Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring Load Balancing Within Ethernet Ring Protection for MX Series Routers

 

MX Series routers support Ethernet ring protection (ERP) to help achieve high reliability and network stability. ERP is used in router or bridge networks to protect against link failure. A single-ring topology is configured that uses one specific link called a ring protection link (RPL) to protect the whole ring. When all links are up and running, the RPL blocks traffic and remains idle. However, if a link fails, the RPL routes traffic to bypass the failure on the ring.

MX Series routers now support ERP ring instances. Whereas traffic in a ring topology follows the same path, traffic within a ring instance uses data channels to allow some traffic to pass through one path while other traffic can follow a different one. Dividing traffic in this way supports traffic load-balancing in the ring.

This example describes how to use ERP with ring instances to load-balance traffic while still providing network protection from link failure:

Requirements

This example uses the following hardware and software components:

  • Two MX Series routers acting as core switches

  • One MX Series router acting as an aggregation switch

  • Junos OS Release 10.2 or later for MX Series routers

Overview and Topology

Figure 1 displays the topology for this example. The topology contains three MX Series routers. CS1 and CS2 act as core routers in the topology, and AS1 acts as an aggregation switch. Each router has two ring instances, ring-1 and ring-2. All nodes on the ring coordinate protection activities by exchanging messages through the Ethernet ring automatic protection switching (R-APS) messaging protocol. Each ring instance has an RPL owner. The ring-1 RPL owner is CS1; the ring-2 RPL owner is CS2. The RPL owners block or unblock the RPL as conditions require and initiate R-APS messages.

Each ring instance has two interface ports (an east interface and a west interface) that participate in the instance. Interface ge-2/0/8.0, the west interface on CS2, is the ring protection link end where ring-2’s RPL terminates. Interface ge-3/2/4.0, the east interface on CS1, is the ring protection link end where ring-1’s RPL terminates.

Each ring instance has a data channel. A data channel is a group of bridge domain virtual LAN (VLAN) IDs. All VLAN IDs within the same ring interface share the same data-forwarding properties controlled by the ERP. The data channel on ring-1 is [200, 300]. The data channel on ring-2 is [500, 600].

Two customer site switches are connected to AS1. Customer site 1 uses VLANs 200 and 300. Customer site 2 uses VLANs 500 and 600.

Figure 1: ERP with Multiple Protection Instances Configured on Three MX Series Routers
ERP with Multiple Protection Instances
Configured on Three MX Series Routers

Table 1 describes the components of the example topology.

Table 1: Components of the Network Topology

PropertySettings

Ring instances

  • ring-1—Data channel [200,300]

  • ring-2—Data channel [500,600]

Customer sites

Two customer sites are connected to AS 1:

  • Customer site 1, VLAN 200 and VLAN 300

  • Customer site 2, VLAN 500 and VLAN 600

CS1 router

CS1 has the following protection group properties:

  • RPL owner—ring-1.

  • East interface—ge-3/2/4.0.

  • West interface—ge-5/2/3.0.

  • Data channel for ring-1VLAN 200, VLAN 300.

  • Data channel for ring-2VLAN 500, VLAN 600.

  • Ring protection link end for ring-1ge-3/2/4.0.

CS1 has the following routing and bridging properties:

  • Routing instance—vs.

  • Bridge domains:

    • bd100 is associated with vlan-id 100.

    • bd101 is associated with vlan-id 101.

    • bd200 is associated with vlan-id 200.

    • bd300 is associated with vlan-id 300.

    • bd500 is associated with vlan-id 500.

    • bd600 is associated with vlan-id 600.

CS2 router

CS2 has the following protection group properties:

  • RPL owner—ring-2.

  • East interface—ge-2/0/4.0.

  • West interface—ge-2/0/8.0.

  • Ring protection link end for ring-2ge-2/0/8.0.

  • Data channel for ring-1VLAN 200, VLAN 300.

  • Data channel for ring-2VLAN 500, VLAN 600.

CS2 has the following bridging properties:

  • bd100 is associated with vlan-id 100.

  • bd101 is associated with vlan-id 101.

  • bd200 is associated with vlan-id 200.

  • bd300 is associated with vlan-id 300.

  • bd500 is associated with vlan-id 500.

  • bd600 is associated with vlan-id 600.

AS1 router

AS1 has the following protection group properties:

  • East interface—ge-2/0/5.0.

  • West interface—ge-2/1/1.0.

  • Data channel for ring-1VLAN 200, VLAN 300.

  • Data channel for ring-2VLAN 500, VLAN 600.

AS1 has the following bridging properties:

  • bd100 is associated with vlan-id 100.

  • bd101 is associated with vlan-id 101.

  • bd200 is associated with vlan-id 200.

  • bd300 is associated with vlan-id 300.

  • bd500 is associated with vlan-id 500.

  • bd600 is associated with vlan-id 600.

Configuration

To enable ERP with ring instances on CS1, CS2, and AS1, perform these tasks:

Configuring ERP on CS1

CLI Quick Configuration

To quickly configure CS1 for ERP, copy the following commands and paste them into the switch terminal window of CS1:

[edit]



set interfaces ge-3/2/4 vlan-tagging


set interfaces ge-3/2/4 unit 0 family bridge interface-mode trunk


set interfaces ge-3/2/4 unit 0 family bridge vlan-id-list 100-1000


set interfaces ge-5/2/3 vlan-tagging


set interfaces ge-5/2/3 unit 0 family bridge interface-mode trunk


set interfaces ge-5/2/3 unit 0 family bridge vlan-id-list 100-1000


set protocols protection-group ethernet-ring ring-1 ring-protection-link-owner


set protocols protection-group ethernet-ring ring-1 east-interface control-channel ge-3/2/4.0


set protocols protection-group ethernet-ring ring-1 east-interface control-channel vlan 100


set protocols protection-group ethernet-ring ring-1 east-interface ring-protection-link-end


set protocols protection-group ethernet-ring ring-1 west-interface control-channel ge-5/2/3.0


set protocols protection-group ethernet-ring ring-1 west-interface control-channel vlan 100


set protocols protection-group ethernet-ring ring-1 data-channel vlan [200, 300]


set protocols protection-group ethernet-ring ring-2 east-interface control-channel ge-3/2/4.0


set protocols protection-group ethernet-ring ring-2 east-interface control-channel vlan 101


set protocols protection-group ethernet-ring ring-2 west-interface control-channel ge-5/2/3.0


set protocols protection-group ethernet-ring ring-2 west-interface control-channel vlan 101


set protocols protection-group ethernet-ring ring-2 data-channel vlan [500, 600]


set routing-instances vs instance-type virtual-switch


set routing-instances vs interface ge-3/2/4.0


set routing-instances vs interface ge-5/2/3.0


set routing-instances vs bridge-domains bd101 vlan-id 101


set routing-instances vs bridge-domains bd200 vlan-id 200


set routing-instances vs bridge-domains bd300 vlan-id 300


set routing-instances vs bridge-domains bd500 vlan-id 500


set routing-instances vs bridge-domains bd600 vlan-id 600


Step-by-Step Procedure

To configure ERP on CS1:

  1. Configure the trunk interface ge-3/2/4 to connect CS1 to CS2 and the trunk interface ge-5/2/3 to connect CS1 to AS, and configure the family statement as bridge with a VLAN ID list of 100 through 1000:
    [edit interfaces]

    user@cs1# set ge-3/2/4 vlan-tagging

    user@cs1# set ge-3/2/4 unit 0 family bridge interface-mode trunk

    user@cs1# set ge-3/2/4 unit 0 family bridge vlan-id-list 100-1000

    user@cs1# set ge-5/2/3 vlan-tagging

    user@cs1# set ge-5/2/3 unit 0 family bridge interface-mode trunk

    user@cs1# set ge-5/2/3 unit 0 family bridge vlan-id-list 100-1000



  2. Enable ERP, specifying the control channels and data channels for ring-1 and ring-2, and configure ring-1 as the ring protection link owner:Note

    Always configure the east-interface statement first, before configuring the west-interface statement.

    [edit protection-group]

    user@cs1# set ethernet-ring ring-1 ring-protection-link-owner

    user@cs1# set ethernet-ring ring-1 east-interface control-channel ge-3/2/4.0

    user@cs1# set ethernet-ring ring-1 east-interface control-channel vlan 100

    user@cs1# set ethernet-ring ring-1 east-interface ring-protection-link-end

    user@cs1# set ethernet-ring ring-1 west-interface control-channel ge-5/2/3.0

    user@cs1# set ethernet-ring ring-1 west-interface control-channel vlan 100

    user@cs1# set ethernet-ring ring-1 data-channel vlan [200, 300]

    user@cs1# set ethernet-ring ring-2 east-interface control-channel ge-3/2/4.0

    user@cs1# set ethernet-ring ring-2 east-interface control-channel vlan 101

    user@cs1# set ethernet-ring ring-2 west-interface control-channel ge-5/2/3.0

    user@cs1# set ethernet-ring ring-2 west-interface control-channel vlan 101

    user@cs1# set ethernet-ring ring-2 data-channel vlan [500, 600]

  3. Configure the routing instance, the bridge domains, and the VLAN IDs associated with each bridge domain:

    [edit routing-instances]

    user@cs1# set vs instance-type virtual-switch

    user@cs1# set vs interface ge-3/2/4.0

    user@cs1# set vs interface ge-5/2/3.0

    user@cs1# set vs bridge-domains bd100 vlan-id 100

    user@cs1# set vs bridge-domains bd101 vlan-id 101

    user@cs1# set vs bridge-domains bd200 vlan-id 200

    user@cs1# set vs bridge-domains bd300 vlan-id 300

    user@cs1# set vs bridge-domains bd500 vlan-id 500

    user@cs1# set vs bridge-domains bd600 vlan-id 600

Results

Check the results of the configuration:

Configuring ERP on CS2

CLI Quick Configuration

To quickly configure CS2 for ERP, copy the following commands and paste them into the switch terminal window of CS2:

[edit]



set interfaces ge-2/0/4 unit 0 family bridge interface-mode trunk


set interfaces ge-2/0/4 unit 0 family bridge vlan-id-list 100-1000


set interfaces ge-2/0/8 unit 0 family bridge interface-mode trunk


set interfaces ge-2/0/8 unit 0 family bridge vlan-id-list 100-1000


set protocols protection-group ethernet-ring ring-1 east-interface control-channel ge-2/0/4.0


set protocols protection-group ethernet-ring ring-1 east-interface control-channel vlan 100


set protocols protection-group ethernet-ring ring-1 west-interface control-channel ge-2/0/8.0


set protocols protection-group ethernet-ring ring-1 west-interface control-channel vlan 100


set protocols protection-group ethernet-ring ring-1 data-channel vlan [200, 300]


set protocols protection-group ethernet-ring ring-2 ring-protection-link-owner


set protocols protection-group ethernet-ring ring-2 east-interface control-channel ge-2/0/4.0


set protocols protection-group ethernet-ring ring-2 east-interface control-channel vlan 101


set protocols protection-group ethernet-ring ring-2 west-interface control-channel ge-2/0/8.0


set protocols protection-group ethernet-ring ring-2 west-interface ring-protection-link-end


set protocols protection-group ethernet-ring ring-2 west-interface control-channel vlan 101


set protocols protection-group ethernet-ring ring-2 data-channel vlan [500, 600]


set bridge-domains bd100 vlan-id 100


set bridge-domains bd101 vlan-id 101


set bridge-domains bd200 vlan-id 200


set bridge-domains bd300 vlan-id 300


set bridge-domains bd500 vlan-id 500


set bridge-domains bd600 vlan-id 600


Step-by-Step Procedure

To configure ERP on CS2:

  1. Configure the trunk interface ge-2/0/4 to connect CS2 to CS1 and trunk interface ge-2/0/8 to connect CS2 to CS1, and configure the family statement as bridge with a VLAN ID list of 100 through 1000:
    [edit interfaces]

    user@cs2# set ge-2/0/4 unit 0 family bridge interface-mode trunk

    user@cs2# set ge-2/0/4 unit 0 family bridge vlan-id-list 100-1000

    user@cs2# set ge-2/0/8 unit 0 family bridge interface-mode trunk

    user@cs2# set ge-2/0/8 unit 0 family bridge vlan-id-list 100–1000



  2. Enable ERP, specifying the control channels and data channels for ring-1 and ring-2, and configure ring-2 as the ring protection link owner:Note

    Always configure the east-interface statement first, before configuring the west-interface statement.

    [edit protection-group]

    user@cs2# set ethernet-ring ring-1 east-interface control-channel ge-2/0/4.0

    user@cs2# set ethernet-ring ring-1 east-interface control-channel vlan 100

    user@cs2# set ethernet-ring ring-1 west-interface control-channel ge-2/0/8.0

    user@cs2# set ethernet-ring ring-1 west-interface control-channel vlan 100

    user@cs2# set ethernet-ring ring-2 data-channel vlan [200, 300]

    user@cs2# set ethernet-ring ring-2 east-interface control-channel ge-2/0/4.0

    user@cs2# set ethernet-ring ring-2 east-interface control-channel vlan 101

    user@cs2# set ethernet-ring ring-2 ring-protection-link-owner

    user@cs2# set ethernet-ring ring-2 west-interface control-channel ge-2/0/8.0

    user@cs2# set ethernet-ring ring-2 west-interface control-channel vlan 101

    user@cs2# set ethernet-ring ring-2 west-interface ring-protection-link-end

    user@cs2# set ethernet-ring ring-2 data-channel vlan [500, 600]

  3. Configure the routing instance, the bridge domains, and the VLAN IDs associated with each bridge domain:
    [edit bridge-domains]

    user@cs2# set bd100 vlan-id 100

    user@cs2# set bd101 vlan-id 101

    user@cs2# set bd200 vlan-id 200

    user@cs2# set bd300 vlan-id 300

    user@cs2# set bd500 vlan-id 500

    user@cs2# set bd600 vlan-id 600

Results

Check the results of the configuration:

Configuring ERP on AS1

CLI Quick Configuration

To quickly configure AS1 for ERP, copy the following commands and paste them into the switch terminal window of AS1:

[edit]



set interfaces ge-2/0/5 unit 0 family bridge interface-mode trunk


set interfaces ge-2/0/5 unit 0 family bridge vlan-id-list 100-1000


set interfaces ge-2/1/1 unit 0 family bridge interface-mode trunk


set interfaces ge-2/1/1 unit 0 family bridge vlan-id-list 100-1000


set protocols protection-group ethernet-ring ring-1 east-interface control-channel ge-2/0/5.0


set protocols protection-group ethernet-ring ring-1 east-interface control-channel vlan 100


set protocols protection-group ethernet-ring ring-1 west-interface control-channel ge-2/1/1.0


set protocols protection-group ethernet-ring ring-1 west-interface control-channel vlan 100


set protocols protection-group ethernet-ring ring-1 data-channel vlan [200, 300]


set protocols protection-group ethernet-ring ring-2 east-interface control-channel ge-2/0/5.0


set protocols protection-group ethernet-ring ring-2 east-interface control-channel vlan 101


set protocols protection-group ethernet-ring ring-2 west-interface control-channel ge-2/1/1.0


set protocols protection-group ethernet-ring ring-2 west-interface control-channel vlan 101


set protocols protection-group ethernet-ring ring-2 data-channel vlan [500, 600]


set bridge-domains bd100 vlan-id 100


set bridge-domains bd101 vlan-id 101


set bridge-domains bd200 vlan-id 200


set bridge-domains bd300 vlan-id 300


set bridge-domains bd500 vlan-id 500


set bridge-domains bd600 vlan-id 600


Step-by-Step Procedure

To configure ERP on AS1:

  1. Configure the trunk interface ge-2/0/5 to connect CS2 to CS1 and trunk interface ge-2/1/1 to connect CS2 to CS1, and configure the family statement as bridge with a VLAN ID list of 100 through 1000:
    [edit interfaces]

    user@as1# set ge-2/0/5 unit 0 family bridge interface-mode trunk

    user@as1# set ge-2/0/5 unit 0 family bridge vlan-id-list 100-1000

    user@as1# set ge-2/1/1 unit 0 family bridge interface-mode trunk

    user@as1# set ge-2/1/1 unit 0 family bridge vlan-id-list 100



  2. Enable ERP, specifying the control channels and data channels for ring-1 and ring-2:Note

    Always configure the east-interface statement first, before configuring the west-interface statement.

    [edit protection-group]

    user@as1# set ethernet-ring ring-1 east-interface control-channel ge-2/0/5.0

    user@as1# set ethernet-ring ring-1 east-interface control-channel vlan 100

    user@as1# set ethernet-ring ring-1 west-interface control-channel ge-2/1/1.0

    user@as1# set ethernet-ring ring-1 west-interface control-channel vlan 100

    user@as1# set ethernet-ring ring-2 east-interface control-channel ge-2/0/5.

    user@as1# set ethernet-ring ring-2 east-interface control-channel vlan 101

    user@as1# set ethernet-ring ring-2 west-interface control-channel ge-2/1/1.0

    user@as1# set ethernet-ring ring-2 west-interface control-channel vlan 101

    user@as1# set ethernet-ring ring-2 data-channel vlan [500, 600]

  3. Configure the routing instance, the bridge domains, and the VLAN IDs associated with each bridge domain:
    [edit bridge-domains]

    user@as1# set bd100 vlan-id 100

    user@as1# set bd101 vlan-id 101

    user@as1# set bd200 vlan-id 200

    user@as1# set bd300 vlan-id 300

    user@as1# set bd500 vlan-id 500

    user@as1# set bd600 vlan-id 600

Results

Check the results of the configuration:

Verification

To confirm that the ERP configuration for multiple ring instances is operating, perform these tasks:

Verifying the Ethernet Protection Ring on CS1

Purpose

Verify that ERP is enabled on CS1.

Action

Show the status of the ring automatic protection switching (R-APS) messages to determine if there is a ring failure:

Meaning

The output displayed shows that protection groups ring-1 and ring-2 have a Request/state of NR, meaning there is no request for APS on the ring. If a Request/state of SF is displayed, it indicates there is a signal failure on the ring. The output also shows that the ring protection link is not blocked. The No Flush field displays No, indicating that MAC addresses will be flushed when the ring nodes receive this message first time. A value of Yes would indicate MAC address flushing is not needed. The Originator field for ring-1 displays yes, indicating that this node is an R-APS originator.

Verifying the Data Channel CS1

Purpose

Verify the forwarding state of the data channel.

Action

List the interfaces acting as the control channels and their respective data channels (represented by the Spanning Tree Protocol (STP) index number):

Meaning

The output displayed shows the STP index number used by each interface in ring instances ring-1 and ring-2. The STP index controls the forwarding behavior for a set of VLANs on the data channel of a ring instance on a ring interface. For ring instances, there are multiple STP index numbers (here representing VLANs 200, 300, 500, and 600). The Forward State shows whether the data channel is forwarding or discarding traffic.

Verifying the VLANs on CS1

Purpose

Verify the data channel logical interfaces and the VLAN IDs controlled by a ring instance data channel.

Action

List dynamic VLAN membership:

Meaning

The output displayed shows the ring interfaces ge-3/2/4 and ge-5/2/3 in protection groups ring-1 and ring-2. For ring-1, VLAN 200 and VLAN 300 are being supported on both STP Index 122 and 123 on bridge domains bd200 and bd300. For ring-2, VLAN 500 and VLAN 600 are being supported on both STP Index 124 and 125 on bridge domains bd500 and bd600. The data channel controls the traffic on the VLAN IDs to facilitate load balancing.

Verifying the Ethernet Protection Ring on CS2

Purpose

Verify that ERP is enabled on CS2.

Action

Show the status of the ring APS (R-APS) messages to determine if there is a ring failure:

Meaning

The output displayed shows that protection groups ring-1 and ring-2 have a Request/state of NR, meaning there is no request for APS on the ring. If a Request/state of SF is displayed, it indicates there is a signal failure on the ring. The output also shows that the ring protection link is not blocked. The No Flush field displays No, indicating that MAC addresses will be flushed when the ring nodes receive this message first time. A value of Yes would indicate MAC address flushing is not needed. The Originator field for ring-1 displays yes, indicating that this node is an R-APS originator. The Originator field for ring-2 displays No, indicating that this node is not an R-APS originator.

Verifying the Data Channel CS2

Purpose

Verify the forwarding state of the data channel.

Action

List the interfaces acting as the control channels and their respective data channels (represented by the STP index number):

Meaning

The output displayed shows the STP index number used by each interface in ring instances ring-1 and ring-2. The STP index controls the forwarding behavior for a set of VLANs on the data channel of a ring instance on a ring interface. For ring instances, there are multiple STP index numbers (here representing VLANs 200, 300, 500, and 600). The Forward State shows whether the data channel is forwarding or discarding traffic.

Verifying the VLANs on CS2

Purpose

Verify the data channel logical interfaces and the VLAN IDs controlled by a ring instance data channel.

Action

List dynamic VLAN membership:

Meaning

The output displayed shows the ring interfaces ge-2/0/4 and ge-2/0/8 in protection groups ring-1 and ring-2. For ring-1, VLAN 200 and VLAN 300 are being supported on both STP Index 44 and 45 on bridge domains bd200 and bd300. For ring-2, VLAN 500 and VLAN 600 are being supported on both STP Index 46 and 47 on bridge domains bd500 and bd600. The data channel controls the traffic on the VLAN IDs to facilitate load balancing.

Verifying the Ethernet Protection Ring on AS1

Purpose

Verify that ERP is enabled on AS1.

Action

Show the status of the ring APS (R-APS) messages to determine if there is a ring failure:

Meaning

The output displayed shows that protection groups ring-1 and ring-2 have a Request/state of NR, meaning there is no request for APS on the ring. If a Request/state of SF is displayed, it indicates there is a signal failure on the ring. The output also shows that the ring protection link is not blocked. The No Flush field displays No, indicating that MAC addresses will be flushed when the ring nodes receive this message first time. A value of Yes would indicate MAC address flushing is not needed. The Originator field for ring-1 and ring-2 displays No, indicating that this node is not the R-APS originator.

Verifying the Data Channels on AS1

Purpose

Verify the forwarding state of the data channel.

Action

List the interfaces acting as the control channels and their respective data channels (represented by the STP index number):

Meaning

The output displayed shows the STP index number used by each interface in ring instances ring-1 and ring-2. The STP index controls the forwarding behavior for a set of VLANs on the data channel of a ring instance on a ring interface. For ring instances, there are multiple STP index numbers (here representing VLANs 200, 300, 500, and 600). The Forward State shows whether the data channel is forwarding or discarding traffic. All data channels are forwarding traffic.

Verifying the VLANs on AS1

Purpose

Verify the data channel logical interfaces and the VLAN IDs controlled by a ring instance data channel.

Action

List dynamic VLAN membership:

Meaning

The output displayed shows the ring interfaces ge-2/0/5 and ge-2/1/1 in protection groups ring-1 and ring-2. For ring-1, VLAN 200 and VLAN 300 are being supported on both STP Index 22 and 23 on bridge domains bd200 and bd300. For ring-2, VLAN 500 and VLAN 600 are being supported on both STP Index 24 and 25 on bridge domains bd500 and bd600. The data channel controls the traffic on the VLAN IDs to facilitate load-balancing.