Example: Configuring Ethernet Ring Protection Switching on EX Series Switches
You can configure Ethernet ring protection switching (ERPS) on connected EX Series or QFX Series switches to prevent fatal loops from disrupting a network. (Platform support depends on the Junos OS release in your installation.) ERPS is similar to spanning-tree protocols, but ERPS is more efficient because it is customized for ring topologies. You must configure at least three switches to form a ring.
This example shows how to configure Ethernet ring protection switching on four switches that are connected to one another on a dedicated link in a ring topology.
This task uses Junos OS for EX Series switches without support for the Enhanced Layer 2 Software (ELS) configuration style. However, an ERPS ring can include different types of switches, with or without ELS support. If you are configuring an ERPS ring that also includes QFX Series or EX Series switches running software that supports ELS, see Example: Configuring Ethernet Ring Protection Switching on QFX Series and EX Series Switches Supporting ELS for equivalent example configuration steps on those switches. For ELS details, see Using the Enhanced Layer 2 Software CLI.
Requirements
This example uses the following hardware and software components:
Four connected EX Series switches that will function as nodes in the ring topology.
Note:Because Junos uses an ERPV2 state machine for ERPV1 support on both EX2300 and EX3400 switches, operation of ERPS on those two switches deviates from the ERPV1 ITU standard in the following ways:
Wait to Restore (WTR) configuration values on EX2300 and EX3400 switches must be 5-12 minutes.
The Wait To Block Timer (WTB) is always disabled on EX2300 and EX3400 switches because it is not supported in ERPSv1. Any configuration you make to the WTB setting has no effect. The output from the CLI command 'show protection-group ethernet-ring node-state detail' lists a WTB setting but that setting has no effect.
During initial state machine initialization on EX2300 and EX3400 switches, both ERPV1 ring ports move to a discarding state on the non-RPL node.
During ERPV1 initial state machine initialization on EX2300 and EX3400 switches, the Automatic Protection Switching (APS) state moves to an idle state on the non-RPL switch
Junos OS Release 12.1 or later without support for the Enhanced Layer 2 Software (ELS) configuration style.
Before you begin, be sure you have:
Configured two trunk interfaces on each of the four switches. See Table 1 for a list of the interface names used in this example.
Configured the same VLAN (
erp-control-vlan-1) with ID 100 on all four switches and associated two network interfaces from each of the four switches with the VLAN. See Configuring VLANs for EX Series Switches. See Table 1 for a list of the interface names used in this example.Configured two VLANs (
erp-data-1anderp-data-2) with IDs 101 and 102, respectively, on all four switches and associated both the east and west interfaces on each switch witherp-data-1anderp-data-2. See Table 1 for a list of the interface names used in this example.Note:When EX2300 and EX3400 ERPS switches have a VLAN-ID configured with a name under an interface hierarchy, a commit error occurs. Avoid this by configuring VLAN-IDs using numbers when they are under an interface hierarchy with ERPS configured in the switch.
Overview and Topology
ERPS uses a dedicated physical link, including a control VLAN for trunk ports, between all of the switches to protect the active links. ERPS VLANs are all located on this link and are also blocked by default. When traffic between the switches is flowing with no problems, the active links take care of all traffic. Only if an error occurs on one of the data links would the ERPS control channel take over and start forwarding traffic.
Trunk ports on switches use a VLAN to create individual control channels for ERPS. When multiple ERPS instances are configured for a ring, there are multiple sets of ring protection links (RPLs) and RPL owners on the ERPS link, and a different channel is blocked for each instance. Nontrunk ports use the physical link as the control channel and protocol data units (PDUs) are untagged, with no VLAN information in the packet.
This example creates one protection ring (called a node ring) named erp1 on four switches connected in a ring by trunk ports as shown in Figure 1. Because the links are trunk ports, the VLAN named erp-control-vlan-1 is used for erp1 traffic. The east interface of each switch is connected with the west interface of an adjacent switch. Cobia is the RPL owner, with interface ge-0/0/0 configured as an RPL end interface. The interface ge-0/0/0 of Jas5-esc is configured as the RPL neighbor interface. In the idle state, the RPL end blocks the control VLAN and data channel VLAN for this particular ERP instance—the blocked port on Cobia is marked with a star in Figure 1.
In this example, we configure the four switches with the interfaces indicated in both Figure 1 and Table 1.
Interfaces |
Cobia |
Jas5-esc |
Jas6-esc |
Hairtail |
|---|---|---|---|---|
East |
ge-0/0/0 |
ge-0/0/10 |
ge-0/0/30 |
ge-0/0/20 |
West |
ge-0/0/20 |
ge-0/0/0 |
ge-0/0/20 |
ge-0/0/10 |
Third |
ge-0/0/10 |
ge-0/0/20 |
ge-0/0/0 |
ge-0/0/0 |
Configuration
- Configuring ERPS on Cobia, the RPL Owner Node
- Configuring ERPS on Jas5-esc
- Configuring ERPS on Hairtail
- Configuring ERPS on Jas6-esc
Configuring ERPS on Cobia, the RPL Owner Node
CLI Quick Configuration
To quickly configure Cobia, copy the following
commands, paste them into a text file, remove any line breaks, change
any details necessary to match your network configuration, and then
copy and paste the commands into the CLI at the [edit] hierarchy
level.
Spanning-tree protocols and ERPS cannot both be configured on a ring port. Because RSTP is the spanning-tree protocol enabled in the default switch configuration, this example shows disabling RSTP on each ring port before configuring ERPS. If another spanning-tree protocol is enabled, you must disable that first instead.
set protocols rstp interface ge-0/0/0 disable set protocols rstp interface ge-0/0/20 disable set protocols protection-group ethernet-ring erp1 set protocols protection-group ethernet-ring erp1 ring-protection-link-owner set protocols protection-group ethernet-ring erp1 data-channel erp-data-1 set protocols protection-group ethernet-ring erp1 data-channel erp-data-2 set protocols protection-group ethernet-ring erp1 control-vlan erp-control-vlan-1 set protocols protection-group ethernet-ring erp1 east-interface control-channel ge-0/0/0.0 set protocols protection-group ethernet-ring erp1 east-interface ring-protection-link-end set protocols protection-group ethernet-ring erp1 west-interface control-channel ge-0/0/20.0
Step-by-Step Procedure
To configure ERPS on Cobia:
Disable any spanning- tree protocols configured on the ERPS interfaces. STP, RSTP, VSTP, and MSTP are all available spanning tree protocols. RSTP is enabled in the default configuration, so this example shows disabling RSTP:
[edit protocols] user@switch# set rstp interface ge-0/0/0 disable user@switch# set rstp interface ge-0/0/20 disable
Create a node ring named erp1:
[edit protocols] user@switch# set protection-group ethernet-ring erp1
Designate Cobia as the RPL owner node:
[edit protocols protection-group ethernet-ring erp1] user@switch# set ring-protection-link-owner
Configure the VLANs erp-data-1 and erp-data-2 as data channels:
[edit protocols protection-group ethernet-ring erp1] user@switch# set data-channel erp-data-1 user@switch# set data-channel erp-data-2
Configure the control VLAN erp-control-vlan-1 for this ERP instance on the trunk interface:
[edit protocols protection-group ethernet-ring erp1] user@switch# set control-vlan erp-control-vlan-1
Configure the east interface of the node ring erp1 with the control channel ge-0/0/0.0 and indicate that this particular ring protection link ends here:
[edit protocols protection-group ethernet-ring erp1] user@switch# set east-interface control-channel ge-0/0/0.0 user@switch# set east-interface ring-protection-link-end
Configure the west interface of the node ring erp1 with the control channel ge-0/0/20.0:
[edit protocols protection-group ethernet-ring erp1] user@switch# set west-interface control-channel ge-0/0/20.0
Results
In configuration mode, check your ERPS configuration
by entering the show protocols command. If the output does
not display the intended configuration, repeat the configuration instructions
in this example to correct it.
[edit]
user@switch# show protocols
rstp {
interface ge-0/0/20.0 {
disable;
}
interface ge-0/0/0.0 {
disable;
}
}
protection-group {
ethernet-ring erp1 {
ring-protection-link-owner;
east-interface {
control-channel {
ge-0/0/0.0;
}
ring-protection-link-end;
}
west-interface {
control-channel {
ge-0/0/20.0;
}
}
control-vlan erp-control-vlan-1;
data-channel {
vlan [ 101-102 ];
}
}
}In configuration mode, check your VLAN configuration by entering
the show vlans command. If the output does not display
the intended configuration, repeat the configuration instructions
in this example to correct it.
[edit]
user@switch# show vlans
erp-control-vlan-1 {
vlan-id 100;
interface {
ge-0/0/0.0;
ge-0/0/20.0;
}
}
erp-data-1 {
vlan-id 101;
interface {
ge-0/0/10.0;
ge-0/0/0.0;
ge-0/0/20.0;
}
}
erp-data-2 {
vlan-id 102;
interface {
ge-0/0/10.0;
ge-0/0/0.0;
ge-0/0/20.0;
}
}
In configuration mode, check your interface configurations by
entering the show interfaces command. If the output does
not display the intended configuration, repeat the configuration instructions
in this example to correct it.
[edit]
user@switch# show interfaces
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/20 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
If you are finished configuring the device, enter commit in configuration mode.
Configuring ERPS on Jas5-esc
CLI Quick Configuration
To quickly configure Jas5-esc, copy the following
commands, paste them into a text file, remove any line breaks, change
any details necessary to match your network configuration, and then
copy and paste the commands into the CLI at the [edit] hierarchy
level.
set protocols rstp interface ge-0/0/10 disable set protocols rstp interface ge-0/0/0 disable set protocols protection-group ethernet-ring erp1 set protocols protection-group ethernet-ring erp1 data-channel erp-data-1 set protocols protection-group ethernet-ring erp1 data-channel erp-data-2 set protocols protection-group ethernet-ring erp1 control-vlan erp-control-vlan-1 set protocols protection-group ethernet-ring erp1 east-interface control-channel ge-0/0/10.0 set protocols protection-group ethernet-ring erp1 west-interface control-channel ge-0/0/0.0
Step-by-Step Procedure
To configure ERPS on Jas5-esc:
Disable any spanning- tree protocols configured on the ERPS interfaces. RSTP is enabled in the default configuration, so this example shows disabling RSTP:
[edit protocols] user@switch# set rstp interface ge-0/0/10 disable user@switch# set rstp interface ge-0/0/0 disable
Create a node ring named erp1:
[edit protocols] user@switch# set protection-group ethernet-ring erp1
Configure a control VLAN named erp-control-vlan-1 for the node ring erp1:
[edit protocols protection-group ethernet-ring erp1] user@switch# set control-vlan erp-control-vlan-1
Configure two data channels named erp-data-1 and erp-data-2 to define a set of VLAN IDs that belong to a ring instance.
[edit protocols protection-group ethernet-ring erp1] user@switch# set data-channel erp-data-1 user@switch# set data-channel erp-data-2
Configure the east interface of the node ring erp1 with the control channel ge-0/0/10.0:
[edit protocols protection-group ethernet-ring erp1] user@switch# set east-interface control-channel ge-0/0/10.0
Configure the west interface of the node ring erp1 with the control channel ge-0/0/0.0:
[edit protocols protection-group ethernet-ring erp1] user@switch# set west-interface control-channel ge-0/0/0.0
Results
In configuration mode, check your ERPS configuration
by entering the show protocols command. If the output does
not display the intended configuration, repeat the configuration instructions
in this example to correct it.
[edit]
user@switch# show protocols
rstp {
interface ge-0/0/10.0 {
disable;
}
interface ge-0/0/0.0 {
disable;
}
}
protection-group {
ethernet-ring erp1 {
east-interface {
control-channel {
ge-0/0/10.0;
}
}
west-interface {
control-channel {
ge-0/0/0.0;
}
}
control-vlan erp-control-vlan-1;
data-channel {
vlan [ 101-102 ];
}
}
}In configuration mode, check your VLAN configuration by entering
the show vlans command. If the output does not display
the intended configuration, repeat the configuration instructions
in this example to correct it.
[edit]
user@switch# show vlans
erp-control-vlan-1 {
vlan-id 100;
interface {
ge-0/0/10.0;
ge-0/0/0.0;
}
}
erp-data-1 {
vlan-id 101;
interface {
ge-0/0/20.0;
ge-0/0/10.0;
ge-0/0/0.0;
}
}
erp-data-2 {
vlan-id 102;
interface {
ge-0/0/20.0;
ge-0/0/10.0;
ge-0/0/0.0;
}
}
In configuration mode, check your interface configurations by
entering the show interfaces command. If the output does
not display the intended configuration, repeat the configuration instructions
in this example to correct it.
[edit]
user@switch# show interfaces
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/20 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
If you are finished configuring the device, enter commit in configuration mode.
Configuring ERPS on Hairtail
CLI Quick Configuration
To quickly configure Hairtail, copy the following
commands, paste them into a text file, remove any line breaks, change
any details necessary to match your network configuration, and then
copy and paste the commands into the CLI at the [edit] hierarchy
level.
set protocols rstp interface ge-0/0/10 disable set protocols rstp interface ge-0/0/20 disable set protocols protection-group ethernet-ring erp1 set protocols protection-group ethernet-ring erp1 data-channel erp-data-1 set protocols protection-group ethernet-ring erp1 data-channel erp-data-2 set protocols protection-group ethernet-ring erp1 control-vlan erp-control-vlan-1 set protocols protection-group ethernet-ring erp1 east-interface control-channel ge-0/0/20.0 set protocols protection-group ethernet-ring erp1 west-interface control-channel ge-0/0/10.0
Step-by-Step Procedure
To configure ERPS on Hairtail:
Disable any spanning- tree protocols configured on the ERPS interfaces. RSTP is enabled in the default configuration, so this example shows disabling RSTP:
[edit protocols] user@switch# set rstp interface ge-0/0/10 disable user@switch# set rstp interface ge-0/0/20 disable
Create a node ring named erp1:
[edit protocols] user@switch# set protection-group ethernet-ring erp1
Configure the control VLAN erp-control-vlan-1 for the node ring erp1:
[edit protocols protection-group ethernet-ring erp1] user@switch# set control-vlan erp-control-vlan-1
Configure two data channels named erp-data-1 and erp-data-2 to define a set of VLAN IDs that belong to a ring instance:
[edit protocols protection-group ethernet-ring erp1] user@switch# set data-channel erp-data-1 user@switch# set data-channel erp-data-2
Configure the east interface of the node ring erp1 with the control channel ge-0/0/20.0 and indicate that it connects to a ring protection link:
[edit protocols protection-group ethernet-ring erp1] user@switch# set east-interface control-channel ge-0/0/20.0
Configure the west interface of the node ring erp1 with the control channel ge-0/0/10.0 and indicate that it connects to a ring protection link:
[edit protocols protection-group ethernet-ring erp1] user@switch# set west-interface control-channel ge-0/0/10.0
Results
In configuration mode, check your ERPS configuration
by entering the show protocols command. If the output does
not display the intended configuration, repeat the configuration instructions
in this example to correct it.
[edit]
user@switch# show protocols
rstp {
interface ge-0/0/10.0 {
disable;
}
interface ge-0/0/20.0 {
disable;
}
}
protection-group {
ethernet-ring erp1 {
east-interface {
control-channel {
ge-0/0/20.0;
}
}
west-interface {
control-channel {
ge-0/0/10.0;
}
}
control-vlan erp-control-vlan-1;
data-channel {
vlan [ 101-102 ];
}
}
}
In configuration mode, check your VLAN configuration by entering
the show vlans command. If the output does not display
the intended configuration, repeat the configuration instructions
in this example to correct it.
[edit]
user@switch# show vlans
erp-control-vlan-1 {
vlan-id 100;
interface {
ge-0/0/20.0;
ge-0/0/10.0;
}
}
erp-data-1 {
vlan-id 101;
interface {
ge-0/0/0.0;
ge-0/0/20.0;
ge-0/0/10.0;
}
}
erp-data-2 {
vlan-id 102;
interface {
ge-0/0/0.0;
ge-0/0/20.0;
ge-0/0/10.0;
}
}
In configuration mode, check your interface configurations by
entering the show interfaces command. If the output does
not display the intended configuration, repeat the configuration instructions
in this example to correct it.
[edit]
user@switch# show interfaces
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/10 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
ge-0/0/20 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
If you are finished configuring the device, enter commit in configuration mode.
Configuring ERPS on Jas6-esc
CLI Quick Configuration
To quickly configure Jas6-esc, copy the following
commands, paste them into a text file, remove any line breaks, change
any details necessary to match your network configuration, and then
copy and paste the commands into the CLI at the [edit] hierarchy level.
set protocols rstp interface ge-0/0/30 disable set protocols rstp interface ge-0/0/20 disable set protocols protection-group ethernet-ring erp1 set protocols protection-group ethernet-ring erp1 data-channel erp-data-1 set protocols protection-group ethernet-ring erp1 data-channel erp-data-2 set protocols protection-group ethernet-ring erp1 control-vlan erp-control-vlan-1 set protocols protection-group ethernet-ring erp1 east-interface control-channel ge-0/0/30.0 set protocols protection-group ethernet-ring erp1 west-interface control-channel ge-0/0/20.0
Step-by-Step Procedure
To configure ERPS on Jas6-esc:
Disable any spanning- tree protocols configured on the ERPS interfaces. RSTP is enabled in the default configuration, so this example shows disabling RSTP:
[edit protocols] user@switch# set rstp interface ge-0/0/30 disable user@switch# set rstp interface ge-0/0/20 disable
Create a node ring named erp1:
[edit protocols] user@switch# set protection-group ethernet-ring erp1
Configure the control VLAN erp-control-vlan-1 for the node ring erp1:
[edit protocols protection-group ethernet-ring erp1] user@switch# set control-vlan erp-control-vlan-1
Configure two data channels named erp-data-1 and erp-data-2 to define a set of VLAN IDs that belong to a ring instance.
[edit protocols protection-group ethernet-ring erp1] user@switch# set data-channel erp-data-1 user@switch# set data-channel erp-data-2
Configure the east interface of the node ring erp1 with the control channel ge-0/0/30.0 :
[edit protocols protection-group ethernet-ring erp1] user@switch# set east-interface control-channel ge-0/0/30.0
Configure the west interface of the node ring erp1 with the control channel ge-0/0/20.0:
[edit protocols protection-group ethernet-ring erp1] user@switch# set west-interface control-channel ge-0/0/20.0
Results
In configuration mode, check your ERPS configuration
by entering the show protocols command. If the output does
not display the intended configuration, repeat the configuration instructions
in this example to correct it.
[edit]
user@switch# show protocols
rstp {
interface ge-0/0/20.0 {
disable;
}
interface ge-0/0/30.0 {
disable;
}
}
protection-group {
ethernet-ring erp1 {
east-interface {
control-channel {
ge-0/0/30.0;
}
}
west-interface {
control-channel {
ge-0/0/20.0;
}
}
control-vlan erp-control-vlan-1;
data-channel {
vlan [ 101-102 ];
}
}
}
In configuration mode, check your VLAN configuration by entering
the show vlans command. If the output does not display
the intended configuration, repeat the configuration instructions
in this example to correct it.
[edit]
user@switch# show vlans
erp-control-vlan-1 {
vlan-id 100;
interface {
ge-0/0/30.0;
ge-0/0/20.0;
}
}
erp-data-1 {
vlan-id 101;
interface {
ge-0/0/0.0;
ge-0/0/30.0;
ge-0/0/20.0;
}
}
erp-data-2 {
vlan-id 102;
interface {
ge-0/0/0.0;
ge-0/0/30.0;
ge-0/0/20.0;
}
}
In configuration mode, check your interfaces configuration by
entering the show interfaces command. If the output does
not display the intended configuration, repeat the configuration instructions
in this example to correct it.
[edit]
user@switch# show interfaces
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/20 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
ge-0/0/30 {
unit 0 {
family ethernet-switching {
port-mode trunk;
}
}
}
Verification
Verify that ERPS is working correctly.
Verifying That ERPS Is Working Correctly
Purpose
Verify that ERPS is working on the four EX switches that function as nodes in the ring topology.
Action
Check the state of the ring links in the output of the show protection-group ethernet-ring interface command. When
the ring is configured but not being used (no error exists on the
data links), one ERP interface is forwarding traffic and one is discarding
traffic. Discarding blocks the ring.
user@switch> show protection-group ethernet-ring interface
Ethernet ring port parameters for protection group erp1
Interface Forward State RPL End Signal Failure Admin State
ge-0/0/2.0 discarding yes clear ready
ge-0/0/0.0 forwarding no clear readyTo find out what has occurred since the last restart, check
the RPS statistics for ring-blocked events. NR is a No Request ring block, which means that the switch is not blocking
either of the two ERP interfaces. NR-RB is a No Request Ring Blocked event, which means that the switch
is blocking one of its ERP interfaces and sending a packet out to
notify the other switches.
user@switch> show protection-group ethernet-ring statistics
Ring Name Local SF Remote SF NR Event NR-RB Event
erp1 2 1 2 3Meaning
The show protection-group ethernet-ring interface command output from the RPL owner node indicates that one interface is forwarding traffic and one is discarding traffic, meaning that the ERP is ready but not active. If at least one interface in the ring is not forwarding, the ring is blocked and therefore ERP is working.
The show protection-group ethernet-ring statistics command output indicates that, since the last reboot, both local
and remote signal failures have occurred (Local SF and Remote SF).
The NR Event count is 2, indicating
that the NR state was entered into twice. NR stands for No Request. This means that the switch either originated
NR PDUs or received an NR PDU from another switch and stopped blocking
the interface to allow ERP to function.
The three NR-RB events indicate
that on three occasions, this switch either sent out NR-RB PDUs or
received NR-RB PDUs from another switch. This occurs when a network
problem is resolved and the switch once again blocks the ERP link
at one end.