How to configure EAPS with CFM/OAM?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
How can I configure CFM/OAM basicly between 2 switches and together with EAPS for faster ring recovery, when I have a thrid-party switch in ring?
I read user/concept guide, command reference guide and older ENA/ENS Guides, but this doesn't help my.
Can some post a list of commands I need to use?
Photo of Peter

Peter

  • 806 Points 500 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Kevin Kim

Kevin Kim, Employee

  • 2,266 Points 2k badge 2x thumb
SW1 (Port 49) ---------- (Port 49) SW2

<SW1>
create eaps e1
configure eaps e1 mode master
configure eaps e1 primary port 1
configure eaps e1 secondary port 49
configure eaps e1 add protected vlan v100
configure eaps e1 add control vlan v101
enable eaps
enable eaps e1

configure eaps cfm add group GROUP1

create cfm domain string "MD1" md-level 6
configure cfm domain "MD1" add association string "EAPS-CFM" vlan "v100"
configure cfm domain "MD1" association "EAPS-CFM" ports 49 add end-point down 1
configure cfm domain "MD1" association "EAPS-CFM" ports 49 end-point down add group "GROUP1"
configure cfm group "GROUP1" add rmep 2

<SW2>
create eaps e1
configure eaps e1 mode transit
configure eaps e1 primary port 1
configure eaps e1 secondary port 49
configure eaps e1 add protected vlan v100
configure eaps e1 add control vlan v101
enable eaps
enable eaps e1

configure eaps cfm add group GROUP1

create cfm domain string "MD1" md-level 6configure cfm domain "MD1" add association string "EAPS-CFM" vlan "v100"
configure cfm domain "MD1" association "EAPS-CFM" ports 49 add end-point down 2
configure cfm domain "MD1" association "EAPS-CFM" ports 49 end-point down add group "GROUP1"
configure cfm group "GROUP1" add rmep 1
Photo of Peter

Peter

  • 806 Points 500 badge 2x thumb
Hi Kevin,
thanks for your quick reply. I will test this soon.

configure cfm domain "MD1" add association string "EAPS-CFM" vlan "v100"
should the cfm-domain realy bind to a protected vlan and not to the control vlan?
If yes, should it be a seperate vlan for cfm function or can it be one of the productive protected vlans?
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Best practices uses the EAPS control vlan so you will have EAPS-PDUs as well as CCM packets into the same vlan which will control the behavior for both features.
Photo of Kevin Kim

Kevin Kim, Employee

  • 2,266 Points 2k badge 2x thumb
Thanks!
Photo of Kevin Kim

Kevin Kim, Employee

  • 2,266 Points 2k badge 2x thumb
I think you can use any vlan. In the example above, you could use 'v101' vlan which is the control vlan of the eaps ring.
Photo of EtherMAN

EtherMAN, Embassador

  • 6,456 Points 5k badge 2x thumb
Going back to your original question... On the third party section of your EAPS ring are you just passing the vlans though or does it support EAPS.  If not EAPS does it support ERPS instead?  If you are just passing the traffic through the third party section and it is not active as a transit node/s then it will always fail over slow because it will never know to clear it's mac tables and start forwarding traffic in possibly the other direction depending on where your break is in relationship to each active flow...  
Photo of Peter

Peter

  • 806 Points 500 badge 2x thumb
Thanks for all replies. In this case the third party device is a cisco switch, which is part of a "managed Least-Line" by a provider, which connects 2 locations.
Can I add one cfm-group to 2 eaps rings on same switch?
Because I have another "direct connection" between the 2 locations by another provider. So I have 2 eaps-rings, which are working in opposite direction on the same 4 extreme switches. 2 Switches on each location.
Photo of Peter

Peter

  • 806 Points 500 badge 2x thumb
Hi,

I tested in my Lab, without sucsess.
One Ring is in failed state and the other is "Links-Down".
The Ports on both Switches has primary port in one ring and secondary port in other ring to the 3rd party device (in my lab a D2-Switch) and on the other side the ports for the rings are crosswise to the first...

Is it possible, that end-point "down" is the wrong state in my case...

Here a quick design-map:
(Edited)
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
"end-point down" specifies the type of CFM MEP to use. The "down" type is used to send CCM frames out a port irrespective of EAPS/ERPS/STP blocking state for the port/VLAN. That is the correct type to use to check a point-to-point link.

You may need to manually enable sending CCM frames (look in the config for "disabled").

For each down MEP you need to specify the number of the remote end-point ("rmep").

You can use "show cfm" commands to verify the CFM state.
Photo of EtherMAN

EtherMAN, Embassador

  • 6,456 Points 5k badge 2x thumb
Is your third party switch configured to pass the control vlans for your two rings through tagged ??  I would make sure you get two complete healthy rings first with no CFM in play then add the CFM config 
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
Yes, EAPS and CFM should first be implemented and verified independently.
Photo of Peter

Peter

  • 806 Points 500 badge 2x thumb
Thanks Erik,
youre right...
configure cfm domain "eaps" association "eaps-cfm" ports 24 end-point down ccm disable
that was the problem on the x460g1...on my x440g1 it was enabled by default...

but "enable cfm" isn't available. ;-)
Photo of Peter

Peter

  • 806 Points 500 badge 2x thumb
Whats the best way for faster ring-restore than default, if a 3rd party switch is in ring?

Using CFM OR modifing hello-paket-send sequence and setting failtime-expiry action?
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hi Peter, when using 3rd party devices you have some situations:

When a link-down happens in a Transit node, it will send a link-down message to Master and convergence process starts.
  • If you have two 3rd party devices connected together and the link between them goes down, you should use CFM to speed up the convergence process since no link-down message will be sent from Transit nodes.
  • If you have two or more 3rd party devices that always connect to an EAPS device, any link-down will be noticed and advertised by the transit node. Ex: EAPS device----- 3rd party -------EAPS device ----- 3rd party
Regarding the ring-restore, it's based on the EAPS hello time (1s) through the control vlan.

To speedy up this you can change the hello time from 1 second (default) to milliseconds as follows:

configure eaps name hellotime milliseconds 

However this will result in additional process usage and more EAPS ring traffic.

Photo of Peter

Peter

  • 806 Points 500 badge 2x thumb
Hi Henrique,

thanks for your reply. Thats the fact...

The big 2 points in a ring:
- detecting link-loss between 2 or more 3rd party devices & ring-recovery
- detecting "no traffic-forwarding" without link-loss on 1 or more 3rd party devices & ring-recovery

Of course reducing hello-paket time or cfm-pdu will create higher usage on control-vlan, but it's the same on both mechanism.

When I started this threat, I thought I definitely need cfm for fast-ring-restore with 3rd party devices.

Currently, cfm doesn't really make a sense for me, because in default it's not faster than "eaps-native" and both timers working with 1 second.

From command-reference guide it's recommended to NOT set cfm-pdu / ccm-paket smaller than 1 second.

On EAPS-hello-paket I have not such recommended restriction.

That's why I currently not see a sense for cfm, or do I forget something or didn't see something?
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hi Peter,

Let's take the following diagram as an example:

----(blocked_port)---SW1---(primary_port)-----DWDM-----DWDM-----SW2

Let's say the RX path between DWDMs went down. TX is still up. What's the direction for EAPS PDUs? TX through primary_port till SW2.

That flow for control_vlan will still be OK and Master node won't converge. Since blocked port is still in place, the Master node won't have data communication (expect for control_vlan) with other switches.

CFM is bi-directional and EAPS PDUs is unidirectional.

That's one situation that CFM is recommended.

PS: Even that DWDM could take all the path down, there could be some other situations similar to that one where CFM might be necessary.

Hope it helps.
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 12,782 Points 10k badge 2x thumb
On the platforms with hardware accelerated CFM (e.g. X460) you can use a much faster rate for the CCMs.