlan_100                 100         ge-1/0/0.0  
                                                             ge-1/0/1.0   
                                                             ge-1/0/3.0
default-switch          vlan_200                 200      
                                                             ge-1/0/2.0
                                                             ge-1/0/3.0
                                                             ge-1/1/4.0 

user@router> show bridge domain vlan_100 detail
Routing instance: default-switch
  Bridge domain: vlan_100                       
  State: Active
  Bridge VLAN ID: 100 
  Interfaces:   ge-1/0/0.0     ge-1/0/1.0     ge-1/0/3.0
 Total mac count: 2


In the above output, the vlan_100 bridge domain has three interfaces associated with it, which are all part of VLAN 100.

For more information on the above command output, refer to the technical documentation on show bridge domain.
 

Step 4. Verify routes in the Route Table, and perform PING test.

a.  Verify the router's ability to route between appropriate subnets with the 'show route' command:

user@router> show route 
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.210.12.0/27     *[Direct/0] 15:08:57
                    > via fxp0.0
10.210.12.1/32     *[Local/0] 15:08:57
                      Local via fxp0.0
172.22.1.0/24      *[Direct/0] 00:00:01
                    > via irb.0
172.22.1.254/32    *[Local/0] 00:21:31
                      Local via irb.0
172.22.2.0/24      *[Direct/0] 00:21:31
                    > via irb.1
172.22.2.254/32    *[Local/0] 00:21:31
                      Local via irb.1

In the output above, one can see that routes were added to the routing table as a result of configuring the IRB interfaces. If the intended routes are not visible in the route table, then check the configuration of the IRB interface.

b. Use PING to check if the IRB interface is able to route packets inside the VLAN and between the VLAN's:

  • From any end-host within the bridge-domain or VLAN, ping the IP address of the IRB logical interface.
  • From any end-host, ping another end-host inside the same VLAN to verify intra-vlan routing.
  • From any end-host, ping the end-host on a different VLAN to verify inter-vlan routing.
If ping is not successful, then do the following:
  • Verify the L2-interface associations of the bridge-domain (Step 3 above) as well the IRB configuration (Step 1).
  • Verify if the router is responding to ARP requests from the end-host by monitoring the IRB logical interface. For example : user@router> monitor traffic interface irb.0
 

Step 5. Check if traffic is hitting the IRB interface.

To check if traffic is hitting the IRB interface, define a firewall filter and apply it on the IRB logical interface.

In the example below, this firewall filter will count all the packets that are received  from end-host 1.1.1.1.

[edit firewall family inet]

user@Router# show
filter example-filter {
    term count {    
        from {
            source-address {
                1.1.1.1/32;
            }
            }
        then {
            count end-host-count;
            accept;
        }
    }
}

For more information on firewall filters on Junos devices refer http://www.juniper.net/techpubs/en_US/junos/information-products/pathway-pages/config-guide-firewall-filter/config-guide-firewall-filter.html

When this filter is applied on the IRB logical interface which is part of the bridge domain, then for every packet it will check if the source is from 1.1.1.1 and count the packets under end-host-count Counter.  For examples on how to apply firewall filters to interfaces, refer to http://www.juniper.net/techpubs/en_US/junos/topics/usage-guidelines/interfaces-applying-a-filter-to-an-interface.html

If traffic is not hitting the local IRB interface, then check if the MAC address of the end-host is populated in the local bridge mac-table:

user@router> show bridge mac-table 

MAC flags (S -static MAC, D -dynamic MAC,
SE -Statistics enabled, NM -Non configured MAC)

Routing instance : default-switch
Bridging domain : vlan_100, VLAN : 100
MAC MAC Logical
address flags interface 
00:21:59:ab:8a:95 D ge-1/0/0.0 
00:21:59:ab:8a:96 D ge-1/0/1.0 
The show bridge mac-table command is used view all the entries within the MAC address table. It generates a list of learned MAC addresses along with the corresponding VLANs and interfaces. All entries are organized based on their associated VLANs. For more information on the above command output, refer to http://www.juniper.net/techpubs/en_US/junos/topics/reference/command-summary/show-bridge-mac-table-command.html.
 

Step 6. Review the Traffic Statistics and input/output errors on the IRB interface.

To do this, run the command 'show interfaces irb extensive'.

user@router> show interfaces irb extensive
Physical interface: irb, Enabled, Physical link is Up
  Interface index: 129, SNMP ifIndex: 23, Generation: 130
  Type: Ethernet, Link-level type: Ethernet, MTU: 1514, Clocking: Unspecified, Speed: Unspecified
  Device flags   : Present Running
  Interface flags: SNMP-Traps
  Link type      : Full-Duplex
  Link flags     : None
  Physical info  : Unspecified
  Hold-times     : Up 0 ms, Down 0 ms
  Current address: 02:00:00:00:00:30, Hardware address: 02:00:00:00:00:30
  Alternate link address: Unspecified
  Last flapped   : Never
  Statistics last cleared: Never
  Traffic statistics:
   Input  bytes  :                    0
   Output bytes  :                    0
   Input  packets:                    0
   Output packets:                    0
   IPv6 transit statistics:
    Input  bytes  :                   0 
    Output bytes  :                   0
    Input  packets:                   0
    Output packets:                   0
  Input errors:
    Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards: 0, Resource errors: 0
  Output errors:
    Carrier transitions: 0, Errors: 0, Drops: 0, MTU errors: 0, Resource errors: 0

  Logical interface irb.0 (Index 68) (SNMP ifIndex 70) (Generation 143)
    Flags: Hardware-Down SNMP-Traps 0x4000 Encapsulation: ENET2
    Bandwidth: 1000mbps
    Routing Instance: customer_0 Bridging Domain: bd0
    Traffic statistics:
     Input  bytes  :                    0
     Output bytes  :                    0
     Input  packets:                    0
     Output packets:                    0
     IPv6 transit statistics:
      Input  bytes  :                   0
      Output bytes  :                   0
      Input  packets:                   0
      Output packets:                   0
    Local statistics:
     Input  bytes  :                    0
     Output bytes  :                    0
     Input  packets:                    0
     Output packets:                    0
    Transit statistics:
     Input  bytes  :                    0                    0 bps
     Output bytes  :                    0                    0 bps
     Input  packets:                    0                    0 pps
     Output packets:                    0                    0 pps
     IPv6 transit statistics:
      Input  bytes  :                   0
      Output bytes  :                   0
      Input  packets:                   0
      Output packets:                   0
    Protocol inet, MTU: 1500, Generation: 154, Route table: 0
      Addresses, Flags: Dest-route-down Is-Preferred Is-Primary
        Destination: 10.51.1/24, Local: 10.51.1.2, Broadcast: 10.51.1.255,
        Generation: 155
    Protocol multiservice, MTU: 1500, Generation: 155, Route table: 0
      Flags: Is-Primary
      Policer: Input: __default_arp_policer

From the above command output, one can see that the operational parameters of the IRB physical and logical interfaces are strikingly very similar to Ethernet interfaces output.

For more information on the above command output, refer to the technical documentation on show interfaces irb.

Modification History:
2020-04-17: Article reviewed for accuracy. No changes made. Article is correct and complete.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search