VSX virtual routers, wrpj links

I have a question regarding VSX and the usage of virtual routers. I've created a setup with a virtual WAN switch, because this will be used for multiple virtual systems to access the internet. On both the DMZ and LAN side I've created virtual routers because multiple VLAN's are being used there and I don't want to use a physical router.

When I create a virtual router I have to assign a interface at creation, let's say bond1.100 with IP The object is being created and a wrpj link is being auto created with the same IP as bond1.100 when I attach a virtual system to the virtual router. However when I create additional bond interfaces (bond1.101/bond1.102/etc.) no additional wrpj links are being created, only the bond interfaces. Is this correct? Aren't there additional wrpj links required for the other bond interfaces?

Also when I create multiple virtual routers and virtual systems, I can't create multiple bond interfaces with the same VLAN tag, but different interface IP's ofcourse. I've read in the admin guide that this simply isn't possible but for receiving IPS updates I would like to use interfaces in the same VLAN. Is there a wrkaround for this, or isn't this recommended at all?

I've always stuck with using virtual switches to tag external subnets.  For example I would create virtual switch for subnet and another virtual switch for  In this example I have the ability to assign these virtual switches to a VS and have the ability to use Natting.  You can enable VSX internal routing options to a VS that has direct access to an Internet GW to avoid routing in the cluster.  This is an option in the VS gateway properties under routing.  Hopefully this helps.


Hi Bryce,

I'm using virtual switches on the WAN side, because we have a external WAN router for our internet uplink. I can attach the Virtual Systems without any problems and have internet connectivity.

I'm not quite sure what you mean with VSX internal routing? Do you mean I don't need any Virtual Routers at all? We have many, many VLAN's which we use internally so I need to route somewhere if I'm correct?

