It’s been a busy times and delayed for a while to share new blog post. Finally we are here, talking about how you can use ERPS for layer 2 ring protection on Juniper QFX.
Introduction
In case you do not know what ERPS is, it stands for Ethernet Ring Protection Switching. As its name state, it is used with ring topology to prevent loops at the Ethernet layer. ERPS version 1 support single ring topology while version 2 supports multiple.
In ERPS there is a central node called Ring Protection Link or RPL Owner Node which blocks one of the ports to ensure that there is no loop formed for the Ethernet traffic until another link fails—at this time the RPL link is unblocked, ensuring connectivity. ERPS is similar to spanning-tree protocols, but ERPS is more efficient than spanning-tree protocols because it is customized for ring topologies. You must configure at least three switches to form a ring.
Network Topology
As you can see the above topology, we have 3 QFX5110-48S inter-connect as ring. We are going to use VLAN 3000 as the ERPS control VLAN (VLAN that is used for ERPS communication), and also we define East and West so that we can compare config easily. Interface et-0/0/49 on iNET9-QFX-1 is the RPL which will be blocked.
Configuration
On iNET9-QFX-1interfaces {
et-0/0/48 {
description "To-iNET9-QFX-2#et-0/0/49";
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 10 3000 ];
}
}
}
et-0/0/49 {
description "To-iNET9-QFX-3#et-0/0/48";
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 10 3000 ];
}
}
}
}
}
protocols {
protection-group {
ethernet-ring ring1 {
ring-protection-link-owner;
east-interface {
control-channel {
vlan 3000;
et-0/0/49.0;
}
ring-protection-link-end;
}
west-interface {
control-channel {
vlan 3000;
et-0/0/48.0;
}
}
control-vlan 3000;
data-channel {
vlan 10;
}
}
}
}
vlans {
VLAN10 {
vlan-id 10;
}
erp-control-vlan-1 {
vlan-id 3000;
}
}
interfaces {
et-0/0/48 {
description "To-iNET9-QFX-3#et-0/0/49";
}
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 10 3000 ];
}
}
}
}
et-0/0/49 {
description "To-iNET9-QFX-1#et-0/0/48";
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 10 3000 ];
}
}
}
}
}
protocols {
protection-group {
ethernet-ring ring1 {
east-interface {
control-channel {
vlan 3000;
et-0/0/49.0;
}
}
west-interface {
control-channel {
vlan 3000;
et-0/0/48.0;
}
}
control-vlan 3000;
data-channel {
vlan 10;
}
}
}
}
vlans {
VLAN10 {
vlan-id 10;
}
erp-control-vlan-1 {
vlan-id 3000;
}
}interfaces {
et-0/0/48 {
description "To-iNET9-QFX-1#et-0/0/49";
}
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 10 3000 ];
}
}
}
}
et-0/0/49 {
description "To-iNET9-QFX-2#et-0/0/48";
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ 10 3000 ];
}
}
}
}
}
protocols {
protection-group {
ethernet-ring ring1 {
east-interface {
control-channel {
vlan 3000;
et-0/0/49.0;
}
}
west-interface {
control-channel {
vlan 3000;
et-0/0/48.0;
}
}
control-vlan 3000;
data-channel {
vlan 10;
}
}
}
}
vlans {
VLAN10 {
vlan-id 10;
}
erp-control-vlan-1 {
vlan-id 3000;
}
}root@iNET9-QFX-1> show protection-group ethernet-ring node-state
Ethernet ring APS State Event RPL Owner WTR Timer WTB Timer Guard Timer Operation state
ring1 idle NR-RB Yes disabled disabled disabled operational
{master:0}
root@iNET9-QFX-1> show protection-group ethernet-ring interface
Ethernet ring port parameters for protection group ring1
Interface Control Channel Direction Forward State RPL End SF Admin State
et-0/0/49 et-0/0/49.0 east discarding Yes Clear IFF ready
et-0/0/48 et-0/0/48.0 west forwarding No Clear IFF ready
root@iNET9-QFX-2> show protection-group ethernet-ring node-state
Ethernet ring APS State Event RPL Owner WTR Timer WTB Timer Guard Timer Operation state
ring1 idle NR-RB No disabled disabled disabled operational
{master:0}
root@iNET9-QFX-2> show protection-group ethernet-ring interface
Ethernet ring port parameters for protection group ring1
Interface Control Channel Direction Forward State RPL End SF Admin State
et-0/0/49 et-0/0/49.0 east forwarding No Clear IFF ready
et-0/0/48 et-0/0/48.0 west forwarding No Clear IFF readyroot@iNET9-QFX-3> show protection-group ethernet-ring node-state
Ethernet ring APS State Event RPL Owner WTR Timer WTB Timer Guard Timer Operation state
ring1 idle NR-RB No disabled disabled disabled operational
{master:0}
root@iNET9-QFX-3> show protection-group ethernet-ring interface
Ethernet ring port parameters for protection group ring1
Interface Control Channel Direction Forward State RPL End SF Admin State
et-0/0/49 et-0/0/49.0 east forwarding No Clear IFF ready
et-0/0/48 et-0/0/48.0 west forwarding No Clear IFF ready
Hi Admin,
What are the pros and cons comparing ERPS and RRPP?
Thanks
Scripter
Hi,
There are few points I can tell about these two protocols:
1. RRPP
– Provides fast convergence and carrier-class reliability.
– Supports only level-1 sub-ring in ring networking.
– Is a Huawei proprietary protocol that cannot be used for communication between Huawei and non-Huawei devices.
2. ERPS
– Same to RRPP, it provides fast convergence and carrier-class reliability.
– Is a standard ITU-T protocol that allows communication between different network vendors.
– Supports single-ring for ERPSv1 and multi-ring topologies in ERPSv2.
– Requires the network topology to be planned in advance. The configuration is complex based on my own experience.
Regards,
Hi, do you know if Juniper EX and QFX support ERPSv2 (multiple sub-ring support ?)
The following standards provide detailed information on Ethernet ring protection switching:
ITU-T Recommendation G.8032/Y.1344 version 1 and 2, Ethernet Ring protection switching. G.8032v1 supports a single ring topology and G.8032v2 supports multiple rings and ladder topology.
All devices with Ethernet ring protection switching support G.8032v1. MX Series and ACX Series routers also support G.8032v2.
But I would recommend checking with your account manager so that they could confirm if later Junos releases support G.8032v2.
also do we need to add “ring-protection-link-end” in west interface in qfx3 ? in huawei we refer this as rpl neighbor ?
Ring Protection Link (RPL) is a standard term which is not only in Huawei. There should be single block link in the ring topology. As you can see in the diagram, we configure “ring-protection-link-end” on East interface of QFX1. Therefore, we do not need to configure rpl in other interfaces.
Hello,
Can I implement ERPS with two vendor devices (For example- Cisco and Huawei)?
Since ERPS is a standard protocol, I believe you can implement it as long as both Cisco and Huawei support ERPS feature. Otherwise you might need to check OS version.
Hi Seyma,
I am facing some strange issue with ERPS ring of 4 of QFX5200 and one QFX10002.
QFX10002 is the RPL Owner Node and only detects ring cut on its ports. If ring is cut anywhere between QFX5200, QFX10002 do not detect it and consider ring is OK.
If you are interested, I can provide configs and remote access if needed. It is test setup.
Best regards,
Ivo
Hello Ivo,
Would you mind share your lab topology along with configuration and erps status from each node? I would like to have a look if there is something I could find :).
Regards,
Seyma