Forwarder Forwarder Forwarder Forwarder. It is desirable to do service verification and report misconfiguration to the operator on a proactive basis. There are three aspects of fault management in a provider network. A secondary goal of such permanent continuity check is topology discovery and service verification in the H-VPLS. This document describes how the existing standardized mechanisms can be used for fault detection.
Existing mechanisms can verify the first three steps. This document describes how to address the final two issues. Both the VPLS Ping and VPLS Traceroute functions have the ability to send replies to the sender through the control plane out of band channel , so as to allow for error reporting when all else fails.
This includes protocols from routing to bridge control. Therefore it is desirable to have procedures that enables the VPLS OAM entities in the PE devices participating in the full-mesh to determine automatically whether there is really a full-mesh or not. It is also desirable to Stokes, at al. Configuration errors. Failure of the auto-discovery process.
Failure of the control plane to properly establish all the necessary PWs. This in turn may be due to bugs, or to resource shortages at the PEs. Failure of the data plane to carry traffic correctly on all the established PWs comprising the full-mesh. The PW control protocols can be extended to notify mesh failures in a scalable and reliable manner. The critical component of the solution is the ability to react to a partial mesh after such condition is detected. This requires efficient coordination and computation among the participating VPLS OAM entities such that a consistent set of PWs are "removed" from the mesh topology, thus resulting in a "subset" full-mesh.
A solution for partial mesh resolution is currently under progress and details will be provided in a future revision. Flooded frames in H-VPLS may be unknown unicast, multicast, or broadcast frames that require frame replication along a point-to- multipoint P2MP downstream path. As a consequence, the performance of flooded and non-flooded frames can be significantly different. Multicast applications e. This version of the document does not address any performance measurement issues and may be described in a future revision if requirement of such solution arises.
Such tools detect misconfiguration or inconsistency between control plane and dataplane in an H-VPLS, esp. VPLS service frames may be black holed or may be leaked to other service instances due to misconfiguration of the PWs in data plane.
Such inconsistency may also occur temporarily when control plane is in transient state, thus causing service disruption or traffic leaks between VPLS instances. During verification and localization of faults it is imperative to detect such issues in the VPLS forwarders with adequate level of accuracy. In the mechanisms described in this document, typically connectivity is first checked against the dataplane.
Otherwise, if a reply is not received within the desired interval, the sender sends another request packet along the data plane, requesting a reply back on the control plane. If this also fails, a final attempt may be made, with request sent along the control plane, and the reply back along the control plane. If this fails, then the network is probably partitioned.
Such multi-step probing facilitates determination of control plane and dataplane inconsistencies with adequate accuracy. Moreover it is important to send reply to the originator via out of band channels when the dataplane in the reverse direction has failed. It is suggested that first-time readers Stokes, at al.
The header encapsulates one or more TLVs. See Section 7. The interpretation of the specific Sub-TLV depends on the position of its occurrence. Length This field specifies the total length of the Value fields in octets. Since an It is desirable for both operational and security reasons to be able to easily recognize in the data plane that a received packet is a VPLS OAM packet. In the core node forwarder, the PW Label received from the spoke node is used to determine the VPLS instance with which the encapsulated frame is associated.
The normal behavior is to flood these packets to all end points in the service. In a service ingress QoS policy, individual queues can be defined per forwarding class to provide shaping of broadcast traffic, MAC multicast traffic and unknown destination MAC traffic.
MAC move allows sequential order port blocking. There are two sophisticated control mechanisms that allow blocking of ports in a sequential order:. The definition of criteria for the second control mechanism is the number of periods during which the given re-learn rate has been exceeded. Tertiary VPLS ports are blocked if the re-learn rate exceeds the configured threshold during one period while secondary ports are blocked only when re-learn rates are exceeded during two consecutive periods, and so forth.
This section provides information about auto-learn-mac-protect and restrict-protected-src discard-frame features. This could occur through a mis-configuration, a problem in the network or by a malicious source creating a DOS attack and is applicable to any type of VPLS network, for example mobile backhaul or residential service delivery networks.
This is a complementary solution to features such as mac-move and mac-pinning , but has the advantage that MAC moves are not seen and it has a low operational complexity. Two separate commands are used which provide the configuration flexibility of separating the identification learning function from the application of the restriction discard. The auto-learn-mac-protect and restrict-protected-src commands allow the following functions:.
The use of restrict-protected-src discard-frame is mutually exclusive with both the restrict-protected-src [alarm-only] command and with the configuration of manually protected MAC addresses, using the mac-protect command, within a given VPLS. Figure 62 shows a specific configuration using auto-learn-mac-protect and restrict-protected-src discard-frame in order to describe their operation for the SR, ESS, or XRS.
The following series of events describe the details of the functionality:. Figure 63 shows a possible configuration using auto-learn-mac-protect and restrict-protected-src discard-frame in a mobile backhaul network, with the focus on PE1 for the SR or XRS. The above configuration is equally applicable to other Layer 2 VPLS based aggregation networks, for example to business or residential service networks.
The advantage of this approach is that no protocol is required to detect loops within the VPLS core network. This extension is referred to as a split horizon SAP group or residential bridging.
Unknown destinations, broadcasts, and multicasts are flooded to all other SAPs in the service. If SAPs are connected together, either through misconfiguration or for redundancy purposes, loops can form and flooded packets can keep flowing through the network.
The STP instance parameters allow the balancing between resiliency and speed of convergence extremes. Modifying particular parameters can affect the behavior. A trap or log entry is generated for every change in spanning tree variant. Some older Interworking with these older systems is improved with the comp-dot1w mode.
The differences between the RSTP mode and the comp-dot1w mode are:. Each MSTI can have its own topology, which provides architecture enabling load balancing by providing multiple forwarding paths. Network fault tolerance is also improved because a failure in one instance forwarding path does not affect other instances.
Using MSTP running on individual switches facilitates redundancy in this part of the network. QinQ SAPs are supported. This allows for implicit separation of source and provider control planes. The To enable different devices to participate in MSTIs, they must be consistently configured. There is no limit to the number of regions in the network, but every region can support a maximum of 16 MSTIs. All other instances are numbered from 1 to These service tunnels are shared among multiple VPLS instances.
The implementation of STP on the router is modified in order to guarantee that service tunnels will not be blocked in any circumstance without imposing artificial restrictions on the placement of the root bridge within the network.
The modifications introduced are fully compliant with the Also, ensure that all bridges connected by mesh SDPs are in the same region. If not, the mesh will be prevented from becoming active trap is generated. In order to achieve this, all mesh SDPs are dynamically configured as either root ports or designated ports. As a result of this, all network ports on the primary bridges are assigned the designated port role and therefore remain in the forwarding state.
The second part of the solution ensures that the remaining PE devices participating in the STP instance see the SDP ports as a lower cost path to the root rather than a path that is external to the mesh.
Internal to the PE nodes participating in the mesh, the SDPs are treated as zero cost paths towards the primary bridge. As a consequence, the path through the mesh are seen as lower cost than any alternative and the PE node will designate the network port as the root port. This approach ensures that network ports always remain in forwarding state.
In combination, these two features ensure that network ports will never be blocked and will maintain interoperability with bridges external to the mesh which are running STP instances. This allows running these protocols between customer CPEs without involving backbone infrastructure. In such environments termination of tunnels through such infrastructure is required. More specifically:. Typically, different Layer 2 devices can support different types of STP and even if they are from the same vendor.
In some cases, it is necessary to provide BPDU translation in order to provide an interoperable e2e solution. Two applications have been identified for spoke SDPs:. Nokia routers have implemented special features for improving the resilience of hierarchical VPLS instances, in both MTU and inter-metro applications. In the case of a failure of the active node, STP on the management VPLS in the standby node will change the link states from disabled to active.
One is designated as the primary and one as the secondary spoke SDP. This is based on a precedence value associated with each spoke. The secondary spoke is in a blocking state both on receive and transmit as long as the primary spoke is available. When the primary spoke becomes unavailable due to link failure, PEs failure, etc. Optional revertive operation with configurable switch-back delay is supported.
Forced manual switchover is also supported. To speed up the convergence time during a switchover, MAC flush is configured. The example depicted in Figure 67 can be used. The two gateway pairs, PE3-PE3and PE1-PE2, are interconnected using a full mesh of four pseudo-wires out of which only one pseudo-wire is active at any point in time. Based on the information received from the peer shelf and the local configuration the master shelf will make a decision on which pseudo-wire will become active.
As soon as the MC-EP application is activated using no shutdown, it tries to open a new BFD session or register automatically with an existing one.
The source-ip configuration under redundancy multi-chassis peer-ip is used to determine the local interface while the peer-ip is used as the destination IP for the BFD session. In order to minimize operational mistakes and wrong peer interpretation for the loss of BFD session, the following additional rules are enforced when the MC-EP is registering with a certain BFD session:. The MC-EP mechanisms are built to minimize the possibility of loops. It is possible that human error could create loops through the VPLS service.
When in passive mode, the MC-EP peers stay dormant as long as one active pseudo-wire is signaled from the remote end. No signaling is sent to the remote pair to avoid flip-flop behavior. A trap is generated each time MC-EP in passive mode activates.
Every occurrence of this kind of trap should be analyzed by the operator as it is an indication of possible mis-configuration on the remote active MC-EP peering. This involves the following CLI configurations:. When MC-EP passive mode is enabled on the PE1 and PE2 pair the following command is always enabled internally, regardless of the actual configuration:.
In cases of SC-EP, there is consistency check to ensure that the configuration of the member pseudo-wires is the same. For example, mac-pining, mac-limit and ignore standby signaling must be the same. In the MC-EP case, there is no consistency check between the member endpoints located on different chassis.
The operator must verify carefully the configuration of the two endpoints to ensure consistency. The following rules apply for suppress-standby-signaling and ignore-standby parameters:.
This section describes also how the main mechanisms used for single chassis endpoint are adapted for the MC-EP solution. This section describes the MAC flush procedures that can be applied to ensure black-hole avoidance. The following rules describe how the block-mesh-on-failure must be ported to the MC-EP solution see Figure 69 :.
In a regular single chassis endpoint scenario, the following command can be used to force a specific SDP binding pseudo-wire to become active:. The forced SDP binding pseudo-wire will be elected as active. For a single-chassis endpoint a revert-time command is provided under the VPLS endpoint. In a regular endpoint the revert-time setting affects just the pseudo-wire defined as primary precedence 0.
For a failure of the primary pseudo-wire followed by restoration the revert-timer is started. After it expires the primary pseudo-wire takes the active role in the endpoint. This behavior does not apply for the case when both pseudo-wires are defined as secondary: i. In the MC-EP case the revertive behavior is supported for pseudo-wire defined as primary precedence 0.
The following rules apply:. If load balancing is required, multiple B-VPLS instances may be used to ensure even distribution of the customers across all the pseudo-wires interconnecting the two domains.
In this example, four B-VPLS will be able to load share the customers across all four possible pseudo-wire paths. As a result, the endpoint on PE3 containing PW1 goes down. It never generates a MAC move to the newly active pseudo-wire even if the endpoint stays up. There are several mechanisms that can be used to resolve a loop in an access circuit, however from operation perspective they can be subdivided into two groups:.
Also in this case, the topology change event needs to be propagated into VPLS topology in order to provide fast convergence. This will lead that to a broadcasting of packets addressing affected hosts and re-learning process in case an alternative route exists.
The difference is in the interpretation and action performed in the receiving PE. According to the standard definition, upon receipt of a MAC withdraw message, all MAC addresses, except the ones learned from the source PE, are flushed,. This section specifies that all MAC addresses learned from the source are flushed. This message has been implemented as an LDP address message with vendor-specific type, length, value TLV , and is called the flush-mine message.
The advantage of this approach as compared to RSTP based methods is that only MAC-affected addresses are flushed and not the full forwarding database. While this method does not provide a mechanism to secure alternative loop-free topology, the convergence time is dependent on the speed of the given CE device will open alternative link L2-B switch in Figure 57 as well as on the speed PE routers will flush their FDB. In addition, this mechanism is effective only if PE and CE are directly connected no hub or bridge as it reacts to physical failure of the link.
This feature introduces a generic operational group object which associates different service endpoints pseudo-wires, SAPs, IP interfaces located in the same or in different service instances.
The operational group status is derived from the status of the individual components using certain rules specific to the application using the concept. A number of other service entities, the monitoring objects, can be configured to monitor the operational group status and to perform certain actions as a result of status transitions.
For example, if the operational group goes down, the monitoring objects will be brought down. There are two steps involved in enabling the block on group failure in a VPLS scenario:. The status of the operational group oper-group is dictated by the status of one or more members according to the following rule:.
The previous sections described operation principle of several redundancy mechanisms available in context of VPLS service. This section aims to summarize basic rules for generation and processing of these messages. The main difference between these messages is the type of action they signal. This means that this message has exactly other effect then flush-all-but-mine message. The advantages and disadvantages of the individual types should be apparent from examples in the previous section.
The description here focuses on summarizing actions taken on reception and conditions individual messages are generated. Note that the message described here is different than the message described in draft-ietf-l2vpn-vpls-ldp-xx. According the draft definition, upon receipt of a MAC-withdraw message, all MAC addresses, except the ones learned from the source PE, are flushed, This section specifies that all MAC addresses learned from the source are flushed.
This message has been implemented as an LDP address message with vendor-specific type, length, value TLV , and is called the flush-all-from-ME message. The mechanism described in this document represent an alternative solution. While this method does not provide a mechanism to secure alternative loop-free topology, the convergence time is dependent on the speed of the given CE device will open alternative link L2-B switch in Figure 74 as well as on the speed PE routers will flush their FDB.
To display the number of MAC address withdrawal messages, enter the show l2vpn atom vc detail command, as shown in the following example:. The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies.
Access to most tools on the Cisco Support and Documentation website requires a Cisco. The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature. This field is applicable only when STP is enabled on the router.
The value of the port number field which is contained in the least significant 12 bits of the bit port ID associated with this SAP.
The operational state of the Rapid Spanning Tree Protocol instance associated with this service. The administrative state of the Rapid Spanning Tree Protocol instance associated with this service. The interval length during which no more than two Configuration BPDUs shall be transmitted by this bridge. The maximum age of Spanning Tree Protocol information learned from the network on any port before it is discarded.
This is the actual value that this bridge is currently using. The value of the port number field that is contained in the least significant 12 bits of the bit port ID associated with this SAP. The value of the port priority field that is contained in the most significant 4 bits of the bit port ID associated with this SAP.
The contribution of this port to the path cost of paths towards the spanning tree root which include this port. The bridge identifier of the bridge which this port considers to be the designated bridge for this port's segment. The following output is an example of information about services using the specified range of ingress labels, and Table 76 describes the fields. If no optional parameters are specified, the command displays a summary of all defined SAPs. The optional parameters restrict output to only SAPs matching the specified properties.
The following output is an example of information about SAPs matching the specified properties, and Table 77 describes the fields. The no form of the command disables the event type debugging. Global Commands. SAP Commands config. Mesh SDP Commands config. Spoke SDP Commands config. Show Commands show. Clear Commands clear. Debug Commands debug. Generic Commands shutdown Syntax [ no ] shutdown.
Description This command administratively disables an entity. Service Admin State — bindings to an SDP within the service will be put into the out-of-service state when the service is shut down. While the service is shut down, all customer packets are dropped and counted as discards for billing and debugging purposes.
SDP global — when an SDP is shut down at the global service level, all bindings to that SDP are put into the out-of-service state and the SDP itself is put into the administratively and operationally down states. Packets that would normally be transmitted using this SDP binding will be discarded and counted as dropped packets.
The SDP itself may still be operationally up for other services. The default state is disabled shutdown , in which case the operational state of the SDP-ID is not affected by the keepalive message state. The created SAP will attempt to enter the operationally up state.
Description This command creates a text description stored in the configuration file for a configuration context.
Parameters description-string — the description character string. By default, no VPLS instances exist until they are explicitly created. Parameters service-id — the unique service identification number identifying the service in the service domain.
This ID must be unique to this service and may not be used for any other service of any type. This parameter is required on service creation and is optional for service editing or deleting. The customer-id is not used with routed VPLS. Description This command enables blocking brings the entity to an operationally down state after all configured SDPs or endpoints are in operationally down state. Default disabled. Default no disable-aging. Default no disable-learning Normal MAC learning is enabled.
Description By default, packets with unknown destination MAC addresses are flooded. Default no discard-unknown—packets with unknown destination MAC addresses are flooded. Description This command configures a service endpoint. Parameters endpoint-name — specifies an endpoint name. Description When this command is enabled, the node will ignores the standby bit received from T-LDP peers for the given spoke SDP and performs internal tasks without taking the standby bit into account—traffic can egress out to the spoke SDP.
Default enabled. Description This command configures the time to wait before reverting to the primary spoke SDP. Parameters revert-time — specifies the time to wait, in seconds, before reverting back to the primary spoke SDP defined on this service endpoint, after having failed to move over to a backup spoke SDP.
Description This command assigns a static MAC address to the endpoint. Parameters ieee-address — specifies the static MAC address assigned to the endpoint.
Description When this command is enabled, the pseudowire standby bit value 0x will not be sent to the T-LDP peer when the given spoke SDP is selected as a standby. Description This command specifies the upper threshold value for FDB entries. Parameters high-water-mark — specifies the upper threshold for FDB entries, which when exceeded, causes the system to raise a log event. Description This command specifies the lower threshold value for FDB entries.
Parameters low-water-mark — specifies the lower threshold for FDB entries, which when dropped below, causes the system to raise a log event. Default Parameters aging-timer — the aging time for local MACs expressed in seconds.
Description This command enables the context to configure MAC move attributes. The no form of this command disables MAC move. Parameters subnet-length — specifies the number of bits to be considered when performing MAC learning or MAC switching. The no form of the command reverts to the default value. Default 2 when mac-move is enabled ; for example, 10 relearns in a 5-s period.
Parameters frequency — specifies the rate, in 5-s intervals, for the maximum number of relearns. A zero 0 value indicates an unlimited number of retries. Description This command configures a factor for the primary or secondary ports that defines how many MAC relearn periods should be used to measure the MAC relearn rate. Parameters sap-id — specifies the physical port identifier portion of the SAP definition.
Description This command indicates the time, in seconds, to wait before a SAP that has been disabled after exceeding the maximum relearn rate is re-enabled. Default 10 when mac-move is enabled. Parameters timeout — specifies the time, in seconds, to wait before a SAP that has been disabled after exceeding the maximum relearn rate is re-enabled.
Parameters seconds — the aging time for remote MACs expressed in seconds. Default no send-flush-on-failure. Parameters octets— the size of the MTU, in octets, expressed as a decimal integer. Up to 30 split horizon groups can be defined per VPLS instance. Doing so ensures that:. MAC pinning enabled per default can be disabled. When disabled, the packets are forwarded based on the destination MAC addresses.
Default no discard-unknown-source. Default blockable. Parameters blockable — the agent will monitor the MAC relearn rate on the SAP, and the agent will block it when the relearn rate is exceeded. Default no max-nbr-mac-addr. Parameters table-size — specifies the maximum number of learned and static entries allowed in the FDB of this service.
Parameters ieee-address — specifies the bit MAC address for the static ARP in the form aa : bb : cc : dd : ee : ff or aa - bb - cc - dd - ee - ff where aa , bb , cc , dd , ee and ff are hexadecimal numbers cannot be all zeros. Description This command enables access to the context to configure ATM-related attributes. Ingress traffic that does not match the configured encapsulation will be dropped. Default The encapsulation is driven by the service for which the SAP is configured.
Parameters atm-encap-type — specifies the encapsulation type. Default The default traffic descriptor trafficDescProfileId. Default no subscriber-vlan. Default 2 s. Parameters hello-time— the hello time for the STP instance, in seconds. Description This command configures the peak number of BPDUs that can be transmitted in a period of 1 s. Default 6. Description This command specifies the version of Spanning Tree Protocol the bridge is currently running. Default rstp.
Default By default, the bridge priority is configured to , which is the highest priority. Parameters bridge-priority— the bridge priority for the STP instance. Allowed values are integers in the range of to is the highest priority. The actual bridge-priority value stored and used is the allowed value above with its lowest 12 bits masked off, which means the actual range of values is to in increments of The end-vlan value must be greater than start-vlan value. The format is start-vlan - end-vlan.
Description This command configures automatic detection of the edge port characteristics of the SAP. Default auto-edge. Description This command configures the SAP as an edge or non-edge port.
Note: The function of the edge-port command is similar to the rapid-start command. In this case, edge-port becomes disabled. In this case, edge-port becomes enabled.
Default no edge-port. Default pt-pt. Parameters pt-pt— indicates a maximum of one bridge can exist behind this SAP. Parameters path-cost— specifies the path cost for the SAP. The virtual port number cannot be administratively modified. Parameters virtual-port-number— specifies a virtual port number for the SAP. Allowed values are integers in the range of 0 to , where 0 is the highest priority.
The actual value used for STP priority and stored in the configuration will be the result of masking out the lower 4 bits; thus, the actual value range is 0 to in increments of Description This command specifies whether this port is allowed to become an STP root port. Default no root-guard. Default no agg-rate-limit. The max keyword applies the maximum physical port rate possible. Parameters ip-filter-id — specifies the IP filter policy.
The filter ID must already exist within the created IP filters. Description This command specifies which dot1q tag position top or bottom in a qinq-encapsulated packet should be used when QoS evaluates dot1p classification. By default, the dot1p bits from the inner tag service-delineating dot1q tag are used.
Default no match-qinq-dot1p. Parameters top— the top parameter and bottom parameter are mutually exclusive. When the top parameter is specified, the outer tag's dot1p bits topmost P-bits are used if existing to match any dot1p dot1p-value entries. Description When enabled, the qinq-mark-top-only command specifies which P-bits to mark during packet egress. Normally, when a new tag is pushed, the dot1p bits of the new tag will be zero, unless the P-bits are remarked by the egress policy.
However, an exception to this occurs when the egress SAP type is X. Y and only one new outer tag must be pushed. In this case, the new outer tag will have its dot1p bits set to the inner tag's dot1p bits. Default no qinq-mark-top-only disabled. The policy ID must already exist. Default 4-priority. Parameters 4-priority— sets the scheduler mode for the SAP to be 4-priority mode. When the ingress and egress port encap-type are both dot1q, force-c-vlan-forwarding has the following behavior: if force-c-vlan-forwarding is enabled only at the ingress SAP.
Dot1p re-marking may occur at the egress SAP. Service Billing Commands accounting-policy Syntax accounting-policy acct-policy-id.
Description This command creates the accounting policy context that can be applied to a SAP. Default accounting-policy. Description This command enables accounting and statistical data collection for a SAP, a network port, or an IP interface.
Default collect-stats. Default no option. Default keep. Parameters dhcp-action — specifies the DHCP option action replace , drop , or keep , as follows:. In the downstream direction towards the client , the Option 82 field is stripped in accordance with RFC In the downstream direction, the Option 82 field is not stripped and is sent on towards the client.
Default no circuit-id. The format is supported on dot1q and qinq encapsulated ports only. Thus, when the Option 82 bits are stripped, dot1p bits will be copied to the Ethernet header of an outgoing packet. Default no remote-id. Parameters mac — specifies that the MAC address of the remote end is encoded in the suboption. Description This command configures the vendor-specific suboption within the Option 82 field of the DHCP relay packet.
Description This command specifies the string in the vendor specific suboption of the DHCP relay packet. The no form of the command returns the default value. Default no string. Parameters text — the string can be any combination of ASCII characters up to 32 characters in length. Description This command specifies whether the system ID is encoded in the vendor specific suboption of Option Default no snoop. Default No sdp-id is bound to a service.
Each SDP must be destined for a different router.
0コメント