RFC 3619 EAPS
I’ll explain how works the RFC3619 also known as EAPS using some models of DATACOM Switches and the interoperability with an Extreme Switch, even verifying the convergence time
How works?
An EAPS ring is made up of two or more switches. One of the switches on the ring is designated as Master. The two ring interfaces on the Master switch are configured as primary port and secondary port respectively. All the other switches on the ring are designated as transit, which are also configured with their respective primary and secondary ports. RFC3619 - Ethernet Automatic Protection Switching (EAPS), it enables ring to converge in less than one second from node or link failure.
EAPS operates by declaring a domain on a single ring. On that ring domain, a switch is designated as the Master, which blocks the secondary port for all non-control traffic belonging to this EAPS domain, avoiding a loop on the ring. The control VLAN is not blocked at the Master secondary port and control traffic is allowed to flow through. The Master sends out periodic PDU Health-Check from its primary port on the control VLAN to be received on the secondary port, thus ensuring that the ring is up.
The following set of commands will configure the sample scenario with:
- EAPS Domain: EAPS 0
- Control VLAN: 2607
- Protected VLAN: 998
- DM4610M: Master Switch
- All other ones configured as transit
Master node: DM4610M
!
dot1q
!
vlan 998
interface gigabit-ethernet-1/1/11
!
interface gigabit-ethernet-1/1/12
!
interface ten-gigabit-ethernet-1/1/1
!
vlan 2607
name Control-VLAN
interface gigabit-ethernet-1/1/11
!
interface gigabit-ethernet-1/1/12
!
!
!
eaps 0
name EAPS0
control-vlan 2607
protected-vlans 998
port
primary gigabit-ethernet-1/1/11
secondary gigabit-ethernet-1/1/12
!
mode master
!
Transit Nodes: DM2302
!
interface GigabitEthernet 1/7
no loop-protect
switchport trunk allowed vlan 998,2607
switchport mode trunk
switchport forbidden vlan add 1
qos trust tag
qos trust dscp
no spanning-tree
!
interface GigabitEthernet 1/8
no loop-protect
switchport trunk allowed vlan 998,2607
switchport mode trunk
switchport forbidden vlan add 1
qos trust tag
qos trust dscp
no spanning-tree
!
!
eaps vlan-group 0
eaps vlan-group 0 vlan 998
!
eaps 0
eaps 0 name EAPS0
eaps 0 control-vlan id 2607
eaps 0 protected-vlans vlan-group 0
eaps 0 port primary interface GigabitEthernet 1/7
eaps 0 port secondary interface GigabitEthernet 1/8
!
Transit Node: DM4610
!
dot1q
!
vlan 998
interface gigabit-ethernet-1/1/7
!
interface gigabit-ethernet-1/1/8
!
vlan 2607
name Control-VLAN
interface gigabit-ethernet-1/1/7
!
interface gigabit-ethernet-1/1/8
!
!
!
eaps 0
name EAPS0
control-vlan 2607
protected-vlans 998
port
primary gigabit-ethernet-1/1/7
secondary gigabit-ethernet-1/1/8
!
mode transit
!
Transit Node: Extreme x250e
enable eaps
create eaps EAPS0
configure eaps EAPS0 mode transit
configure eaps EAPS0 primary port 25
configure eaps EAPS0 secondary port 26
enable eaps EAPS0
configure eaps EAPS0 add protected vlan VLAN998
configure eaps EAPS0 add control vlan VLAN2607
create vlan "VLAN998"
configure vlan VLAN998 tag 998
create vlan "VLAN2607"
configure vlan VLAN2607 tag 2607
configure vlan VLAN998 add ports 25-26 tagged
configure vlan VLAN2607 add ports 25-26 tagged
Once devices are properly configured with RFC3619 Ethernet Automatic Protection Switching, protocol status should be Complete on the Master Node DM4610M, on the transit nodes should be Links-Up
DM4610M# show eaps
HEALTH
PRIMARY SECONDARY CHECK
ID NAME STATE MODE PORT STATE PORT STATE STATE
-----------------------------------------------------------------------
0 EAPS0 complete master up enabled up blocked ok
PROTECTED
ID PRIMARY PORT SECONDARY PORT VLANS
-----------------------------------------------------------------------
0 gigabit-ethernet-1/1/11 gigabit-ethernet-1/1/12 998
DM2302# show eaps
EAPS information:
Mode: M - Master
T - Transit
Pri Sec Ctrl Protected
ID Domain State Mode Port Port VLAN Groups/VLANs
-- --------------- --------------- ---- ------ ------ ---- ------------
0 EAPS0 Links-Up T 1/7 1/8 2607 1/1
Extreme.11 # show eaps eaps0
Name: EAPS0 Priority: Normal
State: Links-Up Running: Yes
Enabled: Yes Mode: Transit
Primary port: 25 Port status: Up Tag status: Tagged
Secondary port: 26 Port status: Up Tag status: Tagged
Hello timer interval: 1 sec 0 millisec
Fail timer interval: 3 sec 0 millisec
Preforwarding Timer interval: 15 sec
Last update: From Master Id ff:ff:ff:ff:00:00, at Tue Aug 29 10:15:10 2017
EAPS Domain has following Controller Vlan:
Vlan Name VID
VLAN2607 2607
EAPS Domain has following Protected Vlan(s):
Vlan Name VID
VLAN998 998
Number of Protected Vlans: 1
When a transit switch detects any of its ring ports losing link, it immediately sends a PDU link-down to the Master via the control VLAN.
DM2302# eaps debug
EAPS 0 (EAPS0) <Gi 1/8>: Rx Type=HEALTH_CHECK State=Complete Seq=12679
EAPS 0 (EAPS0) <Gi 1/7>: Tx Type=HEALTH_CHECK State=Complete Seq=12679
EAPS 0 (EAPS0) <Gi 1/8>: Link Down
EAPS 0 (EAPS0): State Change: Links-Up -> Links-Down
EAPS 0 (EAPS0) <Gi 1/7>: Tx Type=LINK_DOWN State=Links-Down Seq=0
EAPS 0 (EAPS0) <Gi 1/7>: L2/L3 Table Flush
EAPS 0 (EAPS0) <Gi 1/7>: Unblocked
EAPS 0 (EAPS0) <Gi 1/7>: Unblocked
EAPS 0 (EAPS0) <Gi 1/8>: Blocked
EAPS 0 (EAPS0) <Gi 1/8>: Blocked
When the Master receives the PDU link-down, it immediately declares failed state, and opens the logically blocked protected VLANs on the secondary port. It also flushes its forwarding database, and sends a PDU Ring-Down-Flush-FDB to all other transit switches on the ring via the control VLAN. The other switches on the ring need not be aware of the fault, they simply flush their forwarding databases on all VLANs belonging to this domain.
EAPS 0 (EAPS0) <Gi 1/7>: Rx Type=RING_DOWN State=Failed Seq=12679
EAPS 0 (EAPS0) <Gi 1/8>: Tx Type=RING_DOWN State=Failed Seq=12679
EAPS 0 (EAPS0): RX RING DOWN FLUSH generated by FF:FF:FF:FF:00:00.
EAPS 0 (EAPS0) <Gi 1/7>: L2/L3 Table Flush
EAPS 0 (EAPS0) <Gi 1/8>: L2/L3 Table Flush
DM4610M# show eaps
HEALTH
PRIMARY SECONDARY CHECK
ID NAME STATE MODE PORT STATE PORT STATE STATE
-----------------------------------------------------------------------
0 EAPS0 failed master up enabled up enabled -
PROTECTED
ID PRIMARY PORT SECONDARY PORT VLANS
-----------------------------------------------------------------------
0 gigabit-ethernet-1/1/11 gigabit-ethernet-1/1/12 998
Convergence time during the link failure was 43ms
The Master continues to send PDU Health-Check out on its primary port even if the state is failed. When the link is recovered, the Master gets its PDU Health-Check back on its secondary port, and declares the ring to be complete. It will then perform the standard ring complete operations: logically blocking the protected VLANs on the secondary port and flushing the forwarding database on all transit switches.
During restoration, from the time the link goes up on the transit switch until the Master detects ring complete state, the transit node must not begin forwarding traffic until the Master secondary port in blocked. Otherwise, a temporary loop may occur due to having all ports forwarding traffic on the ring, the protocol uses the following actions on the transit node to solve this:
- Set all the protected VLANs on the recovered link in a blocked state.
- Set its state to pre-forwarding.
EAPS 0 (EAPS0) <Gi 1/8>: Link Up
EAPS 0 (EAPS0): State Change: Links-Down -> Pre-Forwarding
EAPS 0 (EAPS0) <Gi 1/8>: Blocked
When the Master switch detects the ring is up via PDU Health-Check, it sends a PDU Ring-Up-Flush-FDB to all the transit switches. When the transit switches receive the PDU Ring-Up-Flush-FDB, they perform the following actions:
- Flush forwarding databases on protected VLANs.
- If the state is set to pre-forwarding, begin forwarding on all the protected VLANs on that port
EAPS 0 (EAPS0) <Gi 1/8>: Rx Type=HEALTH_CHECK State=Failed Seq=12854
EAPS 0 (EAPS0) <Gi 1/7>: Tx Type=HEALTH_CHECK State=Failed Seq=12854
EAPS 0 (EAPS0) <Gi 1/8>: Rx Type=RING_UP State=Complete Seq=12854
EAPS 0 (EAPS0) <Gi 1/7>: Tx Type=RING_UP State=Complete Seq=12854
EAPS 0 (EAPS0): Ports_up EAPS_STATE_PRE_FORWARDING
EAPS 0 (EAPS0): State Change: Pre-Forwarding -> Links-Up
EAPS 0 (EAPS0) <Gi 1/7>: L2/L3 Table Flush
EAPS 0 (EAPS0) <Gi 1/8>: L2/L3 Table Flush
EAPS 0 (EAPS0): Unblock both, link_up
EAPS 0 (EAPS0) <Gi 1/7>: Unblocked
EAPS 0 (EAPS0) <Gi 1/8>: Unblocked
EAPS 0 (EAPS0) <Gi 1/7>: Rx Type=RING_UP State=Complete Seq=12854
EAPS 0 (EAPS0) <Gi 1/8>: Tx Type=RING_UP State=Complete Seq=12854
EAPS 0 (EAPS0): EAPS_STATE_LINKS_UP
EAPS 0 (EAPS0) <Gi 1/7>: L2/L3 Table Flush
EAPS 0 (EAPS0) <Gi 1/8>: L2/L3 Table Flush
DM4610M# show eaps
HEALTH
PRIMARY SECONDARY CHECK
ID NAME STATE MODE PORT STATE PORT STATE STATE
-----------------------------------------------------------------------
0 EAPS0 complete master up enabled up blocked ok
PROTECTED
ID PRIMARY PORT SECONDARY PORT VLANS
-----------------------------------------------------------------------
0 gigabit-ethernet-1/1/11 gigabit-ethernet-1/1/12 998
Convergence time after links recovers was 31ms
__
References