Juniper Docs
Juniper Docs
Juniper Docs
A
SH
Junos Service Provider Switching
T
NO
14.a
DO
—
Student Guide
Volume 2
LY
ON
E
US
408-745-2000
www.juniper.net
A
marks are the property of their respective owners.
Junos Service Provider Switching Student Guide, Revision 14.a
Copyright © 2015, Juniper Networks, Inc.
SH
All rights reserved. Printed in USA.
Revision History:
Revision 10.a—May 2010
Revision 11.a—December 2011
Revision 12.a—May 2013
T
Revision 12.b—June 2015
The information in this document is current as of the date listed above.
NO
The information in this document has been carefully verified and is believed to be accurate for software Release 14.2R3.8. Juniper Networks assumes no responsibilities for
any inaccuracies that may appear in this document. In no event will Juniper Networks be liable for direct, indirect, special, exemplary, incidental or consequential damages
resulting from any defect or omission in this document, even if advised of the possibility of such damages.
DO
Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
YEAR 2000 NOTICE
Juniper Networks hardware and software products do not suffer from Year 2000 problems and hence are Year 2000 compliant. The Junos operating system has no known
time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
—
SOFTWARE LICENSE
The terms and conditions for using Juniper Networks software are described in the software license provided with the software, or to the extent applicable, in an agreement
executed between you and Juniper Networks, or Juniper Networks agent. By using Juniper Networks software, you indicate that you understand and agree to be bound by its
license terms and conditions. Generally speaking, the software license restricts the manner in which you are permitted to use the Juniper Networks software, may contain
prohibitions against certain uses, and may state conditions under which the license is automatically terminated. You should consult the software license for further details.
LY
ON
E
US
AL
RN
TE
IN
Contents
RE
Chapter 5: Spanning-Tree Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1
A
Spanning-Tree Protocols Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3
Overview of RSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9
SH
Overview of MSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-21
Overview of VSTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-29
Configuring and Monitoring Spanning-Tree Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-34
Understanding BPDU, Loop, and Root Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-46
MSTP Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-59
T
NO
Chapter 6: Ethernet OAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1
OAM Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3
LFM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-10
CFM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-17
Configuring and Monitoring Ethernet OAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-28
DO
Ethernet OAM Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-44
iv • Contents www.juniper.net
Course Overview
RE
This two-day course is designed to provide students with intermediate switching knowledge and configuration examples.
The course includes an overview of switching concepts such as LANs, Layer 2 address learning, bridging, virtual LANs
(VLANs), provider bridging, VLAN translation, spanning-tree protocols, and Ethernet Operation, Administration, and
A
Maintenance (OAM). This course also covers Junos operating system-specific implementations of integrated routing and
bridging (IRB) interfaces, routing instances, virtual switches, load balancing, and port mirroring. Furthermore, this course
SH
covers the basics of Multiple VLAN Registration Protocol (MVRP), link aggregation groups (LAG), and multichassis LAG
(MC-LAG). This course is based on the Junos OS Release 14.2R3.8.
Through demonstrations and hands-on labs, students will gain experience in configuring and monitoring the Junos OS
and in device operations.
T
Objectives
NO
After successfully completing this course, you should be able to:
• Describe carrier Ethernet.
• Describe the different Ethernet standards organizations.
• Describe the Layer 2 services that are available on the MX Series 3D Ethernet Universal Edge Routers.
DO
• Describe the function of an Ethernet LAN.
• Describe learning and forwarding in a bridging environment.
• Describe Ethernet frame filtering.
• Implement VLAN tagging. —
• Describe and implement MVRP.
• Implement IRB.
LY
• Describe the different Institute of Electrical and Electronics Engineers (IEEE) VLAN stacking models.
US
• Describe the basic operation of the STP, the Rapid Spanning Tree Protocol (RSTP), the Multiple Spanning
Tree Protocol (MSTP), and the VLAN Spanning Tree Protocol (VSTP)
• Configure and monitor the STP, the RSTP, the MSTP, and the VSTP.
RN
• Explain the purpose of bridge protocol data unit (BPDU), loop, and root protection.
• Explain typical OAM features.
• Describe the basic operation of link fault management (LFM).
TE
RE
• Configure and monitor a LAG and MC-LAGs.
• Describe the basic functionality of MX Series Virtual Chassis.
• Describe a basic troubleshooting method.
A
• List common issues that disrupt network operations.
SH
• Identify tools used in network troubleshooting.
• Use available tools to resolve network issues.
Intended Audience
This course benefits individuals responsible for configuring and monitoring devices running the Junos OS.
T
Course Level
NO
Junos Service Provider Switching is an intermediate-level course.
Prerequisites
Students should have basic networking knowledge and an understanding of the Open Systems Interconnection (OSI)
model and the TCP/IP protocol suite. Students should also attend the Introduction to the Junos Operating System (IJOS)
DO
and Junos Routing Essentials (JRE) courses prior to attending this class.
—
LY
ON
E
US
AL
RN
TE
IN
RE
Day 1
Chapter 1: Course Introduction
A
Chapter 2: Ethernet Switching and Virtual LANs
SH
Ethernet Switching and VLANs Lab
Chapter 3: Virtual Switches
Virtual Switches Lab
Chapter 4: Provider Bridging
T
Provider Bridging Lab
NO
Day 2
Chapter 5: Spanning-Tree Protocols
MSTP Lab
Chapter 6: Ethernet OAM
DO
Ethernet OAM Lab
Chapter 7: High Availability and Network Optimization
High Availability and Network Optimization Lab
Chapter 8: Troubleshooting and Monitoring
—
Troubleshooting and Monitoring Lab
LY
ON
E
US
AL
RN
TE
IN
RE
CLI and GUI Text
Frequently throughout this course, we refer to text that appears in a command-line interface (CLI) or a graphical user
A
interface (GUI). To make the language of these documents easier to read, we distinguish GUI and CLI text from chapter
text according to the following table.
SH
Style Description Usage Example
Franklin Gothic Normal text. Most of what you read in the Lab Guide
and Student Guide.
T
Courier New Console text:
commit complete
• Screen captures
NO
• Noncommand-related Exiting configuration mode
syntax
GUI text elements:
Select File > Open, and then click
• Menu names Configuration.conf in the
DO
Filename text box.
• Text field entry
CLI Input Text that you must enter. lab@San_Jose> show route
GUI Input Select File > Save, and type
config.ini in the Filename field.
E
Finally, this course distinguishes between regular text and syntax variables, and it also distinguishes between syntax
variables where the value is already assigned (defined variables) and syntax variables where you must assign the value
(undefined variables). Note that these styles can be combined with the input style as well.
AL
CLI Undefined Text where the variable’s value is Type set policy policy-name.
the user’s discretion or text where
ping 10.0.x.y
the variable’s value as shown in
GUI Undefined the lab guide might differ from the Select File > Save, and type
TE
RE
Education Services Offerings
You can obtain information on the latest Education Services offerings, course dates, and class locations from the World
A
Wide Web by pointing your Web browser to: http://www.juniper.net/training/education/.
About This Publication
SH
The Junos Service Provider Switching Student Guide was developed and tested using software Release 14.2R3.8.
Previous and later versions of software might behave differently so you should always consult the documentation and
release notes for the version of code you are running before reporting errors.
This document is written and maintained by the Juniper Networks Education Services development team. Please send
T
questions and suggestions for improvement to [email protected].
NO
Technical Publications
You can print technical manuals and release notes directly from the Internet in a variety of formats:
• Go to http://www.juniper.net/techpubs/.
• Locate the specific software or hardware release and title you need, and choose the format in which you
DO
want to view or print the document.
Documentation sets and CDs are available through your local Juniper Networks sales office or account representative.
Juniper Networks Support
For technical support, contact Juniper Networks at http://www.juniper.net/customers/support/, or at 1-888-314-JTAC
—
(within the United States) or 408-745-2121 (from outside the United States).
LY
ON
E
US
AL
RN
TE
IN
T
NO
Chapter 5: Spanning-Tree Protocols
DO
—
LY
ON
E
US
AL
RN
TE
IN
Junos Service Provider Switching
A RE
SH
T
NO
DO
—
LY
ON
We Will Discuss:
• The purpose of spanning-tree protocols;
E
• The basic operation of the Spanning Tree Protocol (STP), the Rapid Spanning Tree Protocol (RSTP), the Multiple
Spanning Tree Protocol (MSTP), and the virtual LAN (VLAN) Spanning Tree Protocol (VSTP);
US
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
and unstable bridge tables. The different kinds of Spanning Tree protocols enable a single loop-free path that is
automatically adjusted if there are topology changes in the Layer 2 network.
US
problem is the slow convergence of STP for today’s high-availability networks. It might take up to 50 seconds before the
network converges after a topology change. The second problem is that all topology changes result in MAC address being
removed from the bridge tables, resulting in excessive flooding. The third problem is that STP only creates a single tree for all
VLANs in the Layer 2 network. This means that redundant links are not being utilized which is not very desirable.
RN
Rapid Spanning Tree Protocol (RSTP) is designed to solve the first two problems of the original STP. RSTP converges a lot
faster in most situations and it also limits which topology changes trigger the MAC addresses to be removed from the bridge
table. However RSTP still only creates a single tree for all VLANs and therefore does not solve the non-use of the redundant
links.
TE
Multiple Spanning Tree Protocol (MSTP) and VLAN Spanning Tree Protocol (VSTP) can both use the improvements of RSTP. In
addition they can create multiple trees so that load-balancing of traffic across all links can be accomplished. MSTP typically
limits the amount of trees created as you can map multiple VLANs to one of the trees. VSTP on the other hand creates one
IN
A RE
SH
T
NO
DO
—
LY
ON
Once the root bridge is determined, each nonroot switch determines the least-cost path from itself to the root bridge. The
US
port associated with the least-cost path, referred to as the root path cost, becomes the root port for the switch. Every port on
a switch has a configurable port cost associated with it. A nonroot switch receives periodic STP BPDUs—described on next
slide—that contain a root path cost as determined by the neighboring switch. The local switch adds the received root path
cost to each of the port costs for its interfaces. Whichever interface is associated with the lowest value (root path cost + port
cost) becomes the root port for the switch.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
the port connecting this switch to the network segment becomes the designated port for the LAN segment. If equal-cost
paths to the root bridge exist between two or more switches for a given LAN segment, the bridge ID acts as a tiebreaker. If
US
the bridge ID is used to help determine the designated bridge, the lowest bridge ID is selected. If two equal-cost paths exist
between two ports on a single switch, then port ID acts as the tiebreaker (lower is preferable). The designated port transmits
BPDUs on the segment.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Exchange of BPDUs
Switches participating in a switched network running STP exchange BPDUs with each other. Through the exchanged BPDUs,
neighboring switches become familiar with each other and learn the information necessary to select a root bridge. Each
E
bridge creates its own configuration BPDUs based upon the BPDUs that it receives from neighboring routers. Non-STP
bridges simply flood BPDUs as they would any multicast Ethernet frame.
US
determine the root bridge. If the priority value of one switch is lower than the priority value of all other switches, that switch is
elected as the root bridge. If the priority values are equal for multiple switches, STP evaluates the system MAC addresses of
the remaining switches and elects the switch with the lowest MAC address as the root bridge.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
All switch ports belonging to the root bridge assume the designated port role and forwarding state. Each nonroot switch
US
determines a root port, which is the port closest to the root bridge, based on its least-cost path calculation to the root bridge.
Each interface has an associated cost that is based on the configured speed. An interface operating at 10 Mbps assumes a
cost of 2,000,000, an interface operating at 100 Mbps assumes a cost of 200,000, an interface operating at 1 Gbps
assumes a cost of 20,000, and an interface operating at 10 Gbps assumes a cost of 2000. If a switch has two equal-cost
paths to the root bridge, the switch port with the lower port ID is selected as the root port. The root port for each nonroot
AL
the port with the lowest ID participating on that LAN segment is selected as the designated port. All designated ports
assume the forwarding state. All ports not selected as a root port or as a designated port assume the blocking state. While in
blocked state, the ports do not send any BPDUs. However, they listen for BPDUs.
Once each switch determines the role and state for its ports, the tree is considered fully converged. The convergence delay
TE
can take up to 50 seconds when the default forwarding delay (15 seconds) and max age timer (20 seconds) values are in
effect. The formula to calculate the convergence delay for STP is 2x the forwarding delay + the maximum age. In the example
shown on the slide, all traffic passing between Host A and Host B transits the root bridge (Switch-1).
IN
A RE
SH
T
NO
DO
—
LY
ON
Overview of RSTP
The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
RSTP Defined
RSTP was originally defined in the IEEE 802.1w draft and was later incorporated into the IEEE 802.1D-2004 specification.
RSTP introduces a number of improvements to STP while performing the same basic function.
E
RSTP provides better reconvergence time than the original STP. RSTP identifies certain links as point-to-point. When a
point-to-point link fails, the alternate link can transition to the forwarding state without waiting for any protocol timers to
expire. RSTP provides fast network convergence when a topology change occurs and it greatly decreases the state transition
time compared to STP. To aid in the improved convergence, RSTP uses additional features and functionality, such as edge
AL
port definitions and rapid direct and indirect link failure detection and recovery. We examine these features in more detail
later in this content.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
and is placed in the forwarding state. Alternate ports are placed in the discarding state but receive superior BPDUs from
neighboring switches. Alternate ports are found on switches participating in a shared LAN segment for which they are not
US
unable to perform its role, one of the backup ports assumes the designated port role upon successful negotiation and it is
placed in the forwarding state.
Backup ports are placed in the discarding state. While in the discarding state, backup ports receive superior BPDUs from the
designated port.
RN
A RE
SH
T
NO
DO
—
LY
ON
forwarding and learning, is placed in the discarding state. Ports that are actively learning but not currently forwarding are in
the learning state, whereas ports that are both learning and forwarding frames simultaneously are in the forwarding state.
US
As the slide indicates, only those ports selected as root ports and designated ports use the forwarding state.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
RST BPDUs
As previously mentioned, STP uses BPDUs to do the following:
E
Elect a root bridge identify root ports for each switch, identify designated ports for each physical LAN segment, prune specific
redundant links to create a loop-free tree topology, and report and acknowledge topology changes. RSTP configuration
US
BPDUs also function as keepalives. All RSTP bridges send configuration BPDUs every 2 seconds by default. You can alter this
value, if necessary.
By monitoring neighboring switches through the use of BPDUs, RSTP can detect failures of network components much more
quickly than STP can. If a neighboring bridge receives no BPDU within three times the hello interval, it assumes connectivity
is faulty and updates the tree. By default, it detects failures within 6 seconds when using RSTP, whereas it might take up to
AL
forwarding state without waiting for the timer to expire. Switch ports operating in half-duplex mode are considered to be
shared (or LAN) links and must wait for the timer to expire before transitioning to the forwarding state.
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
format to the STP configuration BPDUs. RSTP devices detect the type of BPDU by looking at the protocol version and BPDU
type fields. The BPDUs contain several new flags, as shown on the slide. The following is a brief description of the flags:
US
• Forwarding and Learning: These flags are used to advertise the state of the sending port;
• Port Role: This flag specifies the role of the sending port: 0 = Unknown, 1 = Alternate or Backup, 2 = Root, and
3= Designated; and
RN
• Topology Change: RSTP uses configuration BPDUs with this bit set to notify other switches that the topology has
changed.
RST BPDUs contain a Version 1 Length field that is always set to 0x0000. This field allows for future extensions to RSTP.
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
4-bit priority field and a 12-bit Extended System ID field. RSTP allows for the configuration of both values. MSTP
automatically populates the extended system ID field with a VLAN ID.
US
Although priority and extended system ID are configured separately, RSTP evaluates a bridge’s priority for the root and
AL
designated bridge election process by concatenating the two fields together into a single value. That is, it continues to be a
16-bit field during the election process.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
allows two times the forwarding delay (15 seconds by default) for this transition to occur.
US
automatically assumes the role of an edge port. When a switch receives configuration messages on a switch port that is
configured to be an edge port, it immediately changes the port to a normal spanning-tree port (nonedge port).
Nonedge-designated ports transition to the forwarding state only after receipt of an explicit agreement from the attached
switch.
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Topology Changes
When using STP, state transitions on any participating switch port cause a topology change to occur. RSTP reduces the
number of topology changes and improves overall stability within the network by generating TCNs only when nonedge ports
E
transition to the forwarding state. Nonedge ports are typically defined as ports that interconnect switches. Edge ports are
typically defined as ports that connect a switch to end stations.
US
RSTP also provides improved network stability because it does not generate a TCN when a port transitions to the discarding
state. With RSTP, TCNs are not generated when a port is administratively disabled, excluded from the active topology through
configuration, or dynamically excluded from forwarding and learning.
When a TCN is necessary and is generated, the initiating device floods all designated ports as well as the root port. Unlike
AL
traditional STP, neighboring switches that are not in the path of the initiator to the root bridge do not need to wait for this
information from the root bridge. As the changes propagate throughout the network, the switches flush the majority of the
MAC addresses located in their MAC address forwarding tables. The individual switches do not, however, flush MAC
addresses learned from their locally configured edge ports.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
Interoperability Considerations
Switches configured for STP and RSTP interoperate with one another. However, you should keep a few basic considerations
in mind. If a switch supports only STP and interconnects with a switch running RSTP, it discards the RSTP BPDUs. The
E
RSTP-capable switch, upon receiving STP BPDUs, reverts to STP mode, thus allowing interoperability between the two
devices.
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Overview of MSTP
The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
MSTP Defined
MSTP was originally defined in the IEEE 802.1s draft and later incorporated into the IEEE 802.1Q-2003 specification.
E
Although RSTP provides faster convergence than STP, it still does not make good use of all available paths within a
redundant Layer 2 network. With RSTP, all traffic from all VLANs follows the same path as determined by the spanning tree;
therefore, redundant paths are not utilized. MSTP overcomes this limitation through the use of multiple spanning-tree
instances (MSTIs). Each MSTI creates a separate topology tree and you can administratively map it to one or more VLANs.
Allowing users to administratively map VLANs to MSTIs facilitates better load sharing across redundant links within a Layer 2
AL
switching environment.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
parameters.
US
Each MST region supports up to 64 MSTIs. MSTP greatly reduces the number of BPDUs on a LAN by including the spanning
tree information for all MSTIs in a single BPDU. MSTP encodes region information after the standard RSTP BPDU along with
individual MSTI messages. The MSTI configuration messages convey spanning tree information for each instance.
MSTP elects a regional root bridge for each MSTI. The regional root bridge is elected based on the configured bridge priority
and calculates the spanning tree within its designated instance.
AL
RSTP BPDUs. This behavior facilitates full compatibility between devices running MSTP and devices running STP or RSTP. All
RSTP switches outside of an MST region view the MST region as a single RSTP switch. The common spanning tree (CST),
which interconnects all MST regions as well as STP devices not bound to a particular region, facilitates end-to-end paths
within an MSTP environment.
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
on the slide, bridges outside of the MST region treat each MST region as a virtual bridge, regardless of the actual number of
devices participating in each MST region.
US
The common and internal spanning tree (CIST) is a single topology that connects all switches (RSTP and MSTP devices)
through an active topology. The CIST includes a single spanning tree as calculated by RSTP together with the logical
continuation of connectivity through MST regions. MSTP calculates the CIST and the CIST ensures connectivity between LANs
and devices within a bridged network.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
MSTI regions or standalone RSTP speakers), these fields are a representation of the virtual bridge that is an individual MSTP
region. This information is used to build the CST.
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
switch to participate in a region’s internal spanning tree and use the information in this portion of the BPDU, it must be
configured with the same configuration ID. Therefore, all switches in the same region must be configured with the same
US
configuration ID. This approach to configuration ensures that when MSTP switches outside of the local MSTP region receive
MSTP BPDUs, those switches will evaluate only the CST-related information (previous slide). Once the internal spanning tree
is built, by default, all traffic on all VLANs will follow it.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
paths (64 paths are possible for each region), you must configure MSTIs as part of the router MSTI configuration. The
information carried in the MSTI configuration messages allows each switch to elect root bridges, root ports, designated
US
ports, designated bridges, and so forth for each MSTI. Each MSTI will have one or more VLANs associated with them. One
VLAN cannot be in more than one MSTI. Notice that the MSTI messages do not carry VLAN ID information. The VLAN-to-MSTI
mappings are configured locally on each switch and each switch configuration should use the same mappings.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Overview of VSTP
The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
VSTP
VSTP allows for spanning trees to be calculated for each VLAN. VSTP supports up to 4094 separate paths through the
network. VSTP is a nonstandard protocol, yet it is compatible with Cisco’s Per-VLAN Spanning Tree Plus (PVST+) and Rapid
E
Per-VLAN Spanning Tree Plus (Rapid-PVST+) protocols. As you add more VLANs to the network, more CPU resources are
consumed on the device. For example, imagine a network that is configured for 4000 VLANs. If VSTP is in use, each switch
US
must participate in the election of 4000 root bridges, 4000 root ports, and so forth.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
ARE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
Configuring STP
The slide shows some STP configuration options along with a basic STP configuration. MX Series devices use a version of
STP based on IEEE 802.1D-2004, with a forced protocol version of 0, running RSTP in STP mode. Because of this
E
implementation, you can define RSTP configuration options, such as hello-time, under the [edit protocols rstp]
configuration hierarchy. To specify running RSTP in STP mode, you simply need to specify force-version stp.
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Configuring RSTP
The sample RSTP configuration provided on the slide shows the typical configuration structure along with various settings.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
Configuring MSTP
The sample MSTP configuration provided on the slide shows the typical configuration structure along with various settings.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
Configuring VSTP
The sample VSTP configuration provided on the slide shows the typical configuration structure along with various settings.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
switch for connecting multiple end devices can also generate BPDUs. If these BPDUs are picked up by STP, RSTP, or MSTP
applications running on the switch, they can trigger spanning-tree miscalculations, which in turn could cause loops, leading
US
to network outages.
BPDUs, the switch disables the interface and stops forwarding frames by transitioning to a blocking state.
You can configure BPDU protection on a switch with a spanning tree as well as on a switch that is not running STP.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
ge-1/3/7, respectively. You have configured Switch A, Switch B, and Switch C to use STP. You should configure BPDU
protection on Switch C access ports. The slide illustrates the required configuration. When BPDU-protected interfaces
US
receive BPDUs, the interfaces transition to a blocking state and stop forwarding frames.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
and ge-1/3/7, respectively. Switch C is not configured to participate in STP. However, you should protect its access ports—
ge-1/3/6 and ge-1/3/7. The slide illustrates the required configuration. When BPDU-protected interfaces receive BPDUs, the
US
A RE
SH
T
NO
DO
—
LY
ON
running STP, you should observe the interfaces using the show l2-learning interface operational mode command.
US
These commands provide the information on the state and role changes on the protected interfaces. For example, if the PCs
send BPDUs and the protected interfaces receive them, the interfaces transition to the DIS role. The BPDU inconsistent
state changes the interface state to blocking (BLK), preventing it from forwarding traffic.
To unblock the interfaces, you must use the clear error bpdu interface operational mode command.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
state. Instead, it transitions the interface to a loop-inconsistent state. The interface recovers and then it transitions back to
the spanning-tree blocking state when it receives a BPDU.
We recommend that if you enable loop protection, you should enable it on all switch interfaces that have a chance of
becoming root or designated ports. Loop protection is most effective when it is enabled on all switches within a network.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Switch C; therefore, the traffic forwards through Switch A from Switch C. BPDUs are traveling from the root bridge on Switch
A to both its interfaces. Switch C, during normal operation, receives BPDUs from Switch B. In the example on the slide,
US
assume that a hardware problem exists on Switch B’s ge-1/0/1 interface such that both Switch B and Switch C believe the
interface is up, but Switch C cannot receive BPDUs from Switch B. Without loop protection, Switch C might place its ge-1/0/
0 interface into the forwarding state, causing a loop. The slide illustrates the required configuration, and shows how to
configure loop protection on interface ge-1/0/0 to prevent it from transitioning from a blocking state to a forwarding state
and causing a loop in the spanning-tree topology.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Once BPDUs stop arriving at the protected interface, the loop protection is triggered on that interface. You can use the show
spanning-tree interface command to observe the state of the interface. This command displays the
loop-inconsistent state for the protected interface, which prevents the interface from transitioning to the forwarding state.
The interface recovers and transitions back to its original state when it receives BPDUs.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
When root protection is enabled on an interface, it is enabled for all the STP instances on that interface. The interface is
blocked only for instances for which it receives superior BPDUs. Otherwise, it participates in the spanning-tree topology.
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Interface ge-1/0/0 of Switch C is configured with root protection. If Switch D sends superior BPDUs, they trigger root
US
protection on interface ge-1/0/0, blocking it. The slide illustrates the required configuration.
You can configure an interface for either loop protection or root protection, but not both.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Once you configure root protection on an interface and that interface starts receiving superior BPDUs, root protection is
triggered. You can use the show spanning-tree interface command to observe the state of the impacted interface.
This command displays the loop-inconsistent state for the protected interface, which prevents the interface from becoming a
candidate for the root port. When the root bridge no longer receives superior BPDUs from the interface, the interface
recovers and transitions back to a forwarding state. Recovery is automatic.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
We Discussed:
• The purpose of spanning-tree protocols;
E
A RE
SH
T
NO
DO
—
LY
ON
Review Questions
1.
E
2.
US
3.
AL
4.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
MSTP Lab
The slide provides the objective for this lab.
E
US
AL
RN
TE
IN
RE
1.
STP is a simple Layer 2 protocol that prevents loops and calculates the best path through a switched network that contains redundant
paths. STP automatically rebuilds the tree when a topology change occurs.
A
2.
Blocking drops all data packets and receives BPDUs. Listening drops all data packets and listens to BPDUs. Learning does not forward
SH
data traffic but builds the MAC address table. Forwarding forwards all data traffic and transmits and receives BPDUs. Disabled does not
participate in STP (administratively disabled).
3.
The basic steps involved in building a spanning tree are that switches exchange BPDUs, each individual bridge elects a single root
T
bridge based on the received BPDUs, and the bridges determine the role and state of individual ports, at which time the tree is
considered fully converged.
NO
4.
RSTP improves link-convergence time significantly over STP. MSTP supports up to 64 regions and allows load balancing over
redundant links—STP and RSTP do not. VSTP allows for per-VLAN spanning trees.
DO
—
LY
ON
E
US
AL
RN
TE
IN
T
NO
Chapter 6: Ethernet OAM
DO
—
LY
ON
E
US
AL
RN
TE
IN
Junos Service Provider Switching
ARE
SH
T
NO
DO
—
LY
ON
We Will Discuss:
• Typical Operation, Administration, and Maintenance (OAM) features;
E
A RE
SH
T
NO
DO
—
LY
ON
OAM Overview
The slide lists the topics we will discuss. We discuss the highlighted topic first.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
network operators determine the location of faulty conditions, measure the performance of the network, and allow for
diagnosis testing. One key to Ethernet’s success in becoming carrier-class is support for OAM features.
US
OAM Measurements
A device supporting OAM should determine the following measurements:
AL
• Availability: The ratio of uptime over total time the measure takes;
• Frame delay: The time required to transmit a frame from one device to another;
• Frame delay variation: The variation in frame delay measurements between consecutive test frames; and
RN
A RE
SH
T
NO
DO
—
LY
ON
standards to allow for Ethernet OAM. IEEE 802.3-2008, clause 57, defines a method of OAM to monitor link performance,
detect faults, and perform loopback testing over a single link. It is usually used on the customer’s access link to the provider.
US
The standard is referred to as Ethernet in the First Mile OAM (EFM OAM). The IEEE 802.1ag standard specifies the
requirements to detect faults along an end-to-end path of an Ethernet network using CFM. CFM provides for fault monitoring,
path discovery, fault isolation, and frame delay measurement (ITU-T Y.1731). The MEF 17 technical specification defines the
requirements that must be satisfied by both an equipment vendor and service provider in the area of fault management,
performance monitoring, autodiscovery, and intraprovider and interprovider service OAM.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
OAM Basics
In general, OAM has the main purpose of detecting network defects. A defect is a network function that is not working as
expected. If a defect continues to occur over time, a device considers the recurring defect a failure. The device signals the
E
failure as an alarm. An alarm is a notification that alerts a human and potentially other devices that something has gone
wrong in the network.
US
reachable along the path of the CC message. If for some reason a failure occurs that prevents the CC messages from being
delivered, the remote device might consider that network path down and generate an alarm.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Indications
Another feature of OAM protocols is the use of indicators to signal failures in the network. The diagram on the slide shows
several devices that are interconnected by some network media (SONET for example). The diagram also shows that the
E
network media has a transmit path and a receive path. The example shows that a failure has occurred on Node B’s transmit
path and Node C’s receive path on the link between Node B and Node C. OAM capabilities allow the devices in the data path
US
to indicate that a failure has occurred. Node C uses an alarm indication signal (AIS) and Forward Defect Indicators (FDIs) to
inform downstream devices (Node D) that a failure has occurred along the upstream path. Once Node D receives the AIS and
FDI messages, it might send a Backward Defect Indicator (BDI) along its transmit path to inform nodes in the reverse
direction of the failure (Node A and Node B) that a problem exists downstream from those devices.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Loopback Messages
Loopback messages are a feature of OAM that help an administrator to find faults in the network. Two types of loopback
messages exist and both types are initiated by an administrator of a device. Non-intrusive loopback messages (like ping for
E
IP) allow an administrator to direct a device to send a loopback message downstream to another device with the expectation
that the device will respond with a loopback response message. If the response is not received, the administrator might
US
need to perform further testing. Another type of loopback message is an intrusive type. This type of message also is initiated
by the administrator of a device, but it signals a downstream device to place a loop on its interface. Usually, when the remote
device’s interface is in a loop, it cannot pass normal traffic. Instead of receiving any traffic arriving on the receive path of the
remote device’s looped interface, the remote device loops the traffic around and sends it back out its transmit path. By
setting a loop on a remote interface, an administrator can send traffic toward the remote device, and if it returns to the
AL
initiating device, then the administrator can eliminate the data path from this list of potentially bad data paths.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Linktrace Messages
Linktrace messages are a feature of OAM that is similar to the nonintrusive loopback messages that we discussed
previously. The difference is that each device along the path of the linktrace message will identify itself by sending a
E
response to the initiator of the linktrace message. After gathering the responses from all of the devices along the path of the
message, the administrator knows the identity of all of the devices along the data path.
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
LFM
The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
LFM Capabilities
LFM is defined in IEEE 802.3, Clause 57. It specifies a method of OAM to be used on a single link. Usually, LFM is used on
user-to-network interface (UNI) links between a customer and the service provider. On the single Ethernet link, LFM can
E
provide for remote failure indication, remote loopback (intrusive), link monitoring, event notification, and OAM capability
discovery. Because LFM is used on a single link, no AIS capabilities are available.
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
LFM Clients
A switch must have LFM client capabilities to support LFM. LFM clients exchange OAM protocol data units (OAMPDUs) that
are addressed to 01-80-c2-00-00-02—a multicast MAC address. These messages are sent only across a single link and
E
never flooded. To determine whether an LFM client is on the opposite side of an Ethernet link, an LFM client goes through a
discovery process. The discovery process is where LFM clients discover their peers and determine each other’s supported
US
capabilities.
A RE
SH
T
NO
DO
—
LY
ON
OAMPDUs
Several different types of OAMPDUs exist. We discuss each over the next few slides. This slide shows the format of an
OAMPDU. The type of OAMPDU is determined by the code and the flag settings. In general, four types of OAMPDUs exist:
E
information, event notification, variable request and response, and loopback control. Except in the case of the discovery
process, the flags are used as BDIs, as described in the previous slides, which notify the remote LFM client of a failure. The
US
• Critical Event: An unspecified failure event. By configuring an action-profile (described on the following
slides), an administrator can specify which events can cause the local switch to send OAMPDUs with the critical
event bit set.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Information OAMPDUs
Information OAMPDUs serve several purposes. They are used during the discovery process to discover neighboring clients
and exchange capabilities. They also are used to perform continuity checks between clients. When the clients have no
E
information to transmit, they exchange empty information OAMPDUs on a regular, configured interval. In this case, they
provide a heartbeat between the two clients. If the peer stops receiving so many messages, it determines that a failure
US
occurred on the link between the two peers. Also, the information OAMPDU signals critical events, as described previously.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
The loopback control OAMPDU allows an LFM client to direct the remote clients to set or unset a loop on its interface.
Variable request and response OAMPDUs are not currently supported in the Junos operating system. They are used to allow
for one client to gather information about the remote clients by polling it for IEEE 802.3, clause 30 MIBs (read only).
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Reacting to Events
When an LFM client receives a critical event, it automatically places the interface in a down state (it removes routes and
causes spanning-tree recalculation). It does, however, continue to monitor the interface for LFM messages in the event that
E
For other types of events, the action an LFM client performs is configurable. To specify the action to be performed for a
particular event, you must create an action-profile and apply it to an interface. Actions you can configure are
generation of a syslog message, placement of the interface in a down state, or the sending of an OAMPDU to the remote
peers with the critical event bit set.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
CFM
The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
CFM Features
The slide lists the CFM features that an MX Series 3D Universal Edge Router supports. Other features defined in Y.1731 are
not yet supported (such as AIS).
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Maintenance Domains
CFM operates in a layered environment. As you will see on the next few slides, this layering allows end-to-end OAM
functionality without having to expose all of the details of the service provider network to the customer. Each layer of the CFM
E
network is assigned a maintenance domain ID and a level. A level can be in the range of 0 to 7. Level 5 through Level 7 are
reserved for customers, Level 3 and Level 4 are reserved for providers, and Level 0 through Level 2 are reserved for
US
operators. An operator level maintenance domain represents a subset of the provider network. Besides hiding the details of
the network from the upper-level maintenance domains, this layering allows for quicker fault detection in the network
because a fault detected in the Operator 1 maintenance domain actually eliminates the need to troubleshoot devices in the
Operator 2 maintenance domain.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Maintenance Points
A maintenance point is a port or interface on a switch. Three possible types of maintenance points might be present in a
maintenance domain. A maintenance domain has at least two maintenance endpoints (MEPs). MEPs are interfaces found at
E
the edge of the maintenance domain. A MEP forms a relationship with a single MEP or several MEPs that are in the same
maintenance domain, and level, and that protect the same Ethernet virtual circuit (EVC) (also called a maintenance
US
association). A MEP forms a relationship with a single MEP when protecting an Ethernet Line (E-Line) EVC and forms
relationships with multiple MEPs when protecting an Ethernet LAN (E-LAN) EVC. Among other things, MEPs exchange CC
messages with each other to ensure that the path between them is up and available.
Another type of maintenance point is a maintenance intermediate point (MIP). MIPs are completely optional. MIPs are used
AL
to expose some of the network at a lower maintenance domain level to an upper level. For example, consider the diagram
where MIP functionality was configured on the Level 4 MEPs. A linktrace from the customer bridge on the left side of the
diagram at Level 5 shows three hops to the customer bridge on the right side. The two MIPs that were configured at Level 4
and the final MEP at Level 5 respond to the linktrace message. MIPs respond only to CFM messages that were received from
RN
a MEP at one higher level than their own. The final type of maintenance point is a transparent point. A transparent point is
not configured for CFM messages and simply forwards them as regular data traffic.
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
MEP-to-MEP Relationship
Once a MEP is configured, it attempts to form a neighbor relationship with other MEPs that have are similarly configured. The
relationship establishes by means of the exchange of CC messages. Each MEP is configured with a MEP ID (a number). The
E
MEP ID must be unique among all MEPs in the network. Each MEP also is configured with a direction—either up or down. A
down MEP expects to find neighboring MEPs downstream. An up MEP expects to find neighboring MEPs upstream. To
US
become neighbors, two MEPs must be configured with the same maintenance domain, maintenance association, level, and
direction. This data is carried in each CFM message.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
CFM Messages
The slide shows the format of a CFM message. IEEE 802.1ag defines five types of messages, as shown on the slide. CC and
linktrace messages are sent to a multicast destination address. The same specification has reserved a set of type, length,
E
and values (TLVs) to allow for the future expansion of the CFM protocol. The ITU-T uses some of these extended TLVs to allow
for Ethernet frame delay measurement, remote defect indications, and more. Note that the last four bits of the destination
US
address represent the level of the sending MEP as well as the type of message. If y equals 0–7, then the message is a CC
message destined to the appropriate level. If y equals 8–F, then the message is a linktrace message destined for Levels 0–
7, respectively. CFM messages are also encapsulated with the virtual LAN (VLAN) tag of the EVC that is being protected.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
CC Messages
The slide shows the details of CC messages. Continuity Check protocol is used to detect connectivity failures and unintended
connectivity. Periodically, each MEP transmits a multicast continuity check message (CCM) embedded with identity of the
E
MEP and maintenance association. MEPs use CCM group destination address, 01-80-C2-00-00-3y, for the destination MAC
address in CCM frames. The maintenance domain level of the CCM is used for the “y” address bits. For example, if the
US
maintenance domain level of the CCM is 0, then the CCM destination address is 01-80-C2-00-00-30. If the maintenance
domain level of the CCM is 7, then the destination address is 01-80-C2-00-00-37. The frames are sent with sequence
numbers and multicast frames reduce bandwidth requirements in a full mesh. In addition, they allow detection of
accidentally cross-connected MEPs belonging to different service instances. The transmission rate for CCMs is configurable.
AL
As a MEP receives CCMs from other MEPs, it determines any discrepancies between the information received and waited for.
The MEP processes CCMs at maintenance domain level equal or lower than its maintenance domain level and uses the
information to update its CCM database. Continuity check function on MIPs and the MIP CCM database are optional. A MIP
processes CCM at it maintenance domain level and updates the MIP CCM database. The remote MEP considers the loss of
RN
A RE
SH
T
NO
DO
—
LY
ON
Loopback Protocol
The loopback protocol is similar to ping in IP and is used to verify and isolate connectivity faults. An administrator can trigger
a MEP to send one or more loopback messages with an arbitrary amount of data. If the MEP does not receive a valid
E
linktrace reply corresponding to the loopback message, the administrator knows a connectivity fault exists. The receiving MP
turns the loopback message, at its maintenance domain level only, into a loopback reply (LBR) back toward the originating
US
MEP. In response to a multicast loopback message frame, the receiving MP waits a random delay between zero and one
second before sending an LBR. The source address from the loopback message is used as the destination address for the
LBR. The source address of the LBR is the MAC address of the receiving MP. The receiving MP changes the opcode in the
frame from loopback message to LBR.
AL
The originating MEP keeps count of the LBRs from other MPs by incrementing in-sequence counter and out-of-sequence
counter. It correlates received LBRs with transmitted loopback messages using loopback transaction identifier in the
loopback frames. A LBR is valid if it has an expected transaction identifier and is received by the originating MEP within five
seconds after transmitting the initial loopback message.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Linktrace Protocol
The linktrace protocol is similar to the traceroute function in IP and is used to perform path discovery and fault isolation in a
network.
E
As part of the linktrace protocol, a MEP multicasts a linktrace message using a linktrace message group destination MAC
US
address, 01-80-C2-00-00-3y. The maintenance domain level of the linktrace message plus eight is used for the “y” address
bits. For example, a linktrace message at level 0 has destination address 01-80-C2-00-00-38, and a linktrace message at
level 7 has destination address 01-80-C2-00-00-3F. The destination address of the replying MP is embedded in the payload
of the linktrace message.
A MEP transmits a linktrace message over a maintenance association to neighboring MIPs, from MIP to MIP, to the
AL
terminating MP at the end of the path. Only one egress port on a bridge sends linktrace messages. The linktrace message
traverses through the bridged network until it reaches a MEP at an equal or higher maintenance domain level or a MIP at an
equal maintenance domain level. A MEP at a higher maintenance domain level discards the linktrace message. The linktrace
message at an equal maintenance domain level is sent to the linktrace responder.
RN
Each linktrace message has a linktrace message transaction identifier. Linktrace message transaction identifiers that are
transmitted inside linktrace messages are unique for a MEP for at least five seconds so that linktrace replies from slow MPs
can be matched with the corresponding linktrace messages. Using the linktrace replies collected, the originating MEP builds
the sequence of MPs traversed by the initial linktrace message. The administrator can then determine the path taken from
TE
the MEP to the destination MAC address by examining the sequence of MPs. The difference between the path taken by the
linktrace message and the expected sequence helps pinpoint the location of a fault.
IN
A RE
SH
T
NO
DO
—
LY
ON
measurement message contains a timestamp. The remote MEP then calculates the delay from the time the frame was sent
to the time it arrived. For the measurement to be accurate, both devices must have their clocks synchronized. A two-way test
US
does not require the two devices to have their clocks synchronized. The slide shows the details of a two-way frame delay test.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
LFM Settings
The slide shows some of the typical LFM configuration settings.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Action Profile
An action profile allows you to configure how the switch should react to certain events. You configure a profile for the
following events:
E
1. link-adjacency-loss: Occurs when CC messages are no longer being received from the remote peer.
US
2. link-event-rate: Allows you to specify a rate of receiving different types of event messages that cause an
action to take place.
3. protocol-down: Allows the MEP to monitor when maintenance associations at higher levels go down.
The slide shows the actions you can take when the events specified in the action profile occur.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
LFM Status
Use the show oam ethernet link-fault-management command to determine the status of the interfaces running
LFM. The output shows the peer’s MAC address, the state of the relationship with that peer, and the capabilities of the peer.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
output, you can see that the local interface was placed in a loop.
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
received, and looped through the network until the TTL finally expired on the Internet Control Message Protocol (ICMP)
packets.
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
to begin the neighbor discovery process and monitoring of the end-to-end EVC. The slide also shows how to apply an action
profile to a remote MEP. You cannot apply an action profile when using autodiscovery.
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Up MEP Configuration
The slide shows a typical configuration of an up MEP. To allow for an up MEP to also act as a MIP for a higher level, simply
add the mip-half-function default statement to the configuration.
E
US
AL
RN
TE
IN
RE
A
SH
T
NO
DO
—
LY
ON
Status of CFM
The slide shows all of the possible troubleshooting commands that you can use for CFM.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
CC Status
Use the show oam ethernet connectivity-fault-management interface command to determine the status
of a MEP’s relationship with a remote MEP.
E
US
AL
RN
TE
IN
RE
A
SH
T
NO
DO
—
LY
ON
CFM Loopback
The slide shows how to perform a loopback test with the ping ethernet command.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Linktrace
To perform a CFM linktrace to a remote MEP, issue the traceroute ethernet command. Note that any MIPs configured
at Level 4 also respond to the linktrace message initiated by a Level 5 MEP.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
We Discussed:
• Typical OAM features;
E
A RE
SH
T
NO
DO
—
LY
ON
Review Questions
1.
E
2.
US
3.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
RE
1.
LFM allows for setting a remote loop.
2.
A
A down MEP expects to find neighboring MEPs downstream. An up MEP expects to find neighboring MEPs upstream.
SH
3.
The MIP must be configured at one level below the MEP that initiated the linktrace message.
T
NO
DO
—
LY
ON
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
E
US
AL
RN
TE
IN
T
NO
Chapter 7: High Availability and Network Optimization
DO
—
LY
ON
E
US
AL
RN
TE
IN
Junos Service Provider Switching
A RE
SH
T
NO
DO
—
LY
ON
We Will Discuss:
• Ethernet Ring Protection (ERP);
E
• MX Virtual Chassis.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
ERP Overview
The slide lists the topics we will discuss. We discuss the highlighted topic first.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
ERP
Defined in the International Telecommunication Union Telecommunication Standardization (ITU-T) G.8032 recommendation,
ERP provides highly reliable, stable, and loop-free protection for Ethernet ring topologies. ERP is a solution for an Ethernet
E
ring where each ring node (switch) connects to two adjacent nodes, participating in the same ring, using two independent
links. The minimum number of nodes on a ring is two. Because ERP can provide sub-50 ms, loop-free protection for a ring
US
topology, it can viably replace any spanning-tree protocol on the ring. Using an Ethernet fiber ring of less the 1200 km and
less than 16 nodes, the switch completion time at the time of failure should be less than 50 ms. Copper links can also be
used, but we recommend that you use connectivity fault management (CFM) to help detect failures between nodes.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
(idle state), the RPL owner places the RPL in the blocking state, which results in a loop-free topology. If a link failure occurs
somewhere on the ring, the RPL owner places the RPL in a forwarding state until the failed link is repaired. Once the failed
US
link is repaired, the Junos operating system acts in a revertive manner, returning the RPL to the blocking state.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
RPL-Owner Node
The RPL owner controls the state of the RPL. During the idle state, it is the only node that sends periodic Ring Automatic
Protection Switching (R-APS) messages to notify the other nodes about the state of the RPL. The next few slides discuss the
E
details of the Automatic Protection Switching (APS) protocol and R-APS messages.
US
Normal Node
A normal node is any other node on the ring besides the RPL owner. It listens to and forwards R-APS messages. Also, if a
local ring link failure occurs, a normal node signals all other nodes that the failure has occurred using R-APS messages.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
APS
To coordinate the effort of protecting the Ethernet ring, each node participates in the APS. Each of the two ports on each
node must be configured for a dedicated channel—a virtual LAN (VLAN) or a bridge domain—to communicate using the APS
E
protocol. Although the APS protocol uses a single VLAN to communicate, the changes in the forwarding state of interfaces
that occur as a result of the exchange of R-APS messages affect the entire port of a node (all VLANs). ITU-T G.8032 specifies
US
the use of the CFM frame format as described in the Operation, Administration, and Maintenance (OAM) chapter of this
course. To allow differentiation between an R-APS message from a CFM message, an R-APS message uses a destination
address of 01-19-A7-00-00-01, as well as an opcode of 40.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
• Request/State (4 bits): Currently only two values are defined. A value of 0000 is used when a node wants to
US
signal that it detects no failure on the ring (No request). A value of 1011 is used when a node wants to signal
that an interface has failed (Signal Fail state).
• Reserved 1 (4 bits): This value is always 0000. This field is reserved for future use.
• RPL Blocked (1 bit): Usage for this field is shown on the slide. Only the RPL owner can signal RPL Blocked.
AL
• Status Reserved (6 bits): This value is always 000000. This field is reserved for future use.
• Node ID (6 octets): This field is a MAC address unique to the ring node.
• Reserved 2 (24 octets): This value is all zeros. This field is reserved for future use.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Idle State
When no failures occur on the Ethernet ring, all nodes are in the idle state. During the idle state, the RPL owner places the
RPL in a blocking state. Also, the RPL owner sends periodic (every 5 seconds) R-APS messages that signal no failure is
E
present on the ring (Request/State =no request), that all switches should flush their MAC tables (Do not flush = 0), and that
the RPL is currently blocked (RPL Blocked = 1). All other switches flush their MAC tables once (on the first received R-APS
US
A RE
SH
T
NO
DO
—
LY
ON
immediately to the failed link. The nodes switch from the idle state to the protection state, block the failed ports, flush their
MAC table, and signal to all the other nodes that a signal failure has occurred using R-APS messages. The R-APS messages
US
tell the other nodes that a failure has occurred (Request/State = signal fail) and that the nodes should flush their MAC tables
(Do not flush= 0). Node B and Node C continually send R-APS messages every 5 seconds until the signal failure condition
clears.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
flush their MAC tables (Do not flush = 1). Node B and Node C keep the previously failed ports in the blocked state (preventing
a loop) until they receive R-APS messages from Node A as described in the following slide.
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Node A blocks the RPL and transmits RPS messages that signal to the other nodes that no failure is present on the ring
(Request/State = no request), that the RPL has been blocked (RPL Blocked = 1), and that the other nodes should flush their
US
MAC tables (Do not flush = 0). Once they receive the R-APS messages from Node A, the other nodes flush their MAC tables
and unblock any ring ports that had been blocked. At this point, all switches will be in the idle state.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
channel between nodes. Configure ERP under [edit protocols protection-group]. The following are a few things
to note about the ERP configuration for the RPL owner:
US
• You must configure the RPL owner node specifically as the ring-protection-link-owner;
• The interfaces are interchangeable with regard to selecting them to act as the west-interface and
east-interface as long as you specify one of them as being the ring-protection-link-end; and
AL
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
ERP Status
The slide shows all of the possible commands to monitor ERP. We discuss each one on the next few slides.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
R-APS Information
The command on the slide shows the details of the R-APS messages to which the local node is currently listening or which it
is forwarding. Based on the output, you can tell that the local node (Node A) is the RPL owner because the R-APS message
E
A RE
SH
T
NO
DO
—
LY
ON
Interface Status
The command on the slide shows the state of the local node interfaces in relation to ERP. Note that the Admin State
shows that it is IFF ready. This state means that the Ethernet flow forwarding function (the control channel) is available to
E
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
ERP Statistics
The command on the slide shows the quantities of specific events that have occurred. You can reset these values to 0 by
issuing the clear protection-group ethernet-ring statistics group-name name command.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
bundle. The physical links participating in a LAG are known as member links. As illustrated on the slide, LAGs are commonly
used to aggregate trunk links between an access and aggregation switches.
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
member links within an aggregated Ethernet bundle and effectively increase the uplink bandwidth. Another advantage of
link aggregation is increased availability because the LAG is composed of multiple member links. If one member link fails,
US
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
• All RE generated packets that traverse the LAG, such as protocol control traffic, will use the lowest member link.
US
• The load-balancing hash algorithm for IP traffic uses criteria at Layer 2, Layer 3, and Layer 4. No configuration is
necessary to enable load balancing.
The load-balancing hash algorithm for non-IP traffic uses source and destination MAC addresses.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
LACP exchanges are made between actors and partners. An actor is the local interface in an LACP exchange. A partner is the
remote interface in an LACP exchange. LACP is defined in IEEE 802.3ad, Aggregation of Multiple Link Segments and was
designed to achieve the following:
• Automatic addition and deletion of individual links to the aggregate bundle without user intervention
AL
• Link monitoring to check whether both ends of the bundle are connected to the correct group
Note that the Junos OS implementation of LACP provides link monitoring but not automatic addition and deletion of links.
The LACP mode can be active or passive. If the actor and partner are both in passive mode, they do not exchange LACP
RN
packets, which results in the aggregated Ethernet links not coming up. If either the actor or partner is active, they do
exchange LACP packets. By default, when LACP is configured its mode defaults to the passive mode on aggregated Ethernet
interfaces. To initiate transmission of LACP packets and response to LACP packets, you must enable LACP active mode.
Note that LACP exchanges protocol data units (PDUs) across all member links to ensure each physical interfaces is
TE
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
(ae0) interface has been created. Note that the device-count statement determines the number of aggregated Ethernet
interfaces that the system creates. The number of supported aggregated Ethernet interface varies between platforms. For
US
}
}
[edit]
TE
A RE
SH
T
NO
DO
—
LY
ON
this LAG (also known as member links) are configured and associated with the ae0 interface. Note that these member links
must be operational for the aggregated Ethernet interface to become operational.
US
Once the illustrated configuration is activated, the aggregated Ethernet interface is up and can begin to process and forward
user traffic. Note that in this example, we used LACP. LACP must be enabled on the remote device (Switch-2) for the
aggregated Ethernet interface to come up and function properly. Given Switch-1’s configuration, Switch-2 can be configured
for LACP active or passive mode.
AL
By default, the actor and partner send LACP packets every second. You can configure the interval at which the interfaces
send LACP packets by including the periodic option at the [edit interfaces interface
aggregated-ether-options lacp] hierarchy level. The interval can be fast (every second) or slow (every 30
seconds). You can configure different periodic rates on active and passive interfaces. When you configure the active and
RN
passive interfaces at different rates, the transmitter honors the receiver's rate.
[edit interfaces ae0 aggregated-ether-options lacp]
user@Switch-1# set periodic ?
Possible completions:
TE
A RE
SH
T
NO
DO
—
LY
ON
Monitoring LAGs
This slide illustrates one method of monitoring LAGs. Using the output from the show interfaces commands, you can
determine state information along with other key information such as error conditions and statistics. The highlighted output
E
shows state information for the aggregated Ethernet and member link interfaces. You can also see LACP statistics for the
ae0 interface using the extensive option. Note that when LACP is used, you can find similar state and statistical
US
information using the show lacp interfaces and show lacp statistics commands.
If a problem related to LACP occurs, you can configure traceoptions for LACP under the
[edit protocols lacp] hierarchy:
[edit]
AL
A RE
SH
T
NO
DO
—
LY
ON
MC-LAG Overview
The slide highlights the topic we discuss next.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
The MC-LAG devices use Inter-Chassis Control Protocol (ICCP) to exchange the control information between two MC-LAG
network devices. In the diagram on the slide, CE1 is an MC-LAG client device that has two physical links in a standard LAG.
That is, configuration on CE1 is the same as with a standard LAG bundle. In fact, CE1 is not even aware of the MC-LAG
happening between PE1 and PE2. These two network devices, PE1 and PE2, use ICCP to coordinate with each other to
ensure that data traffic is forwarded properly. This type of basic MC-LAG setup provides node-level redundancy on the
AL
provider side. On the next slides, we show some more robust MC-LAG setups.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
The lower example shows a much more thorough setup. In this example, we have introduced a second customer device, CE2,
along with dual links between each of the devices. With this setup, there is no single point of failure and, as before, the
US
provider side setup is transparent to the customer side. That is, CE1 and CE2 are not aware their LAGs are connected to two
different devices.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
MC-LAG States
There are two types of states that you can configure MC-LAG to operate in: Active-Standby and Active-Active. Each state type
has its own set of benefits and drawbacks.
E
The original MC-LAG mode is Active-Standby and is supported on both Dense Port Concentrator (DPC) and Modular Port
US
Concentrator (MPC) line cards. Active-Standby mode allows only one provider edge (PE) node to be active at a time. Using
LACP, the active PE device signals to the customer edge (CE) device that its links are available to forward traffic. As you might
guess, a drawback to this method is that only half of the links in the CE’s LAG are used at any given time. However, this
method is usually easier to troubleshoot than Active-Active because traffic is not hashed across all links and no shared MAC
learning needs to take place between PE devices.
AL
The Active-Active mode is supported on MPC line cards only. In an Active-Active setup, all links between a CE and PE devices
are active and available for forwarding traffic. Because of this, traffic has the potential need to go between PE devices at
egress, so Active-Active mode requires an Inter-Chassis Link (ICL) to be configured between the two PE devices. This link is
used to share traffic between the PE devices. We demonstrate this on the next slide.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Many factors come into play when deciding which mode to use and where. A full discussion on this topic is outside the scope
US
of this course.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
a standard LAG. Note that LACP is still configured as shown previously. Do not forget to create the aggregated Ethernet (AE)
interface in the [edit chassis] stanza.
US
[edit]
user@CE1# show chassis
aggregated-devices {
ethernet {
AL
device-count 1;
}
}
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
[edit]
US
}
[edit]
user@PE2# show chassis
aggregated-devices {
RN
ethernet {
device-count 1;
}
}
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
under the [edit switch-options] hierarchy. After that is done, you configure the actual ICCP protocol between the two
PE devices. ICCP rides over the top of TCP and utilizes the underlying IGP for reachability. ICCP is very similar to BGP in that it
US
uses the concept of peers and can form peerings using either interface or loopback addresses. For the same reasons as
with BGP, loopback peerings are preferred.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
ICCP uses the redundancy group ID(s) to associate multiple chassis that perform similar redundancy functions.
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Verifying ICCP
You verify ICCP peerings using the show iccp command. You can also use the show bfd session detail command.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
participating in an MC-LAG must have a unique chassis identifier value, which is used by ICCP to identify each PE device. In
the example, PE1 has a chassis-id value of 0 while the PE2 device has a chassis-id value of 1. The mode is set, as
US
parameters set for LACP. The system-id and admin-key values are additional values required when configuring an
MC-LAG interface (and they must match).
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
is Attached. This is handled by the PE devices and ensures that traffic is sent only on the active link.
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
status-control, are the same. Note that, even in Active-Active mode, you still set one side as status-control
active and the other side as status-control standby. The reason is one chassis must be in charge of bringing up
US
the LACP connection. Rest assured that both links will be used for forwarding traffic as we show in a subsequent slide. Recall
that Active-Active mode requires the configuration of the ICL, which is discussed on the next slide.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
required by service providers who must carry mission-critical voice and video traffic on their network. Consequently, service
providers are requiring interchassis redundancy solutions that can span multiple systems that are colocated or
US
geographically dispersed.
Interchassis redundancy is a high availability feature that prevents network outages and protects routers against access link
failures, uplink failures, and wholesale chassis failures without visibly disrupting the attached subscribers or increasing the
network management burden for service providers. Network outages can cause service providers to lose revenues and
AL
require them to register formal reports with government agencies. A robust interchassis redundancy implementation
enables service providers to fulfill strict service-level agreements (SLAs) and avoid unplanned network outages to better
meet the needs of their customers.
One approach to providing interchassis redundancy is the Virtual Chassis model. In general terms, a VC configuration
RN
enables a collection of member routers to function as a single virtual router, and extends the features available on a single
router to the member routers in the VC. The interconnected member routers in a VC are managed as a single network
element that appears to the network administrator as a single chassis with additional line card slots, and to the access
network as a single system.
TE
An MX Series VC is managed by the Virtual Chassis Control Protocol (VCCP), which is a dedicated control protocol based on
IS-IS. VCCP runs on the Virtual Chassis port interfaces and is responsible for building the Virtual Chassis topology, electing
the Virtual Chassis master router, and establishing the interchassis routing table to route traffic within the Virtual Chassis.
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
processes. The master Routing Engine that resides in the VC master router becomes the global master for the VC. The first
member of the VC becomes the initial master router by default. After the VC is formed with both member routers, the Virtual
US
Chassis Control Protocol (VCCP) software runs a mastership election algorithm to elect the master router for the VC
configuration. The member router in the VC that is not designated as the master router becomes the backup router, also
known as the protocol backup. The VC backup router takes over mastership of the VC if the master router is unavailable, and
synchronizes routing and state information with the master router. The master Routing Engine that resides in the VC backup
router becomes the global backup for the VC.
AL
VC ports are special Ethernet interfaces that form a point-to-point connection between the member routers in a VC. When
you create a VC, you must configure the Virtual Chassis ports on Modular Port Concentrator/Modular Interface Card (MPC/
MIC) interfaces. You can configure a VC port on either a 1 GbE or a 10 GbE interface. However, you cannot configure a
RN
combination of 1 GbE VC ports and 10 GbE VC ports in the same VC.Juniper recommends that you configure VC ports only on
10 GbE interfaces. In addition, to minimize network disruption in the event of a router or link failure, you can configure
redundant VC ports that reside on different line cards in each member router. If two or more VC ports of the same type and
speed are configured between the same two member routers in a VC, VCCP bundles these VC port interfaces into a trunk,
reduces the routing cost accordingly, and performs traffic load balancing across all of the VC port interfaces (also referred to
TE
as VC port links) in the trunk. Again, a VC port trunk must include only VC ports of the same type and speed and up to sixteen
ports are supported per trunk.
Please note that a full discussion of VC is outside the scope of this course. Please visit the Juniper website for more
IN
comprehensive information.
A RE
SH
T
NO
DO
—
LY
ON
We Discussed:
• The fundamentals of ERP;
E
A RE
SH
T
NO
DO
—
LY
ON
Review Questions
1.
E
2.
US
3.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
RE
1.
You should use CFM with ERP for faster protection times.
2.
A
An RPL owner stops sending its own R-APS messages when it receives an R-APS message for another node that specifies signal failure.
SH
3.
The RPL owner waits until the Restore Timer has expired. The default is 5 minutes.
T
NO
DO
—
LY
ON
E
US
AL
RN
TE
IN
T
NO
Chapter 8: Troubleshooting and Monitoring
DO
—
LY
ON
E
US
AL
RN
TE
IN
Junos Service Provider Switching
A RE
SH
T
NO
DO
—
LY
ON
We Will Discuss:
• A basic troubleshooting method;
E
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
The Situation
You might have found yourself in a similar situation to the one highlighted on the slide. In these types of situations, you might
ask yourself a number of questions such as: What is broken? What has changed recently? Is there really an issue, or is it
E
These are all relevant questions and there are a number of correct ways to approach these types of situations. We discuss a
basic troubleshooting method throughout this section that can be applied to situations like the one illustrated on the slide.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
Network Management Protocol (SNMP), to monitor your network environment and even establish a baseline for that network
environment.
US
In addition to the physical components in your network, you should also have a detailed understanding of the logical
components and protocols in your environment. Without a detailed understanding your entire environment, troubleshooting
issues can be a significant challenge and you might actually end up causing more problems by troubleshooting something
that is operating as expected.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Gathering Information
Before attempting to fix a problem that might or might not exist, you should gather as much information as possible. When
gathering information it is helpful to get answers to key questions relevant to the situation. The answers to these key
E
questions should provide detailed information about the symptoms related to the issue.
US
While talking to end users can provide some valuable information, it is also important to understand what other resources
and tools you have available and use those additional resources to help gather relevant information. Ultimately it is the
information gathered that will lead you to the problem and help you identify a solution. Typically the sooner you gather the
relevant information for a given issue, the sooner you will be able to solve that issue and be able to get back to your video
game or favorite YouTube video.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
symptoms indicate that the root cause ultimately lies in the data plane. In an established operating environment, it is
extremely rare to find a fault in both planes simultaneously because of the different role that each plays.
US
The control plane is responsible for installing routes and media access control (MAC) address entries into the forwarding
table. This function relies on configuration, protocols, connection to peers and so on. The most common symptom of a
control plane problem is incorrect or missing forwarding paths at Layer 2 and Layer 3. When in doubt, it is generally
beneficial to determine whether the control plane is functioning properly before moving on to the data plane.
AL
The data plane uses the forwarding path information provided by the control plane to perform packet forwarding. The most
common symptoms of a data plane issue are physical errors, intermittent connectivity and dropped packets. Problems in the
data plane can result from faulty hardware or configuration-based issues such as firewall filters, policers, and so forth. Note
that intermittent issues and bottlenecks almost always trace back to the data plane.
RN
Understanding how symptoms relate to the various layers in a modeled structure, such as the Open Systems Interconnection
(OSI) and TCP models, and the control and data planes on MX Series devices can speed-up your troubleshooting efforts in
many cases.
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
hardware troubleshooting flowchart shown on the slide is simply to provide a set of high-level steps designed to get you
started with hardware fault analysis. Note that reasonable people might disagree on the exact ordering of the steps or the
US
particular command-line interface (CLI) commands used to help isolate a hardware failure (for example, some might prefer
the extensive option to the show interfaces command, whereas the sample chart calls out the terse and detail
options).
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
reasonable people might disagree on the exact ordering of the steps or on the particulars of the CLI commands used to help
isolate a software failure. Note that it is sometimes necessary to execute the same command multiple times over a brief
US
possible scenarios that could involve configuration errors, we do not provide the related CLI commands.
Some software issues might be related to a malfunctioning process. The slide also outlines some of the key Junos processes
used on MX Series devices. These processes are responsible for individual functions including chassis and interface control
as well as operations related to routing and switching. These process can be restarted using the CLI, but this should only be
RN
used as a last resort. Restarting a process might resolve an issue, but it makes determining the root cause very difficult.
Restarting a process can also have a cascading and adverse effect on other process that might impact the switch or even
the network as a whole.
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
configuration examples.
US
System logging (syslog) uses a UNIX syslog-style mechanism to record system-wide, high-level operations and events, such
as interfaces going up or down or users logging in to or out of the device. The Junos OS places the resulting log messages in
files stored in the /var/log directory or can send the log messages to a remote server. The primary syslog file, which is
included in all factory-default configurations, is the /var/log/messages file.
When using traceoptions, you create a trace file that is used to store decoded protocol information received or sent by the
AL
Routing Engine (RE). As shown in the configuration example on the slide, you identify the types of messages you want logged
to the trace file using traceoption flags. The Junos OS sends the tracing results to a specified file stored in the /var/log
directory or to a remote syslog server. You can enable traceoptions at various hierarchies to capture detailed information
pertaining to a specific protocol or feature.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
CPU to support the various control plane functions. As with any resource, the RE’s memory and CPU cycles might become
consumed beyond a sustainable point.
US
If the RE’s memory and CPU become overwhelmed, the stability of the system, and potentially the entire network, might be in
jeopardy. Although this is not typical, high memory and CPU utilization can impact the performance and overall operations of
the running processes and can potentially cause those processes to fail. Note that in environments that are well designed
and implemented correctly, RE CPU and memory utilization are typically maintained at a sustainable level. The utilization
AL
levels vary and are dependent on the device’s configuration and processing load.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Process Failures
The software used on today’s networking devices can be exceedingly complex. As a result, equally complex bugs that result
from unforeseen circumstances can result in a fatal error within a software process. Most of these software faults relate to
E
illegal memory operations caused by the process attempting to read or write data from a memory area outside the
boundaries allocated for that process. In some cases, faulty hardware, such as failing memory, can cause stack or register
US
corruption that leads to a fatal error in a software process. Core and log file analysis are used to determine whether
hardware errors have led to a software panic. A core file represents the set of memory locations and stack data that was in
place at the time of the fault. The core file that is generated is stored in the /var/tmp file system directory and is named in
the process-name.core-tarball.core-number.tgz format. Secondary core files might be generated in the /
var/crash/kernel directory as well depending on what process was involved in the core. You can easily verify if your
AL
device has core files stored on it by executing the show system core-dumps command from operational mode.
If your system has generated a core file, you can contact the Juniper Networks Technical Assistance Center (JTAC) support
team to assist with decoding the core file and to identify the root cause.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
• Physical: Physical issues can include, but are not limited to, faulty hardware as well as faulty cabling or fiber.
US
• Software: Software issues are often referred to as bugs and are problems in the software coding.
• Configuration: Configuration issues could be as simple as a missed virtual LAN (VLAN) tag or more complicated
like a spanning tree setting that affects the entire network.
After narrowing down the problem, you can create a plan to prove or disprove the possible cause. Each plan should include
AL
the steps to prove or disprove the possible cause and how success is defined. It is also a good idea to have a contingency
plan just in case the changes associated with a test make the situation worse. A good action plan allows you to revert back
to the previous state in a short amount of time.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
to the next test from the original starting point. This process will help keep your configuration clean and might help you avoid
any unexpected issues later on.
US
If none of your tests resolve the issue, you should return to step one and gather additional information. You might need to go
through this entire troubleshooting process multiple times before identifying the resolution to the problem. If you have
exhausted all of your local resources, you might consider working with JTAC. We discuss some key considerations when
working with JTAC on the next slides.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
located at http://www.juniper.net/cm. Alternatively, for critical issues it is recommended you call JTAC directly to open a new
case.
US
You should provide as much detail as you can about the issue and what steps have already been carried out. It is also a very
good time to attach any relevant outputs from the affected devices. By providing as much detail about the issue and
supplying the relevant outputs up front, JTAC should have a better understanding of the issue initially and be able to provide
a resolution more quickly.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
outputs that JTAC typically request. The commands used to capture the standard outputs requested by JTAC are outlined on
the slide.
US
JTAC might request that you gather the same output several times to illustrate historical values, like incrementing traffic
statistics, dropped packet counters, and incrementing errors. To help illustrate the time between each instance of a specific
command, you can use the set cli timestamp command in operational mode to generate a timestamp at the
beginning of each CLI output. A sample capture showing the generated timestamp is illustrated on the slide.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
Troubleshooting Tools
The Junos OS offers several tools that can be used when troubleshooting. We highlighted various CLI commands that can be
used to monitor system operations as well as the system logging and traceoptions features in the preceding section. We
E
A RE
SH
T
NO
DO
—
LY
ON
SNMP
The Junos OS supports Simple Network Management Protocol (SNMP) which can be used with a wide variety of network
management systems (NMSs) to collect information and establish a meaningful baseline.
E
SNMP defines a set of standards for network management including a protocol, a database structure specification, and a
US
set of data objects that facilitate communications between an SNMP agent running on a managed device (like an MX Series
device) and an NMS. SNMP can be used to monitor various parameters such as CPU utilization, memory utilization, CPU
temperature, interface throughput, and so on. SNMP gathers this system information by sending a GetRequest to the
agent device. The agent device can send a variety of different SNMP trap message to the NMS indicating that there has
been an unexpected event on the local system.
AL
You can also configure the local system to monitor the health of key components. When a threshold is exceeded, the system
reports this information using trap messages to the NMS. When configuring health-monitor on a device, you can define
the interval that the system checks the current values against thresholds. These thresholds can also be explicitly defined or
you can use the default values. A full explanation of SNMP is outside the scope of this course.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
What Is JFlow?
JFlow is the sampling service that is available on Juniper devices. The JFlow service keeps track of the packets treated by the
router on any particular interface and the details of the traffic flow, such as the source address, the destination address,
E
packets, and byte counts, are aggregated and reported using the JFlow record. The JFlow reporting and the sampling service
will not hinder the traffic forwarded and processed by the router, prior to reporting the JFlow records, the router will sample
US
the incoming traffic as such eliminating any network delay to jitter introduced on the original flows. An integral part of the
JFlow sampling solution is the JFlow collector which is situated outside of the Juniper device as a separate appliance.
JFlow v5 and v8 are the most common standards today that are supported by most collectors worldwide. Two options of
JFlow v5 and v8 reporting are available, sampling by routing engine or alternatively, by the MS-PIC or MS-DPC. Routing
AL
engine based sampling requires no additional hardware, but it poses resource implications on the routing engine.
Alternatively, using a dedicated MS-DPC or a MS-PIC allocates a separate services plane that eliminates any performance
implications. JFlow v5 and v8 records and templates are slightly different in content, mainly lacking support for IPv6 and
MPLS reporting.
RN
With the limitations of JFlow v5 and v8, JFlow v9 introduces a new template to bridge this gap. The templates are backward
compatible across the versions. With flexibly introduced, the Juniper devices must use a MS-DPC or a MS-PIC. JFlow v9 does
not support routing engine based sampling.
Unique to Juniper MX 3D Trio forwarding line cards is inline JFlow, or JFlow v10. Inline JFlow provides increased sampling
TE
capacity with limited forwarding impact. There is no need for additional hardware which transforms any MX 3D based router
into a carrier grade sampling node. Once the MX 3D router samples the traffic using the inline JFlow process, the records are
sent to the JFlow collector using the industry standard IPFIX version 10 format.
IN
A RE
SH
T
NO
DO
—
LY
ON
services] hierarchy level. From that hierarchy level, you must specify the IPFIX format as the version, name the template,
and specify a protocol family. Currently, for inline JFlow, you can specify the IPv4 family or IPv6 family in a template.
US
Additional parameters that are optional that are not shown on the slide, such as the active flow timeout and the inactive flow
timeout, can be added to the template.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
The rate statement specifies the ratio of packets to be sampled. For example, if you configure a rate of 10, 1 out of every
10 packets is sampled. Alternatively, setting the rate option to a value of 1 results in every packet in the flow being sampled.
US
The run-length statement specifies the number of matching packets to sample following the initial one-packet trigger
event. Configuring a run length greater than 0 allows you to sample packets following those already being sampled.
The max-packets-per-second statement specifies the maximum number of packets to sample in a given flow. Once a
flow reaches this limit, the sampling mechanism begins dropping packets. If you do not specify a value for the
AL
max-packet-per-second parameter, the Junos OS supplies a default value of 1000. If you specify a value of 0, the
packet forwarding engine does not sample any packets.
If you do not include the input statement, sampling is disabled.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
specify how much memory you wish to dedicate to each protocol family. We discuss how to allocate flow hash tables in the
next slide.
US
Once you have chosen which protocol families you want to sample, you must configure the flow server properties and the
local source information for the inline JFlow service. The slide depicts that the Junos OS is sending sampled packets to the
JFlow collector at the 10.10.10.100 address on port 2055. Then, the IPFIX format is in use and the sample-template is
being referenced. Finally, the Junos OS is sourcing the sampled packets from the 10.10.10.1 address. Remember that the
AL
A RE
SH
T
NO
DO
—
LY
ON
Chassis Configuration
Binding the sampling instance to the FPC is an important step. This action tells the Junos OS to use the memory contained in
the MX 3D Trio FPC for the sampling service. To bind an MX 3D Trio FPC to a sampling instance, issue the set fpc
E
If you are sampling IPv4 and IPv6 traffic on the same MX 3D Trio FPC, or only IPv6, you must allocate MX 3D Trio FPC
memory using the sampling hash tables. You can specify the sampling hash tables by issuing the set
ipv4-flow-table-size value or set ipv6-flow-table-size value commands under the [edit chassis
fpc FPC-number inline-services flow-table-size] hierarchy level. The total number of units used for both
IPv4 and IPv6 cannot exceed 15. Each unit represents 256k of MX 3D Trio FPC memory. If you are only sampling IPv4 traffic,
AL
it is not necessary to configure any values for the sampling hash table; all memory resources are dedicated to IPv4 sampling.
Note that any change in the configured size of the flow hash table initiates an automatic reboot of the MX 3D Trio FPC.
If you are configuring inline sampling for an MX80 3D router, you do not bind the sampling instance to an MX 3D Trio FPC,
you must bind the sampling instance to the TFEB. The example on the slide shows a sampling instance that is being bound
RN
to the TFEB in slot 0. On an MX80 3D router, the slot option always receives a value of 0 because there can only be one
TFEB installed in an MX80 3D router.
Continued on the next page.
TE
IN
RE
The following output displays an example of a chassis configuration in which IPv4 and IPv6 sampling is occurring. Note how
10 flow table units are designated for IPv4 traffic and 5 flow table units are designated for IPv6 traffic. This output means
that 2560k of the TFEB memory is reserved for IPv4 traffic sampling and 1280k of the FPC memory is reserved for IPv6
traffic.
A
[edit chassis]
SH
user@router# show
tfeb {
slot 0 {
sampling-instance instance-1;
inline-services {
flow-table-size {
T
ipv4-flow-table-size 10;
NO
ipv6-flow-table-size 5;
}
}
}
}
DO
Firewall Filter Configuration
You must define a firewall filter and then apply it to the relevant interfaces in which you wish to sample traffic. Note that you
must apply the firewall filter on interfaces to sample traffic as it enters the router. You cannot apply the firewall filter on
interfaces to sample traffic as the traffic leaves the router. You can use the from statement in a firewall filter term to
selectively specify traffic that you wish to sample. If you do not use the from statement in this manner, the Junos OS
—
samples all traffic for a specific protocol family that enters an interface. Finally, you must configure the then statement with
an action of sample and accept. If you do not apply the accept action to the firewall filter, the filter blocks all
nonconforming flows.
LY
ON
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
inline JFlow. The show services accounting flow inline-jflow command displays information about packets
sampled by inline JFlow.
US
A RE
SH
T
NO
DO
—
LY
ON
You can configure simultaneous use of sampling and port mirroring, and set an independent sampling rate and run-length
for port-mirrored packets. However, if a packet is selected for both sampling and port mirroring, only one action can be
performed and port mirroring takes precedence. For example, if you configure a firewall filter to sample every packet
entering an interface, and the firewall filter also selects the packet to be port mirrored to another interface, only the port
mirroring takes effect. All other packets not matching the explicit filter port mirroring criteria continue to be sampled when
AL
A RE
SH
T
NO
DO
—
LY
ON
participate in port mirroring. Next, specify the output parameters, which are specific to each configured protocol family. The
slide depicts an input rate of 1, which means every packet will be port mirrored, and the output parameters of the interface
US
that points to the analyzer and the IP address of the next hop to reach the analyzer, which typically is the analyzer itself.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
choose traffic to port mirror. Then, you must apply the firewall filter to the necessary interface. Unlike sampling, which only
allows you to sample traffic that is entering an interface, you can apply the firewall filter that is port mirroring traffic on both
US
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
This goal is achieved by decoupling the port mirroring destination from the input parameters. Then, you can configure
multiple child port mirroring instances that inherit input parameters from a parent port mirroring instance.
Inline port mirroring is only available for MX 3D platforms with Trio based line cards.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
You can begin configuring port mirroring instances under the [edit forwarding-options port-mirroring
E
instances] hierarchy level. As the slide depicts the parent instance contains input parameters, then the child instance
uses the input parameters of the parent instance. Note that the parent instance on the slide also contains output
US
parameters because you can use the parent instance to port mirror traffic. However, the output parameters for the parent
instance are optional if you do not plan to use the parent instance to port mirror traffic.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Finally, you must attach the parent instance to an MX 3D Trio FPC. The slide depicts the parent port mirroring instance
parent-1 being bound to FPC 0. This action allows the child-1 port mirroring instance to use the input parameters of
the parent-1 port mirroring instance.
Note that although it is not shown on the slide, you must still configure a static ARP entry for the analyzer, as we discussed in
AL
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
resources through the network. You and your team have recently implemented MSTP to load balance traffic from the various
user groups (VLANs). The recent change should distribute the traffic from the various user groups between two separate
US
paths in the network. One path should use DS-1 as the root bridge while the other path should use DS-2 as the root bridge.
The end users have observed no difference in performance since the configuration was changed and continue to complain
about congestion. You have been asked to investigate the situation and ensure load balancing is in effect.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
bridge for the different MSTI instances from AS-1’s perspective. As shown in the sample output on the slide that is taken
from AS-1, the root bridge for the user-defined instances is DS-2 (note that AS-1 connects to DS-2 using ge-0/0/10.0
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A quick look at the show spanning-tree mstp configuration output on AS-1 and DS-1 helps identify a potential
issue. As shown on the slide, the configuration digests on AS-1 and DS-1 do not match. Remember from the MSTP lecture
and lab that this digest must be the same across all device in the same region. The configuration digest is comprised of the
region name, revision level, and MSTI to VLAN-ID mappings. If you pay special attention to the output, you can see that there
is a VLAN member mismatch between the two devices, which might be the cause of our current problem. We verify if
AL
changing the VLAN members associated with MSTI 1 fixes the issue on the next slide.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
This slide shows the updated configuration used to test the theory identified on the last slide. Once the illustrated
E
configuration is in place on DS-1 all four switches illustrated in the diagram should participate in the same MSTP region.
Once all four switches are participating in the same MSTP region, we should see DS-1 elected as root bridge for MSTI 1
US
which services VLAN-IDs 10 through 19. We verify the results of this configuration change on the next slide.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Verify Results
Now that the four switches are configured to participate in the same MSTP region, we verify the root bridge elections for the
defined MSTIs using the show spanning-tree interface command. The sample output shown on the slide now shows that
E
AS-1 considers DS-1 as root bridge for MSTI1 (AS-1 connects to DS-1 using ge-0/0/8.0) and considers DS-2 as root bridge
for MSTI2 (AS-1 connects to DS-2 using ge-0/0/10.0). Now that DS-1 and DS-2 are functioning as root bridges for their
US
respective MSTIs, you should see end-user traffic distributed between the available paths and the complaints about
congestion should subside (at least for now).
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
We Discussed:
• A basic troubleshooting method;
E
A RE
SH
T
NO
DO
—
LY
ON
Review Questions
1.
E
2.
US
3.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
RE
1.
Issues requiring troubleshooting can typically be categorized as either hardware, software, or configuration issues.
2.
A
JFlow is a statistical sampling-based network monitoring technology that samples network packets and sends those samples to a
monitoring station, known as a collector. Once the samples are received by the collector, the network administrator can determine
SH
network behaviors and traffic patterns, and can detect anomalies in traffic flows.
3.
The port mirroring feature allows you to analyze traffic passing through an MX Series device. You can use port mirroring to monitor
traffic for such purposes as network usage policy enforcement and to identify the source of problems on your network by locating
T
abnormal or heavy bandwidth usage from particular stations or applications.
NO
DO
—
LY
ON
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
• Content Explorer: Junos OS and ScreenOS software feature information to find the right software release and
hardware platform for your network.
• Feature Explorer: Technical documentation for Junos OS-based products by product, task, and software
release, and downloadable documentation PDFs.
AL
• Learning Bytes: Concise tips and instructions on specific features and functions of Juniper technologies.
• Installation and configuration courses: Over 60 free Web-based training courses on product installation and
configuration (just choose eLearning under Delivery Modality).
RN
• J-Net Forum: Training, certification, and career topics to discuss with your peers.
• Juniper Networks Certification Program: Complete details on the certification program, including tracks, exam
details, promotions, and how to get started.
TE
• Technical courses: A complete list of instructor-led, hands-on courses and self-paced, eLearning courses.
• Translation tools: Several online translation tools to help simplify migration tasks.
IN
www.juniper.net
Junos Service Provider Switching
A RE
SH
T
NO
DO
—
LY
ON
E
US
AL
RN
TE
IN
www.juniper.net
RE
A
SH
Junos Service Provider Switching
T
NO
Appendix A: Carrier Ethernet
DO
—
LY
ON
E
US
AL
RN
TE
IN
Junos Service Provider Switching
A RE
SH
T
NO
DO
—
LY
ON
We Will Discuss:
• Carrier Ethernet; and
E
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A Metropolitan Area Network (MAN) is located within the confines of a city or town where a service provider might have a
fiber infrastructure or a cable infrastructure. A MAN provides the ability to connect customer sites that are located near each
other.
AL
A RE
SH
T
NO
DO
—
LY
ON
Service Providers
When a business decides to interconnect two or more sites that are not physically near each other, a service provider usually
provides MAN or WAN connectivity between those sites at a price. A service provider (cable company or telco) has the
E
facilities—such as the miles and miles of fiber—that are necessary to transfer data around the world. A customer of the
service provider gains access to the MAN or WAN through a local loop or access circuit that the service provider delivers to
US
each site.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
circuit that customers can order at varying speeds (DS0, T1, E1, T3, and more). As the distance between sites grows, so does
the price for the private-line service. Other options for site-to-site connectivity include Asynchronous Transfer Mode (ATM),
US
to support the new circuits. The customer will need Ethernet experts for the LAN, and, in the case of ATM WAN connectivity,
they will need ATM experts as well.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Relay networks have not been able to keep up with the demand.
US
A RE
SH
T
NO
DO
—
LY
ON
Scalability
Allowing an Ethernet WAN to scale has always posed a challenge to the service provider. For instance, for an Ethernet switch
to forward Ethernet frames it must learn the MAC address of each of the end stations on the customer network. For a service
E
provider serving thousands of customers, this need might mean that the service provider-owned switches must potentially
learn millions of MAC addresses. Also, when redundant links exist between the service provider and its customers for
US
resiliency purposes, the question arises, “How can you prevent a loop?” The spanning tree protocols of today simply cannot
scale to prevent the loops of thousands of customer sites.
Service-Level Agreements
AL
Usually when a customer purchases WAN service, service-level agreements (SLAs) are in place to ensure that the service
provider provides a good service to the customer. Common SLAs would cover frame delay and frame loss.
The ability for a service provider to provide and prove the same level of service with Ethernet that a customer could get from
ATM, Frame Relay, and private-line service needed to be developed. Ethernet was also lacking Operation, Administration,
and Maintenance (OAM) features. For example, in the case of ATM, OAM features would allow administrators to verify the
status of ATM permanent virtual circuits (PVCs). This same capability was necessary for Ethernet virtual connections (EVCs).
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
Electrical and Electronics Engineers (IEEE), and the International Telecommunication Union (ITU).
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
vendors, and testing organizations. The goal of the MEF is to accelerate the worldwide adoption of carrier Ethernet networks
and services. The MEF defines carrier Ethernet as a ubiquitous, standardized, carrier-class service defined by five attributes
US
(illustrated on the slide) that distinguish carrier Ethernet from LAN-based Ethernet. An objective of the MEF is to build a
consensus and unite service providers, equipment vendors, and customers on Ethernet service definitions, technical
specifications, and interoperability.
AL
RN
TE
IN
RE
A
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
standardized certification all but eliminates the need for expensive and complex interoperability tests.
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
MEF 9 Certification
The MEF 9 certification tests for compliance with MEF 6.1, 10, and 11. This test ensures the meeting of all requirements at
the user-to-network interface (UNI). Some of the tests include:
E
MEF 14 Certification
AL
The MEF 14 certification tests for compliance with MEF 9 and 10. This test ensures the meeting of all requirements for
traffic management. Some of the tests include:
• Frame delay service performance;
RN
RE
The MEF 18 certification tests for compliance with MEF 8. This certification ensures the meeting of all requirements for
reliable transport of time-division multiplexing (TDM) circuits. This certification includes some of the following tests:
• Encapsulation layers;
A
• Payload format; and
• Defects.
SH
MEF 21 Certification
The MEF 21 certification tests for compliance with MEF 20. This certification ensures the meeting of all requirements for UNI
Type 2 and link OAM features.
T
NO
DO
—
LY
ON
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
RE
A
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
virtual LANs (VLANs) for the UNI can traverse the EVC. A Virtual Private Line EVC is VLAN-based, such that it allows for the
mapping of individual VLANs to the EVC. This mapping allows the service provider to multiplex multiple customers using a
US
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
resides on the Ethernet Services Layer. To deliver the Ethernet services, the Transport Services Layer uses various
networking and media types. This layer includes technologies like provider backbone bridging, virtual private LAN service
US
(VPLS), and SONET. As shown on the slide, each layer of the MEF model has its own data, control, and management planes.
AL
RN
TE
IN
RE
A
SH
T
NO
DO
—
LY
ON
IEEE Standards
The slide lists some of the important IEEE Ethernet standards.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
ITU-T Recommendations
The slide shows some of the International Telecommunication Union Telecommunication Standardization (ITU-T) Ethernet
recommendations.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
We Discussed:
• Carrier Ethernet; and
E
A RE
SH
T
NO
DO
—
LY
ON
Review Questions
1.
E
2.
US
3.
AL
RN
TE
IN
RE
1.
Service providers can offer more that one service to an individual customer over a single access port with carrier Ethernet, and
enterprise customers need only hire Ethernet experts to manage the entire network.
A
2.
The three prominent Ethernet standards organizations are the MEF, the IEEE, and the ITU.
SH
3.
The IEEE Ethernet standards fall into the 802 category.
T
NO
DO
—
LY
ON
E
US
AL
RN
TE
IN
T
NO
Appendix B: Deprecated Syntaxes
DO
—
LY
ON
E
US
AL
RN
TE
IN
Junos Service Provider Switching
A RE
SH
T
NO
DO
—
LY
ON
We Will Discuss:
• The differences between “old” and “new” configuration syntaxes.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
you specify the VLAN IDs for the bridge domain determines the bridge domain’s mode of operation. The following list briefly
explains the different ways of configuring a bridge domain:
US
• Default: You do not specify a VLAN ID for the bridge domain. The bridge domain is a single learning domain. You
configure an input and output VLAN map to explicitly configure push, pop, swap, and other VLAN operations.
• None: You specify vlan-id none for the bridge domain. The bridge domain is a single learning domain. In this
case, all inbound frames have all VLAN IDs popped. All outbound frames take on the VLAN settings of the outbound
AL
interfaces.
• Single: You specify vlan-id number for the bridge domain. The bridge domain is a single learning domain. In
this case, all inbound frames have all service VLAN (S-VLAN) IDs popped. All inbound customer VLAN (C-VLAN) IDs
RN
are normalized (translated) to the VLAN ID of the bridge domain. All outbound frames take on the VLAN settings of
the outbound interface.
Continued on the next page.
TE
IN
RE
The following is a continuation of the list from the preceding page:
• Double: You specify vlan-tags outer number inner number for the bridge domain. The bridge domain is
a single learning domain. All incoming frames have their VLANs normalized (translated) to the outer and inner VLAN
ID that is specified for the bridge domain. All outbound frames take on the VLAN settings of the outbound interface.
A
• All: You specify vlan-id all for the bridge domain. The bridge domain has multiple learning domains. One
SH
learning domain exists for each C-VLAN configured on interfaces that are associated with the bridge domain. This
type of configuration always results in independent VLAN learning mode (IVL). Inbound frames retain their VLAN
tags. All outbound frames take on the VLAN settings of the outbound interface.
Most of these options listed cause a bridge domain to have a single learning domain. If the interfaces assigned to a bridge
domain are configured for a unique C-VLAN ID, then the learning mode for the bridge domain will be IVL. If the interfaces
T
assigned to a bridge domain are configured for multiple C-VLANs, then the learning mode for the bridge domain will be shared
VLAN learning mode (SVL).
NO
When using the new style of configuration, IVL is the usual mode of operation. SVL can occur only with the new style of
configuration when mixing both old style and new style configurations in a bridge domain.
DO
—
LY
ON
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Furthermore, you must place each customer in the same virtual switch. You must do it this way because only one bridge
domain is allowed in a virtual switch that uses the vlan-id all statement.
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
ID. To allow single-tagged frames to enter the customer-facing interface, you must specify the interface-mode access
statement.
US
You will see on the next few slides that each configuration method results in some combination of one of the following:
1. A bridge domain mode (IVL or SVL).
2. Customer-facing logical interface usage.
AL
one bridge domain. In addition, you can place each customer in the same virtual switch.
TE
IN
RE
A
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
Note that because of this referencing—that is, in the case of overlapping C-VLAN space—you must add each customer to its
own virtual switch.
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
We Discussed:
• The differences between “old” and “new” configuration syntaxes.
E
US
AL
RN
TE
IN
T
NO
Appendix C: MX Series Overview
DO
—
LY
ON
E
US
AL
RN
TE
IN
Junos Service Provider Switching
RE
A
SH
T
NO
DO
—
LY
ON
We Will Discuss:
• Juniper Networks MX Series 3D Universal Edge Routers.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
RE
A
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
MX104
The SDN-ready MX104 3D Universal Edge Router is a modular, highly redundant and full-featured MX Series platform built
for space and power-constrained service provider and enterprise facilities. It is designed to provide aggregation of enterprise,
E
mobile, business, and residential access services, as well as deliver edge services for metro providers.
US
The MX104 offers 80 Gbps of capacity with four fixed 10GbE ports and four Modular Interface Card (MIC) slots for flexible
network connectivity and virtualized network services. It is optimized for central office deployment, supports a redundant
control plane for high availability, and its chassis is environmentally hardened for deployment in outside cabinets and remote
terminals.
AL
RN
TE
IN
RE
A
SH
T
NO
DO
—
LY
ON
MX Series Highlights
The slide shows some of the highlights of the MX Series devices.
E
US
AL
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
A RE
SH
T
NO
DO
—
LY
ON
vMX
vMX is a true MX Series 3D Universal Edge Router that is optimized to run as software on x86 servers. It helps service
providers and enterprises quickly and economically address their requirements with carrier-class routing and a DevOps style
E
service-focus to the network. The vMX is a full-featured, carrier-grade router with complete control, forwarding and
management planes. It runs the Junos Operating System, and supports vTrio packet handling and forwarding by compiling
US
techniques (PIM, IGMP, MLD, multicast GRE). Subsequent support for BNG, LNS and Source NAT is currently being
evaluated.
vMX is offered as licensed software in 100 Mbps, 1 Gbps, and 10 Gbps increments. Please note that, as of this writing, vMX
is new and any capabilities and/or licensing is subject to change.
RN
TE
IN
A RE
SH
T
NO
DO
—
LY
ON
Layer 2 Features
The slide shows some of the Layer 2 features supported on MX Series devices.
E
US
AL
RN
TE
IN
RE
A
SH
T
NO
DO
—
LY
ON
We Discussed:
• Juniper Networks MX Series 3D Universal Edge Routers.
E
US
AL
RN
TE
IN
RE
AE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . aggregated Ethernet
A
AIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .alarm indication signal
APS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Automatic Protection Switching
SH
ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Address Resolution Protocol
ATM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Asynchronous Transfer Mode
BCB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . backbone core bridge
BDI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Backward Defect Indicator
BEB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . backbone edge bridge
T
BID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Bridge ID
BPDU. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . bridge protocol data unit
NO
B-TAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Backbone VLAN tag
BUM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . broadcast, unicast with unknown destination, and multicast
B-VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Backbone VLAN
CBP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Customer Backbone Port
CC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . continuity check
CCM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . centralized configuration management
DO
CE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . customer edge
CFI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Canonical Format Indicator
CFM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .connectivity fault management
CIST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .common and internal spanning tree
CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .command-line interface
—
CoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . class of service
CSMA/CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . carrier-sense multiple access with collision detection
CST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . common spanning tree
C-TAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .customer VLAN tag
LY
IP-IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP over IP
IRB. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .integrated routing and bridging
I-SID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Backbone Service Instance ID
I-TAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .Backbone Service Instance tag
RN
RE
MC-LAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . multichassis LAG
MEF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Metro Ethernet Forum
MEP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . maintenance association end point
MIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . maintenance association intermediate point
MISTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Multiple Instance STP
A
MPC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Modular Port Concentrator
MRP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Multiple Registration Protocol
SH
MSO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .multiple service operator
MST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . multiple spanning tree
MSTI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . multiple spanning tree instance
MSTP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Multiple Spanning Tree Protocol
MVRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Multiple VLAN Registration Protocol
T
NMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .network management system
OAM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Operation, Administration, and Maintenance
NO
OAMPDU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OAM protocol data unit
OSI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Open Systems Interconnection
PBB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . provider backbone bridge
PBN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .provider bridged network
PDU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . protocol data unit
DO
PE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . provider edge
PEB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Power and Ethernet Board
PFE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Packet Forwarding Engine
PIM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Physical Interface Module
PIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Provider Instance Port
PVC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . permanent virtual circuit
—
PVST+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Per-VLAN Spanning Tree Plus
Rapid-PVST+. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Rapid Per-VLAN Spanning Tree Plus
R-APS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ring Automatic Protection Switching
RE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Routing Engine
LY
TLV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . type/length/value
TPID. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tag Protocol Identifier
TTL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . time to live
UCA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . User Customer Address
UNI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . user-to-network interface
AL