In the Juniper world, the distinction between these two configurations is essentially the difference between standard enterprise switching and Service Provider (SP) style virtualization. While they both move traffic based on VLAN tags, they live in different “planes” of the Junos operating system.
1. Family Ethernet-Switching
This is the “standard” way of doing things. If you’ve worked on Cisco or basic HPE switches, this is the behavior you’re used to.
- Logic: The interface is treated as a member of a VLAN database. Interfaces can be Access ports or Trunks
- Behavior: The switch looks at the incoming MAC address and the VLAN tag, then checks the MAC table to decide where to send the frame.
- Use Case: Connecting servers, PCs, or other switches in a typical corporate LAN.
- Configuration Style: You define a
unit 0and put it into a VLAN.
2. Encapsulation Extended-VLAN-Vbridge
This belongs to the Flexible Ethernet Services family. It treats the interface as a “Service Interface” rather than just a switch port.
- Logic: It decouples the physical port from the global VLAN database. It allows you to terminate a VLAN on a specific logical unit and bridge it into a Routing Instance (like an EVPN or a VPLS).
- Behavior: It allows for “VLAN normalization.” You can accept VLAN 10 on one port and bridge it to VLAN 20 on another seamlessly within a bridge domain.
- Use Case: Data Center Interconnects (DCI), Provider Edge (PE) routers, and complex EVPN-VXLAN fabrics.
- Configuration Style: You define multiple units (e.g.,
unit 10,unit 20), each with its own VLAN ID.
Key Differences at a Glance
| Feature | Family Ethernet-Switching | Extended-VLAN-Vbridge |
| Primary Goal | Simple L2 switching. | Service provider / Multi-tenant bridging. |
| VLAN Scope | Global (VLAN must exist in the DB). | Local to the bridge-domain or instance. |
| Unit Logic | Usually just unit 0. | Multiple units per port (one per VLAN). |
| Flexibility | Limited; standard trunk/access roles. | High; can pop/swap/push tags at the port. |
| Interaction | Layer 2 MAC learning. | Bridge-domain or VPLS/EVPN integration. |
Why “Switching VLANs” != “Service Provider VLANs”
The reason they are separate comes down to Scaling and Control.
- Blast Radius: In
family ethernet-switching, a VLAN is a global entity. If you have a loop in VLAN 10, it can potentially affect the whole switch. In SP-style (vbridge), the VLAN is confined to a specific bridge domain or routing instance, providing better isolation. - Tag Manipulation: Service providers often need to “stack” tags (Q-in-Q) or change a tag as it passes through the core.
ethernet-switchingis generally “what you see is what you get,” whereas SP encapsulation allows you to rewrite headers as the frame enters the interface. - The “Bridge Domain” Concept: In the SP world, a “VLAN” is just a tag. The actual forwarding happens in a Bridge Domain. This allows you to have two different customers both using VLAN 100 on the same switch without their traffic ever touching or seeing each other’s MAC addresses.
Note: On many QFX models, you cannot mix these two styles on the same physical port. You have to choose: is this port a “dumb” switch port or a “smart” service interface?