Supported Platforms
Related Documentation
Example: Configuring Ethernet Ring Protection Switching on EX Series Switches
You can configure Ethernet ring protection switching (ERPS) on connected EX Series switches to prevent fatal loops from disrupting a network. ERPS is similar to spanning-tree protocols, but ERPS is more efficient because it is customized for ring topologies. You must configure at least three switches to form a ring.
This example shows how to configure Ethernet ring protection switching on four EX Series switches that are connected to one another on a dedicated link in a ring topology.
 | Note: This task uses Junos OS for EX Series switches without support for the Enhanced Layer 2 Software (ELS) configuration style. However, an ERPS ring can include different types of switches, with or without ELS support. If you are configuring an ERPS ring that also includes QFX Series or EX Series switches running software that supports ELS, see Example: Configuring Ethernet Ring Protection Switching on QFX Series and EX Series Switches Supporting ELS for equivalent example configuration steps on those switches. For ELS details, see Getting Started with Enhanced Layer 2 Software. |
Requirements
This example uses the following hardware and software components:
- Four connected EX Series switches that will function as nodes in the ring topology.
- Junos OS Release 12.1 or later without support for the Enhanced Layer 2 Software (ELS) configuration style.
Before you begin, be sure you have:
- Configured two trunk interfaces on each of the four switches. See Table 1 for a list of the interface names used in this example.
- Configured the same VLAN (erp-control-vlan-1) with ID 100 on all four switches and associated two network interfaces from each of the four switches with the VLAN. See Configuring VLANs for EX Series Switches (CLI Procedure). See Table 1 for a list of the interface names used in this example.
- Configured two VLANs (erp-data-1 and erp-data-2) with IDs 101 and 102, respectively, on all four switches and associated both the east and west interfaces on each switch with erp-data-1 and erp-data-2. See Table 1 for a list of the interface names used in this example.
Overview and Topology
ERPS uses a dedicated physical link, including a control VLAN for trunk ports, between all of the switches to protect the active links. ERPS VLANs are all located on this link and are also blocked by default. When traffic between the switches is flowing with no problems, the active links take care of all traffic. Only if an error occurs on one of the data links would the ERPS control channel take over and start forwarding traffic.
| Note: Trunk ports on switches use a VLAN to create individual control channels for ERPS. When multiple ERPS instances are configured for a ring, there are multiple sets of ring protection links (RPLs) and RPL owners on the ERPS link, and a different channel is blocked for each instance. Nontrunk ports use the physical link as the control channel and protocol data units (PDUs) are untagged, with no VLAN information in the packet. |
This example creates one protection ring (called a node ring) named erp1 on four switches connected in a ring by trunk ports as shown in Figure 1. Because the links are trunk ports, the VLAN named erp-control-vlan-1 is used for erp1 traffic. The east interface of each switch is connected with the west interface of an adjacent switch. Cobia is the RPL owner, with interface ge-0/0/0 configured as an RPL end interface. The interface ge-0/0/0 of Jas5-esc is configured as the RPL neighbor interface. In the idle state, the RPL end blocks the control VLAN and data channel VLAN for this particular ERP instance—the blocked port on Cobia is marked with a star in Figure 1.
Figure 1: Ethernet Ring Protection Switching Example
In this example, we configure the four switches with the interfaces indicated in both Figure 1 and Table 1.
Table 1: Components to Configure for This Example
Interfaces | Cobia | Jas5-esc | Jas6-esc | Hairtail |
|---|---|---|---|---|
East | ge-0/0/0 | ge-0/0/10 | ge-0/0/30 | ge-0/0/20 |
West | ge-0/0/20 | ge-0/0/0 | ge-0/0/20 | ge-0/0/10 |
Third | ge-0/0/10 | ge-0/0/20 | ge-0/0/0 | ge-0/0/0 |
Configuration
- Configuring ERPS on Cobia, the RPL Owner Node
- Configuring ERPS on Jas5-esc
- Configuring ERPS on Hairtail
- Configuring ERPS on Jas6-esc
Configuring ERPS on Cobia, the RPL Owner Node
CLI Quick Configuration
To quickly configure Cobia, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
| Note: Spanning-tree protocols and ERPS cannot both be configured on a ring port. Because RSTP is the spanning-tree protocol enabled in the default switch configuration, this example shows disabling RSTP on each ring port before configuring ERPS. If another spanning-tree protocol is enabled, you must disable that first instead. |
Step-by-Step Procedure
To configure ERPS on Cobia:
- Disable any spanning- tree protocols configured on the
ERPS interfaces. STP, RSTP, VSTP, and MSTP are all available spanning
tree protocols. RSTP is enabled in the default configuration, so this
example shows disabling RSTP:[edit protocols]user@switch# set rstp interface ge-0/0/0 disableuser@switch# set rstp interface ge-0/0/20 disable
- Create a node ring named erp1:[edit protocols]user@switch# set protection-group ethernet-ring erp1
- Designate Cobia as the RPL owner node:[edit protocols protection-group ethernet-ring erp1]user@switch# set ring-protection-link-owner
- Configure the VLANs erp-data-1 and erp-data-2 as data
channels:[edit protocols protection-group ethernet-ring erp1]user@switch# set data-channel erp-data-1user@switch# set data-channel erp-data-2
- Configure the control VLAN erp-control-vlan-1 for this
ERP instance on the trunk interface:[edit protocols protection-group ethernet-ring erp1]user@switch# set control-vlan erp-control-vlan-1
- Configure the east interface of the node ring erp1 with
the control channel ge-0/0/0.0 and indicate that this particular ring
protection link ends here:[edit protocols protection-group ethernet-ring erp1]user@switch# set east-interface control-channel ge-0/0/0.0user@switch# set east-interface ring-protection-link-end
- Configure the west interface of the node ring erp1 with
the control channel ge-0/0/20.0:[edit protocols protection-group ethernet-ring erp1]user@switch# set west-interface control-channel ge-0/0/20.0
Results
In configuration mode, check your ERPS configuration by entering the show protocols command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
rstp {
interface ge-0/0/20.0 {
disable;
}
interface ge-0/0/0.0 {
disable;
}
}
protection-group {
ethernet-ring erp1 {
ring-protection-link-owner;
east-interface {
control-channel {
ge-0/0/0.0;
}
ring-protection-link-end;
}
west-interface {
control-channel {
ge-0/0/20.0;
}
}
control-vlan erp-control-vlan-1;
data-channel {
vlan [ 101-102 ];
}
}
}In configuration mode, check your VLAN configuration by entering the show vlans command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
erp-control-vlan-1 {
vlan-id 100;
interface {
ge-0/0/0.0;
ge-0/0/20.0;
}
}
erp-data-1 {
vlan-id 101;
interface {
ge-0/0/10.0;
ge-0/0/0.0;
ge-0/0/20.0;
}
}
erp-data-2 {
vlan-id 102;
interface {
ge-0/0/10.0;
ge-0/0/0.0;
ge-0/0/20.0;
}
}
In configuration mode, check your interface configurations by entering the show interfaces command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/20 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
If you are finished configuring the device, enter commit in configuration mode.
Configuring ERPS on Jas5-esc
CLI Quick Configuration
To quickly configure Jas5-esc, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Step-by-Step Procedure
To configure ERPS on Jas5-esc:
- Disable any spanning- tree protocols configured on the
ERPS interfaces. RSTP is enabled in the default configuration, so
this example shows disabling RSTP:[edit protocols]user@switch# set rstp interface ge-0/0/10 disableuser@switch# set rstp interface ge-0/0/0 disable
- Create a node ring named erp1:[edit protocols]user@switch# set protection-group ethernet-ring erp1
- Configure a control VLAN named erp-control-vlan-1 for
the node ring erp1:[edit protocols protection-group ethernet-ring erp1]user@switch# set control-vlan erp-control-vlan-1
- Configure two data channels named erp-data-1 and erp-data-2
to define a set of VLAN IDs that belong to a ring instance.[edit protocols protection-group ethernet-ring erp1]user@switch# set data-channel erp-data-1user@switch# set data-channel erp-data-2
- Configure the east interface of the node ring erp1 with
the control channel ge-0/0/10.0:[edit protocols protection-group ethernet-ring erp1]user@switch# set east-interface control-channel ge-0/0/10.0
- Configure the west interface of the node ring erp1 with
the control channel ge-0/0/0.0:[edit protocols protection-group ethernet-ring erp1]user@switch# set west-interface control-channel ge-0/0/0.0
Results
In configuration mode, check your ERPS configuration by entering the show protocols command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
rstp {
interface ge-0/0/10.0 {
disable;
}
interface ge-0/0/0.0 {
disable;
}
}
protection-group {
ethernet-ring erp1 {
east-interface {
control-channel {
ge-0/0/10.0;
}
}
west-interface {
control-channel {
ge-0/0/0.0;
}
}
control-vlan erp-control-vlan-1;
data-channel {
vlan [ 101-102 ];
}
}
}In configuration mode, check your VLAN configuration by entering the show vlans command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
erp-control-vlan-1 {
vlan-id 100;
interface {
ge-0/0/10.0;
ge-0/0/0.0;
}
}
erp-data-1 {
vlan-id 101;
interface {
ge-0/0/20.0;
ge-0/0/10.0;
ge-0/0/0.0;
}
}
erp-data-2 {
vlan-id 102;
interface {
ge-0/0/20.0;
ge-0/0/10.0;
ge-0/0/0.0;
}
}
In configuration mode, check your interface configurations by entering the show interfaces command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/20 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
If you are finished configuring the device, enter commit in configuration mode.
Configuring ERPS on Hairtail
CLI Quick Configuration
To quickly configure Hairtail, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Step-by-Step Procedure
To configure ERPS on Hairtail:
- Disable any spanning- tree protocols configured on the
ERPS interfaces. RSTP is enabled in the default configuration, so
this example shows disabling RSTP:[edit protocols]user@switch# set rstp interface ge-0/0/10 disableuser@switch# set rstp interface ge-0/0/20 disable
- Create a node ring named erp1:[edit protocols]user@switch# set protection-group ethernet-ring erp1
- Configure the control VLAN erp-control-vlan-1 for the
node ring erp1:[edit protocols protection-group ethernet-ring erp1]user@switch# set control-vlan erp-control-vlan-1
- Configure two data channels named erp-data-1 and erp-data-2
to define a set of VLAN IDs that belong to a ring instance:[edit protocols protection-group ethernet-ring erp1]user@switch# set data-channel erp-data-1user@switch# set data-channel erp-data-2
- Configure the east interface of the node ring erp1 with
the control channel ge-0/0/20.0 and indicate that it connects to a
ring protection link:[edit protocols protection-group ethernet-ring erp1]user@switch# set east-interface control-channel ge-0/0/20.0
- Configure the west interface of the node ring erp1 with
the control channel ge-0/0/10.0 and indicate that it connects to a
ring protection link:[edit protocols protection-group ethernet-ring erp1]user@switch# set west-interface control-channel ge-0/0/10.0
Results
In configuration mode, check your ERPS configuration by entering the show protocols command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
rstp {
interface ge-0/0/10.0 {
disable;
}
interface ge-0/0/20.0 {
disable;
}
}
protection-group {
ethernet-ring erp1 {
east-interface {
control-channel {
ge-0/0/20.0;
}
}
west-interface {
control-channel {
ge-0/0/10.0;
}
}
control-vlan erp-control-vlan-1;
data-channel {
vlan [ 101-102 ];
}
}
}
In configuration mode, check your VLAN configuration by entering the show vlans command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
erp-control-vlan-1 {
vlan-id 100;
interface {
ge-0/0/20.0;
ge-0/0/10.0;
}
}
erp-data-1 {
vlan-id 101;
interface {
ge-0/0/0.0;
ge-0/0/20.0;
ge-0/0/10.0;
}
}
erp-data-2 {
vlan-id 102;
interface {
ge-0/0/0.0;
ge-0/0/20.0;
ge-0/0/10.0;
}
}
In configuration mode, check your interface configurations by entering the show interfaces command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
ge-0/0/20 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
If you are finished configuring the device, enter commit in configuration mode.
Configuring ERPS on Jas6-esc
CLI Quick Configuration
To quickly configure Jas6-esc, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Step-by-Step Procedure
To configure ERPS on Jas6-esc:
- Disable any spanning- tree protocols configured on the
ERPS interfaces. RSTP is enabled in the default configuration, so
this example shows disabling RSTP:[edit protocols]user@switch# set rstp interface ge-0/0/30 disableuser@switch# set rstp interface ge-0/0/20 disable
- Create a node ring named erp1:[edit protocols]user@switch# set protection-group ethernet-ring erp1
- Configure the control VLAN erp-control-vlan-1 for the
node ring erp1:[edit protocols protection-group ethernet-ring erp1]user@switch# set control-vlan erp-control-vlan-1
- Configure two data channels named erp-data-1 and erp-data-2
to define a set of VLAN IDs that belong to a ring instance.[edit protocols protection-group ethernet-ring erp1]user@switch# set data-channel erp-data-1user@switch# set data-channel erp-data-2
- Configure the east interface of the node ring erp1 with
the control channel ge-0/0/30.0 :[edit protocols protection-group ethernet-ring erp1]user@switch# set east-interface control-channel ge-0/0/30.0
- Configure the west interface of the node ring erp1 with
the control channel ge-0/0/20.0:[edit protocols protection-group ethernet-ring erp1]user@switch# set west-interface control-channel ge-0/0/20.0
Results
In configuration mode, check your ERPS configuration by entering the show protocols command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
rstp {
interface ge-0/0/20.0 {
disable;
}
interface ge-0/0/30.0 {
disable;
}
}
protection-group {
ethernet-ring erp1 {
east-interface {
control-channel {
ge-0/0/30.0;
}
}
west-interface {
control-channel {
ge-0/0/20.0;
}
}
control-vlan erp-control-vlan-1;
data-channel {
vlan [ 101-102 ];
}
}
}
In configuration mode, check your VLAN configuration by entering the show vlans command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
erp-control-vlan-1 {
vlan-id 100;
interface {
ge-0/0/30.0;
ge-0/0/20.0;
}
}
erp-data-1 {
vlan-id 101;
interface {
ge-0/0/0.0;
ge-0/0/30.0;
ge-0/0/20.0;
}
}
erp-data-2 {
vlan-id 102;
interface {
ge-0/0/0.0;
ge-0/0/30.0;
ge-0/0/20.0;
}
}
In configuration mode, check your interfaces configuration by entering the show interfaces command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/20 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/30 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
Verification
Verify that ERPS is working correctly.
Verifying That ERPS Is Working Correctly
Purpose
Verify that ERPS is working on the four EX switches that function as nodes in the ring topology.
Action
Check the state of the ring links in the output of the show protection-group ethernet-ring interface command. When the ring is configured but not being used (no error exists on the data links), one ERP interface is forwarding traffic and one is discarding traffic. Discarding blocks the ring.
user@switch> show protection-group ethernet-ring interfaceEthernet ring port parameters for protection group erp1 Interface Forward State RPL End Signal Failure Admin State ge-0/0/2.0 discarding yes clear ready ge-0/0/0.0 forwarding no clear ready
To find out what has occurred since the last restart, check the RPS statistics for ring-blocked events. NR is a No Request ring block, which means that the switch is not blocking either of the two ERP interfaces. NR-RB is a No Request Ring Blocked event, which means that the switch is blocking one of its ERP interfaces and sending a packet out to notify the other switches.
user@switch> show protection-group ethernet-ring statisticsRing Name Local SF Remote SF NR Event NR-RB Event
erp1 2 1 2 3
Meaning
The show protection-group ethernet-ring interface command output from the RPL owner node indicates that one interface is forwarding traffic and one is discarding traffic, meaning that the ERP is ready but not active. If at least one interface in the ring is not forwarding, the ring is blocked and therefore ERP is working.
The show protection-group ethernet-ring statistics command output indicates that, since the last reboot, both local and remote signal failures have occurred (Local SF and Remote SF).
The NR Event count is 2, indicating that the NR state was entered into twice. NR stands for No Request. This means that the switch either originated NR PDUs or received an NR PDU from another switch and stopped blocking the interface to allow ERP to function.
The three NR-RB events indicate that on three occasions, this switch either sent out NR-RB PDUs or received NR-RB PDUs from another switch. This occurs when a network problem is resolved and the switch once again blocks the ERP link at one end.
