Header Only - DO NOT REMOVE - Extreme Networks

How to configure EAPS with CFM/OAM?


Userlevel 2
How can I configure CFM/OAM basicly between 2 switches and together with EAPS for faster ring recovery, when I have a thrid-party switch in ring?
I read user/concept guide, command reference guide and older ENA/ENS Guides, but this doesn't help my.
Can some post a list of commands I need to use?

17 replies

Userlevel 4
SW1 (Port 49) ---------- (Port 49) SW2


create eaps e1
configure eaps e1 mode master
configure eaps e1 primary port 1
configure eaps e1 secondary port 49
configure eaps e1 add protected vlan v100
configure eaps e1 add control vlan v101
enable eaps
enable eaps e1

configure eaps cfm add group GROUP1

create cfm domain string "MD1" md-level 6
configure cfm domain "MD1" add association string "EAPS-CFM" vlan "v100"
configure cfm domain "MD1" association "EAPS-CFM" ports 49 add end-point down 1
configure cfm domain "MD1" association "EAPS-CFM" ports 49 end-point down add group "GROUP1"
configure cfm group "GROUP1" add rmep 2


create eaps e1
configure eaps e1 mode transit
configure eaps e1 primary port 1
configure eaps e1 secondary port 49
configure eaps e1 add protected vlan v100
configure eaps e1 add control vlan v101
enable eaps
enable eaps e1

configure eaps cfm add group GROUP1

create cfm domain string "MD1" md-level 6configure cfm domain "MD1" add association string "EAPS-CFM" vlan "v100"
configure cfm domain "MD1" association "EAPS-CFM" ports 49 add end-point down 2
configure cfm domain "MD1" association "EAPS-CFM" ports 49 end-point down add group "GROUP1"
configure cfm group "GROUP1" add rmep 1
Userlevel 2
Hi Kevin,
thanks for your quick reply. I will test this soon.

configure cfm domain "MD1" add association string "EAPS-CFM" vlan "v100"

should the cfm-domain realy bind to a protected vlan and not to the control vlan?
If yes, should it be a seperate vlan for cfm function or can it be one of the productive protected vlans?
Userlevel 6
Peter wrote:

Hi Kevin,
thanks for your quick reply. I will test this soon.

configure cfm domain "MD1" add association string "EAPS-CFM" vlan "v100"

should the cfm-domain realy bind to a protected vlan and not to the control vlan?
If yes, should it be a seperate vlan for cfm function or can it be one of the productive protected vlans?

Best practices uses the EAPS control vlan so you will have EAPS-PDUs as well as CCM packets into the same vlan which will control the behavior for both features.
Userlevel 4
Peter wrote:

Hi Kevin,
thanks for your quick reply. I will test this soon.

configure cfm domain "MD1" add association string "EAPS-CFM" vlan "v100"

should the cfm-domain realy bind to a protected vlan and not to the control vlan?
If yes, should it be a seperate vlan for cfm function or can it be one of the productive protected vlans?

Thanks!
Userlevel 4
I think you can use any vlan. In the example above, you could use 'v101' vlan which is the control vlan of the eaps ring.
Userlevel 6
Going back to your original question... On the third party section of your EAPS ring are you just passing the vlans though or does it support EAPS. If not EAPS does it support ERPS instead? If you are just passing the traffic through the third party section and it is not active as a transit node/s then it will always fail over slow because it will never know to clear it's mac tables and start forwarding traffic in possibly the other direction depending on where your break is in relationship to each active flow...
Userlevel 2
Thanks for all replies. In this case the third party device is a cisco switch, which is part of a "managed Least-Line" by a provider, which connects 2 locations. Can I add one cfm-group to 2 eaps rings on same switch? Because I have another "direct connection" between the 2 locations by another provider. So I have 2 eaps-rings, which are working in opposite direction on the same 4 extreme switches. 2 Switches on each location.
Userlevel 2
Hi,

I tested in my Lab, without sucsess.
One Ring is in failed state and the other is "Links-Down".
The Ports on both Switches has primary port in one ring and secondary port in other ring to the 3rd party device (in my lab a D2-Switch) and on the other side the ports for the rings are crosswise to the first...

Is it possible, that end-point "down" is the wrong state in my case...

Here a quick design-map:

Userlevel 7
Peter wrote:

Hi,

I tested in my Lab, without sucsess.
One Ring is in failed state and the other is "Links-Down".
The Ports on both Switches has primary port in one ring and secondary port in other ring to the 3rd party device (in my lab a D2-Switch) and on the other side the ports for the rings are crosswise to the first...

Is it possible, that end-point "down" is the wrong state in my case...

Here a quick design-map:

"end-point down" specifies the type of CFM MEP to use. The "down" type is used to send CCM frames out a port irrespective of EAPS/ERPS/STP blocking state for the port/VLAN. That is the correct type to use to check a point-to-point link.

You may need to manually enable sending CCM frames (look in the config for "disabled").

For each down MEP you need to specify the number of the remote end-point ("rmep").

You can use "show cfm" commands to verify the CFM state.
Userlevel 6
Is your third party switch configured to pass the control vlans for your two rings through tagged ?? I would make sure you get two complete healthy rings first with no CFM in play then add the CFM config
Userlevel 7
EtherMAN wrote:

Is your third party switch configured to pass the control vlans for your two rings through tagged ?? I would make sure you get two complete healthy rings first with no CFM in play then add the CFM config

Yes, EAPS and CFM should first be implemented and verified independently.
Userlevel 2
Thanks Erik,
youre right...

configure cfm domain "eaps" association "eaps-cfm" ports 24 end-point down ccm disable

that was the problem on the x460g1...on my x440g1 it was enabled by default...

but "enable cfm" isn't available. 😉
Userlevel 2
More than 1 month ago all was working fine.
Meanwhile I used my Lab-Switches for something different. Now I defaulted them and restored the backup.

EAPS without CFM is working, but CFM isn't working anymore.

It seems CCM-Packets didn't receive on the other switch.

I don't understand why... Config is looking good...

############
06/22/2016 15:29:45.05 Remote End-Point 2/00:00:00:00:00:00 expired on down end-point, domain "eaps", ma "eaps-cfm2", port 24
06/22/2016 15:29:45.05 Maintenance End-Point 1 Error Not recv CCM from RMEP occurred on down end-point, domain "eaps", ma "eaps-cfm", port 24
############
X460-L.96 # sh cfm
Domain: "eaps", MD Level: 5
Association: "eaps-cfm", Destination MAC Type: Multicast, VLAN "eaps1" with 2 cfm ports
Transmit Interval: 1000 ms, Type : IEEE 802.1ag Maintenance Association
port 24; Down End Point, mepid: 1, transmit-interval: 1000 ms (from association)
MEP State: Enabled, CCM Message: Enabled, Send SenderId TLV: Disabled
Faulting State : Yes
Last Faulting State Change : Wed Jun 22 15:29:45 2016
MEP Error Defects : Remote
Port Status : Up
Association: "eaps-cfm2", Destination MAC Type: Multicast, VLAN "eaps2" with 2 cfm ports
Transmit Interval: 1000 ms, Type : IEEE 802.1ag Maintenance Association
port 24; Down End Point, mepid: 1, transmit-interval: 1000 ms (from association)
MEP State: Enabled, CCM Message: Enabled, Send SenderId TLV: Disabled
Faulting State : Yes
Last Faulting State Change : Wed Jun 22 15:29:45 2016
MEP Error Defects : Remote
Port Status : Up

Total Number of Domain : 1
Total Number of Association : 2
Total Number of Up MEP : 0
Total Number of Down MEP : 2
Total Number of MIP : 0
Total Number of CFM port : 4
Total Number of SW MEP : 0
Total Number of HW MEP : 2
Total Number of VPLS MIP(Static/Up): 0 / 0

================================================================================
MEP Error Defect Types:
Remote : Not receiving CCMs from Remote MEP
Error : Erroneous CCM received
XCON : Cross-connect CCM received
RDI : Remote Defect Indication sent by some MEP
X460-L.97 #
X460-L.97 # sh cfm detail

Domain/ Port MP Remote End-Point Remote End-Point MEP Life Flags
Association MAC Address IP Address ID time Age
======================================================================================
eaps
eaps-cfm 24 DE ------------- 0.0.0.0 2 3500 0 SMI
eaps
eaps-cfm2 24 DE ------------- 0.0.0.0 2 3500 0 SMI
======================================================================================
Maintenance Point: (UE) Up End-Point, (DE) Down End-Point
Flags: (S) Static Entry, (D) Dynamic Entry
CCM Destination MAC: (U) Unicast, (M) Multicast
Status: (A) Active, (I) Inactive
NOTE: The Domain and Association names are truncated to 13 characters, Lifetime
and Age are in milliseconds.
======================================================================================

Total Number of Dynamic Up RMEP : 0
Total Number of Dynamic Down RMEP : 0
Total Number of Active Static RMEP : 0
Total Number of Inactive Static RMEP : 2
#############
X460-L.98 # sh configuration cfm detail
#
# Module dot1ag configuration.
#
create cfm domain string "eaps" md-level 5
configure cfm domain "eaps" add association string "eaps-cfm" vlan "eaps1"
configure cfm domain "eaps" association "eaps-cfm" destination-mac-type multicast
configure cfm domain "eaps" association "eaps-cfm" transmit-interval 1000
configure cfm domain "eaps" add association string "eaps-cfm2" vlan "eaps2"
configure cfm domain "eaps" association "eaps-cfm2" destination-mac-type multicast
configure cfm domain "eaps" association "eaps-cfm2" transmit-interval 1000
configure cfm domain "eaps" association "eaps-cfm" ports 24 add end-point down 1
configure cfm domain "eaps" association "eaps-cfm" ports 24 end-point down transmit-interval 1000
configure cfm domain "eaps" association "eaps-cfm" ports 24 end-point down enable
configure cfm domain "eaps" association "eaps-cfm" ports 24 end-point down ccm enable
configure cfm domain "eaps" association "eaps-cfm" ports 24 end-point down sender-id-ipaddress disable
configure cfm domain "eaps" association "eaps-cfm2" ports 24 add end-point down 1
configure cfm domain "eaps" association "eaps-cfm2" ports 24 end-point down transmit-interval 1000
configure cfm domain "eaps" association "eaps-cfm2" ports 24 end-point down enable
configure cfm domain "eaps" association "eaps-cfm2" ports 24 end-point down ccm enable
configure cfm domain "eaps" association "eaps-cfm2" ports 24 end-point down sender-id-ipaddress disable
configure cfm domain "eaps" association "eaps-cfm" ports 24 end-point down add group "CFM-GRP1"
configure cfm domain "eaps" association "eaps-cfm2" ports 24 end-point down add group "CFM-GRP2"
configure cfm group "CFM-GRP1" add rmep 2
configure cfm group "CFM-GRP2" add rmep 2
##################

X440-L.77 # sh configuration cfm detail
#
# Module dot1ag configuration.
#
create cfm domain string "eaps" md-level 5
configure cfm domain "eaps" add association string "eaps-cfm" vlan "eaps1"
configure cfm domain "eaps" association "eaps-cfm" destination-mac-type multicast
configure cfm domain "eaps" association "eaps-cfm" transmit-interval 1000
configure cfm domain "eaps" add association string "eaps-cfm2" vlan "eaps2"
configure cfm domain "eaps" association "eaps-cfm2" destination-mac-type multicast
configure cfm domain "eaps" association "eaps-cfm2" transmit-interval 1000
configure cfm domain "eaps" association "eaps-cfm" ports 24 add end-point down 2
configure cfm domain "eaps" association "eaps-cfm" ports 24 end-point down transmit-interval 1000
configure cfm domain "eaps" association "eaps-cfm" ports 24 end-point down enable
configure cfm domain "eaps" association "eaps-cfm" ports 24 end-point down ccm enable
configure cfm domain "eaps" association "eaps-cfm" ports 24 end-point down sender-id-ipaddress disable
configure cfm domain "eaps" association "eaps-cfm2" ports 24 add end-point down 2
configure cfm domain "eaps" association "eaps-cfm2" ports 24 end-point down transmit-interval 1000
configure cfm domain "eaps" association "eaps-cfm2" ports 24 end-point down enable
configure cfm domain "eaps" association "eaps-cfm2" ports 24 end-point down ccm enable
configure cfm domain "eaps" association "eaps-cfm2" ports 24 end-point down sender-id-ipaddress disable
configure cfm domain "eaps" association "eaps-cfm" ports 24 end-point down add group "CFM-GRP1"
configure cfm domain "eaps" association "eaps-cfm2" ports 24 end-point down add group "CFM-GRP2"
configure cfm group "CFM-GRP1" add rmep 1
configure cfm group "CFM-GRP2" add rmep 1

#################
#################
Does anybody has a idea?
Userlevel 2
Whats the best way for faster ring-restore than default, if a 3rd party switch is in ring?

Using CFM OR modifing hello-paket-send sequence and setting failtime-expiry action?
Userlevel 6
Hi Peter, when using 3rd party devices you have some situations:

When a link-down happens in a Transit node, it will send a link-down message to Master and convergence process starts.
  • If you have two 3rd party devices connected together and the link between them goes down, you should use CFM to speed up the convergence process since no link-down message will be sent from Transit nodes.
  • If you have two or more 3rd party devices that always connect to an EAPS device, any link-down will be noticed and advertised by the transit node. Ex: EAPS device----- 3rd party -------EAPS device ----- 3rd party
Regarding the ring-restore, it's based on the EAPS hello time (1s) through the control vlan.

To speedy up this you can change the hello time from 1 second (default) to milliseconds as follows:
configure eaps name hellotime milliseconds

However this will result in additional process usage and more EAPS ring traffic.
Userlevel 2
Hi Henrique,

thanks for your reply. Thats the fact...

The big 2 points in a ring:
- detecting link-loss between 2 or more 3rd party devices & ring-recovery
- detecting "no traffic-forwarding" without link-loss on 1 or more 3rd party devices & ring-recovery

Of course reducing hello-paket time or cfm-pdu will create higher usage on control-vlan, but it's the same on both mechanism.

When I started this threat, I thought I definitely need cfm for fast-ring-restore with 3rd party devices.

Currently, cfm doesn't really make a sense for me, because in default it's not faster than "eaps-native" and both timers working with 1 second.

From command-reference guide it's recommended to NOT set cfm-pdu / ccm-paket smaller than 1 second.

On EAPS-hello-paket I have not such recommended restriction.

That's why I currently not see a sense for cfm, or do I forget something or didn't see something?
Userlevel 6
Peter wrote:

Hi Henrique,

thanks for your reply. Thats the fact...

The big 2 points in a ring:
- detecting link-loss between 2 or more 3rd party devices & ring-recovery
- detecting "no traffic-forwarding" without link-loss on 1 or more 3rd party devices & ring-recovery

Of course reducing hello-paket time or cfm-pdu will create higher usage on control-vlan, but it's the same on both mechanism.

When I started this threat, I thought I definitely need cfm for fast-ring-restore with 3rd party devices.

Currently, cfm doesn't really make a sense for me, because in default it's not faster than "eaps-native" and both timers working with 1 second.

From command-reference guide it's recommended to NOT set cfm-pdu / ccm-paket smaller than 1 second.

On EAPS-hello-paket I have not such recommended restriction.

That's why I currently not see a sense for cfm, or do I forget something or didn't see something?

Hi Peter,

Let's take the following diagram as an example:

----(blocked_port)---SW1---(primary_port)-----DWDM-----DWDM-----SW2

Let's say the RX path between DWDMs went down. TX is still up. What's the direction for EAPS PDUs? TX through primary_port till SW2.

That flow for control_vlan will still be OK and Master node won't converge. Since blocked port is still in place, the Master node won't have data communication (expect for control_vlan) with other switches.

CFM is bi-directional and EAPS PDUs is unidirectional.

That's one situation that CFM is recommended.

PS: Even that DWDM could take all the path down, there could be some other situations similar to that one where CFM might be necessary.

Hope it helps.
Userlevel 7
On the platforms with hardware accelerated CFM (e.g. X460) you can use a much faster rate for the CCMs.

Reply