Understanding Ethernet Ring Protection Switching
Ethernet ring protection switching (ERPS) helps to prevent fatal loops from disrupting a network. ERPS is similar to spanning-tree protocols, but ERPS is more efficient because it is customized for ring topologies.
Ethernet Ring Protection Switching Overview
Ethernet ring protection switching (ERPS) helps achieve high reliability and network stability. Links in the ring will never form loops that fatally affect the network operation and services availability. The basic idea of an Ethernet ring is to use one specific link to protect the whole ring. This special link is called a ring protection link (RPL). If no failure happens in other links of the ring, the RPL blocks the traffic and is not used. The RPL is controlled by a special node called an RPL owner. There is only one RPL owner in a ring. The RPL owner is responsible for blocking traffic over the RPL. Under ring failure conditions, the RPL owner is responsible for unblocking traffic over the RPL. A ring failure results in protection switching of the RPL traffic. An automatic protection switching (APS) protocol is used to coordinate the protection actions over the ring. Protection switching blocks traffic on the failed link and unblocks the traffic on the RPL. When the failure clears, revertive protection switching blocks traffic over the RPL and unblocks traffic on the link on which the failure is cleared.
ERPS on AE interfaces is not supported on ACX Series routers except on ACX5000 and ACX7100 Series routers.
The following standards provide detailed information on Ethernet ring protection switching:
-
ITU-T Recommendation G.8032/Y.1344 version 1 and 2, Ethernet Ring protection switching. G.8032v1 supports a single ring topology and G.8032v2 supports multiple rings and ladder topology.
All devices with Ethernet ring protection switching support G.8032v1. MX Series and ACX Series routers also support G.8032v2.
-
ITU-T Y.1731, OAM functions and mechanisms for Ethernet-based networks
For additional information on configuring Ethernet ring protection switching on EX Series switches, see Example: Configuring Ethernet Ring Protection Switching on EX Series Switches.
Starting in Junos OS Evolved release 24.4R1, the ERPS feature support provided on the four platforms ACX7100-32C, ACX7100-48L, ACX7509, and ACX7024, includes:
- Ethernet ring uses one specific link to protect the whole ring called a ring protection link (RPL). The RPL is controlled by a special node called an RPL owner.
- A ring failure results in protection switching of the RPL traffic. An automatic protection switching (APS) protocol is used to coordinate the protection actions over the ring. Protection switching blocks traffic on the failed link and unblocks the traffic on the RPL.
- ITU-T Y.1731, OAM functions and mechanisms for Ethernet-based networks.
For additional information on configuring Ethernet ring protection switching on MX Series routers, see the Layer 2 Configuration Guide for a complete example of Ethernet rings and information about STP loop avoidance and prevention.
See Also
Understanding Ethernet Ring Protection Switching Functionality
- Acronyms
- Ring Nodes
- Ring Node States
- Default Logging of Basic State Transitions on EX Series Switches
- Logical Ring
- FDB Flush
- Traffic Blocking and Forwarding
- RPL Neighbor Node
- RAPS Message Blocking and Forwarding
- Dedicated Signaling Control Channel
- RAPS Message Termination
- Revertive and Non-revertive Modes
- Multiple Rings
- Node ID
- Ring ID
- Bridge Domains with the Ring Port (MX Series Routers Only)
- Wait-to-Block Timer
- Adding and Removing a Node
Acronyms
The following acronyms are used in the discussion about Ethernet ring protection switching (ERPS):
MA—Maintenance association
MEP—Maintenance association end point
OAM—Operations, administration, and management (Ethernet ring protection switching uses connectivity fault management daemon)
FDB—MAC forwarding database
STP—Spanning Tree Protocol
RAPS—Ring automatic protection switching
WTB—Wait to block. Note that WTB is always disabled on EX2300 and EX3400 switches because it is not supported in ERPSv1. Any configuration you make to the WTB setting on EX2300 and EX3400 switches has no effect. The output from the CLI command 'show protection-group ethernet-ring node-state detail' lists a WTB setting but that setting has no effect on EX2300 and EX3400 switches.
WTR—Wait to restore. Note that on EX2300 and EX3400 switches only, the WTR configuration must be 5-12 minutes.
RPL—Ring protection link
Ring Nodes
Multiple nodes are used to form a ring. There are two different node types:
Normal node—The node has no special role on the ring.
RPL owner node—The node owns the RPL and blocks or unblocks traffic over the RPL.
Ring Node States
The following are the different states for each node of a specific ring:
init—Not a participant of a specific ring.
idle—No failure on the ring; the node is performing normally. For a normal node, traffic is unblocked on both ring ports. For the RPL owner or RPL neighbor, traffic is blocked on the ring port that connects to the RPL and unblocked on the other ring port.
protection—A failure occurred on the ring. For a normal node, traffic is blocked on the ring port that connects to the failing link and unblocked on working ring ports. For the RPL owner, traffic is unblocked on both ring ports if they connect to non-failure links.
pending—The node is recovering from failure or its state after a
clear
command is used to remove the previous manual command. When a protection group is configured, the node enters the pending state. When a node is in pending state, the WTR or WTB timer will be running. All nodes are in pending state till WTR or WTB timer expiry.force switch—A force switch is issued. When a force switch is issued on a node in the ring all nodes in the ring will move into the force switch state.
Note:EX2300 and EX3400 switches do not support force switch.
manual switch—A manual switch is issued. When a manual switch is issued on a node in the ring all nodes in the ring will move into the manual switch state.
Note:EX2300 and EX3400 switches do not support manual switch.
There can be only one RPL owner for each ring. The user configuration must guarantee this, because the APS protocol cannot check this.
Default Logging of Basic State Transitions on EX Series Switches
Starting with Junos OS Release 14.1X53-D15, EX Series switches automatically log basic state transitions for the ERPS protocol. Starting with Junos OS Release 18.2R1, EX2300 and EX3400 switches automatically log basic state transitions for the ERPS protocol. No configuration is required to initiate this logging. Basic state transitions include ERPS interface transitions from up to down, and down to up; and ERPS state transitions from idle to protection, and protection to idle.
The basic state transitions are logged in a single file named erp-default, which resides in the /var/log directory of the switch. The maximum size of this file is 15 MB.
Default logging for ERPS can capture initial ERPS interface
and state transitions, which can help you troubleshoot issues that
occur early in the ERPS protocol startup process. However, if more
robust logging is needed, you can enable traceoptions for ERPS by
entering the traceoptions
statement in the [edit protocols
protection-group]
hierarchy.
Be aware that for ERPS, only default logging or traceoptions can be active at a time on the switch. That is, default logging for ERPS is automatically enabled and if you enable traceoptions for ERPS, the switch automatically disables default logging. Conversely, if you disable traceoptions for ERPS, the switch automatically enables default logging.
Logical Ring
You can define multiple logical-ring instances on the same physical ring. The logical ring feature currently supports only the physical ring, which means that two adjacent nodes of a ring must be physically connected and the ring must operate on the physical interface, not the VLAN. Multiple ring instances are usually defined with trunk mode ring interfaces.
FDB Flush
When ring protection switching occurs, normally an FDB flush is executed. The Ethernet ring control module uses the same mechanism as the STP to trigger the FDB flush. The Ethernet ring control module controls the ring port physical interface's default STP index to execute the FDB flush.
Optimized flushing is not supported on EX2300 and EX3400 switches.
Starting with Junos OS Release 14.2, the FDB flush depends on the RAPS messages received on the both the ports of the ring node.
Traffic Blocking and Forwarding
Ethernet ring control uses the same mechanism as the STP to control forwarding or discarding of user traffic. The Ethernet ring control module sets the ring port physical interface default STP index state to forwarding or discarding in order to control user traffic.
RPL Neighbor Node
Starting with Junos OS Release 14.2, ring protection link neighbor nodes are supported. An RPL neighbor node is adjacent to the RPL and is not the RPL owner. If a node is configured with one interface as the protection-link-end and no protection-link-owner is present in its configuration, the node is an RPL neighbor node.
RPL neighbor node is not supported on EX2300 and EX3400 switches.
RAPS Message Blocking and Forwarding
The router or switch treats the ring automatic protection switching (RAPS) message the same as it treats user traffic for forwarding RAPS messages between two ring ports. The ring port physical interface default STP index state also controls forwarding RAPS messages between the two ring ports. Other than forwarding RAPS messages between the two ring ports, as shown in Figure 1, the system also needs to forward the RAPS message between the CPU (Ethernet ring control module) and the ring port. This type of forwarding does not depend on the ring port physical interfaces’ STP index state. The RAPS message is always sent by the router or switch through the ring ports, as shown in Figure 2. A RAPS message received from a discarding ring port is sent to the Ethernet ring control module, but is not sent to the other ring port.
Juniper Networks switches and Juniper Networks routers use different methods to achieve these routes.
The switches use forwarding database entries to direct the RAPS
messages. The forwarding database entry (keyed by the RAPS multicast
address and VLAN) has a composite next hop associated with it—the
composite next hop associates the two ring interfaces with the forwarding
database entry and uses the split horizon feature to prevent sending
the packet out on the interface that it is received on. This is an
example of the forwarding database entry relating to the RAPS multicast
MAC (a result of the show ethernet-switching table detail
command):
VLAN: v1, Tag: 101, MAC: 01:19:a7:00:00:01, Interface: ERP Interfaces: ge-0/0/9.0, ge-0/0/3.0 Type: Static Action: Mirror Nexthop index: 1333
The routers use an implicit filter to achieve ERP routes. Each implicit filter binds to a bridge domain. Therefore, the east ring port control channel and the west ring port control channel of a particular ring instance must be configured to the same bridge domain. For each ring port control channel, a filter term is generated to control RAPS message forwarding. The filter number is the same as the number of bridge domains that contain the ring control channels. If a bridge domain contains control channels from multiple rings, the filter related to this bridge domain will have multiple terms and each term will relate to a control channel. The filter has command parts and control-channel related parts, as follows:
Common terms:
term 1: if [Ethernet type is not OAM Ethernet type (0x8902) ] { accept packet }
term 2: if [source MAC address belongs to this bridge] { drop packet, our packet loop through the ring and come back to home}
term 3: if [destination is the RAPS PDU multicast address(0x01,0x19,0xa7, 0x00,0x00,0x01] AND[ring port STP status is DISCARDING] { send to CPU }
Control channel related terms:
if [destination is the RAPS PDU multicast address(0x01,0x19,0xa7,0x00,0x00, 0x01] AND[ring port STP status is FORWARDING] AND [Incoming interface IFL equal to control channel IFL] { send packet to CPU and send to the other ring port } default term: accept packet.
Dedicated Signaling Control Channel
For each ring port, a dedicated signaling control channel with a dedicated VLAN ID must be configured. In Ethernet ring configuration, only this control logical interface is configured and the underlying physical interface is the physical ring port. Each ring requires that two control physical interfaces be configured. These two logical interfaces must be configured in a bridge domain for routers (or the same VLAN for switches) in order to forward RAPS protocol data units (PDUs) between the two ring control physical interfaces. If the router control channel logical interface is not a trunk port, only control logical interfaces will be configured in ring port configuration. If this router control channel logical interface is a trunk port, in addition to the control channel logical interfaces, a dedicated VLAN ID must be configured for routers. For switches, always specify either a VLAN name or VLAN ID for all links.
RAPS Message Termination
The RAPS message starts from the originating node, travels through the entire ring, and terminates in the originating node unless a failure is present in the ring. The originating node must drop the RAPS message if the source MAC address in the RAPS message belongs to itself. The source MAC address is the node's node ID.
Revertive and Non-revertive Modes
In revertive operation, once the condition causing a switch has cleared, traffic is blocked on the RPL and restored to the working transport entity. In nonrevertive operation, traffic is allowed to use the RPL if it has not failed, even after a switch condition has cleared.
Non-revertive mode is not supported on EX2300 and EX3400 switches.
Multiple Rings
The Ethernet ring control module supports multiple rings in each node (two logical interfaces are part of each ring). The ring control module also supports the interconnection of multiple rings. Interconnection of two rings means that two rings might share the same link or share the same node. Ring interconnection is supported only using non-virtual-channel mode. Ring interconnection using virtual channel mode is not supported.
Interconnection of multiple rings is not supported on EX2300 and EX3400 switches.
Node ID
For each node in the ring, a unique node ID identifies each node. The node ID is the node's MAC address.
For routers only, you can configure this node ID when configuring the ring on the node or automatically select an ID like STP does. In most cases, you will not configure this and the router will select a node ID, like STP does. It should be the manufacturing MAC address. The ring node ID should not be changed, even if you change the manufacturing MAC address. Any MAC address can be used if you make sure each node in the ring has a different node ID. The node ID on switches is selected automatically and is not configurable.
Ring ID
The ring ID is used to determine the value of the last octet of the MAC destination address field of the RAPS protocol data units (PDUs) generated by the ERP control process. The ring ID is also used to discard any RAPS PDU, received by this ERP control process with a non-matching ring ID. Ring ID values 1 through 239 are supported.
Bridge Domains with the Ring Port (MX Series Routers Only)
On the routers, the protection group is seen as an abstract logical port that can be configured to any bridge domain. Therefore, if you configure one ring port or its logical interface in a bridge domain, you must configure the other related ring port or its logical interface to the same bridge domain. The bridge domain that includes the ring port acts as any other bridge domain and supports the IRB Layer 3 interface.
Wait-to-Block Timer
The RPL owner node uses a delay timer before initiating an RPL
block in revertive mode of operation or before reverting to IDLE state
after clearing manual commands. The Wait-to-Block (WTB) timer is used
when clearing force switch
and manual switch
commands. As multiple force switch
commands are allowed
to coexist in an Ethernet ring, the WTB timer ensures that clearing
of a single force switch
command does not trigger the re-blocking
of the RPL. When clearing a manual switch
command, the
WTB timer prevents the formation of a closed loop due to a possible
timing anomaly where the RPL Owner Node receives an outdated remote manual switch
request during the recovery process.
When recovering from a manual switch
command, the
delay timer must be long enough to receive any latent remote force switch
, signal failure, or manual switch
commands.
This delay timer is called the WTB timer and is defined to be 5 seconds
longer than the guard timer. This delay timer is activated on the
RPL Owner Node. When the WTB timer expires, the RPL Owner Node initiates
the reversion process by transmitting an RAPS (NR, RB) message. The
WTB timer is deactivated when any higher-priority request preempts
it.
The Wait To Block Timer (WTB) is always disabled on EX2300 and EX3400 switches because it is not supported in ERPSv1. Any configuration you make to the WTB setting has no effect. The output from the CLI command 'show protection-group ethernet-ring node-state detail' lists a WTB setting but that setting has no effect.
Adding and Removing a Node
Starting with Junos OS
Release 14.2, you can add or remove a node between two nodes in an
Ethernet ring. Nodes are added or removed
using the force switch
command.
EX2300 and EX3400 switches do not support force switch.
See Also
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.