Upload
fiobera
View
2
Download
0
Embed Size (px)
Citation preview
EAPS
Slide 2
Student Objectives
Identify the EAPS ring elements.
Describe the EAPS domain and VLAN relationship.
Identify the control VLAN configuration rules.
Describe EAPS MAC address and flush-FDB MAC address.
Describe EAPS fault detection.
Describe EAPS fault restoration.
Identify the steps to create an EAPS ring.
Configure EAPS.
Verify the EAPS configuration and status
Ethernet Automatic Protection Switching
Slide 4
EAPS is a simple Layer 2 loop prevention protocol designed to operate in networks where fast failover is essential
EAPS is ideal for:
Service providers providing resilient Ethernet transport for customers
Data centers requiring an “always on” resilient service
Enterprise customers with a Voice Over IP infrastructure
EAPS Provides:
Sub 50 millisecond failover which is virtually undetectable by end-users
Easy to setup and understand
- “Point and click” provisioning from within Ridgeline
- Simple configuration steps from within the CLI
Centralized management when using Ridgeline
Predictable operation
Standard Enterprise Design
Slide 5
Identify the network loops
Data Center - Core
Data Center – Server Farm
Floor 1 - Edge
SummitStack1 SummitStack3 SummitStack2
SummitX450e
SummitStack4
SummitX450e SummitX450e SummitX450e
SummitX650
Top of Rack Switch
SummitX650 Top of Rack Switch
1st Network Loop
2nd Network Loop
3rd Network Loop
Floor 2 - Edge
BD8K1 BD8K2
Standard Enterprise Design with EAPS
Slide 6
EAPS domain created for each network loop
Data Center - Core
Data Center – Server Farm
Floor 1 - Edge
SummitStack1 SummitStack3 SummitStack2
SummitX450e
SummitStack4
SummitX450e SummitX450e SummitX450e
SummitX650
Top of Rack Switch
SummitX650 Top of Rack Switch
EAPS Domain #1
EAPS Domain #2
EAPS Domain #3
Floor 2 - Edge
1st Network Loop
2nd Network Loop
3rd Network Loop
BD8K1 BD8K2
Standard Enterprise Design with EAPS
Slide 7
EAPS elements added for each domain: node type, primary and secondary ports (secondary port on the master will block)
Data Center - Core
Data Center – Server Farm
Floor 1 - Edge
Floor 2 - Edge
SummitStack1 SummitStack3 SummitStack2
SummitX450e
SummitStack4
SummitX450e SummitX450e SummitX450e
SummitX650
Top of Rack Switch
SummitX650 Top of Rack Switch
EAPS Domain #1
EAPS Domain #2
EAPS Domain #3
1:1 4:1
BD8K1 BD8K2
EAPS Domain and VLAN Relationship
Slide 8
Each link can carry one or more domains.
For every EAPS domain, a control VLAN needs to be created to carry
all EAPS control traffic.
An EAPS domain can contain several protected VLANs.
EAPS Operation - Configuration
Slide 10
Each switch in the domain is configured with the following elements: Node type Primary & secondary ports Control VLAN
The Master node is responsible for transmitting “hello” packets Transmitted through the primary port (default setting)
Data Center - Core
Floor 1 - Edge
SummitStack1 SummitStack3 SummitStack2 SummitStack4
BD8K
EAPS Domain #2
hello packet
BD8K1 BD8K2
EAPS Operation
Slide 11
The master node transmits “hello” packets within the control VLAN every second
Defined by the EAPS domain’s hello timer
- Default is 1 second
- Values are from 100 milliseconds to 15 seconds
Data Center - Core
SummitStack1
Floor 1 - Edge
SummitStack3 SummitStack2 SummitStack4
EAPS Domain #2
BD8K1 BD8K2
chk
EAPS Hello (Heath Check) packets
Slide 12
EAPS uses the Extreme Encapsulation Protocol (EEP) to transmit hello packets
EEP packets have a source MAC address of 00 e0 2b 00 00 01
EAPS packets have a destination MAC address of 00 e0 2b 00 00 04
Each switch (node) will examine the hello packet and then forward the packet to its neighbor switch through the ring port that did not receive the packet
EAPS packets are sent with an 802.1p value of 7 (QP8)
EAPS hello packets contain the following information:
Packet type
- Health, Link Down, Links Up (Pre-Forwarding), Flush FDB
Control VLAN ID
Originator’s system MAC address
Hello fail timer value
Domain state
- Complete, Failed
Hello sequence number
SummitStack1
EAPS Operation – Link Failure
Slide 13
On detecting a link failure, the transit node transmits a “links down” packet through its other ring port
The master declares the domain has failed and unblocks its secondary port sending a “flush FDB” packet out both ring ports
The master continues to transmit “hello” packets
Data Center - Core
Floor 1 - Edge
SummitStack3 SummitStack2 SummitStack4
EAPS Domain #2
x
dwn
BD8K1 BD8K2
chk dwn flsh flsh
SummitStack1
EAPS Operation – Link Restoration
Slide 14
On link restoration, the transit node transmits a “pre-forwarding” packet through its other ring port. The domain state is “links up”
The master continues to transmit “hello” packets and waits until it receives a “hello” packet before it declares the domain “complete”
The master then blocks its secondary port and sends a “flush FDB” packet and then continues to transmit “hello” packets
Data Center - Core
Floor 1 - Edge
SummitStack3 SummitStack2 SummitStack4
EAPS Domain #2 chk
x
pre
pre flsh flsh
BD8K1 BD8K2
SummitStack1
EAPS Operation – Fail Timer (Send Alert)
Slide 15
If three “hello” packets fail to be received by the master, the domain state will be as follows:
If the domain was previously “complete”, it will remain in a “complete” state but with a “fail timer expired” notification
If the domain has just been enabled it will be in an “init” state but with a “fail timer expired” noification
Data Center - Core
Floor 1 - Edge
SummitStack3 SummitStack2 SummitStack4
EAPS Domain #2 chk
BD8K1 BD8K2
SummitStack1
EAPS Operation – Fail Timer (Unblock Port)
Slide 16
If three “hello” packets fail to be received by the master, the domain will be marked as “failed”
The master unblocks its secondary port sending a “flush FDB” packet out both ring ports
The master continues to transmit “hello” packets
Data Center - Core
Floor 1 - Edge
SummitStack3 SummitStack2 SummitStack4
EAPS Domain #2 chk flsh flsh chk
BD8K1 BD8K2
EAPS Configuration Steps
Slide 18
VLAN Configuration
1. Ensure any VLANs to be protected by EAPS contain the tagged ring ports for each domain created
2. Create a control VLAN for each domain and ensure they contain the tagged ring ports for each specific domain (Maximum of 2 ports in each control VLAN)
EAPS Configuration
1. Create an EAPS domain
2. Configure one switch as a master node. All other switches will be transit nodes
3. Configure the primary port and secondary port for each switch
4. Add the designated control VLAN to the EAPS domain
5. Add the protected VLANs to the EAPS domain
6. Enable the EAPS domain
7. Repeat steps 1 through 6 for each EAPS domain required
8. Finally enable EAPS globally
VLAN: ctrl-2
802.1Q Tag: 102
EAPS Domain: ed-2
SummitStack1
EAPS Configuration Overview (Domain #2)
Slide 19
The control VLAN (VLAN “ctrl-2”) will have a tag of 102 Ports 1:1 and 4:1 for the SummitStacks will be added to the “ctrl-2” VLAN as tagged ports
Ports 1:1 and 2:1 for the BD8Ks will be added to the “ctrl-2” VLAN as tagged ports
The protected VLAN (VLAN “data”) has a tag of 10 The above ports must be added tagged to the “data” VLAN on each switch, along with any
end-user ports. End-user ports are usually untagged.
Data Center - Core
Floor 1 - Edge
SummitStack3 SummitStack2 SummitStack4
EAPS Domain #2 1:1 4:1 1:1 4:1 1:1 4:1 1:1 4:1
1:1
2:1
1:1
2:1
BD8K1 BD8K2
Configuring EAPS (SummitStack2) - 1
Slide 20
To create an EAPS domain:
create eaps <eapsDomain>
To configure the EAPS mode:
configure eaps <eapsDomain> mode [master | transit]
To configure the ring ports:
configure eaps <eapsDomain> primary <pri_port>
configure eaps <eapsDomain> secondary <sec_port>
To configure the control VLAN:
configure eaps <eapsDomain> add control <vlan>
To add the protected VLANs:
configure eaps <eapsDomain> add protected <vlan>
SummitStack2.1 # create eaps ed-2
* SummitStack2.2 # configure eaps ed-2 mode master
* SummitStack2.3 # configure eaps ed-2 primary 1:1
* SummitStack2.4 # configure eaps ed-2 secondary 4:1
* SummitStack2.5 # configure eaps ed-2 add control ctrl-2
* SummitStack2.6 # configure eaps ed-2 add protected data
Configuring EAPS (SummitStack2) - 2
Slide 21
To enable an EAPS domain:
enable eaps <eapsDomain>
To enable EAPS globally:
enable eaps
To verify EAPS globally:
show eaps
To verify the EAPS domain:
show eaps <eapsDomain>
* SummitStack2.7 # enable eaps ed-2
* SummitStack2.8 # enable eaps
* SummitStack2.9 # show eaps
EAPS Enabled: Yes
EAPS Fast-Convergence: Off
EAPS Display Config Warnings: On
EAPS Multicast Add Ring Ports: Off
EAPS Multicast Send IGMP Query: On
EAPS Multicast Temporary Flooding: Off
EAPS Multicast Temporary Flooding Duration: 15 sec
Number of EAPS instances: 3
# EAPS domain configuration :
--------------------------------------------------------------------------------
Domain State Mo En Pri Sec Control-Vlan VID Count
--------------------------------------------------------------------------------
ed-2 Complete M Y 1:1 4:1 ctrl-2 (102 ) 1
--------------------------------------------------------------------------------
* SummitStack2.10 # show eaps ed-2
Name: ed-2
State: Complete Running: Yes
Enabled: Yes Mode: Master
Primary port: 1:1 Port status: Up Tag status: Tagged
Secondary port: 4:1 Port status: Blocked Tag status: Tagged
Hello timer interval: 1 sec 0 millisec
Fail timer interval: 3 sec
Fail Timer expiry action: Send alert
Last valid EAPS update: None till now.
EAPS Domain has following Controller Vlan:
Vlan Name VID
ctrl-2 102
EAPS Domain has following Protected Vlan(s):
Vlan Name VID
data 10
Number of Protected Vlans: 1
Configuring EAPS (SummitStack2) - 3
Slide 22
To rename an EAPS domain:
configure eaps <eapsDomain> name <new_name>
To change the ring ports:
disable eaps <eapsDomain>
unconfigure eaps <eapsDomain> primary <pri_port>
unconfigure eaps <eapsDomain> secondary <sec_port>
- Remember to re-enable EAPS when the new ring ports have been assigned
To configure the fail timer expiry action:
configure eaps <eapsDomain> failtime expiry action [send-alert|open-secondary-port]
To verify the changes:
show eaps <eapsDomain>
* SummitStack2.11 # conf eaps ed-2 name ed-3
* SummitStack2.12 # disable eaps ed-3
* SummitStack2.13 # unconfigure eaps ed-3 primary
* SummitStack2.14 # unconfigure eaps ed-3 secondary
* SummitStack2.15 # configure eaps ed-3 primary 4:1
* SummitStack2.16 # configure eaps ed-3 secondary 1:1
* SummitStack2.17 # enable eaps ed-3
* SummitStack2.18 # configure ed-3 failtime expiry-action open-secondary-port
* SummitStack2.19 # show eaps ed-3
Name: ed-3
State: Complete Running: Yes
Enabled: Yes Mode: Master
Primary port: 4:1 Port status: Up Tag status: Tagged
Secondary port: 1:1 Port status: Blocked Tag status: Tagged
Hello timer interval: 1 sec 0 millisec
Fail timer interval: 3 sec
Fail Timer expiry action: Open secondary port
Last update: From Master Id 00:04:96:20:b1:2d, at Fri May 6 10:43:08 2012
EAPS Domain has following Controller Vlan:
Vlan Name VID
ctrl-2 102
EAPS Domain has following Protected Vlan(s):
Vlan Name VID
data 10
Number of Protected Vlans: 1
EAPS Summary
Slide 23
You should now be able to:
Be able to identify the EAPS ring elements
Understand the EAPS domain and VLAN relationship
Know the control VLAN configuration rules
Know the EAPS MAC address
Understand EAPS fault detection
Understand EAPS fault restoration
Be able to identify the steps to create an EAPS ring
Be capable of configuring EAPS
Know how to verify the EAPS configuration and status
Lab 7 – EAPS Lab (Single Ring)
Slide 24
This lab exercise tests your ability to configure two EAPS domains on top of a single ring topology.
Create EAPS domains
Add control VLAN and any protected VLANs to the domains
Configure your switch to be the master node in the EAPS rings
Configure the inter-switch ports to be primary or secondary ports
Enable EAPS globally
Enable the EAPS domains
Verify the EAPS configuration and status
Test the ring recovery
Lab Data
192.168.X.101
controlX SwitchX
CoreSwitch-A
CoreSwitch-B
Lab Group PC
5
1
3 X
X
13
13
dataX
192.168.X.1
controlX
controlX
dataX
192.168.X.11
dataX
192.168.X.2