Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Example: Configuring Ethernet Ring Protection Switching on QFX Series and EX Series Switches Supporting ELS

Requirements

• Four connected EX Series switches or QFX Series switches that support the Enhanced Layer 2 Software (ELS) to function as nodes in the ring topology. You could use any of these QFX Series switches: QFX5100, QFX5200, and QFX10000. This configuration also applies to EX Series switches that support the Enhanced Layer 2 Software (ELS) configuration style that runs on EX4300 and EX4600 switches.
• Junos OS Release 13.2X50-D10 or later for EX Series switches.
• Junos OS Release 14.1X53-D10 or later for QFX5100 switches. Junos OS Release 15.1X53-D30 or later for QFX5200, and QFX10000 switches.

• Configured two trunk interfaces on each of the four switches. See Table 1 for a list of the interface names used in this example.
• Configured a VLAN (with name erp-control-vlan-1 and ID 100) on all four switches and associated two network interfaces from each of the four switches with the VLAN. See Configuring VLANs for the QFX Series OR Configuring VLANs for EX Series Switches (CLI Procedure). See Table 1 for a list of the interface names used in this example.
• Configured two more VLANs (one with name erp-data-1 and vlan ID 101 and a second vlan with the name erp-data-2 and vlan ID 102) on all four switches and associated both the east and west interfaces on each switch.

Overview and Topology

ERPS uses a dedicated physical link, including a control VLAN for trunk ports, between all of the switches to protect the active links. ERPS VLANs are all located on this link and are also blocked by default. When traffic between the switches is flowing with no problems, the active links take care of all traffic. Only if an error occurs on one of the data links would the ERPS control channel take over and start forwarding traffic.

Note: Trunk ports on switches use a VLAN to create individual control channels for ERPS. When multiple ERPS instances are configured for a ring, there are multiple sets of ring protection links (RPLs) and RPL owners on the ERPS link, and a different channel is blocked for each instance. Nontrunk ports use the physical link as the control channel and protocol data units (PDUs) are untagged, with no VLAN information in the packet.

This example creates one protection ring (called a node ring) named erp1 on four switches connected in a ring by trunk ports as shown in Figure 1. Because the links are trunk ports, VLAN 100 is used for erp1 traffic. The east interface of each switch is connected with the west interface of an adjacent switch. Cobia is the RPL owner, with interface ge-0/0/0 configured as an RPL end interface. The interface ge-0/0/0 of Jas5-esc is configured as the RPL neighbor interface. In the idle state, the RPL end blocks the control VLAN and data channel VLAN for this particular ERP instance—the blocked port on Cobia is marked with a star in Figure 1.

Figure 1: Ethernet Ring Protection Switching Example

In this example, we configure the four switches with the interfaces indicated in both Figure 1 and Table 1.

Configuration

• Configuring ERPS on Cobia, the RPL Owner Node
• Configuring ERPS on Jas5-esc
• Configuring ERPS on Hairtail
• Configuring ERPS on Jas6-esc

Configuring ERPS on Cobia, the RPL Owner Node

CLI Quick Configuration

To quickly configure Cobia, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

ERPS cannot be configured on an interface if any spanning-tree protocol is configured. (RSTP is configured by default.) Therefore, in this example, RSTP is disabled on each ring port before configuring ERPS. Spanning-tree protocols are disabled two different ways, depending on which version of the Junos OS you are running. Therefore, the first two statements in this example vary: Junos release 15.1 or later uses one command to turn off RSTP and Junos releases prior to 15.1 uses another command.

Step-by-Step Procedure

1. Disable any spanning-tree protocol currently configured on the ERPS interfaces. RSTP, VSTP, and MSTP are all available spanning-tree protocols. RSTP is enabled in the default configuration, so this example shows disabling RSTP. Spanning-tree protocols are disabled two different ways, depending on which version of the Junos OS you are running.

   If you are running Junos release 15.1 or later, disable any spanning-tree protocol with these commands. To disable RSTP:

   [edit protocols]user@switch# set rstp interface ge-0/0/0 disableuser@switch# set rstp interface ge-0/0/20 disable

   If you are running a Junos release prior to 15.1, disable any spanning-tree protocol with these commands. To disable RSTP:

   [edit protocols]user@switch# delete rstp interface ge-0/0/0user@switch# delete rstp interface ge-0/0/20
2. Create a node ring named erp1:
   [edit protocols]user@switch# set protection-group ethernet-ring erp1
3. Designate Cobia as the RPL owner node:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set ring-protection-link-owner
4. Configure the VLANs 101 and 102 as data channels:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set data-channel 101user@switch# set data-channel 102
5. Configure the control vlan 100 for this ERP instance on the trunk interface:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set control-vlan 100
6. Configure the east interface of the node ring erp1 with control channel ge-0/0/0.0 and indicate that this particular ring protection link ends here:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set east-interface control-channel ge-0/0/0.0 user@switch# set east-interface ring-protection-link-end
7. Configure the west interface of the node ring erp1 with control channel ge-0/0/20.0 :
   [edit protocols protection-group ethernet-ring erp1]user@switch# set west-interface control-channel ge-0/0/20.0
8. Every ring instance on a trunk port has one control VLAN in which ERP packets traverse. The control VLAN also controls data VLANs, if any are configured. Assign 100 as the control VLAN on both interfaces:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set west-interface control-channel vlan 100 user@switch# set east-interface control-channel vlan 100

Results

In configuration mode, check your ERPS configuration by entering the show configuration protocols command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

protection-group {
    ethernet-ring ERP1 {
        restore-interval 5;
        east-interface {
            control-channel {
                ge-0/0/13.0;
                vlan 4000;
            }
        }
        west-interface {
            control-channel {
                ge-0/0/15.0;
                vlan 4000;
            }
        }                               
        control-vlan 4000;
        data-channel {
            vlan 2052;
        }
    }
}

set protocols protection-group ethernet-ring ERP1 restore-interval 5
set protocols protection-group ethernet-ring ERP1 east-interface control-channel ge-0/0/13.0
set protocols protection-group ethernet-ring ERP1 east-interface control-channel vlan 4000
set protocols protection-group ethernet-ring ERP1 west-interface control-channel ge-0/0/15.0
set protocols protection-group ethernet-ring ERP1 west-interface control-channel vlan 4000
set protocols protection-group ethernet-ring ERP1 control-vlan 4000
set protocols protection-group ethernet-ring ERP1 data-channel vlan 2052

In configuration mode, check your VLAN configuration by entering the show vlans command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

In configuration mode, check your interface configurations by entering the show interfaces command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

erp-control-vlan-1 {
    vlan-id 100;
}
erp-data-1 {
    vlan-id 101;
}
erp-data-2 {
    vlan-id 102;
}

ge-0/0/0 {
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members [ 100 101 102 ];
            }
        }
    }
}
ge-0/0/10 {
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members [ 101 102 ];
            }
        }
    }
}
ge-0/0/20 {
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members [ 100 101 102 ];
            }
        }
    }
}

If you are finished configuring the device, enter commit in configuration mode.

Configuring ERPS on Jas5-esc

CLI Quick Configuration

To quickly configure Jas5-esc, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

ERPS cannot be configured on an interface if any spanning tree protocol is configured. (RSTP is configured by default.) Therefore, in this example, RSTP is disabled on each ring port before configuring ERPS. Spanning tree is disabled two different ways, depending on which version of the Junos OS you are running. Therefore, the first two statements will vary: Junos release 15.1 or later uses one command to turn off RSTP and Junos releases prior to 15.1 uses another command.

Step-by-Step Procedure

1. Disable any spanning-tree protocol currently configured on the ERPS interfaces. RSTP, VSTP, and MSTP are all available spanning-tree protocols. RSTP is enabled in the default configuration, so this example shows disabling RSTP. Spanning-tree protocols are disabled two different ways, depending on which version of the Junos OS you are running.

   If you are running Junos release 15.1 or later, disable any spanning-tree protocol with these commands. To disable RSTP:

   [edit protocols]user@switch# set rstp interface ge-0/0/10 disableuser@switch# set rstp interface ge-0/0/0 disable

   If you are running a Junos release prior to 15.1, disable any version of spanning-tree protocol with these commands. To disable RSTP:

   [edit protocols]user@switch# delete rstp interface ge-0/0/10 user@switch# delete rstp interface ge-0/0/0
2. Create a node ring named erp1:
   [edit protocols]user@switch# set protection-group ethernet-ring erp1
3. Configure two data channels named erp-data-1 and erp-data-2 to define a set of VLAN IDs that belong to a ring instance.
   [edit protocols protection-group ethernet-ring erp1]user@switch# set data-channel vlan 101user@switch# set data-channel vlan 102
4. Configure a control VLAN with ID 100 for the node ring erp1:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set control-vlan 100
5. Configure the east interface of the node ring erp1 with the control channel ge-0/0/10.0:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set east-interface control-channel ge-0/0/10.0
6. Configure the west interface of the node ring erp1 with the control channel ge-0/0/0.0 vlan 100:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set west-interface control-channel ge-0/0/0.0
7. Every ring instance on a trunk port has one control VLAN in which ERP packets traverse. The control VLAN also controls data VLANs, if any are configured. Assign vlan # 100 as the control VLAN:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set west-interface control-channel vlan 100user@switch# set east-interface control-channel vlan 100

Results

In configuration mode, check your ERPS configuration by entering the show configuration protocols command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

protection-group {
    ethernet-ring ERP1 {
        restore-interval 5;
        east-interface {
            control-channel {
                ge-0/0/13.0;
                vlan 4000;
            }
        }
        west-interface {
            control-channel {
                ge-0/0/15.0;
                vlan 4000;
            }
        }                               
        control-vlan 4000;
        data-channel {
            vlan 2052;
        }
    }
}

set protocols protection-group ethernet-ring ERP1 restore-interval 5
set protocols protection-group ethernet-ring ERP1 east-interface control-channel ge-0/0/13.0
set protocols protection-group ethernet-ring ERP1 east-interface control-channel vlan 4000
set protocols protection-group ethernet-ring ERP1 west-interface control-channel ge-0/0/15.0
set protocols protection-group ethernet-ring ERP1 west-interface control-channel vlan 4000
set protocols protection-group ethernet-ring ERP1 control-vlan 4000
set protocols protection-group ethernet-ring ERP1 data-channel vlan 2052

In configuration mode, check your VLAN configuration by entering the show vlans command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

In configuration mode, check your interface configurations by entering the show interfaces command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

erp-control-vlan-1 {
    vlan-id 100;
}
erp-data-1 {
    vlan-id 101;
}
erp-data-2 {
    vlan-id 102;
}

ge-0/0/0 {
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members [ 100 101 102 ];
            }
        }
    }
}
ge-0/0/10 {
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members [ 100 101 102 ];
            }
        }
    }
}
ge-0/0/20 {
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members [ 101 102 ];
            }
        }
    }
}

If you are finished configuring the device, enter commit in configuration mode.

Configuring ERPS on Hairtail

CLI Quick Configuration

To quickly configure Hairtail, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

ERPS cannot be configured on an interface if any spanning tree protocol is configured. (RSTP is configured by default.) Therefore, in this example, RSTP is disabled on each ring port before configuring ERPS. Spanning tree is disabled two different ways, depending on which version of the Junos OS you are running. Therefore, the first two statements will vary: Junos release 15.1 or later uses one command to turn off RSTP and Junos releases prior to 15.1 uses another command.

Step-by-Step Procedure

1. Disable any spanning-tree protocol currently configured on the ERPS interfaces. RSTP, VSTP, and MSTP are all available spanning-tree protocols. RSTP is enabled in the default configuration, so this example shows disabling RSTP. Spanning-tree protocols are disabled two different ways, depending on which version of the Junos OS you are running.

   If you are running Junos release 15.1 or later, disable any spanning-tree protocol with these commands. To disable RSTP:

   [edit protocols]user@switch# set rstp interface ge-0/0/10 disableuser@switch# set rstp interface ge-0/0/20 disable

   If you are running a Junos release prior to 15.1, disable any spanning-tree protocol with these commands. To disable RSTP:

   [edit protocols]user@switch# delete rstp interface ge-0/0/10 user@switch# delete rstp interface ge-0/0/20
2. Create a node ring named erp1:
   [edit protocols]user@switch# set protection-group ethernet-ring erp1
3. Configure the control vlan 100 for the node ring erp1:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set control-vlan 100
4. Configure two data channels numbered 101 and 102 to define a set of VLAN IDs that belong to a ring instance:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set data-channel vlan 101user@switch# set data-channel vlan 102
5. Configure the east interface of the node ring erp1 with the control channel ge-0/0/20.0:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set east-interface control-channel ge-0/0/20.0
6. Configure the west interface of the node ring erp1 with the control channel ge-0/0/10.0:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set west-interface control-channel ge-0/0/10.0
7. Every ring instance on a trunk port has one control VLAN in which ERP packets traverse. The control VLAN also controls data VLANs, if any are configured. Assign 100 as the control VLAN:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set west-interface control-channel vlan 100user@switch# set east-interface control-channel vlan 100

Results

In configuration mode, check your ERPS configuration by entering the show configuration protocols command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

protection-group {
    ethernet-ring ERP1 {
        restore-interval 5;
        east-interface {
            control-channel {
                ge-0/0/13.0;
                vlan 4000;
            }
        }
        west-interface {
            control-channel {
                ge-0/0/15.0;
                vlan 4000;
            }
        }                               
        control-vlan 4000;
        data-channel {
            vlan 2052;
        }
    }
}

set protocols protection-group ethernet-ring ERP1 restore-interval 5
set protocols protection-group ethernet-ring ERP1 east-interface control-channel ge-0/0/13.0
set protocols protection-group ethernet-ring ERP1 east-interface control-channel vlan 4000
set protocols protection-group ethernet-ring ERP1 west-interface control-channel ge-0/0/15.0
set protocols protection-group ethernet-ring ERP1 west-interface control-channel vlan 4000
set protocols protection-group ethernet-ring ERP1 control-vlan 4000
set protocols protection-group ethernet-ring ERP1 data-channel vlan 2052

In configuration mode, check your VLAN configuration by entering the show vlans command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

In configuration mode, check your interface configurations by entering the show interfaces command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

erp-control-vlan-1 {
    vlan-id 100;
}
erp-data-1 {
    vlan-id 101;
}
erp-data-2 {
    vlan-id 102;
}

ge-0/0/0 {
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members [ 101 102 ];
            }
        }
    }
}
ge-0/0/10 {
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members [ 100 101 102 ];
            }
        }
    }
}
ge-0/0/20 {
    unit 0 {
 

If you are finished configuring the device, enter commit in configuration mode.

Configuring ERPS on Jas6-esc

CLI Quick Configuration

To quickly configure Jas6-esc, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

ERPS cannot be configured on an interface if any spanning tree protocol is configured. (RSTP is configured by default.) Therefore, in this example, RSTP is disabled on each ring port before configuring ERPS. Spanning tree is disabled two different ways, depending on which version of the Junos OS you are running. Therefore, the first two statements will vary: Junos release 15.1 or later uses one command to turn off RSTP and Junos releases prior to 15.1 uses another command.

Step-by-Step Procedure

1. Disable any spanning-tree protocol currently configured on the ERPS interfaces. RSTP, VSTP, and MSTP are all available spanning-tree protocols. RSTP is enabled in the default configuration, so this example shows disabling RSTP. Spanning-tree protocols are disabled two different ways, depending on which version of the Junos OS you are running.

   If you are running Junos release 15.1 or later, disable any spanning-tree protocol with these commands. To disable RSTP:

   [edit protocols]user@switch# set rstp interface ge-0/0/30 disableuser@switch# set rstp interface ge-0/0/20 disable

   If you are running a Junos release prior to 15.1, disable any spanning-tree protocol with these commands. To disable RSTP:

   [edit protocols]user@switch# delete rstp interface ge-0/0/30 user@switch# delete rstp interface ge-0/0/20
2. Create a node ring named erp1:
   [edit protocols]user@switch# set protection-group ethernet-ring erp1
3. Configure the control vlan 100 for the node ring erp1:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set control-vlan 100
4. Configure two data channels numbered 101 and 102 to define VLAN IDs that belong to a ring instance.
   [edit protocols protection-group ethernet-ring erp1]user@switch# set data-channel 101user@switch# set data-channel 102
5. Configure the east interface of the node ring erp1 with the control channel ge-0/0/30.0 :
   [edit protocols protection-group ethernet-ring erp1]user@switch# set east-interface control-channel ge-0/0/30.0
6. Configure the west interface of the node ring erp1 with the control channel ge-0/0/20.0:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set west-interface control-channel ge-0/0/20.0
7. Every ring instance on a trunk port has one control VLAN in which ERP packets traverse. The control VLAN also controls data VLANs, if any are configured. Assign vlan number 100 as the control VLAN:
   [edit protocols protection-group ethernet-ring erp1]user@switch# set west-interface control-channel vlan 100user@switch# set east-interface control-channel vlan 100

Results

In configuration mode, check your ERPS configuration by entering the show configuration protocols command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

protection-group {
    ethernet-ring ERP1 {
        restore-interval 5;
        east-interface {
            control-channel {
                ge-0/0/13.0;
                vlan 4000;
            }
        }
        west-interface {
            control-channel {
                ge-0/0/15.0;
                vlan 4000;
            }
        }                               
        control-vlan 4000;
        data-channel {
            vlan 2052;
        }
    }
}

set protocols protection-group ethernet-ring ERP1 restore-interval 5
set protocols protection-group ethernet-ring ERP1 east-interface control-channel ge-0/0/13.0
set protocols protection-group ethernet-ring ERP1 east-interface control-channel vlan 4000
set protocols protection-group ethernet-ring ERP1 west-interface control-channel ge-0/0/15.0
set protocols protection-group ethernet-ring ERP1 west-interface control-channel vlan 4000
set protocols protection-group ethernet-ring ERP1 control-vlan 4000
set protocols protection-group ethernet-ring ERP1 data-channel vlan 2052

In configuration mode, check your VLAN configuration by entering the show vlans command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

In configuration mode, check your interfaces configuration by entering the show interfaces command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

erp-control-vlan-1 {
    vlan-id 100;
}
erp-data-1 {
    vlan-id 101;
}
erp-data-2 {
    vlan-id 102;
}

ge-0/0/0 {
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members [ 101 102 ];
            }
        }
    }
}
ge-0/0/20 {
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members [ 100 101 102 ];
            }
        }
    }
}
ge-0/0/30 {
    unit 0 {
        family ethernet-switching {
            interface-mode trunk;
            vlan {
                members [ 100 101 102 ];
            }
        }
    }
}

Verification

Verify that ERPS is working correctly.

Verifying That ERPS Is Working Correctly

Purpose

Verify that ERPS is working on the four EX switches that function as nodes in the ring topology.

Action

Check the state of the ring links in the output of the show protection-group ethernet-ring interface command. When the ring is configured but not being used (no error exists on the data links), one ERP interface is forwarding traffic and one is discarding traffic. Discarding blocks the ring.

Ethernet ring port parameters for protection group ERP1

Interface    Control Channel  Forward State  Ring Protection Link End  Signal Failure  Admin State
ge-0/0/13    ge-0/0/13.0      forwarding     No                        Clear          IFF ready
ge-0/0/15    ge-0/0/15.0      forwarding     No                        Clear          IFF ready

To find out what has occurred since the last restart, check the RPS statistics for ring-blocked events. NR is a No Request ring block, which means that the switch is not blocking either of the two ERP interfaces. NR-RB is a No Request Ring Blocked event, which means that the switch is blocking one of its ERP interfaces and sending a packet out to notify the other switches.

Ethernet Ring statistics for PG erp1
RAPS event sent                  : 0
RAPS event received              : 1
Local SF happened:               : 0
Remote SF happened:              : 0
NR event happened:               : 0
NR-RB event happened:            : 1

Meaning

The show protection-group ethernet-ring interface command output from the RPL owner node indicates that one interface is forwarding traffic and one is discarding traffic, meaning that the ERP is ready but not active. If at least one interface in the ring is not forwarding, the ring is blocked and therefore ERP is working.

The show protection-group ethernet-ring statistics command output indicates that, since the last reboot, both local and remote signal failures have occurred (Local SF and Remote SF).

The NR Event count is 2, indicating that the NR state was entered into twice. NR stands for No Request. This means that the switch either originated NR PDUs or received an NR PDU from another switch and stopped blocking the interface to allow ERP to function.

The three NR-RB events indicate that on three occasions, this switch either sent out NR-RB PDUs or received NR-RB PDUs from another switch. This occurs when a network problem is resolved and the switch once again blocks the ERP link at one end.