Uplink Protection for Network Isolation
Uplink protection for network isolation automatically shuts down L2 interfaces when core-isolation is detected, and brings them back up when the isolation state is cleared.
Uplink protection for network isolation ensures network stability by managing Layer 2 (L2) interfaces based on the state of Layer 3 (L3) or core-facing interfaces. This feature detects core isolation on Provider Edge (PE) devices and triggers the shutdown of associated L2 interfaces to prevent traffic loops and enhance failover for multihomed Customer Edge (CE) devices. When isolation is resolved, these interfaces are brought back up after a configurable delay to allow for protocol convergence. Key functionalities include the management of aggregate and physical interfaces, an option for simultaneous L2 interface control, and service tracking actions to optimize network operations.
Benefits of Uplink Protection for Network Isolation
-
Prevents L2 traffic loops by automatically shutting down L2 interfaces connected to isolated PE devices, ensuring network stability.
-
Ensures quick and reliable failover for multihomed CE devices, minimizing downtime during network isolation events.
-
Facilitates seamless reconnection of interfaces using configurable hold times to ensure all routing updates are synchronized before interfaces come back online.
-
Simplifies network maintenance through a dedicated CLI command that enables administrators to bring all L2 ports down or up simultaneously.
-
Integrates with service tracking to automatically manage server/CE-facing L2 interfaces, optimizing network operations and maintaining service availability.
Overview
Uplink Protection for Network Isolation dynamically manages L2 interfaces based on the state of L3 interfaces facing the core network. This functionality is critical in preventing traffic loops and ensuring network stability by automatically shutting down L2 interfaces connected to isolated PE devices. When core isolation is detected, L2 interfaces are brought down and back up after the isolation state is resolved, adhering to a configurable hold timer. This hold timer allows time for L3 protocols to converge and routes to synchronize, ensuring that the network is stable before L2 interfaces become active again.
To configure Uplink Protection for Network Isolation, define network isolation groups and associate them with relevant interfaces. Key CLI commands involved in setting up this feature include defining detection hold times for network isolation (both up and down), specifying link-tracking interfaces, and associating interfaces with network isolation profiles.
For example, use the following commands to configure the network isolation group, define detection parameters, and associate interfaces with the group, ensuring that L2 interface states are managed based on L3 interface conditions:
set protocols network-isolation group group-name detection hold-time up milliseconds down milliseconds set protocols network-isolation group group-name detection link-tracking interface interface set interfaces interface network-isolation-profile group-name
Additionally, the feature integrates service tracking actions to manage L2 interface states, improving network consistency. During maintenance windows, specific CLI commands can bring down or up all L2 interfaces associated with network isolation profiles, facilitating controlled and efficient maintenance operations.
For example, the following command allows you to shut down the L2 interfaces associated with a particular network isolation group during maintenance, ensuring a smooth operational workflow.
set protocols l2-learning niso-maintenance down group-name
Configuration Example
The following configuration example sets up a network isolation group named
grp-red to monitor the L3 interface ge-0/0/0.0 with a
hold time of 1000 milliseconds for bringing interfaces up. It then associates the L2
interfaces ae0 and et-0/0/1 with this group.
This configuration ensures that when core isolation is detected, the specified L2 interfaces will be brought down and back up after a 1000 milliseconds hold time once the isolation state is cleared. This setup allows for route synchronization and protocol convergence, maintaining network stability and preventing traffic loops.
set protocols network-isolation group grp-red detection link-tracking interface ge-0/0/0.0 set protocols network-isolation group grp-red detection hold-time up 1000 set protocols network-isolation group grp-red service-tracking-action link-down set interfaces ae0 network-isolation-profile grp-red set interfaces et-0/0/1 network-isolation-profile grp-red