Resumen del contenido incluido en la página 1 
                    
                        TM
AlliedWare OS
How To | Configure EPSR (Ethernet Protection Switching 
Ring) to Protect a Ring from Loops
Introduction
Putting a ring of Ethernet switches at the core of a network is a simple way to increase the 
network’s resilience—such a network is no longer susceptible to a single point of failure. 
However, the ring must be protected from Layer 2 loops. Traditionally, STP-based 
technologies are used to protect rings, but they are relatively slow to recover from link 
failure. This can cr
                    
                    Resumen del contenido incluido en la página 2 
                    
                        Which products and software versions does it apply to? � "Example 3: EPSR and RSTP" on page 17  � "Example 4: EPSR with Nested VLANs" on page 20  � "Example 5: EPSR with management stacking" on page 23  � "Example 6: EPSR with an iMAP" on page 26 Next, it discusses important implementation details in the following sections: � "Classifiers and Hardware Filters" on page 29  � "Ports and Recovery Times" on page 30  � "IGMP Snooping and Recovery Times" on page 31  � "Health Message Priority" on page
                    
                    Resumen del contenido incluido en la página 3 
                    
                        2 _ 1 N _ A N L V N A   L A a V L t   V a a   l t D o a r t D n o C How EPSR Works How EPSR Works EPSR operates on physical rings of switches (note, not on  meshed networks). When all nodes and links in the ring EPSR Components are up, EPSR prevents a loop by blocking data transmission  EPSR domain: across one port. When a node or link fails, EPSR detects  the failure rapidly and responds by unblocking the blocked  A protection scheme for an  port so that data can flow around the ring. Ethernet 
                    
                    Resumen del contenido incluido en la página 4 
                    
                        How EPSR Works Establishing a Ring Once you have configured EPSR on the switches, the following steps complete the EPSR ring: 1. The master node creates an EPSR Health message and sends it out the primary port. This  increments the master node’s Transmit: Health counter in the show epsr count  command. 2. The first transit node receives the Health message on one of its two ring ports and, using  a hardware filter, sends the message out its other ring port.  Note that transit nodes never generate
                    
                    Resumen del contenido incluido en la página 5 
                    
                        How EPSR Works Detecting a Fault EPSR uses a fault detection scheme that alerts the ring  when a break occurs, instead of using a spanning tree- Master Node States like calculation to determine the best path. The ring  then automatically heals itself by sending traffic over a  Complete: protected reverse path. The state when there are no link or  node failures on the ring. EPSR uses the following two methods to detect when  a transit node or a link goes down: Failed: The state when there is a li
                    
                    Resumen del contenido incluido en la página 6 
                    
                        How EPSR Works new configuration, the nodes (master and transit) re-learn their layer 2 addresses. During  this period, the master node continues to send Health messages over the control VLAN.  This situation continues until the faulty link or node is repaired. For a multidomain ring, this process occurs separately for each domain within the ring. The following figure shows the flow of control frames when a link breaks. Control VLAN is forwarding Control VLAN is forwarding Data VLANs move from b
                    
                    Resumen del contenido incluido en la página 7 
                    
                        How EPSR Works Restoring Normal Operation Master Node Once the fault has been fixed, the master node’s Health messages traverse the whole ring and  arrive at the master node’s secondary port. The master node then restores normal  conditions by: 1. declaring the ring to be in a state of Complete 2. blocking its secondary port for data VLAN traffic (but not for the control VLAN) 3. flushing its forwarding database for its two ring ports 4. sending a Ring-Up-Flush-FDB message from its primary port,
                    
                    Resumen del contenido incluido en la página 8 
                    
                        How To Configure EPSR How To Configure EPSR This section first outlines, step-by-step, how to configure EPSR. Then it discusses changing  the settings for the control VLAN, if you need to do this after initial configuration. Configuring EPSR   1. Connect your switches into a ring EPSR does not in itself limit the number of nodes that can exist on any given ring. Each switch  can participate in up to 16 rings. If you already have a ring in a live network, disconnect the cable between any two of t
                    
                    Resumen del contenido incluido en la página 9 
                    
                        How To Configure EPSR iii. Remove the ring ports from the default VLAN If you leave all the ring ports in the default VLAN (vlan1), they will create a loop, unless  vlan1 is part of the EPSR domain. To avoid loops, you need to do one of the following: � make vlan1 a data VLAN, or � remove the ring ports from vlan1, or � remove at least one of the ring ports from vlan1 on at least one of the switches.  We do not recommend this option, because the action you have taken is less  obvious when mainta
                    
                    Resumen del contenido incluido en la página 10 
                    
                        How To Configure EPSR Modifying the Control VLAN You cannot modify the control VLAN while EPSR is enabled. If you try to remove or add  ports to the control VLAN, the switch generates an error message as follows: Manager> delete vlan=1000 port=1 Error (3089409): VLAN 1000 is a control VLAN in EPSR and cannot be modified Disable the EPSR domain and then make the required changes. Note that disabling EPSR will  create a loop, so is not recommended on a network with live data. Of course, in a live 
                    
                    Resumen del contenido incluido en la página 11 
                    
                        Example 1: A Basic Ring Example 1: A Basic Ring This example builds a simple 3-switch ring with one data VLAN, as shown in the following  diagram. Control packets are transmitted around the ring on vlan1000 and data packets on  vlan2. End User Ports  port 1: primary port 2: secondary P S Master  Node (A) port 1: ring port 1: ring End User Ports  End User Ports  port 2: ring port 2: ring Transit Transit Node Node (B) (C) epsr-example-basic-ring Configure the Master Node (A)   1. Create the contro
                    
                    Resumen del contenido incluido en la página 12 
                    
                        Example 1: A Basic Ring 5. Remove the ring ports from the default VLAN delete vlan=1 port=1-2 6. Create the EPSR domain This step creates the domain, specifying that this switch is the master node. It also specifies  which VLAN is the control VLAN and which port is the primary port.  create epsr=test mode=master controlvlan=vlan1000 primaryport=1 7. Add the data VLAN to the domain add epsr=test datavlan=vlan2 8. Enable EPSR enable epsr=test Configure the Transit Nodes (B and C) Each of the trans
                    
                    Resumen del contenido incluido en la página 13 
                    
                        Example 1: A Basic Ring 6. Create the EPSR domain This step creates the domain, specifying that this switch is the transit node. It also specifies  which VLAN is the control VLAN.  create epsr=test mode=transit controlvlan=vlan1000 7. Add the data VLAN to the domain add epsr=test datavlan=vlan2 8. Enable EPSR enable epsr=test Page 13 | AlliedWare™ OS How To Note: EPSR                                                                                                                                  
                    
                    Resumen del contenido incluido en la página 14 
                    
                        Example 2: A Double Ring Example 2: A Double Ring This example adds to the previous ring by making two domains, as shown in the following  diagram. Master Master  Node Node port 1: port 4: (A) (C) primary primary port 2: port 5: secondary secondary port 1 port 4 Domain 1 Domain 2 control VLAN: 1000 control VLAN: 40 data VLAN: 2 data VLAN: 50 port 2 port 5 Transit  port 1 port 4 Node (E) port 2 port 5 Transit Transit Node Node (B) (D) epsr-example-double-ring   1. Configure the master node (switc
                    
                    Resumen del contenido incluido en la página 15 
                    
                        Example 2: A Double Ring 2. Configure the transit node (switch B) that belongs just to domain 1 This transit node is the same as in the previous example (except that the domain has been  renamed). create vlan=vlan1000 vid=1000 add vlan=1000 port=1-2 frame=tagged create vlan=vlan2 vid=2 add vlan=2 port=1-2 frame=tagged delete vlan=1 port=1-2 create epsr=domain1 mode=transit controlvlan=vlan1000 add epsr=domain1 datavlan=vlan2 enable epsr=domain1   3. Configure the master node (switch C) for domai
                    
                    Resumen del contenido incluido en la página 16 
                    
                        Example 2: A Double Ring Configure EPSR: create epsr=domain2 mode=transit controlvlan=vlan40 add epsr=domain2 datavlan=vlan50 enable epsr=domain2 5. Configure the transit node (switch E) that belongs to both domains Two separate EPSR domains are configured on this switch.  Configure the control VLAN for domain 1: create vlan=vlan1000 vid=1000 add vlan=1000 port=1-2 frame=tagged Configure the control VLAN for domain 2: create vlan=vlan40 vid=40 add vlan=40 port=4-5 frame=tagged Configure the data
                    
                    Resumen del contenido incluido en la página 17 
                    
                        Example 3: EPSR and RSTP Example 3: EPSR and RSTP This example uses EPSR to protect one ring and RSTP to protect another overlapping ring. RSTP Master  Switch Node (C) port 1: (A) port 10 primary port 2: port 11 secondary port 1 port 10 Domain 1 RSTP: control VLAN: 1000 STP VLAN: 10 data VLAN: 2 port 2 port 11 Switch port 1 port 10 (E) port 2 port 11 RSTP Transit  Switch Node (D) (B) epsr-example-rstp   1. Configure the master node (switch A) for the EPSR domain The master node is the same as in
                    
                    Resumen del contenido incluido en la página 18 
                    
                        Example 3: EPSR and RSTP 2. Configure the transit node (switch B) that belongs just to the EPSR domain This transit node (B) is the same as in the previous example. create vlan=vlan1000 vid=1000 add vlan=1000 port=1-2 frame=tagged create vlan=vlan2 vid=2 add vlan=2 port=1-2 frame=tagged delete vlan=1 port=1-2 create epsr=domain1 mode=transit controlvlan=vlan1000 add epsr=domain1 datavlan=vlan2 enable epsr=domain1 3. Configure the switches that belong to the RSTP instance (switches C and D) Switc
                    
                    Resumen del contenido incluido en la página 19 
                    
                        Example 3: EPSR and RSTP 4. Configure switch E for EPSR and RSTP Configure the control VLAN for EPSR: create vlan=vlan1000 vid=1000 add vlan=1000 port=1-2 frame=tagged Configure the data VLAN for EPSR: create vlan=vlan2 vid=2 add vlan=2 port=1-2 frame=tagged Remove the ring ports from the default VLAN: delete vlan=1 port=1-2 Configure EPSR: create epsr=domain1 mode=transit controlvlan=vlan1000 add epsr=domain1 datavlan=vlan2 enable epsr=domain1 Configure the STP VLAN: create vlan=vlan10 vid=10 a
                    
                    Resumen del contenido incluido en la página 20 
                    
                        Example 4: EPSR with Nested VLANs Example 4: EPSR with Nested VLANs In this example: � client switches A and C are in the same end-user VLAN (vlan20) � client switches B and D are in the same end-user VLAN (vlan200) � traffic for vlan20 and vlan200 is nested inside vlan50 for transmission around the core � vlan50 is the data VLAN for the EPSR domain � vlan100 is the control VLAN for the EPSR domain Client Client  Switch Switch (E) (H) port 20 port 10 port 22 port 22 port 2: port 2 secondary Mast