Extreme ENA EAPS

ENA 15.3: Switch Operation and Configuration

Ethernet Automatic Protection

Switching (EAPS)

EAPS

Slide 2

Student Objectives

Identify the EAPS ring elements.

Describe the EAPS domain and VLAN relationship.

Identify the control VLAN configuration rules.

Describe EAPS MAC address and flush-FDB MAC address.

Describe EAPS fault detection.

Describe EAPS fault restoration.

Identify the steps to create an EAPS ring.

Configure EAPS.

Verify the EAPS configuration and status

ENA 15.3: Switch Operation and Configuration 3

EAPS Overview EAPS

Ethernet Automatic Protection Switching

Slide 4

EAPS is a simple Layer 2 loop prevention protocol designed to operate in networks where fast failover is essential

EAPS is ideal for:

Service providers providing resilient Ethernet transport for customers

Data centers requiring an “always on” resilient service

Enterprise customers with a Voice Over IP infrastructure

EAPS Provides:

Sub 50 millisecond failover which is virtually undetectable by end-users

Easy to setup and understand

- “Point and click” provisioning from within Ridgeline

- Simple configuration steps from within the CLI

Centralized management when using Ridgeline

Predictable operation

Standard Enterprise Design

Slide 5

Identify the network loops

Data Center - Core

Data Center – Server Farm

Floor 1 - Edge

SummitStack1 SummitStack3 SummitStack2

SummitX450e

SummitStack4

SummitX450e SummitX450e SummitX450e

SummitX650

Top of Rack Switch

SummitX650 Top of Rack Switch

1st Network Loop

2nd Network Loop

3rd Network Loop

Floor 2 - Edge

BD8K1 BD8K2

Standard Enterprise Design with EAPS

Slide 6

EAPS domain created for each network loop

Data Center - Core


Floor 1 - Edge


SummitX450e

SummitStack4


SummitX650

Top of Rack Switch


EAPS Domain #1

EAPS Domain #2

EAPS Domain #3

Floor 2 - Edge

1st Network Loop

2nd Network Loop

3rd Network Loop

BD8K1 BD8K2

Standard Enterprise Design with EAPS

Slide 7

EAPS elements added for each domain: node type, primary and secondary ports (secondary port on the master will block)

Data Center - Core


Floor 1 - Edge

Floor 2 - Edge


SummitX450e

SummitStack4


SummitX650

Top of Rack Switch


EAPS Domain #1

EAPS Domain #2

EAPS Domain #3

1:1 4:1

BD8K1 BD8K2

EAPS Domain and VLAN Relationship

Slide 8

Each link can carry one or more domains.

For every EAPS domain, a control VLAN needs to be created to carry

all EAPS control traffic.

An EAPS domain can contain several protected VLANs.


EAPS

EAPS Operation

9

EAPS Operation - Configuration

Slide 10

Each switch in the domain is configured with the following elements: Node type Primary & secondary ports Control VLAN

The Master node is responsible for transmitting “hello” packets Transmitted through the primary port (default setting)

Data Center - Core

Floor 1 - Edge

SummitStack1 SummitStack3 SummitStack2 SummitStack4

BD8K

EAPS Domain #2

hello packet

BD8K1 BD8K2

EAPS Operation

Slide 11

The master node transmits “hello” packets within the control VLAN every second

Defined by the EAPS domain’s hello timer

- Default is 1 second

- Values are from 100 milliseconds to 15 seconds

Data Center - Core

SummitStack1

Floor 1 - Edge


EAPS Domain #2

BD8K1 BD8K2

chk

EAPS Hello (Heath Check) packets

Slide 12

EAPS uses the Extreme Encapsulation Protocol (EEP) to transmit hello packets

EEP packets have a source MAC address of 00 e0 2b 00 00 01

EAPS packets have a destination MAC address of 00 e0 2b 00 00 04

Each switch (node) will examine the hello packet and then forward the packet to its neighbor switch through the ring port that did not receive the packet

EAPS packets are sent with an 802.1p value of 7 (QP8)

EAPS hello packets contain the following information:

Packet type

- Health, Link Down, Links Up (Pre-Forwarding), Flush FDB

Control VLAN ID

Originator’s system MAC address

Hello fail timer value

Domain state

- Complete, Failed

Hello sequence number

SummitStack1

EAPS Operation – Link Failure

Slide 13

On detecting a link failure, the transit node transmits a “links down” packet through its other ring port

The master declares the domain has failed and unblocks its secondary port sending a “flush FDB” packet out both ring ports

The master continues to transmit “hello” packets

Data Center - Core

Floor 1 - Edge


EAPS Domain #2

x

dwn

BD8K1 BD8K2

chk dwn flsh flsh

SummitStack1

EAPS Operation – Link Restoration

Slide 14

On link restoration, the transit node transmits a “pre-forwarding” packet through its other ring port. The domain state is “links up”

The master continues to transmit “hello” packets and waits until it receives a “hello” packet before it declares the domain “complete”

The master then blocks its secondary port and sends a “flush FDB” packet and then continues to transmit “hello” packets

Data Center - Core

Floor 1 - Edge


EAPS Domain #2 chk

x

pre

pre flsh flsh

BD8K1 BD8K2

SummitStack1

EAPS Operation – Fail Timer (Send Alert)

Slide 15

If three “hello” packets fail to be received by the master, the domain state will be as follows:

If the domain was previously “complete”, it will remain in a “complete” state but with a “fail timer expired” notification

If the domain has just been enabled it will be in an “init” state but with a “fail timer expired” noification

Data Center - Core

Floor 1 - Edge


EAPS Domain #2 chk

BD8K1 BD8K2

SummitStack1

EAPS Operation – Fail Timer (Unblock Port)

Slide 16

If three “hello” packets fail to be received by the master, the domain will be marked as “failed”

The master unblocks its secondary port sending a “flush FDB” packet out both ring ports

The master continues to transmit “hello” packets

Data Center - Core

Floor 1 - Edge


EAPS Domain #2 chk flsh flsh chk

BD8K1 BD8K2


EAPS

Configuring EAPS

17

EAPS Configuration Steps

Slide 18

VLAN Configuration

1. Ensure any VLANs to be protected by EAPS contain the tagged ring ports for each domain created

2. Create a control VLAN for each domain and ensure they contain the tagged ring ports for each specific domain (Maximum of 2 ports in each control VLAN)

EAPS Configuration

1. Create an EAPS domain

2. Configure one switch as a master node. All other switches will be transit nodes

3. Configure the primary port and secondary port for each switch

4. Add the designated control VLAN to the EAPS domain

5. Add the protected VLANs to the EAPS domain

6. Enable the EAPS domain

7. Repeat steps 1 through 6 for each EAPS domain required

8. Finally enable EAPS globally

VLAN: ctrl-2

802.1Q Tag: 102

EAPS Domain: ed-2

SummitStack1

EAPS Configuration Overview (Domain #2)

Slide 19

The control VLAN (VLAN “ctrl-2”) will have a tag of 102 Ports 1:1 and 4:1 for the SummitStacks will be added to the “ctrl-2” VLAN as tagged ports

Ports 1:1 and 2:1 for the BD8Ks will be added to the “ctrl-2” VLAN as tagged ports

The protected VLAN (VLAN “data”) has a tag of 10 The above ports must be added tagged to the “data” VLAN on each switch, along with any

end-user ports. End-user ports are usually untagged.

Data Center - Core

Floor 1 - Edge


EAPS Domain #2 1:1 4:1 1:1 4:1 1:1 4:1 1:1 4:1

1:1

2:1

1:1

2:1

BD8K1 BD8K2

Configuring EAPS (SummitStack2) - 1

Slide 20

To create an EAPS domain:

create eaps <eapsDomain>

To configure the EAPS mode:

configure eaps <eapsDomain> mode [master | transit]

To configure the ring ports:

configure eaps <eapsDomain> primary <pri_port>

configure eaps <eapsDomain> secondary <sec_port>

To configure the control VLAN:

configure eaps <eapsDomain> add control <vlan>

To add the protected VLANs:

configure eaps <eapsDomain> add protected <vlan>

SummitStack2.1 # create eaps ed-2

* SummitStack2.2 # configure eaps ed-2 mode master

* SummitStack2.3 # configure eaps ed-2 primary 1:1

* SummitStack2.4 # configure eaps ed-2 secondary 4:1

* SummitStack2.5 # configure eaps ed-2 add control ctrl-2

* SummitStack2.6 # configure eaps ed-2 add protected data


Slide 21

To enable an EAPS domain:

enable eaps <eapsDomain>

To enable EAPS globally:

enable eaps

To verify EAPS globally:

show eaps

To verify the EAPS domain:

show eaps <eapsDomain>

* SummitStack2.7 # enable eaps ed-2

* SummitStack2.8 # enable eaps

* SummitStack2.9 # show eaps

EAPS Enabled: Yes

EAPS Fast-Convergence: Off

EAPS Display Config Warnings: On

EAPS Multicast Add Ring Ports: Off

EAPS Multicast Send IGMP Query: On

EAPS Multicast Temporary Flooding: Off

EAPS Multicast Temporary Flooding Duration: 15 sec

Number of EAPS instances: 3

# EAPS domain configuration :

--------------------------------------------------------------------------------

Domain State Mo En Pri Sec Control-Vlan VID Count

--------------------------------------------------------------------------------

ed-2 Complete M Y 1:1 4:1 ctrl-2 (102 ) 1

--------------------------------------------------------------------------------

* SummitStack2.10 # show eaps ed-2

Name: ed-2

State: Complete Running: Yes

Enabled: Yes Mode: Master

Primary port: 1:1 Port status: Up Tag status: Tagged

Secondary port: 4:1 Port status: Blocked Tag status: Tagged

Hello timer interval: 1 sec 0 millisec

Fail timer interval: 3 sec

Fail Timer expiry action: Send alert

Last valid EAPS update: None till now.

EAPS Domain has following Controller Vlan:

Vlan Name VID

ctrl-2 102

EAPS Domain has following Protected Vlan(s):

Vlan Name VID

data 10

Number of Protected Vlans: 1


Slide 22

To rename an EAPS domain:

configure eaps <eapsDomain> name <new_name>

To change the ring ports:

disable eaps <eapsDomain>

unconfigure eaps <eapsDomain> primary <pri_port>

unconfigure eaps <eapsDomain> secondary <sec_port>

- Remember to re-enable EAPS when the new ring ports have been assigned

To configure the fail timer expiry action:

configure eaps <eapsDomain> failtime expiry action [send-alert|open-secondary-port]

To verify the changes:

show eaps <eapsDomain>

* SummitStack2.11 # conf eaps ed-2 name ed-3

* SummitStack2.12 # disable eaps ed-3

* SummitStack2.13 # unconfigure eaps ed-3 primary

* SummitStack2.14 # unconfigure eaps ed-3 secondary

* SummitStack2.15 # configure eaps ed-3 primary 4:1

* SummitStack2.16 # configure eaps ed-3 secondary 1:1

* SummitStack2.17 # enable eaps ed-3

* SummitStack2.18 # configure ed-3 failtime expiry-action open-secondary-port

* SummitStack2.19 # show eaps ed-3

Name: ed-3

State: Complete Running: Yes

Enabled: Yes Mode: Master

Primary port: 4:1 Port status: Up Tag status: Tagged

Secondary port: 1:1 Port status: Blocked Tag status: Tagged

Hello timer interval: 1 sec 0 millisec

Fail timer interval: 3 sec

Fail Timer expiry action: Open secondary port

Last update: From Master Id 00:04:96:20:b1:2d, at Fri May 6 10:43:08 2012

EAPS Domain has following Controller Vlan:

Vlan Name VID

ctrl-2 102

EAPS Domain has following Protected Vlan(s):

Vlan Name VID

data 10

Number of Protected Vlans: 1

EAPS Summary

Slide 23

You should now be able to:

Be able to identify the EAPS ring elements

Understand the EAPS domain and VLAN relationship

Know the control VLAN configuration rules

Know the EAPS MAC address

Understand EAPS fault detection

Understand EAPS fault restoration

Be able to identify the steps to create an EAPS ring

Be capable of configuring EAPS

Know how to verify the EAPS configuration and status

Lab 7 – EAPS Lab (Single Ring)

Slide 24

This lab exercise tests your ability to configure two EAPS domains on top of a single ring topology.

Create EAPS domains

Add control VLAN and any protected VLANs to the domains

Configure your switch to be the master node in the EAPS rings

Configure the inter-switch ports to be primary or secondary ports

Enable EAPS globally

Enable the EAPS domains

Verify the EAPS configuration and status

Test the ring recovery

Lab Data

192.168.X.101

controlX SwitchX

CoreSwitch-A

CoreSwitch-B

Lab Group PC

5

1

3 X

X

13

13

dataX

192.168.X.1

controlX

controlX

dataX

192.168.X.11

dataX

192.168.X.2

© 2014 Extreme Networks, Inc.

All rights reserved

Documents

Extreme ENA EAPS