By default, a router are considered
a broadcast terminator, meaning that it doesn't pass the broadcasts from one
segment to another like switches (bridges) do.
Integrated Routing and Bridging or
IRB leverages the layer 2 switching capabilities to the routers to make it able
for forward layer 2 broadcast to other interfaces. Today there are new smarter
and more cutting edge technologies that can transfer layer 2 frames over WANs
and even between whole data centers like VPLS, OTV, L2TPV3, Pseudo-wires and the list goes on. Of course each of them
has its own application After all that, I needed to test some redundancy test
in my lab and I found myself using the good old IRB. so I thought I might blog about it
for the sake of good times.
Let’s see this simple topology.
By Default, if PC1 was trying to sending a
broadcast, it would have been terminated at R1 F0/0 Interface and would never
be forwarded to interface F0/1 knows the broadcast domain for the
192.168.1.0/24 is located at its F0/0 interface.
Now we want PC1 to be able to send an ARP
request and the ARP request passes all the way to Broadcast Domain B so that
PC2 can reply with its MAC Address, let’s see how we can do that.
This can be done by configuring Bridge groups
on Cisco routers, and attach the physical interfaces to that bridge groups as
if they’re ports on the same switch (bridge).
Let’s begin our configuration
R1
bridge 1 protocol ieee
bridge irb
interface FastEthernet0/0
no ip address
bridge-group 1
!
interface FastEthernet0/1
no ip address
bridge-group 1
R2
bridge 1 protocol ieee
bridge irb
interface FastEthernet0/0
no ip address
bridge-group 1
!
interface FastEthernet0/1
no ip address
bridge-group 1
As you can see the
configuration is very easy, at first I configured the bridge group to use IEEE
spanning tree protocol for bridge group 1, why? Because if you have redundant
links between R1 and R2 without spanning-tree, you are definitely getting a
loop! The second command tells the router which type of bridging you’re using. In
our case here which is integrated routing and bridging. Finally you assign the
interfaces you wanted it to participate in the bridge or broadcast domain by
using the command bridge-group 1 under the interface configuration mode.
Let’s do some show
commands to verify our configuration
R1#show bridge group
Bridge Group 1 is running the IEEE
compatible Spanning Tree protocol
Port 4 (FastEthernet0/0) of bridge group 1 is forwarding
Port 5 (FastEthernet0/1) of bridge group 1 is forwarding
R1#show bridge verbose
Total of 300 station blocks,
300 free
Codes: P - permanent, S -
self
Flood ports (BG 1) RX count TX count
FastEthernet0/0 0 4
FastEthernet0/1 4 0
R1#show spanning-tree summary
Root bridge for: Bridge
group 1.
PortFast BPDU Guard is
disabled
UplinkFast is disabled
BackboneFast is disabled
Name Blocking Listening Learning
Forwarding STP Active
--------------------
-------- --------- -------- ---------- ----------
Bridge group 1 0
0 0 2 2
--------------------
-------- --------- -------- ---------- ----------
1 Bridge Group 0 0 0 2 2
R1#show spanning-tree root
Bridge group 1
Root ID
Priority 32768
Address c200.0cd8.0000
This bridge is the root
Hello Time 2 sec
Max Age 20 sec Forward
Now let’s
try to ping from PC1 to PC2
VPCS[1]> ping 192.168.1.2
192.168.1.2 icmp_seq=1
ttl=64 time=41.964 ms
192.168.1.2 icmp_seq=2
ttl=64 time=41.020 ms
192.168.1.2 icmp_seq=3 ttl=64
time=43.976 ms
192.168.1.2 icmp_seq=4
ttl=64 time=33.977 ms
192.168.1.2 icmp_seq=5
ttl=64 time=38.975 ms
Now let’s see the
ARP table of PC1
VPCS[1]> show arp all
00:50:79:66:68:01 192.168.1.2 expires in 113 seconds
The interesting part here is that R1 acted as a
transparent bridge, it transparently switched the frame to interface F0/1 and
R2 did the same till the frame reached PC2 and PC2 replied with it’s MAC
address in the ARP reply packet. Unlike the normal behavior of routers with
proxy ARP.
Now we need to configure some sort of interface
on the routers for management purposes, or even for routing that subnet, to do
that, we will configure a logical interface called the BVI interface which is
very similar to the SVI or vlan interface on switches.
R1(config)#interface BVI 1
R1(config-if)#ip add
192.168.1.10 255.255.255.0
R2(config)#interface BVI 1
R2(config-if)#ip add
192.168.1.20 255.255.255.0
Let’s try pinging from R1 to PC1
R1#ping 192.168.1.1
Type escape sequence to
abort.
Sending 5, 100-byte ICMP
Echos to 192.168.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent
(0/5)
The ping failed, the reason for that is that
you need to enable ip routing capability for that bridge on the router.
R1(config)#bridge 1 route ip
R1#ping 192.168.1.1
Type escape sequence to
abort.
Sending 5, 100-byte ICMP
Echos to 192.168.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent
(4/5), round-trip min/avg/max = 8/25/52 ms
That seems to be working fine. Finally, a
typical use for that would be providing redundancy for a server with NIC
teaming, in case a cable is cut or a router went down, the operation should be
seamless. This is an illustrated schematic
Since all first hop redundancy protocols (HSRP,
GLBP and VRRP) requires all segments to be in the same broadcast domain, as
shown in the figure above, R1 and R2 can easily use IRB to provide redundancy
for the server with NIC teaming and use Virtual IP as a gateway for both those
NICs.