Layer 2 Ring Protection with ERPS

It’s been a busy times and delayed for a while to share new blog post. Finally we are here, talking about how you can use ERPS for layer 2 ring protection on Juniper QFX.

Introduction

In case you do not know what ERPS is, it stands for Ethernet Ring Protection Switching. As its name state, it is used with ring topology to prevent loops at the Ethernet layer. ERPS version 1 support single ring topology while version 2 supports multiple.

In ERPS there is a central node called Ring Protection Link or RPL Owner Node which blocks one of the ports to ensure that there is no loop formed for the Ethernet traffic until another link fails—at this time the RPL link is unblocked, ensuring connectivity. ERPS is similar to spanning-tree protocols, but ERPS is more efficient than spanning-tree protocols because it is customized for ring topologies. You must configure at least three switches to form a ring.

Below is the example configuration to demonstrate in this article.

Network Topology

As you can see the above topology, we have 3 QFX5110-48S inter-connect as ring. We are going to use VLAN 3000 as the ERPS control VLAN (VLAN that is used for ERPS communication), and also we define East and West so that we can compare config easily. Interface et-0/0/49 on iNET9-QFX-1 is the RPL which will be blocked.

Configuration

On iNET9-QFX-1

interfaces {
    et-0/0/48 {
        description "To-iNET9-QFX-2#et-0/0/49";
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ 10 3000 ];
                }
            }
        }
    et-0/0/49 {
        description "To-iNET9-QFX-3#et-0/0/48";
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ 10 3000 ];
                }
            }
        }
    }
}
protocols {
    protection-group {
        ethernet-ring ring1 {
            ring-protection-link-owner;
            east-interface {
                control-channel {
                    vlan 3000;
                    et-0/0/49.0;
                }
                ring-protection-link-end;
            }                           
            west-interface {
                control-channel {
                    vlan 3000;
                    et-0/0/48.0;
                }
            }
            control-vlan 3000;
            data-channel {
                vlan 10;
            }
        }
    }
}
vlans {
    VLAN10 {
        vlan-id 10;
    }
    erp-control-vlan-1 {
        vlan-id 3000;
    }
}

On iNET9-QFX-2

interfaces {
    et-0/0/48 {
        description "To-iNET9-QFX-3#et-0/0/49";
        }
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ 10 3000 ];
                }
            }
        }                               
    }
    et-0/0/49 {
        description "To-iNET9-QFX-1#et-0/0/48";
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ 10 3000 ];
                }
            }
        }
    }
}
protocols {
    protection-group {
        ethernet-ring ring1 {
            east-interface {
                control-channel {
                    vlan 3000;
                    et-0/0/49.0;
                }                       
            }
            west-interface {
                control-channel {
                    vlan 3000;
                    et-0/0/48.0;
                }
            }
            control-vlan 3000;
            data-channel {
                vlan 10;
            }
        }
    }
}
vlans {
    VLAN10 {
        vlan-id 10;
    }
    erp-control-vlan-1 {
        vlan-id 3000;
    }
}

On iNET9-QFX-3

interfaces {
    et-0/0/48 {
        description "To-iNET9-QFX-1#et-0/0/49";
        }
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ 10 3000 ];
                }
            }
        }                               
    }
    et-0/0/49 {
        description "To-iNET9-QFX-2#et-0/0/48";
        unit 0 {
            family ethernet-switching {
                interface-mode trunk;
                vlan {
                    members [ 10 3000 ];
                }
            }
        }
    }
}
protocols {
    protection-group {
        ethernet-ring ring1 {
            east-interface {
                control-channel {
                    vlan 3000;
                    et-0/0/49.0;
                }                       
            }
            west-interface {
                control-channel {
                    vlan 3000;
                    et-0/0/48.0;
                }
            }
            control-vlan 3000;
            data-channel {
                vlan 10;
            }
        }
    }
}
vlans {
    VLAN10 {
        vlan-id 10;
    }
    erp-control-vlan-1 {
        vlan-id 3000;
    }
}

Verification

[email protected]> show protection-group ethernet-ring node-state    
Ethernet ring   APS State  Event       RPL Owner  WTR Timer  WTB Timer  Guard Timer  Operation state
ring1           idle       NR-RB       Yes        disabled   disabled   disabled     operational  

{master:0}
[email protected]> show protection-group ethernet-ring interface       

Ethernet ring port parameters for protection group ring1

Interface  Control Channel  Direction  Forward State  RPL End  SF     Admin State
et-0/0/49  et-0/0/49.0      east       discarding     Yes      Clear  IFF ready
et-0/0/48  et-0/0/48.0      west       forwarding     No       Clear  IFF ready
[email protected]> show protection-group ethernet-ring node-state                                            
Ethernet ring   APS State  Event       RPL Owner  WTR Timer  WTB Timer  Guard Timer  Operation state
ring1           idle       NR-RB       No         disabled   disabled   disabled     operational  

{master:0}
[email protected]> show protection-group ethernet-ring interface 

Ethernet ring port parameters for protection group ring1

Interface  Control Channel  Direction  Forward State  RPL End  SF     Admin State
et-0/0/49  et-0/0/49.0      east       forwarding     No       Clear  IFF ready
et-0/0/48  et-0/0/48.0      west       forwarding     No       Clear  IFF ready
[email protected]> show protection-group ethernet-ring node-state 
Ethernet ring   APS State  Event       RPL Owner  WTR Timer  WTB Timer  Guard Timer  Operation state
ring1           idle       NR-RB       No         disabled   disabled   disabled     operational  

{master:0}
[email protected]> show protection-group ethernet-ring interface 

Ethernet ring port parameters for protection group ring1

Interface  Control Channel  Direction  Forward State  RPL End  SF     Admin State
et-0/0/49  et-0/0/49.0      east       forwarding     No       Clear  IFF ready
et-0/0/48  et-0/0/48.0      west       forwarding     No       Clear  IFF ready

And that’s it!! Let us know in the comment below…:)

Leave a Reply

Your email address will not be published. Required fields are marked *