Redundancy Mechanisms for Carrier Ethernet and Layer 2 VPN Services

Transcription

1

2 Redundancy Mechanisms for Carrier Ethernet and Layer 2 VPN Services Jose Liste (jliste@cisco.com) Technical Marketing Engineer, Cisco

3 genda Introduction ccess Resiliency Mechanisms ggregation and Core Resiliency Mechanisms MC Flushing Mechanisms Redundancy Solutions Summary 3

4 Introduction

5 Carrier Ethernet Networks Mobile Content Farm Residential ccess ggregation Edge MSPP VOD TV SIP Cable STB Business Corporate Residential ETTx DSL MPLS / IP BNG DPI Core Network MPLS /IP PON Ethernet SR/PE Content Farm VOD TV SIP Focus of presentation 5

6 Resiliency Fundamentals Resiliency definition from Metro Ethernet Forum: self-healing property of the network that allows it to continue to function with minimal or no impact to the network users upon disruption, outages or degradation of facilities or equipment in the MEN [MEF-2] User s perspective SL attributes such as: vailability Mean Time To Restore (MTTR) Mean Time Between Failure (MTBF) ctual methods and mechanisms used by SP not relevant Provider s perspective Translation of SLs to network protection requirements Selection of mechanisms / protocols to provide such protection 6

7 Ethernet-ware Resiliency Mechanisms Key Requirements MUST NOT allow data-plane loops Not even transient ones, as Ethernet header has no Time To Live (TTL) or equivalent field MUST ensure congruency of forward and reverse data-plane paths Prevent MC moves in scenarios with Load Balancing MUST ensure a unique entry/exit point into an Ethernet segment Prevent delivery of duplicate packets Designated Forwarder notion MUST ensure MC-flushing and relearning after topology change notification Prevent black-holing of traffic - MC address tables must be updated after re-convergence events 7

8 ccess Resiliency Mechanisms

9 ccess Resiliency Mechanisms Multi-Chassis LCP (mlcp) and Inter-Chassis Communication Protocol (ICCP)

10 Multi-Chassis LCP and ICCP Overview mlcp & ICCP enable a switch/router to use standard Ethernet Link ggregation for device dual-homing, with active/standby redundancy Dual-homed Device (DHD) operates as if it is connected to single virtual device and runs IEEE std X-2008 (LCP) Point of ttachment (Po) nodes run Inter-chassis Communication Protocol (ICCP) to synchronize state & form a Redundancy Group (RG) mlcp Standby Po Redundancy Group (RG) DHD Inter-chassis Communication Protocol (ICCP) Link ggregation Group LCP ctive Po 10

11 Protected Failure Points mlcp Offers Protection gainst 5 Failure Points: : DHD Port Failure B: DHD Uplink Failure C: ctive Po Port Failure D: ctive Po Node Failure E: ctive Po Isolation from Core Network Standby Po DHD B C D E ctive Po 11

12 Background: Link ggregation Control Protocol Port attributes: Port key: defines which ports can be bundled together (per node significance) Port priority: specifies precedence to join a bundle Port number: identifies a port in the switch (per node significance) System attributes: System MC address: MC address that uniquely identifies the switch System priority: determines which switch s Port Priority values win ggregator (bundle) attributes: ggregator key: identifies a bundle within a switch (per node significance) Maximum links per bundle: used for Hot Standby configuration Minimum links per bundle: when threshold is crossed the bundle is disabled Key: 10 System Priority: 3 System MC: M2 Key: 35 gg3 gg4 Port #: 1, Priority: 10 Port #: 2, Priority: 11 Port #: 3, Priority: 5 Port #: 4, Priority: 6 gg1 gg2 Key: 10 System Priority: 5 System MC: M1 Key: 20 12

13 Extending LCP cross Multi-Chassis: mlcp mlcp uses ICCP to synchronize LCP configuration & operational state between Pos, to provide DHD the perception of being connected to a single switch ll Pos use the same System MC ddress & System Priority when communicating with DHD Configurable or automatically synchronized via ICCP Every Po in the RG is configured with a unique Node ID (value 0 to 7). Node ID + 8 forms the most significant nibble of the Port Number For a given bundle, all links on the same Po must have the same Port Priority Port #: 0x9001, Port Priority 1 DHD LCP PDUs Po1 Node ID: 1 Po2 Port #:0x001, Port Priority 2 ICCP Node ID: 2 System MC: aaaa.bbbb.cccc System Priority: 1 13

14 Inter-Chassis Communication Protocol ICCP allows two or more devices to form a Redundancy Group (RG) ICCP provides a control channel for synchronizing state between devices ICCP uses TCP/IP as the underlying transport ICCP rides on targeted LDP session, but MPLS need not be enabled Various redundancy applications can use ICCP: mlcp Pseudowire redundancy Under standardization in the IETF: draft-ietf-pwe3-iccp RG ICCP over Dedicated Link RG ICCP over Shared Network 14

15 Failover Operation Port/Link Failures Step 1 For port/link failures, active Po evaluates number of surviving links (selected or standby) in bundle: If > M, then no action If < M, then trigger failover to standby Po Step 2 ctive Po signals failover to standby Po over ICCP Step 2B Failover is triggered on DHD by one of: Dynamic Port Priority Mechanism: real-time change of LCP Port Priority on active Po to cause the standby Po links to gain precedence Brute-force Mechanism: change the state of the surviving links on active Po to admin down Step 3 Standby Po and DHD bring up standby links per regular LCP procedures DHD 3. LCP Exchanges 2B. Dynamic Port Priority or Bruteforce failover B C Standby Po ICCP ctive Po 2. Signal failover over ICCP 1. Evaluate # of links Max Links per Bundle: L (e.g. 2) Min Links per Bundle: M (e.g. 2) 15

16 Failover Operation Node Failure 2. LCP Exchanges Standby Po Step 1 Standby Po detects failure of ctive Po via one of: IP Route-watch: loss of IP routing adjacency BFD: loss of BFD keepalives Step 1B DHD detects failure of all its uplinks to previously active Po Step 2 Both Standby Po and DHD activate their Standby links per regular LCP procedures DHD 1B. Links Down ICCP D ctive Po 1. IP Route- Watch or BFD timeout 16

17 Failover Operation Po Isolation from Core 3. LCP Exchanges Standby Po Step 1 ctive Po detects all designated core interfaces are down Step 2 ctive Po signals standby Po over ICCP to trigger failover Step 2B ctive Po uses either Dynamic Port Priority or Brute-force Mechanism to signal failure to DHD Step 3 Standby Po and DHD bring up standby links per regular LCP procedures DHD 2B. Dynamic Port Priority or Bruteforce failover ICCP ctive Po 2. Signal failover over ICCP E 1. Detect core isolation 17

18 ccess Resiliency Mechanisms ICCP Service Multi-Homing (ICCP-SM) a.k.a. Pseudo mlcp

19 Setup llow: VLN 1-10 PO 1 Bundle 1 llow: VLN 1-20 Block: VLN DHD ICCP llow: VLN 1-20 Bundle 2 Block: VLN 1-10 llow: VLN PO 2 DHD configures all uplinks towards a single PO in a bundle (LG) Links towards different POs belong to different bundles DHD enables all VLNs on both bundles to Pos POs configured in ctive/ctive mode with manual per VLN load-balancing given VLN can be active on a single Po at a time Traffic from DHD to core initially flooded to both Pos until DHD learns which bundle is active for what VLNs 19

20 Fault Protection Points Provide Protection gainst 5 Failure Points: : DHD Uplink Port Failure B: DHD Uplink Failure C: PO Downlink Port Failure D: PO Node Failure E: PO Isolation from core network DHD B PO1 C D E ICCP B C D E PO 2 20

21 Failure Procedures For Failure Points, B, and C 3 DHD 4 Standby PO 1 B C ctive PO 1. DHD & ctive PO detect port down 2. ctive PO signals switchover to Standby via ICCP 3. Standby unblocks affected VLNs over downlink and flushes its MC tables 4. Standby triggers STP TCN or Multiple VLN Registration Protocol (MVRP - IEEE 802.1aq) new declaration towards DHD to induce MC flushing 1 ICCP 2 21

22 Failure Procedures For Failure D 1, 2 3 Standby PO DHD ICCP D ctive PO 1. Standby PO detects failure of active PO via IP Route-Watch or BFD 2. Standby PO unblocks affected VLNs over downlink 3. Standby PO flushes its MC tables & triggers STP TCN or MVRP MC flush notification towards DHD 22

23 Failure Procedures For Failure E DHD 4 3 Standby PO ICCP 2 E ctive PO 1. ctive PO detects isolation from core, blocks its previously active VLNs 2. ctive PO informs standby PO of need to failover via ICCP 3. Standby PO activates (unblocks) affected VLNs on downlink and flushes its MC tables 4. Standby PO triggers STP TCN or MVRP registrations with new bit set (for affected VLNs) towards DHD to trigger MC flushing. 1 23

24 ccess Resiliency Mechanisms Other Multi-chassis Link ggregation Solutions

25 Other Multi-chassis Link ggregation Solutions Virtual Port-Channel (vpc) [Nexus product line] Virtual Switching System (VSS) [Catalyst 6500] Network Virtualization (nv) Cluster [SR 9000]

26 Comparison Solution Control Plane Dedicated Physical Interconnect Required Load Balancing per DHD mlcp Multiple 1 No ctive / Standby ICCP-SM Multiple 1 No Per VLN EVPN / PBB- EVPN Multiple 1 No Per Flow vpc Multiple 1 Yes Per Flow 2 VSS Single Yes Per Flow nv Cluster Single Yes Per Flow (1) Independent Control Planes with synchronized states (2) With MST or VPLS, there s a single egress point to the ggregation network. 28

27 ccess Resiliency Mechanisms Ethernet Ring Protection (ITU-T G.8032)

28 Overview Standards-based protection switching for Ethernet ring topologies Defined by ITU-T Study Group 15 [G.8032/Y.1344] (v1 06/08; v2 03/10) Ring traffic forwarding based on Ethernet bridging rules Layer 2 Rings Loop avoidance by blocking of designated ring link under normal conditions Ring Protection Link (RPL) - Blocked Link B C R-PS Channel of Ring Uses a dedicated Control Channel (VLN) carrying control messages - Ring PS Leverages Ethernet CFM / ITU-T Y.1731 for Fault Detection (CCM) RPL Owner D E F Single Ring or Multi-Ring network topologies Supports MC flushing, load-balancing, revertive / non-revertive switching and administrative switching commands 30

29 Protected Failure Points C B G.8032 protects against any single Link, Port or Node failure within a ring : Failure of a port within the ring B: Failure of a link within the ring C: Failure of a node within the ring 31

30 Ring Instances G.8032 v2 supports multiple ERP instances over a ring ERP instance entity responsible for the protection of subset of VLNs carried over the physical ring Each ERP instance is independent of other ring instances that may be configured on the ring Each ring instance should configure its own R-PS channel, RPL, RPL Owner Node and RPL Neighbor Node Enables load-balancing over the ring R-PS Blue Instance RPL Owner Blue Instance D B E C F R-PS Red Instance VID: RPL Owner Red Instance VID:

31 Interconnected Rings G.8032 v2 specifies support for a network of interconnected rings One Major ring (closed) / multiple Sub-rings (open) given link must belong to a single ring Interconnection node node common to two or more rings (e.g. Nodes D & E) Major Ring Ethernet ring that is connected on two ports to Interconnection nodes (e.g. Ring -B-C-E-D) Interconnection Node - D Links protected and controlled by Major Ring B Major Ring Sub-Ring C E Link protected and controlled by Major Ring Sub-Ring n Ethernet ring that is connected to other rings through Interconnection Nodes. Sub-Ring does not constitute a closed ring (e.g. Ring D-F-G-H-E) F G Links protected and controlled by Sub-Ring H 33

32 Loop voidance Loop avoidance in G.8032 t any time, traffic may flow on all but one of the ring links (the RPL) Under failure condition, RPL owner node is responsible to unblock its end of RPL Once a ring port has been blocked, it may be unblocked only if it is known that there remains at least one other blocked port in the ring Ring PS (R-PS) protocol used to coordinate protection actions over the ring Protection algorithm based transmission of local status and local switch requests to all nodes via R-PS RPL Neighbor Node Ring Protection Link RPL Owner Node D B E C F R-PS Channel of Ring R-PS channel VLN is always blocked at the same ring ports where channel is blocked Except on sub-rings without R-PS virtual channel 34

33 Failure Handling [1] Ring Nodes detect link failure via Link Down Event (PHY based Loss of Signal) or timeout of CFM CCMs [2] Nodes adjacent to failed link block their ports and flush MC tables [3] Nodes adjacent to failed link send R-PS messages with Signal Fail (SF) state onto ring [4] Remaining Ring Nodes receiving R-PS SF messages flush MC forwarding tables [5] Upon reception of R-PS SF, RPL Owner (and RPL neighbor if present) unblocks RPL 1 2 Flush Flush Flush RPL Neighbor Node B C B C B R-PS (SF) C B C RPL Owner Node D E F D E F D E F D E F Flush Flush Flush 35

34 R-PS Control Channel R-PS message format based on ITU-T Y.1731 Opcode = 40 (R-PS) Sent to well-known multicast MC address MC D = [Ring ID] For time being, only Ring ID = 0x01 is allowed per standard R-PS messages for different ERP instances must use different VLNs MEL Version (1) OpCode (R-PS = 40) Flags (0) TLV Offset (32) Request /State Sub-code R B D NF Indicates whether eastbound or westbound port is blocked B PR Status Status Reserved Node ID Reserved 2 (24 octets) Node ID (6 octets) MC ddress to uniquely identify the transmitting switch 37 [optional TLV starts here; otherwise End TLV] last End TLV (0) 36

35 Open Ring Support Two Solutions: Open ring with R-PS Virtual Channel (VC) R-PS messages flow over a virtual channel supplied by another network to close the ring control channel Ring is closed from control perspective but open from data perspective Open ring without R-PS Virtual Channel (VC) Special handling of R-PS on the ring: R- PS control messages can pass over the RPL to reach all nodes Requires independent blocking of control vs. data channels on RPL owner/neighbor With VC B R-PS VC B Without VC RPL Owner F E D C R-PS RPL Neighbor (optional) RPL Owner F E D C R-PS RPL Neighbor (optional) 37

36 Microwave daptive Bandwidth Protection with G.8032 Microwave radio with daptive Coding and Modulation (CM) changes modulation scheme when it detects fading on the link More robust modulation comes with drop in link BW Fading is long-lived phenomenon (e.g. rain, fog ) When BW drops below nominal value, Microwave radio notifies neighboring router of degraded link BW using Y.1731 extension: Bandwidth Vendor Specific Message (BW-VSM) Microwave radio Ethernet Link 1. Degrading Microwave Link 3. Switch triggers G.8032 failover 2. daptive BW reporting via Y.1731 BW-VSM

37 Microwave daptive Bandwidth Protection with G.8032 (cont d) Router is configured with a set of thresholds that guarantee minimum BW allocation for various ERP instances Router evaluates current BW reported in BW-VSM against configured policy: Triggers failover of zero or more ERP instances depending on set threshold(s) Traffic rerouted away from the degraded Microwave link for the duration of fading Low High 39

38 Microwave daptive Bandwidth Notification Other uses cases relying on BW-VSM can be implemented via customized via Cisco Embedded Event Manager (EEM) scripts: QoS / H-QoS adjustments IGP metric adjustments Link removal 40

39 ccess Resiliency Mechanisms Resilient Ethernet Protocol (REP)

40 REP Protocol Basics Segment Protocol REP Segment f1 f2 f1 f2 f1 f2 f1 f2 f1 f2 interface f2 rep segment 10 interface f1 rep segment 10 interface f2 rep segment 10 interface f1 rep segment 10 REP operates on chain of bridges called segments port is assigned to a unique segment using: (config-if)# [no] rep segment {id} segment can have up to two ports on a given bridge 42

41 REP Protocol Basics Blocked Port Edge Port f2 lternate Port (blocks traffic) Edge Port f1 f2 f1 f2 f1 f2 f1 f2 f1 f2 f2 Unblocks Link Failure f1 f2 f1 f2 f1 f2 f1 f2 f1 f2 When all links are operational, a unique port blocks the traffic on the segment No connectivity between edge ports over the segment If any failure occurs within the segment, the blocked port goes forwarding 43

42 Protected Failure Points Edge Port B C Edge Port f1 f2 f1 f2 f1 f2 f1 f2 f1 f2 REP Protects gainst ny Single Link, Port or Node Failure Within a Segment : Failure of a port within the segment B: Failure of a link within the segment C: Failure of a node within the segment 44

43 REP Protocol Basics REP Provides Two Redundant Gateways Bridged Domain Y Bridged Domain Y E1 E2 E1 E2 X X ccess Rings modeled as REP segments The segment provides one level of redundancy Hosts on the segment can reach the rest of the network through either edge port, as necessary 45

44 ccess Resiliency Mechanisms MST ccess Gateway (MST-G) (a.k.a. Reverse Layer 2 Gateway Ports (R-L2GP))

45 Motivation for MST-G GW1 ccess L2 Network 1 Core Network GW2 ccess L2 Network 2 Terminate multiple Ethernet access networks into same pair of Gateway nodes Each access network maintains independent topology (control plane isolation) Fast convergence in all cases ccess nodes run standard MST Gateway nodes act as root bridges 47

46 MST-G Overview Dynamic MST BPDU Pre-configured MST BPDU Best Bridge MST-G Ports ccess Network Virtual Root Core Network MST-G ports Send pre-configured BPDUs advertising virtual root by best bridge and 0 cost to root by second best bridge Virtual Root may coincide with the MST-G node, or not Ignore incoming BPDUs from access network, except for TCN lways in Designated Forwarding state React and relay TCN over a special control pseudowire L2 access network Can have arbitrary topology (e.g. ring or mesh) Runs standard MST protocol Handles port blocking/unblocking Dynamic MST BPDU Pre-configured MST BPDU Second Best Bridge,with 0 cost to root Control PW for TCN Relay Root Port Designated Port lternate Port 48

47 Protected Failure Points MST-G Ports D ccess Network B C E Core Network MST-G Provides Protection gainst ny of the Following Failure Points: : Failure of link connecting access network to gateway B: Failure of gateway access-facing port C: Gateway node failure D: Failure within access network, including access network total split E: Isolation of the gateway from core network (via Link State Tracking feature) 49

48 Failure Scenarios Gateway Direct Failures ccess Network B Root C E MST-G Ports Core Network Second Best Bridge ccess Network Root port Virtual Root Core Network ccess switches detect failure Note: for Failure E, gateway brings down line-protocol on link to access MST re-converges in access network, choosing path through second Gateway to reach the root TCN propagated all the way to new root TCN 50

49 Failure Scenarios ccess Network Split Root MST-G Ports D ccess Network Core Network Second Best Bridge ccess Network Root port Root port Core Network TCN ccess network completely partitioned Sub-network isolated from original root selects path through second Gateway TCN is propagated to new root, relayed over control PW and into the other sub-network 51

50 ggregation and Core Resiliency Mechanisms

51 ggregation and Core Resiliency Mechanisms Pseudowire Redundancy

52 One-Way Pseudowire Redundancy Overview CE PE1 MPLS PW 1 PW 2 <IP1, VCID1> PW 3 <IP2, VCID2> llows dual-homing of one local PE to two or more remote PEs <IP3, VCID3> Two pseudowires: primary and backup provide redundancy for a single C (1:1 Protection) Multiple backup PWs (different priorities) can be defined (N:1) lternate LSPs (TE Tunnels) can be used for additional redundancy Upon primary PW failure, failover is triggered after a configurable delay (seconds) Configurable Revertive / Non-Revertive upon recovery 54

53 Pseudowire Redundancy with LDP PW Status Signaling CE PE1 tldp PW PE2 0x Pseudowire forwarding (clear all failures) 0x Pseudowire Not Forwarding 0x Local ttachment Circuit (ingress) Receive Fault 0x Local ttachment Circuit (egress) Transmit Fault 0x Local PSN-facing PW (ingress) Receive Fault 0x Local PSN-facing PW (egress) Transmit Fault 0x PW Preferential Forwarding Status 0x PW Request Switchover Status RFC 4447 RFC 6870 When set == PW fwd Standby; when cleared == PW fwd ctive Only this bit is required/used (with help of ICCP) 55

54 One-Way Pseudowire Redundancy Failure Protection Points CE PE1 MPLS PW 1 B PE2 C PE3 PW 2. Loss of next hop P node as notified by IGP (Route-Watch) PW failover is delayed to allow IGP chance to restore B. Loss of Remote PE LDP session timeout BFD timeout C. Loss of Remote C 56

55 Two-Way Pseudowire Redundancy Overview CE PE1 MPLS PW 1 PE3 ICCP PW 2 PW 3 PE4 PE2 PW 4 llows dual-homing of two local PEs to two remote PEs PW Preferential Forwarding Status determined by ICCP application (e.g. mlcp, ICCP-SM) Four pseudowires: 1 primary and 3 backup provide redundancy for a dual-homed device 57

56 Two-Way Pseudowire Redundancy Failure Protection Points CE PE1 ICCP B PW 2 MPLS PW 1 PW 3 PE3 PE4 PE2 PW 4. Failure of primary PE node B. Isolation of primary PE node from the MPLS core 58

57 Two-Way Pseudowire Redundancy Independent Operation Mode Every PE decides the local forwarding status of the PW; i.e. ctive or Standby PE1 ctive MPLS PW ctive PE2 PW is selected as ctive for forwarding if it is declared as ctive by both local and remote PEs PE1 ctive Standby PE2 PW is selected as Standby for forwarding if it is declared as Standby by either local or remote PE PE1 Standby Standby PE2 PE1 Standby ctive PE2 59

58 Two-Way Pseudowire Redundancy Determining Pseudowire State VPWS / H-VPLS (U-PE) two-way coupled: When C changes state to ctive 1, both PWs will advertise ctive When C changes state to Standby 1, both PWs will advertise Standby C ctive C Standby PW PW ctive ctive Standby Standby H-VPLS (U-PE) two-way decoupled: Regardless from C state, Primary PW and Backup PWs will advertise ctive state For H-VPLS (N-PE), all PWs in are ctive simultaneously, for both access and core PWs ctive Standby C C PW PW ctive ctive ctive ctive (1) ctive / Standby C states determined for example by mlcp 60

59 Two-Way Pseudowire Redundancy Determining Pseudowire State (Cont.) VPLS Two-way Coupled: When at least 1 C in changes state to ctive, all PWs in will advertise ctive When all Cs in change state to Standby, all PWs in will advertise Standby mode Standby Standby ctive Standby Standby Standby C C PW PW ctive ctive ctive Standby Standby Standby VPLS Two-way Decoupled: Regardless from C states, all PWs in will advertise ctive state Standby Standby ctive Standby Standby Standby C C PW PW ctive ctive ctive ctive ctive ctive 61

60 ggregation and Core Resiliency Mechanisms Ethernet VPN (EVPN and PBB-EVPN) Redundancy

61 EVPN and PBB-EVPN See BRKMPL-2333 for more THURS 9:00-11:00am xevpn introduces next generation solutions for Ethernet services BGP control-plane for Ethernet Segment and MC distribution and learning over core Same principles as L3VPNs EVPN No use of Pseudowires MP2P tunnels for unicast Multi-destination frame delivery via ingress replication (over MP2P tunnels) or LSM ll-ctive Redundancy with Flowbased load-balancing EVPN VPWS PBB- EVPN 63

62 Split Horizon For Ethernet Segments EVPN ESI-1 ESI-2 Challenge: CE1 How to prevent flooded traffic from echoing Echo! back to a multi-homed Ethernet Segment? PE1 PE3 CE3 CE5 PE advertises in BGP a split-horizon label (ESI MPLS Label) associated with each multi-homed Ethernet Segment Split-horizon label is only used for multi-destination frames (Unknown Unicast, Multicast & Broadcast) When an ingress PE floods multi-destination traffic, it encodes the Split- Horizon label identifying the source Ethernet Segment in the packet Egress PEs use this label to perform selective split-horizon filtering over the attachment circuit CE4 PE2 PE4

63 Split Horizon For Ethernet Segments PBB-EVPN ESI-1 ESI-2 Challenge: How to prevent flooded traffic from echoing back to a multi-homed Ethernet Segment? CE1 Echo! B-MC1 B-MC1 PE1 PE3 CE3 CE5 CE4 PE2 PE4 PEs connected to the same MHD use the same B-MC address for the Ethernet Segment 1:1 mapping between B-MC and ESI (for ll-ctive Redundancy with flow-based LB) Disposition PEs check the B-MC source address for Split-Horizon filtering Frame not allowed to egress on an Ethernet Segment whose B-MC matches the B- MC source address in the PBB header.

64 Designated Forwarder (DF) DF Election Challenge: How to prevent duplicate copies of flooded traffic from being delivered to a multi-homed Ethernet Segment? PEs connected to a multi-homed Ethernet Segment discover each other via BGP. These PEs then elect among them a Designated Forwarder responsible for forwarding flooded multi-destination frames to the multi-homed Segment. DF Election granularity: Per Ethernet Tag on Ethernet Segment (EVPN) Per I-SID on Ethernet Segment (PBB-EVPN) CE1 ESI-1 PE1 PE2 PE3 PE4 ESI-2 CE2 Duplicate!

65 Designated Forwarder (DF) DF Filtering MHD ll-ctive with Per-Flow Load Balancing CE Filtering Direction: Filtered Traffic: DF PE1 PE2! DF Filtering Non-DF MPLS Core to Segment Legend Flooded multi-destination Multi-destination Traffic Unicast Traffic MHD / MHN Single-ctive with Per-Service Load Balancing CE1 MHN CE CE2! PE1 PE2 PE1 PE2 DF Filtering MPLS MPLS Filtering Direction: Core to Segment Segment to Core DF! DF Non-DF DF Filtering Non-DF Filtered Traffic: Flooded multi-destination Unicast 67

66 MC Flushing Mechanisms

67 Why MC Flushing Is Needed? Topology Changes Y X Y X Y Y Y X Y X Y Y X X Y Y X Y X X Y X Y X Y X X Y X B X Y X Y Filtering Entries Populated from Conversation X-Y fter a Change in the Topology, Starred Entries re Incorrect Bridges learn the location of the stations from the traffic they forward Mac-addresses are added to a filtering table fter a failure, the filtering table must be updated 69

68 G.8032 MC Flushing Notification Nodes evaluate every R-PS message received. If the message indicates that the location of blocking has moved (via Node ID and BPR), then flushing is triggered. specific R-PS Event Message with Flush indication is used to trigger a burst of 3 flushes from one ring to another in case of cascaded rings R-PS (Event -Flush) 2 3 Flush R-PS(SF) B 1 F Flush C R-PS (Event -Flush) E D R-PS(SF) 70

69 REP Topology Change Notification On topology change, nodes next to fault send Blocked Port dvertisement (BP) with Topology Change (TC) bit set to 1 Nodes react to this by flushing their MC tables for affected VLN(s) Topology changes not propagated beyond segment except by explicit configuration Primary Edge Port 0/1 M1 Primary Edge Port 0/1 Flush Flush Flush BP, TC = 1 Common Link Common Link BP, TC = 1! Secondary Edge Port 0/2 Secondary Edge Port 0/2 Flush Flush M2 Flush M2 M1 71

70 RSTP Topology Change Notification Rapid STP (IEEE 802.1D-2004) introduced new Topology Change Notification mechanism (from IEEE 802.1D-1998) M2 Detection Transitions from blocking to forwarding state cause topology change i.e., only increase in connectivity is TC Link Down events no longer trigger TCN Edge ports (port-fast) are not flushed Notification via TCN Flag in configuration BPDU TCN BPDU no longer used; no ack required (TC flag not used) Broadcasted on the network by the initiator (not by the Root bridge as in IEEE 802.1D-1998) Flush Flush M1 Flush BPDU TC = 1 RSTP RSTP BPDU TC = 1 Flush M2 Flush Flush M1 72

71 Multiple VLN Registration Protocol (MVRP) pplication of IEEE 802.1ak Multiple Registration Protocol (MRP) Builds dynamic VLN reachability trees within a spanning tree instance Enables source pruning of floods Defines new declaration messages as a replacement for TCNs Sent in addition to existing STP TC messages Generated by ports declaring a given VID on bridges that detect a topology change Net effect only VLNs active in the area of the network that is actually affected by the topology change are flushed VLNs not present in that part of the network are unaffected VLNs that are affected are only flushed in the affected sub-tree VLN 100 Reachability Tree! VLN 200 Reachability Tree MSTI for VLNs 100 & 200 Blocked link in MSTI Bridge Flush (New Declaration) 73

72 LDP MC ddress Withdrawal PE Topology Change detected IP/MPLS Core PE C LDP MC Withdrawal Transmitted by a VPLS PE that detects a topology change to all other PEs in the VPLS instance Out of band indication Optionally may contain a list of MC addresses to be flushed If MC list is empty flush all addresses except those learnt from transmitting PE If specific MC remove specified MC address(es) Defined in RFC4762 PE B PE D 74

73 End-to-End Redundancy Solutions

74 End-to-End Redundancy Solutions Service Type Transport Enabler ccess Redundancy Protocol / Feature E-LINE VPWS Hub and Spoke (ctive / Backup) mlcp + 2-way PW Red. (coupled mode) E-LINE VPLS Ring MST + MST-G E-LINE VPLS Ring G.8032 IP / L3VPN (e.g. Video Distribution) Ethernet (*) E-LN VPLS (*) E-LN H-VPLS Hub and Spoke (ctive / Backup) Hub and Spoke (ctive / Backup) Hub and Spoke (ctive / Backup) mlcp + VRRP mlcp + 2-way PW Red. (decoupled mode) mlcp + 2-way PW Red. (decoupled mode) (*)E-LN VPLS Ring REP (*) See ppendix Section 76

75 E-LINE vailability Models ctive/backup ccess Node Redundancy (mlcp)

76 E-LINE vailability Model ctive / Backup ccess Node Redundancy (mlcp) Port / Link Failures I Events Initial state VPWS F -C Port / Link Failures F C S 3 ctive Po detects failure 1 and signals failover over ICCP F F B LCP 1 ICCP ICCP LCP 1 B Failover triggered on DHD 2 Standby link brought up per LCP proc. 1 B 2 S 4 S 3 4 ctive Po advertises Standby state on its PWs Standby Po advertises ctive state on its PWs For VPWS Coupled Mode, attachment circuit (C) state (ctive/standby) drives PW state advertised to remote peers Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 78

77 E-LINE vailability Model ctive / Backup ccess Node Redundancy (mlcp) Port / Link Failures (cont.) I Events Initial state VPWS F -C Port / Link Failures F C S ctive Po detects failure 1 and signals failover over ICCP F B 1 B Failover triggered on DHD F LCP ICCP ICCP LCP 2 Standby link brought up per LCP proc. 3 ctive Po advertises Standby state on its PWs S 4 Standby Po advertises ctive state on its PWs Local site access failure does not trigger LCP failover at remote site (i.e. control-plane separation between sites) Forwarding EoMPLS PW E End State Non-Forwarding EoMPLS PW 79

78 E-LINE vailability Model ctive / Backup ccess Node Redundancy (mlcp) Po Node Failure F D I Events Initial state VPWS F D ctive Po Node Failure Standby Po detects node 1 failure (BFD timeout or IP route-watch) LCP 1 ICCP ICCP LCP 1 B Failover triggered on DHD 1 B 2 S 3 S 2 3 Standby link brought up per LCP proc. Standby Po advertises ctive state on its PWs Po node failures detected by BFD (session timeout) or IP route-watch (loss of routing adjacency) Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 80

79 E-LINE vailability Model ctive / Backup ccess Node Redundancy (mlcp) Po Node Failure (cont.) F D I F D VPWS Events Initial state ctive Po Node Failure S Standby Po detects node 1 failure (BFD timeout or IP route-watch) LCP ICCP ICCP LCP 1 B Failover triggered on DHD 2 Standby link brought up per LCP proc. 3 Standby Po advertises ctive state on its PWs S E End State No remote LCP switchover even if remote Pos detect loss of PW before local LCP switchover is performed Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 81

80 E-LINE vailability Models Ring ccess Node Redundancy (G.8032)* (*) same principle applies to REP

81 E-LINE vailability Model Ring ccess Node Redundancy (G.8032) G.8032 Ring Span Failure Blocked Port VPLS Events I Initial state F B B RPL Owner 1 B G.8032 G.8032 F B Ring Span failure ccess switches and B detect link failure. Send 1 -B R-PS Signal Fail (SF) on the ring 2 1 RPL Owner 3 G.8032 Open Ring without R-PS Virtual Channel, terminating on ggregation Nodes VLN load balancing using two ERP instances with RPL Owners on ggregation Nodes. 2 3 ccess nodes in the ring flush MC tables and propagate R-PS SF RPL owner GG node receives R-PS and unblocks RPL owner port Non-Forwarding EoMPLS PW Forwarding EoMPLS PW R-PS Channel vlan 85

82 E-LINE vailability Model Ring ccess Node Redundancy (G.8032) VPLS F B B G.8032 Ring Span Failure (cont.) 1 B 4 5 RPL Owner Blocked port 3 4 Events RPL owner GG node receives R-PS SF and unblocks RPL owner port GG nodes flush MC tables. Trigger LDP MC add withdrawal to VPLS peers G.8032 G Remote peers flush MC tables 1 RPL Owner Forwarding EoMPLS PW Non-Forwarding EoMPLS PW R-PS Channel vlan 86

83 E-LINE vailability Model Ring ccess Node Redundancy (G.8032) VPLS G.8032 Ring Span Failure (cont.) Blocked port 5 E Events Remote peers flush MC tables End State RPL Owner F B G.8032 G.8032 RPL Owner Forwarding EoMPLS PW Non-Forwarding EoMPLS PW R-PS Channel vlan 87

84 PBB-EVPN Models ll-ctive Load-Balancing

85 PBB-EVPN Failure Scenarios / Convergence Link / Segment Failure ll-ctive Load-Balancing 1 PE1 detects failure of one of its attached segments 2 PE1 withdraws B-MC advertised for failed segment (B-M1) PE1 PE3 B-M1 B-M2 CE1 CE3 2 MPLS 3 PE1 withdraws Ethernet Segment Route B-M1 B-M2 PE3 / PE4 remove PE1 from path list for B- MC (B-M1) 4 PE2 reruns DF election. Becomes DF for all I- SIDs on segment PE2 PE4 PE3, PE4 RIB VPN MC ESI RT-a B-M1 n/a Path List NH PE1 PE2

86 PBB-EVPN Failure Scenarios / Convergence PE Failure Core Isolation 1 PE1 experiences a node failure (e.g. power failure) PE1 2 BGP RR / PE3 detects BGP session time-out with PE1 PE3 3 PE1 sends LCP Out Of Sync in order for CE1 to take port out of the bundle PE1 1 PE1 looses connectivity to the core PE3 2 BGP RR / PE3 detects BGP session time-out with PE1 B-M1 B-M2 LCP PDU B-M1 B-M2 CE1 CE3 CE1 CE3 2 BGP RR / PE2 detects BGP session time-out with PE1 4 PE2 recalculates DF/BDF. Becomes DF for all I-SIDs on segment B-M1 PE2 2 MPLS BGP RR / PE4 detects BGP session timeout with PE1 PE4 PE3, PE4 RIB B-M2 VPN MC ESI RT-a B-M1 n/a 3 PE3 / PE4 invalidate routes from PE1 Path List NH PE1 PE2 2 BGP RR / PE2 detects BGP session timeout with PE1 B-M1 PE2 5 PE2 recalculates DF/BDF. Becomes DF for all I-SIDs on segment 2 MPLS BGP RR / PE4 detects BGP session timeout with PE1 PE4 B-M2 PE3, PE4 RIB VPN MC ESI RT-a M1 ES1 4 PE3 / PE4 invalidate routes from PE1 Path List NH PE1 PE2 90

87 Platform Support

88 Carrier Ethernet Portfolio Cisco Platform Support Pre-ggregation / ggregation Small POP ggregation Large POP ccess Cisco ME3400 / ME3400E Cisco ME3600X Cisco ME3600X-24CX Cisco SR 901 Cisco ME3800X Cisco SR 903 SR 9000 SR 1000 Cisco

89 Summary

90 Key Takeaways Various access redundancy mechanisms are available, which enable node as well as network multi-homing: Multichassis LCP (mlcp) ICCP Service Multi-Homing (ICCP-SM) G.8032 REP MST ccess Gateway ggregation/core redundancy mechanisms operating at the service layer primarily protect against PE node failures: One-way & Two-way Pseudowire Redundancy EVPN & PBB-EVPN Redundancy bove mechanisms can interwork to provide comprehensive end-to-end resiliency solutions for E-Line, E-LN and Layer 3 services 94

91 Complete Your Online Session Evaluation Complete your online session evaluation Complete four session evaluations and the overall conference evaluation to receive your Cisco Live T-shirt 95

92

93 References Cisco IOS L2VPN Pseudowire Redundancy guration_guide_chapter.html Cisco IOS Multichassis LCP Configuration Guide Cisco ME 3400 / 3400E REP Configuration Guide ep.html Cisco 7600 ES+ Layer 1 and Layer 2 features (covering MST / REP on EVC, Twoway PW redundancy, ICCP, mlcp, MST-G) Cisco 7600 H-VPLS N-PE Redundancy for QinQ and MPLS ccess (covering MST on npe, LDP MC ddress Withdrawal) red.html Cisco 7600 Link State Tracking 97

94 References (Cont.) Cisco SR 9000 Configuring Link Bundles (covering Multichassis LCP) un.html Cisco SR 9000 L2VPN and Ethernet Services Configuration Guide (covering MST, MST-G, PW Redundancy, LDP MC ddress Withdrawal) ml Cisco SR 9000 Implementing Multipoint Layer 2 Services (covering G.8032) mps.html Cisco SR 903 ggregation Services Router Configuration Guide Cisco SR 901 ggregation Services Router Configuration Guide 98

95 cronyms IP and MPLS cronym Description cronym Description C ttachment Circuit PW Pseudo-Wire S utonomous System PWE3 Pseudo-Wire End-to-End Emulation BFD Bidirectional Failure Detection QoS Quality of Service CoS Class of Service RD Route Distinguisher ECMP Equal Cost Multipath RIB Routing Information Base EoMPLS Ethernet over MPLS RR Route Reflector FRR Fast Re-Route RSVP Resource Reservation Protocol H-VPLS Hierarchical VPLS RSVP-TE RSVP based Traffic Engineering IETF Internet Engineering Task Force RT Route Target IGP Interior Gateway Protocol TE Traffic Engineering LDP Label Distribution Protocol tldp Targeted LDP LER Label Edge Router VC Virtual Circuit LFIB Labeled Forwarding Information Base VCID VC Identifier LSM Label Switched Multicast Virtual Forwarding Instance LSP Label Switched Path VPLS Virtual Private LN Service LSR Label Switching Router VPN Virtual Private Network MPLS Multi-Protocol Label Switching VPWS Virtual Private Wire Service NLRI Network Layer Reachability Information VRF Virtual Route Forwarding Instance PSN Packet Switch Network VSI Virtual Switching Instance 99

96 cronyms Ethernet/Bridging cronym CL BD BP BPDU BRS CE C-VLN / CE- VLN CoS DHD DSLM E-LN E-Line Description ccess Control List Bridge Domain Blocked Port dvertisement (REP PDU) Bridge Protocol Data Unit Broadband ccess Server Customer Equipment (Edge) Customer / CE VLN Class of Service Dual Homed Device DSL ccess Modulator Ethernet LN service (multipoint) Ethernet Line service (point-to-point) cronym EVP-LN ICCP IEEE IPoETV IPTV L2GP LCP LN MEF MEN MIRP Description Ethernet Virtual Private LN Inter-Chassis Communication Protocol Institute of Electrical and Electronics Engineers TV on IP over Ethernet Television over IP Layer 2 Gateway Ports Link ggregation Control Protocol Local rea Network Metro Ethernet Forum Metro Ethernet Network Multiple I-Tag Registration Protocol E-Tree EFP Ethernet Tree service (rooted multipoint) Ethernet Flow Point mlcp Multi-Chassis LCP EPL Ethernet Private Line MRP Multiple Registration Protocol EP-LN Ethernet Private LN MST / MSTP Multiple Instance STP EVC EVPL Ethernet Virtual Connection Ethernet Virtual Private Line MSTG-G MST ccess Gateway 100

97 cronyms Ethernet/Bridging (Cont.) cronym MSTi MTBF MTTR MVRP OM Description MST Instances Mean Time Between Failures Mean Time To Recover Multiple VLN Registration Protocol Operations, dministration and Maintenance cronym TCN UNI VID VLN VoD Description Topology Change Notification User to Network Interface VLN Identifier Virtual LN Video on Demand PE Provider Edge device VoIP Voice over IP Po Point of ttachment Q-in-Q VLN tunneling using two 802.1Q tags QoS Quality of Service R-L2GP Reverse L2GP REP Resilient Ethernet Protocol REP-G REP ccess Gateway RG Redundancy Group SL Service Level greement SLS Service Level Specification STP Spanning Tree Protocol SVI Switch Virtual Interface (interface vlan) S-VLN Service VLN (Provider VLN) TC Topology Change 101

98 cronyms Provider Backbone Bridging cronym B-BEB BCB B-D BEB B-MC B-S B-Tag B-VLN C-D CE C-MC C-S Description B-Component BEB Backbone Core Bridge Backbone Destination ddress Backbone Edge Bridge Backbone MC ddress Backbone Source ddress B-VLN Tag Backbone VLN Customer Destination ddress Customer Equipment (Edge) Customer MC ddress 80 C-VLN Tag C-VLN / CE- VLN D FCS IB-BEB Customer Source ddress Customer / CE VLN Destination MC ddress Frame Check Sequence Combined I-Component & B-Component BEB cronym I-BEB IEEE I-SID I-Tag MC N-PE PB PBB PBBN PBN PE Q-in-Q S S-Tag S-VLN UNI U-PE VLN Description I-Component BEB Institute of Electrical and Electronics Engineers Instance Service Identifier I-SID Tag Media ccess Control Network-facing Provider Edge device Provider Bridge Provider Backbone Bridge / Bridging Provider Backbone Bridging Network Provider Bridging Network Provider Edge device VLN tunneling using two 802.1Q tags Source MC ddress S-VLN Tag Service VLN (Provider VLN) User to Network Interface User-facing Provider Edge device Virtual LN 102

99 ppendix End-to-End Redundancy Solutions (Cont.)

100 E-LINE vailability Models Ring ccess Node Redundancy (MST)

101 E-LINE vailability Model Ring ccess Node Redundancy (MST) VPLS MST Ring Span Failure Blocked Ports I Events Initial state Primary STP Root Secondary Root F B Ring Span failure F B MST G MST G 1 ccess switch detects link failure (looses root port), blocks failed port and sends root proposal to B 1 MST MST B selects bottom GG as 2 new root (unblocks port towards it) 2 B 2 B MST G MST G 2 B B blocks port towards Secondary STP Root MST isolation; not carried over MPLS cloud MST ccess Gateway (MST-G) on ggregation Nodes Primary Root STP TCN EoMPLS PW Forwarding EoMPLS PW Non-Forwarding EoMPLS PW MST Native Vlan 105

102 E-LINE vailability Model Ring ccess Node Redundancy (MST) F B MST Ring Span Failure (cont.) 6 Primary STP Root MST G 5 5 Secondary Root MST G Blocked Ports VPLS Events Proposal / greement handshake between B 3 -B and. B unblocks port towards 3 C B flushes MC table. Signals Topology Change (TC) to GG device 1 2 B 3 3 B B MST 3 C 4 B MST G 4 5 MST G MST GG flushes MC table. 4 Triggers LDP MC add. withdrawal to VPLS peers 4 B GG device propagates TCN over BPDU PW 2 Secondary STP Root Primary Root 5 GG (local and remote) flush MC tables Special between GG nodes to relay TCN BPDUs used to trigger MC flushes after a Topology Change (TC) 6 Top GG generates TCN on local ring 106

103 E-LINE vailability Model Ring ccess Node Redundancy (MST) VPLS MST Ring Span Failure (cont.) MST G MST G Blocked Ports 6 E Events Top GG generates TCN on local ring End State F B MST MST MST G MST G Each ring on unique TCN domain for control plane isolation Two MST instances for VLN load balancing over ring STP TCN EoMPLS PW Forwarding EoMPLS PW Non-Forwarding EoMPLS PW MST Native Vlan 107

104 E-LN vailability Models ctive/backup ccess Node Redundancy (mlcp)

105 E-LN vailability Model ctive / Backup ccess Node Redundancy (mlcp) VPLS Port / Link Failures 4 4 I Events Initial state 1 B F C F -C Port / Link Failures F F B ctive Po detects failure 1 and signals failover over ICCP LCP B Failover triggered on DHD ICCP 3 ICCP 4 LCP 2 3 Standby link brought up per LCP proc. Standby Po flushes MC table and triggers LDP MC add. withdrawal to remote peers For VPLS Decoupled Mode, s PWs always advertised in ctive state, regardless of C state 4 Remote PEs flush MC addresses Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 109

106 E-LN vailability Model ctive / Backup ccess Node Redundancy (mlcp) VPLS Port / Link Failures (cont.) Events F C 4 E Remote PEs flush MC addresses End State F B F ICCP ICCP LCP LCP Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 110

107 E-LN vailability Models Ring ccess Node Redundancy (REP)

108 E-LN vailability Model Ring ccess Node Redundancy (REP) VPLS REP Ring Span Failure REP lternate (blocked) port I Events Initial state F B B 1 B REP Primary Edge Port Secondary Edge Port REP F B 1 -B Ring Span failure ccess switches and B detect link failure. Send Blocked Port dvertisement (BP) with TC bit set on the segment 2 1 Secondary Edge Port 3 Primary Edge Port 2 3 ccess nodes in the ring flush MC tables and propagate BP GG node receives BP and unblocks alternate port REP enabled segment with Edge Ports on ggregation Nodes VLN load balancing using lternate Port configured on Secondary Edge Port Forwarding EoMPLS PW Non-Forwarding EoMPLS PW REP dmin vlan 112

109 E-LN vailability Model Ring ccess Node Redundancy (REP) VPLS F B B REP Ring Span Failure (cont.) 1 B Primary Edge Port 4 5 Secondary Edge Port REP lternate (blocked) port 3 4 Events GG node receives BP and unblocks alternate port GG nodes flush MC tables. Trigger LDP MC add withdrawal to VPLS peers 1 REP 4 5 REP 5 Remote peers flush MC tables Secondary Edge Port Primary Edge Port 2 3 Forwarding EoMPLS PW Non-Forwarding EoMPLS PW REP dmin vlan 113

110 E-LN vailability Model Ring ccess Node Redundancy (REP) VPLS REP Ring Span Failure (cont.) REP lternate (blocked) port 5 E Events Remote peers flush MC tables End State F B Primary Edge Port Secondary Edge Port REP REP Secondary Edge Port Primary Edge Port Topology depicted shows full mesh VPLS but can also be implemented using H-VPLS with ctive/standby PWs Forwarding EoMPLS PW Non-Forwarding EoMPLS PW REP dmin vlan 114

111 E-LN vailability Models H-VPLS (MPLS ccess) ctive/backup ccess Node Redundancy (mlcp)

112 E-LN vailability Model ctive / Backup ccess Node Redundancy (mlcp) Port / Link Failures I Events Initial state H-VPLS F F B LCP F C 1 ICCP 4 F -C Port / Link Failures ctive Po detects failure 1 and signals failover over ICCP 1 B Failover triggered on DHD 2 Standby link brought up per LCP proc. 1 B 2 3 For H-VPLS Decoupled Mode, Primary/Backup PW in active/active states respectively, regardless of C state 3 4 Standby Po flushes MC table and triggers LDP MC add. withdrawal to VPLS hub PE Hub PE flushes MC addresses and triggers LDP MC address withdrawal to other hub PEs Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 116

113 E-LN vailability Model ctive / Backup ccess Node Redundancy (mlcp) H-VPLS Port / Link Failures 4 Events Hub PE flushes MC addresses and triggers LDP MC address withdrawal to other hub PEs F C E End State F B F LCP ICCP Failure of VPLS Hub PE (detected by loss of routing adjacency (IP route-watch)), triggers failover to backup PW No LCP switchover performed Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 117

114 IP / L3VPN Gateway vailability Models mlcp + VRRP

115 IP / L3VPN Gateway vailability Model ctive / Backup ccess Node Redundancy (mlcp) Port / Link Failures I F -C Events Initial state Port / Link Failures 1 B F 2 F B LCP F C 1 S ICCP BD / SVI/ 3 BVI Bridge Domain with associated SVI (BVI) for IP / L3VPN access. with a single PW to peer (Decoupled Mode). VRRP Group on SVI (BVI) for L3 First Hop Redundancy. PW BD / 4 VRRP SVI/ BVI Forwarding EoMPLS PW ctive Po detects failure 1 and signals failover over ICCP 1 B Failover triggered on DHD Standby link brought up per LCP proc. Standby Po flushes MC table. Standby Po triggers LDP MC add. withdrawal to peer. Peer flushes its MC table. Non-Forwarding EoMPLS PW 119

116 IP / L3VPN Gateway vailability Model ctive / Backup ccess Node Redundancy (mlcp) Port / Link Failures (cont.) I F -C Events Initial state Port / Link Failures BD / ctive Po detects failure 1 and signals failover over ICCP F F B LCP F C ICCP PW VRRP SVI/ BVI 1 B Failover triggered on DHD 2 3 Standby link brought up per LCP proc. Standby Po flushes MC table. BD / SVI/ BVI 4 E Standby Po triggers LDP MC add. withdrawal to peer. Peer flushes its MC table. End State Using VRRP Object Tracking on access links, it is possible to synchronize VRRP failover with mlcp failover (for optimal forwarding to core). Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 120

117 IP / L3VPN Gateway vailability Model ctive / Backup ccess Node Redundancy (mlcp) Node Failure I F D Events Initial state ctive Po Node Failure F D BD / ICCP: Standby Po detects 1 node failure (BFD timeout or IP route-watch) LCP 1 ICCP PW VRRP SVI/ BVI 1 B VRRP: Standby Po detects node failure after Hold Timer expiry (due to missed VRRP dvertisements) 2 Failover triggered on DHD 1 B 2 3 Standby link brought up per LCP proc. 3 S BD / 4 4 B SVI/ BVI 4 4B Standby Po flushes its MC table. Standby Po assumes VRRP Master state. Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 121

118 IP / L3VPN Gateway vailability Model ctive / Backup ccess Node Redundancy (mlcp) Node Failure (cont.) I F D Events Initial state ctive Po Node Failure F D BD / ICCP: Standby Po detects 1 node failure (BFD timeout or IP route-watch) LCP ICCP PW VRRP SVI/ BVI VRRP: Standby Po detects node failure after Hold Timer expiry (due to missed VRRP dvertisements) 2 Failover triggered on DHD 1 B 3 Standby link brought up per LCP proc. S BD / 4 Standby Po flushes its MC table. SVI/ BVI 4B Standby Po assumes VRRP Master state. Forwarding EoMPLS PW Non-Forwarding EoMPLS PW E End State 122

119 IP / L3VPN Gateway vailability Model ctive / Backup ccess Node Redundancy (mlcp) I Events Initial state Uplink Core Failure (Po Core Isolation) 2 3 LCP 1 S ICCP BD / PW BD / VRRP 2 B SVI/ BVI 1 B F E F E Core Isolation 1 ICCP: ctive Po detects core isolation and signals failover over ICCP VRRP: ctive Po decrements VRRP priority 1 B as a result of tracked object state Down ctive Po signals failover to DHD (dynamic port 2 priority changes / bruteforce) 2 B Standby Po assumes VRRP Master role. 3 Standby link brought up per LCP proc. SVI/ BVI VRRP Object Tracking must be enabled on the core-facing interfaces (same interfaces that are monitored by ICCP). Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 123

120 IP / L3VPN Gateway vailability Model ctive / Backup ccess Node Redundancy (mlcp) Uplink Core Failure (Po Core Isolation) LCP ICCP BD / 5 PW VRRP SVI/ BVI F E 4 5 E Events Standby Po flushes its MC table. Standby Po triggers LDP MC add. withdrawal to peer. Peer flushes its MC table. End State S BD / SVI/ 4 BVI Note: mlcp Revertive operation must be used, since VRRP object tracking is revertive. Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 124

121