Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Guidelines for Ethernet Ring Protection Switching on ACX Series Routers

    You can configure Ethernet ring protection switching (ERPS) on ACX Series routers to achieve high reliability and network stability. Links in the ring will never form loops that fatally affect the network operation and services availability. The basic idea of an Ethernet ring is to use one specific link to protect the whole ring. This special link is called a ring protection link (RPL). If no failure happens in other links of the ring, the RPL blocks the traffic and is not used. The RPL is controlled by a special node called an RPL owner.

    A ring with only one port is supported. In such a scenario, only one port is configured for a ring when two nodes are present. Use the interface-none statement to designate a port to be not used for Ethernet ring protection. You can configure a ring port over LAG interfaces.

    Note: ERPS on aggregated Ethernet interface is supported on ACX5000 line of routers.

    ITU G.8031 Ethernet automatic protection switching (APS) and ERPS version 2 are not supported. Also, you cannot configure ACX Series routers as trunk ports or access ports in an Ethernet ring.

    Multiple Ethernet ring instances that share the same physical ring are supported. Each ring instance will have its own control channel and a specific data channel. You can configure the data channel with a set of data VLAN IDs that belong to a ring instance. Each ring instance can follow a different path to perform load balancing in the physical ring. If you do not specify a data channel, ERPS operates on the VLAN ID associated with the control channel. There is no limit to the number of VLAN IDs that you can configure for a data channel.

    Keep the following points in mind when you configure ERPS for ACX Series routers:

    • The logical interfaces that you define for a control channel must be part of the same bridge domain.
    • Each VLAN that you configure in a data channel signifies an independent bridge domain.
    • The traffic that is blocked on a ring port is the same for all the bridge domains that are associated with the same control channel. When a topology change happens, the forwarding databases of all these bridge domains are cleared.
    • You cannot configure spanning-tree protocol (STP) (such as MSTP, RSTP, VSTP and STP) and ERP on the same set of interfaces. However, ERP and Per-VLAN Spanning Tree (PVST) can be configured on the same topology as long as PVST does not share the same VLAN with any Ethernet ring instance configured on the physical port.
    • You cannot configure STP and ERPS in the same bridge domain. Consider a sample scenario in which a dual-homed customer edge (CE) router is connected to two ACX Series routers, which function as provider edge (PE) devices. In such a topology, you can configure either STP or an ERPS open ring to enable dual-homing functionality. You can configure STP between the CE and the user-to-network interface (UNI) ports of the two PE devices. Alternatively, if the CE router supports ERPS, you can configure an open ring in the CE network.
    • In the event of a single failure, switching times on all ACX routers is less than 100 milliseconds.
    • The following parameters can impact the performance of the system based on your network configuration:
      • Number of protocols (Layer 2, Layer 3, or MPLS) affected by a certain network failure
      • Number of ring instances corresponding to the ring that is impacted by the failure
      • Number of bridge domains associated with each ring instance
      • Number of forwarding database entries associated with each bridge domain
    • The ERPS control packets are copied to the CPU (Ethernet ring control module) only when the VLAN ID and destination address of the packet matches with the values of the RAPS message. Otherwise, the control packet is treated as a regular service frame and forwarded accordingly. The packets that are copied to the CPU are queued in the specified CPU queue, which is rate-limited. This mechanism ensures that a possible Denial-of-Service (DoS) attack does not significantly impact the system. If a DoS attack is detected, a firewall filter on the affected logical interfaces can be configured in the bridge domain.
    • For fast detection required for switchover within 50 milliseconds, we recommend that you configure connectivity fault management (CFM) link-level MEPs with an interval of 10 milliseconds for the duration between the transmission of CFM messages. This link-level MEP can be used to trigger switchovers for all ring instances that share a physical ring.
    • Forwarding and flush mechanisms are common for STP and ERP.
    • We recommend that you configure link-level maintenance association endpoints (MEPs) with 10ms on physical interfaces. If link-level MEPs are not configured on physical interfaces, fast switching (less than 100ms) might not occur.
    • The maximum number of physical rings supported on different ACX Series routers is as follows:
      • 4 physical rings on ACX1000, ACX1100, ACX2000, and ACX2100 routers
      • 8 physical rings on ACX4000 routers
      • 24 physical rings on ACX5048 and ACX5096 routers
    • The maximum number of ring instances supported on different ACX Series routers is as follows:
      • 8 ring instances on ACX1000, ACX1100, ACX2000, and ACX2100 routers
      • 16 ring instances on ACX4000 routers
      • 96 ring instances on ACX5048 and ACX5096 routers

    Modified: 2017-08-31