This thread describes how to configure ERPS in a very basic topology. I've put quite a lot of time in testing this setup and it has worked for everything I've expected so far. So for anyone inclined to give it a shot feel free to follow this guide and let us know if it works for you.
Here is the network diagram of my lab setup for ERPS.
Figure 1
(Note, it doesn’t matter what switches you choose to use this is simply based on what was available in my lab environment)
There are a few steps that we need to take before we actually begin plugging in any of the switches.
First disable STP on all ports that will be part of the Ring.
Since STP is also trying to control when ports are forwarding or discarding it’s possible for it to interfere with ERPS.
Figure 2
Second we need to build a VLAN for the control signals and a VLAN that we want to use for user data.
Figure 3
It's important that we make sure that the control VLAN for ERPS is separate from the management VLAN otherwise the management VLAN will be flooded with R-APS packets causing us to lose access to our switch.
Next we can begin plugging in Ethernet cables into all ports except one to keep a loop from occurring while we finish setting up the ring.
Now we can begin configuring the ring itself.
Go to the ERPS Tab and insert a new “ERPS instance”.
For the ring to be functional we only need to enter the following fields:
level, set it to 1, the control VLAN, and the monitor VLANs, finally set the East and West port according to the topology we described in the diagram. In my case, to make things simple I have set the East port to be 2 and West 3.
Figure 4
Do this for all the switches in the ring.
Now we need to select the port on one of the switches to act as the RPL or a Ring Protection Link. This is going to be the link that by default is discarding packets unless there is a detected break elsewhere in the ring. Should a break occur the selected RPL will begin forwarding packets until the broken segment recovers. On my topology I have selected the West Port on the WS-12-250-AC.
To make this selection, in “Instance 1” set the RPL option to “West – Owner – Revertive”
Figure 5
Now we need to setup a monitoring service for the ring that will trigger ERPS should a break occur. This is commonly done with MEPs, or Maintence Association End Points, which can be configured to monitor each segment.
We are going to need two MEP instance’s for each switch so go back to the ERPS tab and add a new MEP,
Set the ID to 1, MD and MA to 1, and level 1, set the VLAN to the control VLAN value and select either the East or West port to be monitored.
Next create one more MEP instance and do the same thing except set the ID to 2 and select the other port to be monitored, as in the following figure:
Figure 6
Do this for each switch and save the configuration.
This should be the last step necessary to get a functional ring. Double check the ERPS tab on all your switches and if everything looks correct, plug in the final Ethernet cable. BE VERY CAUTIOUS BECAUSE IF ANYTHING IS CONFIGURED WRONG IT COULD RESULT IN A LOOP.
If everything goes well, then you should see on all the switches that the CCM status for both MEPs is “UP” and the Peer ID on each MEP instance will be the MAC address of the connected port.
*** TESTING THE RING
To test to make sure that the Ring is able to handle a segment failure we simply need to monitor what takes place on instance one when a cable is disconnected or a port is disabled.
For this demo I'm going to break the connection between the WS-26-400-AC and the WS-8-150-DC and observe what takes place on both of these switches as well as the RPL owner or the WS-12-400-AC.
As long as there are currently no issues, instance one in the ERPS tab should read such that the current state is Idle, priority request is no request, and the timer is none. This is basically equivalent of saying no errors have been detected in the ring and everything is operating normally
Figure 9
If we look on the RPL owner switch we will see that the east port is in the state of forwarding and the Westport is in a state of discarding. This is of course because the Westport is the ring protection link.
If we look at any other node we should see that everything is the same except that both the East and the West Port are forwarding
Figure 10
Now I disconnect the link between the WS-26-400-AC and the WS-8-150-DC as in the following figure
Figure 11
Immediately the ring responds by shifting to a pending state and shortly there after the state will be read as protection which is triggered by the R-APS message packet signal fail request. The Ring Protection Link or RPL port then responds by beginning to forward traffic as long as we stay in the protection state.
ERPS tab of RPL owner
Figure 12
ERPS tab of both other nodes
Figure 13
And finally plugging the cable back in the results in the Ring shifting back to a pending state because the MEPS have detected that the connection is now capable of transmitting again. However ERPS will not allow the link to be reestablished until after the WTR (or Wait To Restore) timer expires which by default is set to 5 minutes and can be dropped down to as low as one minute. Once the countdown is completed the ring shifts back to idle and the RPL goes back to discarding
RPL owner waiting for WTR timer to expire before shifting back to idle state
Figure 14
ADDITIONAL SETUP FOR USER DATA
Now that the ring is up. We can configure the data VLAN(s) to allow for connections outside of the ring itself.
Here is a simple extension to our topology that we will use as an example of how to configure the data VLAN(s) to allow access through the ring. I’ll be using Port 5 on both switches.
Figure 7
Here are the necessary changes on the VLAN tab that allow packets to transfer through the ring to the Target device.
Figure 8
Specifically, disable the management vlan on port 5 and enable port 5 as Untagged on the data VLAN.
It is important to keep in mind that the control and data VLANs themselves need to be separate from the management VLAN for both security and functionality. So if you need to access the switches web UI, telnet, or ssh console then you must have an Ethernet connection to a port still within the management VLAN from the device you wish to use to access the switch for configuration.
Hope everyone finds this helpful.
ERPS Basic Setup
-
mike99 - Associate
- Posts: 837
- Joined: Tue Nov 25, 2014 10:53 am
- Location: Quebec, Canada
- Has thanked: 95 times
- Been thanked: 245 times
Re: ERPS Basic Setup
VLAN 1, your management vlan, is not part of the ring.
First bug I reported, as soon as management vlan is include in any ERPS instance vlan list, we loose management.
Have you tryed to plug / unplug on port not part of the ring ? Bug 2 I reported, every port plug / unplug (including those not part of the ring) affect the ring state since the MEP monitor the other switch and not the other switch MEP.
If nothing as change since my last test, 1.4.9 RC1, those bug should still be present. I reported those bugs several times.
First bug I reported, as soon as management vlan is include in any ERPS instance vlan list, we loose management.
Have you tryed to plug / unplug on port not part of the ring ? Bug 2 I reported, every port plug / unplug (including those not part of the ring) affect the ring state since the MEP monitor the other switch and not the other switch MEP.
If nothing as change since my last test, 1.4.9 RC1, those bug should still be present. I reported those bugs several times.
-
Stephen - Employee
- Posts: 1033
- Joined: Sun Dec 24, 2017 8:56 pm
- Has thanked: 85 times
- Been thanked: 181 times
Re: ERPS Basic Setup
Hey Mike,
That was done on purpose, from what I've seen on juniper and cisco documentation and examples, the erps control and data vlans are separate from the management vlan. I was able to still access the switch's management vlan when I do it in the above configuration. However, I will look into seeing if it's possible to make it work so that it can be included.
I finally see what you mean about bug 2. Added to the list.
That was done on purpose, from what I've seen on juniper and cisco documentation and examples, the erps control and data vlans are separate from the management vlan. I was able to still access the switch's management vlan when I do it in the above configuration. However, I will look into seeing if it's possible to make it work so that it can be included.
I finally see what you mean about bug 2. Added to the list.
-
mike99 - Associate
- Posts: 837
- Joined: Tue Nov 25, 2014 10:53 am
- Location: Quebec, Canada
- Has thanked: 95 times
- Been thanked: 245 times
Re: ERPS Basic Setup
Yes, control vlan should be separate but management vlan should be part of the vlan list protected by ERPS (seem to be "monitor VLANs" on Netonix GUI but can't be sure since the're no doc) else you will have a loop in the management vlan.
If management VLAN is not part of the ring and you have a ring to prevent loop on backbone, how do you access switch remotely ?
What about state change in ring state while plugin / unplugin port not protected by the ring ?
If management VLAN is not part of the ring and you have a ring to prevent loop on backbone, how do you access switch remotely ?
What about state change in ring state while plugin / unplugin port not protected by the ring ?
-
Stephen - Employee
- Posts: 1033
- Joined: Sun Dec 24, 2017 8:56 pm
- Has thanked: 85 times
- Been thanked: 181 times
Re: ERPS Basic Setup
OK I understand where you're coming from now on the VLAN issue. Also added to the list.
"I finally see what you mean about bug 2. Added to the list." - I should've been more specific, what I meant was I can now confirm that when a port is unplugged even though is may not be within the ring, it causes the ring to shift to a protected state. Strangely enough I've found that at least on the WS-26 only some of the non-protected ports cause the ring to switch to a protected state.
"I finally see what you mean about bug 2. Added to the list." - I should've been more specific, what I meant was I can now confirm that when a port is unplugged even though is may not be within the ring, it causes the ring to shift to a protected state. Strangely enough I've found that at least on the WS-26 only some of the non-protected ports cause the ring to switch to a protected state.
-
mike99 - Associate
- Posts: 837
- Joined: Tue Nov 25, 2014 10:53 am
- Location: Quebec, Canada
- Has thanked: 95 times
- Been thanked: 245 times
Re: ERPS Basic Setup
If you look at MEP, you will see it monitor a MAC address and the MAC address shown is the one from the remote switch.
Is the 26 port build with 2 different switch chip bounded togetter ?
MEP should monitor remote MEP. On other switch, when configuring MEP, you also specify which remote MEP ID to monitor. I think that where the problem is coming from, monitoring the whole switch instead of remote MEP.
Is the 26 port build with 2 different switch chip bounded togetter ?
MEP should monitor remote MEP. On other switch, when configuring MEP, you also specify which remote MEP ID to monitor. I think that where the problem is coming from, monitoring the whole switch instead of remote MEP.
6 posts
Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 48 guests