Redundancy Mechanisms for Carrier Ethernet and Layer 2 VPN Services

Transcription

1

2 Redundancy Mechanisms for Carrier Ethernet and Layer 2 VPN Services

3 Agenda Introduction Resiliency Fundamentals Access Resiliency Mechanisms Aggregation and Core Resiliency Mechanisms MAC Flushing Mechanisms Redundancy Solutions Summary 3

4 Introduction

5 Carrier Ethernet Networks Mobile Content Farm Residential Access Aggregation Edge MSPP VOD TV SIP Cable Business Corporate Residential STB DSL ETTx MPLS / IP BNG DPI Core Network MPLS /IP Content Farm PON Ethernet SR/PE Focus of presentation VOD TV SIP 5

6 Resiliency Fundamentals

7 Resiliency Fundamentals Resiliency definition from Metro Ethernet Forum: A self-healing property of the network that allows it to continue to function with minimal or no impact to the network users upon disruption, outages or degradation of facilities or equipment in the MEN [MEF-2] User s perspective SLA attributes such as: Availability Mean Time To Restore (MTTR) Mean Time Between Failure (MTBF) Actual methods and mechanisms used by SP not relevant Provider s perspective Translation of SLAs to network protection requirements Selection of mechanisms / protocols to provide such protection 7

8 Ethernet-Aware Resiliency Mechanisms Key Requirements MUST NOT allow data-plane loops Not even transient ones, as Ethernet header has no Time To Live (TTL) or equivalent field MUST ensure congruency of forward and reverse dataplane paths Prevent MAC moves in scenarios with Load Balancing MUST ensure a unique entry/exit point into an Ethernet segment Prevent delivery of duplicate packets - Designated Forwarder notion MUST ensure MAC-flushing and relearning after topology change notification Prevent black-holing of traffic - MAC address tables must be updated after reconvergence events 8

9 Access Resiliency Mechanisms

10 Access Resiliency Mechanisms Multi-Chassis LACP (mlacp) and Inter-Chassis Communication Protocol (ICCP)

11 Multi-Chassis LACP and ICCP Overview mlacp & ICCP enable a switch/router to use standard Ethernet Link Aggregation for device dual-homing, with active/standby redundancy Dual-homed Device (DHD) operates as if it is connected to single virtual device and runs IEEE std AX-2008 (LACP) Point of Attachment (PoA) nodes run Inter-chassis Communication Protocol (ICCP) to synchronize state & form a Redundancy Group (RG) mlacp Standby PoA Redundancy Group (RG) DHD Inter-chassis Communication Protocol (ICCP) Link Aggregation Group LACP Active PoA 11

12 Protected Failure Points mlacp Offers Protection Against 5 Failure Points: A: DHD Port Failure B: DHD Uplink Failure C: Active PoA Port Failure D: Active PoA Node Failure E: Active PoA Isolation from Core Network Standby PoA DHD A B C D Active PoA E 12

13 Background: Link Aggregation Control Protocol System attributes: System MAC address: MAC address that uniquely identifies the switch System priority: determines which switch s Port Priority values win Aggregator (bundle) attributes: Aggregator key: identifies a bundle within a switch (per node significance) Maximum links per bundle: maximum number of forwarding links in bundle used for Hot Standby configuration Minimum links per bundle: minimum number of forwarding links in bundle, when threshold is crossed the bundle is disabled Key: 10 System Priority: 3 System MAC: M2 Key: 35 Agg3 Agg4 Port #: 1, Priority: 10 Port #: 2, Priority: 11 Port #: 3, Priority: 5 Port #: 4, Priority: 6 Agg1 Agg2 Key: 10 System Priority: 5 System MAC: M1 Key: 20 13

14 Background: Link Aggregation Control Protocol (Cont.) Port attributes: Port key: defines which ports can be bundled together (per node significance) Port priority: specifies which ports have precedence to join a bundle when the candidate ports exceed the Maximum Links per Bundle value Port number: uniquely identifies a port in the switch (per node significance) Key: 10 System Priority: 3 System MAC: M2 Key: 35 Agg3 Agg4 Port #: 1, Priority: 10 Port #: 2, Priority: 11 Port #: 3, Priority: 5 Port #: 4, Priority: 6 Agg1 Agg2 Key: 10 System Priority: 5 System MAC: M1 Key: 20 14

15 Extending LACP Across Multi-Chassis: mlacp mlacp uses ICCP to synchronize LACP configuration & operational state between PoAs, to provide DHD the perception of being connected to a single switch All PoAs use the same System MAC Address & System Priority when communicating with DHD Configurable or automatically synchronized via ICCP Every PoA in the RG is configured with a unique Node ID (value 0 to 7). Node ID + 8 forms the most significant nibble of the Port Number For a given bundle, all links on the same PoA must have the same Port Priority DHD Port #: 0x9001, Port Priority 1 PoA1 Node ID: 1 ICCP Node ID: 2 System MAC: aaaa.bbbb.cccc System Priority: 1 LACP PoA2 Port #:0xA001, Port Priority 2 15

16 Inter-Chassis Communication Protocol ICCP allows two or more devices to form a Redundancy Group ICCP provides a control channel for synchronizing state between devices ICCP uses TCP/IP as the underlying transport ICCP rides on targeted LDP session, but MPLS need not be enabled Various redundancy applications can use ICCP: mlacp Pseudowire redundancy Under standardization in the IETF: draft-ietf-pwe3-iccp-07.txt RG ICCP over Dedicated Link RG ICCP over Shared Network 16

17 Failover Operation Port/Link Failures DHD 3. LACP Exchanges Step 1 For port/link failures, active PoA evaluates number of surviving links (selected or standby) in bundle: If > M, then no action If < M, then trigger failover to standby PoA Step 2A Active PoA signals failover to standby PoA over ICCP Step 2B Failover is triggered on DHD by one of: Dynamic Port Priority Mechanism: real-time change of LACP Port Priority on active PoA to cause the standby PoA links to gain precedence Brute-force Mechanism: change the state of the surviving links on active PoA to admin down Step 3 Standby PoA and DHD bring up standby links per regular LACP procedures A 2B. Dynamic Port Priority or Brute-force failover L = 2 B C Standby PoA ICCP Active PoA Max Links per Bundle: L Min Links per Bundle: M 2A. Signal failover over ICCP 1. Evaluate # of links 18

18 Failover Operation 2. LACP Exchanges Standby PoA Node Failure DHD ICCP 1A. IP Route-Watch or BFD timeout 1B. Links Down D Active PoA Step 1A Standby PoA detects failure of Active PoA via one of: IP Route-watch: loss of IP routing adjacency BFD: loss of BFD keepalives Step 1B DHD detects failure of all its uplinks to previously active PoA Step 2 Both Standby PoA and DHD activate their Standby links per regular LACP procedures 19

19 Failover Operation 3. LACP Exchanges Standby PoA PoA Isolation from Core DHD 2B. Dynamic Port Priority or Brute-force failover ICCP Active PoA E 2A. Signal failover over ICCP 1. Detect core isolation Step 1 Active PoA detects all designated core interfaces are down Step 2A Active PoA signals standby PoA over ICCP to trigger failover Step 2B Active PoA uses either Dynamic Port Priority or Brute-force Mechanism to signal DHD of failover Step 3 Standby PoA and DHD bring up standby links per regular LACP procedures 20

20 Access Resiliency Mechanisms mlacp Active/Active (per VLAN Load-Balancing) a.k.a Pseudo mlacp

21 Conceptual Model mlacp Active/Active port PoA1 Access Virtual LACP Peer ICCP Aggregation Or Core PoA ports are configured to assume mlacp Active/Active (mlacp-aa) role: Ports act as if connected to a virtual device over an MC-LAG with mlacp Ports placed in Active/Active Mode with manual VLAN load-balancing Access node perceives the ports/links to each PoA as being independent. Supports Dual Homed Device (DHD) PoA2 23

22 Setup Allow: VLAN 1-10 POA 1 Bundle 1 Allow: VLAN 1-20 Block: VLAN DHD Bundle 3 ICCP Bundle 2 Allow: VLAN 1-20 Block: VLAN 1-10 Allow: VLAN POA 2 DHD configures all uplinks towards a single POA in a bundle (LAG) Links towards different POAs belong to different bundles DHD enables all VLANs on both bundles to PoAs POAs configured to allow certain VLANs and block others A given VLAN can be active on a single PoA at a time Per VLAN load-balancing Traffic from DHD to core initially flooded to both PoAs until DHD learns which bundle is active for what VLANs 24

23 Fault Protection Points Provide Protection Against 5 Failure Points: A: DHD Uplink Port Failure B: DHD Uplink Failure C: POA Downlink Port Failure D: POA Node Failure A B POA1 C mlacp-aa D ICCP E E: POA Isolation from core network DHD A B C D E POA 2 25

24 Failure Procedures For Failure Points A, B, and C 3 4 Standby POA DHD 1 A B mlacp-aa C ICCP 2 Active POA 1. DHD & Active POA detect port down 2. Active POA signals switchover to Standby via ICCP 3. Standby unblocks affected VLANs over downlink and flushes its MAC tables 4. Standby triggers Multiple VLAN Registration Protocol (MVRP) new declaration towards DHD to induce MAC flushing 1 26

25 Failure Procedures For Failure D 1, 2 3 Standby POA DHD mlacp-aa ICCP D Active POA 1. Standby POA detects failure of active POA via IP Route-Watch or BFD 2. Standby POA unblocks affected VLANs over downlink 3. Standby POA flushes its MAC tables & triggers MVRP MAC flush notification towards DHD 27

26 Failure Procedures For Failure E 4 3 Standby POA DHD mlacp-aa ICCP 2 1. Active POA detects isolation from core, blocks its previously active VLANs 2. Active POA informs standby POA of need to failover via ICCP 3. Standby POA activates (unblocks) affected VLANs on downlink and flushes its MAC tables 4. Standby POA triggers MVRP registrations with new bit set (for affected VLANs) towards DHD to trigger MAC flushing. 1 E Active POA 28

27 Access Resiliency Mechanisms Other Multi-chassis Link Aggregation Solutions

28 Virtual Port Channel vpc vpc is a multi-chassis link aggregation mechanism active/active redundancy model flow-based load-balancing Independent control plane on the peers. Requires a dedicated interconnect between peers (vpc Peer Link) synchronize state between peers Carry normal flooded traffic and all traffic in case of vpc member port failure Uses Cisco Fabric Services (CFS) protocol state synchronization and configuration validation between vpc peer devices Uses a Peer Keepalive link to detect split-brain condition out of band heartbeat, not carried over Peer Link either dedicated link or L3 interconnect over infrastructure vpc peer keepalive link Primary vpc Aggregation CFS vpc peer link Secondary vpc member port vpc peer 30

29 Virtual Switching System (VSS) Two physical switches appear as a single virtual device. Single control-plane (e.g. one IP endpoint) Single management point Dual active forwarding planes Requires dedicated interconnect: Virtual Switch Link (VSL) Used for control plane synchronization and data traffic. Uses special Virtual Switch Header for encapsulating data. All control plane state is SSO synchronized from Active to Standby. Active Virtual Switch Domain Control Plane Virtual Switch Link Data Plane Standby Hot Switch 1 Switch 2 31

30 Comparison Solution Control Plane Configuration Synchronization mlacp Multiple Manual (normalized by ICCP) mlacp Active- Active Dedicated Physical Interconnect Required No Interconnect Usage Control Plane Sync None Load Balancing per DHD Multiple Manual No Control Plane Sync Per VLAN vpc Multiple Manual (verified by Cisco Fabric Services) Yes Control Plane Sync + Data Traffic VSS Single Automatic Yes Control Plane Sync + Data Traffic Per Flow 1 Per Flow 1: With MST or VPLS, there s a single egress point to the Aggregation network. 32

31 Access Resiliency Mechanisms Ethernet Ring Protection (ITU-T G.8032)

32 Overview Protection switching at Ethernet layer Fast convergence (50 ms) with HW support Leverage Ethernet CFM (ITU-T Y.1731) for Fault Detection (IEEE 802.1ag Continuity Check Message - CCM) Control Channel (R-APS) Topology Support Closed Ring Open Ring (G.8032 v.2) Cascaded Rings (Ladder Network) (G8032 v.2) Load Balancing (multi-instance support) (G.8032 v.2) Administrative Tools (G.8032 v.2) Manual Switchover Forced Switchover 34

33 Setup and Basic Operation Setup Map VLANs into Ethernet Ring Protection (ERP) Instances Select Ring Protection Link (RPL) per instance and configure ports as RPL owners Optionally: Configure RPL Neighbor ports Use CFM Down MEPs to monitor link faults via CCMs F A B C CFM Normal Operation When no faults, RPL Owner (and neighbor) are blocked. E D RPL Owner RPL Neighbor (optional) RPL Owner (& neighbor) send R-APS message with No Request/Link Blocked every 5 sec. 35

34 Protected Failure Points G.8032 protects against any single Link, Port or Node failure within a ring A: Failure of a port within the ring B: Failure of a link within the ring C: Failure of a node within the ring C 5 4 B A 36

35 Failure Handling 1. Switches detect link failure via: Link Down Event (PHY based) Loss of CFM CCMs 2. Switches block ports connected to failed link & flush MAC tables 3. Send R-APS messages with Signal Fail (SF) code on other ring port 4. Switches receiving R-APS (SF) flush their MAC forwarding tables 5. RPL Owner (and neighbor) unblock their ports 1 1 F A E B D C 2 2 F 3 A E 3 R-APS(SF) Flush R-APS(SF) B D C F A E 4 Flush 4 4 B D 4 C

36 Open Ring Support Two Solutions: Open ring with R-APS Virtual Channel (VC) R-APS messages flow over a virtual channel supplied by another network to close the ring control channel Ring is closed from control perspective but open from data perspective Open ring without R-APS Virtual Channel (VC) Special handling of R-APS on the ring: R- APS control messages can pass over the RPL to reach all nodes Requires independent blocking of control vs. data channels on RPL owner/neighbor With VC A B R-APS VC A B Without VC RPL Owner F E D C R-APS RPL Neighbor (optional) RPL Owner F E D C R-APS RPL Neighbor (optional) 39

37 Interconnecting Rings Networks can be constructed out of closed and open rings Rule: a given link must belong to a single ring 1 Major ring (closed) and multiple Sub-rings (open) R-APS Event Message to signal MAC flushing notification from one ring to another interconnected ring If one ring provides R-APS VC for a subtended ring, the R-APS channels for the two rings must be in different VLANs for correct operation R-APS Channel PoA1 R-APS Channel Major Sub-Ring Major Ring Sub Sub PoA2 40

38 Ring Instances G.8032 v.2 supports multiple ERP instances over a ring Disjoint VLANs are mapped into instances Every ERP instance can have a different RPL Enables load-balancing over the ring RPL blue Ø PoA1 B A RPL red Ø Core C D PoA2 41

39 Access Resiliency Mechanisms Resilient Ethernet Protocol (REP)

40 REP Protocol Basics A Segment Protocol REP Segment f1 f2 f1 f2 f1 f2 f1 f2 f1 f2 interface f2 rep segment 10 interface f1 rep segment 10 interface f2 rep segment 10 interface f1 rep segment 10 REP operates on chain of bridges called segments A port is assigned to a unique segment using: (config-if)# [no] rep segment {id} A segment can have up to two ports on a given bridge 43

41 REP Protocol Basics Blocked Port Edge Port f2 Alternate Port (blocks traffic) Edge Port f1 f2 f1 f2 f1 f2 f1 f2 f1 f2 f2 Unblocks Link Failure f1 f2 f1 f2 f1 f2 f1 f2 f1 f2 When all links are operational, a unique port blocks the traffic on the segment No connectivity between edge ports over the segment If any failure occurs within the segment, the blocked port goes forwarding 44

42 Protected Failure Points Edge Port A B C Edge Port f1 f2 f1 f2 f1 f2 f1 f2 f1 f2 REP Protects Against Any Single Link, Port or Node Failure Within a Segment A: Failure of a port within the segment B: Failure of a link within the segment C: Failure of a node within the segment 45

43 REP Protocol Basics REP Provides Two Redundant Gateways Bridged Domain Y Bridged Domain Y E1 E2 E1 E2 X X The segment provides one level of redundancy Hosts on the segment can reach the rest of the network through either edge port, as necessary 46

44 Access Resiliency Mechanisms MST Access Gateway (MST-AG) (a.k.a. Reverse Layer 2 Gateway Ports (R-L2GP))

45 Motivation for MST-AG GW1 Access L2 Network 1 Core Network Access L2 Network 2 Terminate multiple Ethernet access networks into same pair of Gateway nodes Each access network maintains independent topology (control plane isolation) Fast convergence in all cases Access nodes run standard MST Gateway nodes act as root bridges GW2 49

46 MST-AG Overview Dynamic MST BPDU Pre-configured MST BPDU Best Bridge MST-AG Ports Access Network Virtual Root Core Network MST-AG ports Send pre-configured BPDUs advertising virtual root by best bridge and 0 cost to root by second best bridge Virtual Root may coincide with the MST-AG node, or not Ignore incoming BPDUs from access network, except for TCN Always in Designated Forwarding state React and relay TCN over a special control pseudowire L2 access network Can have arbitrary topology (e.g. ring or mesh) Runs standard MST protocol Handles port blocking/unblocking Dynamic MST BPDU Pre-configured MST BPDU Second Best Bridge, with 0 cost to root Control PW for TCN Relay Root Port Designated Port Alternate Port 50

47 Protected Failure Points MST-AG Ports D Access Network A B C E Core Network MST-AG Provides Protection Against Any of the Following Failure Points: A: Failure of link connecting access network to gateway B: Failure of gateway access-facing port C: Gateway node failure D: Failure within access network, including access network total split E: Isolation of the gateway from core network (via Link State Tracking feature) 51

48 Failure Scenarios Gateway Direct Failures Access Network A B Root C E MST-AG Ports Core Network Second Best Bridge Access Network Root port Virtual Root Core Network Access switches detect failure Note: for Failure E, gateway brings down line-protocol on link to access MST re-converges in access network, choosing path through second Gateway to reach the root TCN propagated all the way to new root TCN 52

49 Failure Scenarios Access Network Split Root MST-AG Ports D Access Network Core Network Second Best Bridge Access Network Root port Root port Core Network TCN Access network completely partitioned Sub-network isolated from original root selects path through second Gateway TCN is propagated to new root, relayed over control PW and into the other subnetwork 53

50 Aggregation and Core Resiliency Mechanisms

51 One-Way Pseudowire Redundancy Overview CE PE1 MPLS PW 1 PW 2 <IP1, VCID1> PW 3 <IP2, VCID2> Allows dual-homing of one local PE to two or more remote PEs Two pseudowires: primary and backup provide redundancy for a single AC (1:1 Protection) Multiple backup PWs (different priorities) can be defined (N:1) Alternate LSPs (TE Tunnels) can be used for additional redundancy Upon primary PW failure, failover is triggered after a configurable delay (seconds) Configurable Revertive / Non-Revertive upon recovery <IP3, VCID3> 55

52 Pseudowire Redundancy with LDP PW Status Signaling CE PE1 tldp PW PE2 0x Pseudowire forwarding (clear all failures) 0x Pseudowire Not Forwarding 0x Local Attachment Circuit (ingress) Receive Fault 0x Local Attachment Circuit (egress) Transmit Fault 0x Local PSN-facing PW (ingress) Receive Fault 0x Local PSN-facing PW (egress) Transmit Fault 0x PW Preferential Forwarding Status 0x PW Request Switchover Status When set == PW fwd Standby; when cleared == PW fwd Active Only this bit is required/used (with help of ICCP) RFC 4447 draft-ietf-pwe3-redundancy-bit 56

53 One-Way Pseudowire Redundancy Failure Protection Points CE PE1 A MPLS PW 1 B PE2 PW 2 PE3 A. Loss of next hop P node as notified by IGP PW failover is delayed to allow IGP chance to restore B. Loss of Remote PE LDP session timeout BFD timeout 57

54 Two-Way Pseudowire Redundancy Overview CE PE1 A ICCP B PW 2 MPLS PW 1 PW 3 PE3 PE4 PE2 PW 4 Allows dual-homing of two local PEs to two remote PEs PW Preferential Forwarding Status determined by ICCP application (e.g. mlacp) Four pseudowires: 1 primary and 3 backup provide redundancy for a dual-homed device 58

55 Two-Way Pseudowire Redundancy Failure Protection Points CE PE1 A ICCP B PW 2 MPLS PW 1 PW 3 PE3 PE4 PE2 PW 4 A. Failure of primary PE node B. Isolation of primary PE node from the MPLS core 59

56 Two-Way Pseudowire Redundancy Independent Operation Mode Every PE decides the local forwarding status of the PW: Active or Standby MPLS A PW is selected as Active for forwarding if it is declared as Active by both local and remote PEs PE1 Active PW Active PE2 A PW is selected as Standby for forwarding if it is declared as Standby by either local or remote PE PE1 Active Standby PE2 PE1 Standby Standby PE2 PE1 Standby Active PE2 60

57 Two-Way Pseudowire Redundancy Determining Pseudowire State VPWS / H-VPLS (U-PE) two-way coupled: When AC changes state to Active 1, both PWs will advertise Active When AC changes state to Standby 1, both PWs will advertise Standby Active Standby AC AC PW PW Active Active Standby Standby H-VPLS (U-PE) two-way decoupled: Regardless from AC state, Primary PW and Backup PWs will advertise Active state For H-VPLS (N-PE), all PWs in VFI are Active simultaneously, for both access and core PWs Active Standby AC AC PW PW Active Active Active Active (1) Active / Standby AC states determined for example by mlacp 61

58 Two-Way Pseudowire Redundancy Determining Pseudowire State (Cont.) VPLS Two-way Coupled: When at least 1 AC in VFI changes state to Active, all PWs in VFI will advertise Active When all ACs in VFI change state to Standby, all PWs in VFI will advertise Standby mode Standby Standby Active Standby Standby Standby AC AC PW PW Active Active Active Standby Standby Standby VPLS Two-way Decoupled: Regardless from AC states, all PWs in VFI will advertise Active state Standby Standby Active Standby Standby Standby AC AC PW PW Active Active Active Active Active Active 62

59 MAC Flushing Mechanisms

60 Why MAC Flushing Is Needed? Topology Changes Y X Y X Y Y Y X Y X Y Y X X Y Y X Y Y X X X Y X Y X X X Y B X Y X Y Filtering Entries Populated from Conversation X-Y After a Change in the Topology, Starred Entries Are Incorrect Bridges learn the location of the stations from the traffic they forward Mac-addresses are added to a filtering table After a failure, the filtering table must be updated 64

61 G.8032 MAC Flushing Notification Nodes evaluate every R-APS message received. If the message indicates that the location of blocking has moved (via Node ID and BPR), then flushing is triggered. A specific R-APS Event Message with Flush indication is used to trigger a burst of 3 flushes from one ring to another in case of cascaded rings 2 3 Flush R-APS (Event -Flush) R-APS(SF) A B 1 F Flush C R-APS (Event -Flush) E D R-APS(SF) 65

62 REP Topology Change Notification On topology change, nodes next to fault send Blocked Port Advertisement (BPA) with Topology Change (TC) bit set to 1 Nodes react to this by flushing their MAC tables for affected VLAN(s) Topology changes not propagated beyond segment except by explicit configuration Primary Edge Port 0/1 M1 Primary Edge Port 0/1 Flush Flush Flush BPA, TC = 1 Common Link Common Link BPA, TC = 1! Secondary Edge Port 0/2 Secondary Edge Port 0/2 Flush Flush Flush M2 M2 M1 66

63 RSTP Topology Change Notification Rapid STP (IEEE 802.1D-2004) introduced new Topology Change Notification mechanism (from IEEE 802.1D-1998) Detection Transitions from blocking to forwarding state cause topology change RSTP M2 i.e., only increase in connectivity is TC Link Down events no longer trigger TCN Edge ports (port-fast) are not flushed Notification via TCN Flag in configuration BPDU M1 Flush M2 TCN BPDU no longer used; no ack required (TCA flag not used) Broadcasted on the network by the initiator (not by the Root bridge as in IEEE 802.1D-1998) Flush Flush BPDU TC = 1 RSTP BPDU TC = 1 Flush Flush Flush M1 67

64 Multiple VLAN Registration Protocol (MVRP) Application of IEEE 802.1ak Multiple Registration Protocol (MRP) Builds dynamic VLAN reachability trees within a spanning tree instance Enables source pruning of floods Defines new declaration messages as a replacement for TCNs Sent in addition to existing STP TC messages Generated by ports declaring a given VID on bridges that detect a topology change Net effect only VLANs active in the area of the network that is actually affected by the topology change are flushed VLANs not present in that part of the network are unaffected VLANs that are affected are only flushed in the affected sub-tree VLAN 100 Reachability Tree VLAN 200 Reachability Tree! MSTI for VLANs 100 & 200 Blocked link in MSTI Bridge Flush (New Declaration) 68

65 LDP MAC Address Withdrawal Topology Change detected PE A IP/MPLS Core PE C LDP MAC Withdrawal PE B PE D Transmitted by a VPLS PE that detects a topology change to all other PEs in the VPLS instance Out of band indication Optionally may contain a list of MAC addresses to be flushed If MAC list is empty flush all addresses except those learnt from transmitting PE If specific MAC remove specified MAC address(es) Defined in RFC

66 End-to-End Redundancy Solutions

67 End-to-End Redundancy Solutions Service Type Transport Enabler Access Redundancy Protocol / Feature E-LINE VPWS Hub and Spoke (Active / Backup) mlacp + 2-way PW Red. (coupled mode) E-LINE VPLS Ring MST + MST-AG E-LINE VPLS Ring G.8032 IP / L3VPN (e.g. Video Distribution) Ethernet (*) E-LAN VPLS (*) E-LAN H-VPLS Hub and Spoke (Active / Backup) Hub and Spoke (Active / Backup) Hub and Spoke (Active / Backup) mlacp + VRRP mlacp + 2-way PW Red. (decoupled mode) mlacp + 2-way PW Red. (decoupled mode) (*)E-LAN VPLS Ring REP (*) See Appendix Section 71

68 E-LINE Availability Models Active/Backup Access Node Redundancy (mlacp)

69 E-LINE Availability Model Active / Backup Access Node Redundancy (mlacp) Port / Link Failures I Events Initial state VPWS F A-C Port / Link Failures F C A S 3 A Active PoA detects failure 1 A and signals failover over ICCP F A F B LACP 1 A ICCP ICCP LACP 1 B Failover triggered on DHD 2 Standby link brought up per LACP proc. 1 B 2 S A 4 S 3 4 Active PoA advertises Standby state on its PWs Standby PoA advertises Active state on its PWs For VPWS Coupled Mode, attachment circuit (AC) state (Active/Standby) drives PW state advertised to remote peers Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 73

70 E-LINE Availability Model Active / Backup Access Node Redundancy (mlacp) Port / Link Failures (cont.) I Events Initial state VPWS F A-C Port / Link Failures F C S A Active PoA detects failure 1 A and signals failover over ICCP F B 1 B Failover triggered on DHD F A LACP ICCP ICCP LACP 2 Standby link brought up per LACP proc. 3 Active PoA advertises Standby state on its PWs A S 4 Standby PoA advertises Active state on its PWs Local site access failure does not trigger LACP failover at remote site (i.e. control-plane separation between sites) Forwarding EoMPLS PW E End State Non-Forwarding EoMPLS PW 74

71 E-LINE Availability Model Active / Backup Access Node Redundancy (mlacp) PoA Node Failure F D I Events Initial state VPWS A A F D Active PoA Node Failure Standby PoA detects node 1 A failure (BFD timeout or IP route-watch) LACP 1 A ICCP ICCP LACP 1 B Failover triggered on DHD 1 B 2 S A 3 S 2 3 Standby link brought up per LACP proc. Standby PoA advertises Active state on its PWs PoA node failures detected by BFD (session timeout) or IP routewatch (loss of routing adjacency) Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 75

72 E-LINE Availability Model Active / Backup Access Node Redundancy (mlacp) PoA Node Failure (cont.) F D I F D VPWS Events Initial state Active PoA Node Failure S A Standby PoA detects node 1 A failure (BFD timeout or IP route-watch) LACP ICCP ICCP LACP 1 B Failover triggered on DHD 2 Standby link brought up per LACP proc. 3 Standby PoA advertises Active state on its PWs A S E End State No remote LACP switchover even if remote PoAs detect loss of PW before local LACP switchover is performed Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 76

73 E-LINE Availability Model Active / Backup Access Node Redundancy (mlacp) Uplink Core Failure (PoA Core Isolation) F E I Events Initial state VPWS F E Core Isolation 1 B A A 1 A Active PoA detects core isolation and signals failover over ICCP LACP 1 A ICCP ICCP LACP Active PoA signals failover to DHD (dynamic port 1 B priority changes / bruteforce) 2 S A 3 S 2 3 Standby link brought up per LACP proc. Standby PoA advertises Active state on its PWs Link and Node failures in the Core are handled by IP routing and/or MPLS FRR do not trigger LACP switchover Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 77

74 E-LINE Availability Model Active / Backup Access Node Redundancy (mlacp) Uplink Core Failure (PoA Core Isolation) (cont.) F E I F E VPWS Events Initial state Core Isolation S A 1 A Active PoA detects core isolation and signals failover over ICCP LACP ICCP ICCP LACP Active PoA signals failover to DHD (dynamic port 1 B priority changes / bruteforce) 2 Standby link brought up per LACP proc. A S 3 Standby PoA advertises Active state on its PWs E End State Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 78

75 E-LINE Availability Models Ring Access Node Redundancy (MST)

76 E-LINE Availability Model VPLS Ring Access Node Redundancy (MST) MST Ring Span Failure Blocked Ports I Events Initial state Primary STP Root VFI VFI Secondary Root F B Ring Span failure F B MST AG VFI MST AG VFI 1 Access switch A detects link failure (looses root port), blocks failed port and sends root proposal to B 1 A MST MST B selects bottom AGG as 2 A new root (unblocks port towards it) 2 B B VFI MST AG VFI MST AG 2 B B blocks port towards A 2 A Secondary STP Root VFI MST isolation; not carried over MPLS cloud VFI Primary Root STP TCN EoMPLS PW Forwarding EoMPLS PW Non-Forwarding EoMPLS PW MST Native Vlan MST Access Gateway (MST-AG) on Aggregation Nodes transmits statically configured BPDUs 80

77 E-LINE Availability Model Ring Access Node Redundancy (MST) MST Ring Span Failure (cont.) Primary STP Root VFI 5 5 VFI Secondary Root Blocked Ports VPLS Events Proposal / Agreement handshake between B 3 A-B and A. B unblocks port towards A F B 6 MST AG VFI MST AG VFI 3 C B flushes MAC table. Signals Topology Change (TC) to AGG device 1 2 B 2 A A 3 A 3 B B MST 3 C 4 B VFI MST AG Secondary STP Root VFI 4 A VFI VFI MST AG Primary Root Special VFI between AGG nodes to relay TCN BPDUs used to trigger MAC flushes after a Topology Change (TC) 5 MST AGG flushes MAC table. 4 A Triggers LDP MAC add. withdrawal to VPLS peers 4 B AGG device propagates TCN over BPDU PW 5 6 AGG (local and remote) flush MAC tables Top AGG generates TCN on local ring 81

78 E-LINE Availability Model Ring Access Node Redundancy (MST) VPLS MST Ring Span Failure (cont.) VFI VFI Blocked Ports 6 Events Top AGG generates TCN on local ring MST AG MST AG E End State VFI VFI F B MST MST VFI MST AG VFI MST AG VFI VFI Each ring on unique TCN domain for control plane isolation Two MST instances for VLAN load balancing over ring STP TCN EoMPLS PW Forwarding EoMPLS PW Non-Forwarding EoMPLS PW MST Native Vlan 82

79 E-LINE Availability Models Ring Access Node Redundancy (G.8032)* (*) same principle applies to REP

80 E-LINE Availability Model Ring Access Node Redundancy (G.8032) G.8032 Ring Span Failure Blocked Port VPLS Events I Initial state F B A B VFI VFI RPL Owner 1 B G.8032 G.8032 F B Ring Span failure Access switches A and B detect link failure. Send 1 A-B R-APS Signal Fail (SF) on the ring 2 1 A RPL Owner 3 VFI VFI G.8032 Open Ring without R-APS Virtual Channel, terminating on Aggregation Nodes 2 3 Access nodes in the ring flush MAC tables and propagate R-APS SF RPL owner AGG node receives R-APS and unblocks RPL owner port Forwarding EoMPLS PW Non-Forwarding EoMPLS PW R-APS Channel vlan VLAN load balancing using two ERP instances with RPL Owners on Aggregation Nodes. 84

81 E-LINE Availability Model Ring Access Node Redundancy (G.8032) VPLS F B B G.8032 Ring Span Failure (cont.) VFI 1 B 4 5 VFI RPL Owner Blocked port 3 4 Events RPL owner AGG node receives R-APS SF and unblocks RPL owner port AGG nodes flush MAC tables. Trigger LDP MAC add withdrawal to VPLS peers A G.8032 G Remote peers flush MAC tables 1 A RPL Owner VFI VFI Forwarding EoMPLS PW Non-Forwarding EoMPLS PW R-APS Channel vlan 85

82 E-LINE Availability Model Ring Access Node Redundancy (G.8032) VPLS G.8032 Ring Span Failure (cont.) VFI VFI Blocked port 5 Events Remote peers flush MAC tables E End State RPL Owner F B G.8032 G.8032 RPL Owner VFI VFI Forwarding EoMPLS PW Non-Forwarding EoMPLS PW R-APS Channel vlan 86

83 IP / L3VPN Gateway Availability Models mlacp + VRRP

84 IP / L3VPN Gateway Availability Model Active / Backup Access Node Redundancy (mlacp) Port / Link Failures I F A-C Events Initial state Port / Link Failures 1 B F A 2 F B LACP F C 1 A S A ICCP BD / VFI Bridge Domain with associated SVI (BVI) for IP / L3VPN access. VFI with a single PW to peer (Decoupled Mode). VRRP Group on SVI (BVI) for L3 First Hop Redundancy. PW BD / VFI 3 4 VRRP SVI/ BVI SVI/ BVI Forwarding EoMPLS PW Active PoA detects failure 1 A and signals failover over ICCP 1 B Failover triggered on DHD Standby link brought up per LACP proc. Standby PoA flushes MAC table. Standby PoA triggers LDP MAC add. withdrawal to peer. Peer flushes its MAC table. Non-Forwarding EoMPLS PW 88

85 IP / L3VPN Gateway Availability Model Active / Backup Access Node Redundancy (mlacp) Port / Link Failures (cont.) I F A-C Events Initial state Port / Link Failures BD / VFI Active PoA detects failure 1 A and signals failover over ICCP F A F B LACP F C ICCP PW VRRP SVI/ BVI 1 B Failover triggered on DHD 2 3 Standby link brought up per LACP proc. Standby PoA flushes MAC table. A BD / VFI SVI/ BVI 4 E Standby PoA triggers LDP MAC add. withdrawal to peer. Peer flushes its MAC table. End State Using VRRP Object Tracking on access links, it is possible to synchronize VRRP failover with mlacp failover (for optimal forwarding to core). Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 89

86 IP / L3VPN Gateway Availability Model Active / Backup Access Node Redundancy (mlacp) Node Failure I F D Events Initial state Active PoA Node Failure A F D BD / VFI 1 A ICCP: Standby PoA detects node failure (BFD timeout or IP route-watch) SVI/ BVI VRRP: Standby PoA detects node failure after Hold Timer 1 B expiry (due to missed VRRP Advertisements) LACP 1 A ICCP PW VRRP 1 B 2 Failover triggered on DHD 2 3 Standby link brought up per LACP proc. 3 S BD / VFI 4A Standby PoA flushes its MAC table. 4 A 4 B SVI/ BVI 4B Standby PoA assumes VRRP Master state. Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 90

87 IP / L3VPN Gateway Availability Model Active / Backup Access Node Redundancy (mlacp) Node Failure (cont.) A F D BD / VFI SVI/ BVI I F D Events Initial state Active PoA Node Failure 1 A ICCP: Standby PoA detects node failure (BFD timeout or IP route-watch) VRRP: Standby PoA detects node failure after Hold Timer 1 B expiry (due to missed VRRP Advertisements) LACP ICCP PW VRRP 2 Failover triggered on DHD 3 Standby link brought up per LACP proc. S BD / VFI 4A Standby PoA flushes its MAC table. SVI/ BVI 4B Standby PoA assumes VRRP Master state. Forwarding EoMPLS PW Non-Forwarding EoMPLS PW E End State 91

88 IP / L3VPN Gateway Availability Model Active / Backup Access Node Redundancy (mlacp) Uplink Core Failure (PoA Core Isolation) 2 A 3 LACP 1 A S A ICCP BD / VFI PW BD / VFI VRRP 2 B SVI/ BVI 1 B F E I F E Events Initial state Core Isolation 1 A ICCP: Active PoA detects core isolation and signals failover over ICCP VRRP: Active PoA decrements VRRP priority 1 B as a result of tracked object state Down Active PoA signals failover to DHD (dynamic port 2 A priority changes / bruteforce) 2 B Standby PoA assumes VRRP Master role. 3 Standby link brought up per LACP proc. VRRP Object Tracking must be enabled on the core-facing interfaces (same interfaces that are monitored by ICCP). SVI/ BVI Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 92

89 IP / L3VPN Gateway Availability Model Active / Backup Access Node Redundancy (mlacp) Uplink Core Failure (PoA Core Isolation) LACP A ICCP BD / VFI 5 PW VRRP SVI/ BVI F E 4 5 E Events Standby PoA flushes its MAC table. Standby PoA triggers LDP MAC add. withdrawal to peer. Peer flushes its MAC table. End State S BD / VFI Note: mlacp Revertive operation must be used, since VRRP object tracking is revertive. 4 SVI/ BVI Forwarding EoMPLS PW Non-Forwarding EoMPLS PW 93

90 Platform Support

91 Carrier Ethernet Portfolio Cisco Platform Support Aggregation Large POP Pre-Aggregation / Aggregation Small POP Access Cisco ME3400 / ME3400E Cisco ME3600X Cisco MWR 2941 Cisco ME4924 Catalyst 4900 Cisco ASR 901 Cisco ME3800X Catalyst 4500 Cisco ASR 903 ASR 9000 Cisco 7600 Nexus 7K 95

92 Summary

93 Key Takeaways Various access redundancy mechanisms are available, which enable node as well as network multi-homing: Multichassis LACP (mlacp) mlacp Active/Active G.8032 REP MST Access Gateway Aggregation/core redundancy mechanisms operating at the pseudowire layer primarily protect against PE node failures: One-way Pseudowire Redundancy Two-way Pseudowire Redundancy Above mechanisms can interwork to provide comprehensive end-toend resiliency solutions for E-Line, E-LAN and Layer 3 services 97

94 Summary Resiliency Fundamentals Access Resiliency Mechanisms Aggregation and Core Resiliency Mechanisms MAC Flushing Mechanisms Redundancy Solutions 98

95 References Cisco IOS L2VPN Pseudowire Redundancy cts_configuration_guide_chapter.html Cisco IOS Multichassis LACP Configuration Guide Cisco ME 3400 / 3400E REP Configuration Guide guide/swrep.html Cisco 7600 ES+ Layer 1 and Layer 2 features (covering MST / REP on EVC, Two-way PW redundancy, ICCP, mlacp, MST-AG) Cisco 7600 H-VPLS N-PE Redundancy for QinQ and MPLS Access (covering MST on npe, LDP MAC Address Withdrawal) red.html Cisco 7600 Link State Tracking 99

96 References (Cont.) Cisco ASR 9000 Configuring Link Bundles (covering Multichassis LACP) bun.html Cisco ASR 9000 L2VPN and Ethernet Services Configuration Guide (covering MST, MST-AG, PW Redundancy, LDP MAC Address Withdrawal) html Cisco ASR 9000 Implementing Multipoint Layer 2 Services (covering G.8032) mps.html Cisco ASR 903 Aggregation Services Router Configuration Guide Cisco ASR 901 Aggregation Services Router Configuration Guide 100

97 Acronyms IP and MPLS Acronym Description Acronym Description AC Attachment Circuit PW Pseudo-Wire AS Autonomous System PWE3 Pseudo-Wire End-to-End Emulation BFD Bidirectional Failure Detection QoS Quality of Service CoS Class of Service RD Route Distinguisher ECMP Equal Cost Multipath RIB Routing Information Base EoMPLS Ethernet over MPLS RR Route Reflector FRR Fast Re-Route RSVP Resource Reservation Protocol H-VPLS Hierarchical VPLS RSVP-TE RSVP based Traffic Engineering IETF Internet Engineering Task Force RT Route Target IGP Interior Gateway Protocol TE Traffic Engineering LDP Label Distribution Protocol tldp Targeted LDP LER Label Edge Router VC Virtual Circuit LFIB Labeled Forwarding Information Base VCID VC Identifier LSM Label Switched Multicast VFI Virtual Forwarding Instance LSP Label Switched Path VPLS Virtual Private LAN Service LSR Label Switching Router VPN Virtual Private Network MPLS Multi-Protocol Label Switching VPWS Virtual Private Wire Service NLRI Network Layer Reachability Information VRF Virtual Route Forwarding Instance PSN Packet Switch Network VSI Virtual Switching Instance 101

98 Acronyms Ethernet/Bridging Acronym Description Acronym Description ACL Access Control List EVP-LAN Ethernet Virtual Private LAN BD Bridge Domain ICCP Inter-Chassis Communication Protocol BPA BPDU BRAS CE C-VLAN / CE- VLAN CoS DHD DSLAM E-LAN E-Line Blocked Port Advertisement (REP PDU) Bridge Protocol Data Unit Broadband Access Server Customer Equipment (Edge) Customer / CE VLAN Class of Service Dual Homed Device DSL Access Modulator Ethernet LAN service (multipoint) Ethernet Line service (point-to-point) IEEE IPoETV IPTV L2GP LACP LAN MEF MEN MIRP Institute of Electrical and Electronics Engineers TV on IP over Ethernet Television over IP Layer 2 Gateway Ports Link Aggregation Control Protocol Local Area Network Metro Ethernet Forum Metro Ethernet Network Multiple I-Tag Registration Protocol E-Tree EFP Ethernet Tree service (rooted multipoint) Ethernet Flow Point mlacp Multi-Chassis LACP EPL Ethernet Private Line MRP Multiple Registration Protocol EP-LAN Ethernet Private LAN MST / MSTP Multiple Instance STP EVC EVPL Ethernet Virtual Connection Ethernet Virtual Private Line MSTG-AG MST Access Gateway 102

99 Acronyms Ethernet/Bridging (Cont.) Acronym MSTi MTBF MTTR MVRP OAM Description MST Instances Mean Time Between Failures Mean Time To Recover Multiple VLAN Registration Protocol Operations, Administration and Maintenance Acronym TCN UNI VID VLAN VoD Description Topology Change Notification User to Network Interface VLAN Identifier Virtual LAN Video on Demand PE Provider Edge device VoIP Voice over IP PoA Point of Attachment Q-in-Q VLAN tunneling using two 802.1Q tags QoS Quality of Service R-L2GP Reverse L2GP REP Resilient Ethernet Protocol REP-AG REP Access Gateway RG Redundancy Group SLA Service Level Agreement SLS Service Level Specification STP Spanning Tree Protocol SVI Switch Virtual Interface (interface vlan) S-VLAN Service VLAN (Provider VLAN) TC Topology Change 103

100 Acronyms Provider Backbone Bridging Acronym B-BEB BCB B-DA BEB B-MAC B-SA B-Tag B-VLAN C-DA CE C-MAC C-SA Description B-Component BEB Backbone Core Bridge Backbone Destination Address Backbone Edge Bridge Backbone MAC Address Backbone Source Address B-VLAN Tag Backbone VLAN Customer Destination Address Customer Equipment (Edge) Customer MAC Address 80 C-VLAN Tag C-VLAN / CE- VLAN DA FCS IB-BEB Customer Source Address Customer / CE VLAN Destination MAC Address Frame Check Sequence Combined I-Component & B-Component BEB Acronym I-BEB IEEE I-SID I-Tag MAC N-PE PB PBB PBBN PBN PE Q-in-Q SA S-Tag S-VLAN UNI U-PE VLAN Description I-Component BEB Institute of Electrical and Electronics Engineers Instance Service Identifier I-SID Tag Media Access Control Network-facing Provider Edge device Provider Bridge Provider Backbone Bridge / Bridging Provider Backbone Bridging Network Provider Bridging Network Provider Edge device VLAN tunneling using two 802.1Q tags Source MAC Address S-VLAN Tag Service VLAN (Provider VLAN) User to Network Interface User-facing Provider Edge device Virtual LAN 104

101 Complete Your Online Session Evaluation Give us your feedback and you could win fabulous prizes. Winners announced daily. Receive 20 Passport points for each session evaluation you complete. Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center. Don t forget to activate your Cisco Live Virtual account for access to all session material, communities, and on-demand and live activities throughout the year. Activate your account at the Cisco booth in the World of Solutions or visit 116

102 Final Thoughts Get hands-on experience with the Walk-in Labs located in World of Solutions, booth 1042 Come see demos of many key solutions and products in the main Cisco booth 2924 Visit after the event for updated PDFs, ondemand session videos, networking, and more! Follow Cisco Live! using social media: Facebook: Twitter: LinkedIn Group: 117

103