Ethernet Automatic Protection
Switching (EAPS)
ENA 15.3: Switch Operation and Configuration
�EAPS
Student Objectives
Identify the EAPS ring elements.
Describe the EAPS domain and VLAN relationship.
Identify the control VLAN configuration rules.
Describe EAPS MAC address and flush-FDB MAC address.
Describe EAPS fault detection.
Describe EAPS fault restoration.
Identify the steps to create an EAPS ring.
Configure EAPS.
Verify the EAPS configuration and status
Slide 2
�EAPS Overview
EAPS
3
ENA 15.3: Switch Operation and Configuration
�Ethernet Automatic Protection Switching
EAPS is a simple Layer 2 loop prevention protocol designed to operate in
networks where fast failover is essential
EAPS is ideal for:
Service providers providing resilient Ethernet transport for customers
Data centers requiring an always on resilient service
Enterprise customers with a Voice Over IP infrastructure
EAPS Provides:
Sub 50 millisecond failover which is virtually undetectable by end-users
Easy to setup and understand
- Point and click provisioning from within Ridgeline
- Simple configuration steps from within the CLI
Centralized management when using Ridgeline
Predictable operation
Slide 4
�Standard Enterprise Design
Identify the network loops
Floor 2 - Edge
SummitX450e
SummitX450e
SummitX450e
SummitX450e
3rd Network Loop
Floor 1 - Edge
2nd Network Loop
SummitStack1
SummitStack2
SummitStack3
SummitStack4
Data Center Server Farm
SummitX650
Top of Rack Switch
SummitX650
Top of Rack Switch
Data Center - Core
BD8K1
Slide 5
BD8K2
1st Network Loop
�Standard Enterprise Design with EAPS
EAPS domain created for each network loop
Floor 2 - Edge
SummitX450e
SummitX450e
SummitX450e
SummitX450e
EAPS
3rd Network
Domain
Loop
#3
Floor 1 - Edge
EAPS
2nd Network
Domain
Loop
#2
SummitStack1
SummitStack2
SummitStack3
SummitStack4
Data Center Server Farm
SummitX650
Top of Rack Switch
SummitX650
Top of Rack Switch
Data Center - Core
BD8K1
Slide 6
BD8K2
EAPS
1st Network
Domain
Loop
#1
�Standard Enterprise Design with EAPS
EAPS elements added for each domain: node type, primary and secondary
ports (secondary port on the master will block)
Floor 2 - Edge
SummitX450e
SummitX450e
SummitX450e
SummitX450e
EAPS Domain #3
Floor 1 - Edge
1:1
SummitStack1
EAPS Domain #2
4:1
SummitStack2
SummitStack3
SummitStack4
Data Center Server Farm
SummitX650
Top of Rack Switch
SummitX650
Top of Rack Switch
Data Center - Core
BD8K1
Slide 7
BD8K2
EAPS Domain #1
�EAPS Domain and VLAN Relationship
Each link can carry one or more domains.
For every EAPS domain, a control VLAN needs to be created to carry
all EAPS control traffic.
An EAPS domain can contain several protected VLANs.
Slide 8
�EAPS Operation
EAPS
9
ENA 15.3: Switch Operation and Configuration
�EAPS Operation - Configuration
Each switch in the domain is configured with the following elements:
Node type
Primary & secondary ports
Control VLAN
The Master node is responsible for transmitting hello packets
Transmitted through the primary port (default setting)
Floor 1 - Edge
hello packet
EAPS Domain #2
SummitStack1
SummitStack2
SummitStack3
SummitStack4
Data Center - Core
BD8K1
Slide 10
BD8K
BD8K2
�EAPS Operation
The master node transmits hello packets within the control VLAN
every second
Defined by the EAPS domains hello timer
- Default is 1 second
- Values are from 100 milliseconds to 15 seconds
Floor 1 - Edge
chk
SummitStack1
SummitStack2
EAPS Domain #2
SummitStack3
SummitStack4
Data Center - Core
BD8K1
Slide 11
BD8K2
�EAPS Hello (Heath Check) packets
EAPS uses the Extreme Encapsulation Protocol (EEP) to transmit hello
packets
EEP packets have a source MAC address of 00 e0 2b 00 00 01
EAPS packets have a destination MAC address of 00 e0 2b 00 00 04
Each switch (node) will examine the hello packet and then forward the packet
to its neighbor switch through the ring port that did not receive the packet
EAPS packets are sent with an 802.1p value of 7 (QP8)
EAPS hello packets contain the following information:
Packet type
- Health, Link Down, Links Up (Pre-Forwarding), Flush FDB
Control VLAN ID
Originators system MAC address
Hello fail timer value
Domain state
- Complete, Failed
Hello sequence number
Slide 12
�EAPS Operation Link Failure
On detecting a link failure, the transit node transmits a links down
packet through its other ring port
The master declares the domain has failed and unblocks its
secondary port sending a flush FDB packet out both ring ports
The master continues to transmit hello packets
Floor 1 - Edge
flshchkflsh
SummitStack1
SummitStack2
dwn
SummitStack3
SummitStack4
Data Center - Core
dwn
BD8K1
Slide 13
BD8K2
EAPS Domain #2
�EAPS Operation Link Restoration
On link restoration, the transit node transmits a pre-forwarding packet
through its other ring port. The domain state is links up
The master continues to transmit hello packets and waits until it receives a
hello packet before it declares the domain complete
The master then blocks its secondary port and sends a flush FDB packet
and then continues to transmit hello packets
Floor 1 - Edge
flshchkflsh
SummitStack1
SummitStack2
pre
SummitStack3
SummitStack4
Data Center - Core
pre
BD8K1
Slide 14
BD8K2
EAPS Domain #2
�EAPS Operation Fail Timer (Send Alert)
If three hello packets fail to be received by the master, the domain
state will be as follows:
If the domain was previously complete, it will remain in a complete state but
with a fail timer expired notification
If the domain has just been enabled it will be in an init state but with a fail timer
expired noification
Floor 1 - Edge
chk
SummitStack1
SummitStack2
EAPS Domain #2
SummitStack3
SummitStack4
Data Center - Core
BD8K1
Slide 15
BD8K2
�EAPS Operation Fail Timer (Unblock Port)
If three hello packets fail to be received by the master, the domain
will be marked as failed
The master unblocks its secondary port sending a flush FDB packet
out both ring ports
The master continues to transmit hello packets
Floor 1 - Edge
flshchkflsh
SummitStack1
SummitStack2
EAPS Domain #2
SummitStack3
SummitStack4
Data Center - Core
BD8K1
Slide 16
BD8K2
�Configuring EAPS
EAPS
17
ENA 15.3: Switch Operation and Configuration
�EAPS Configuration Steps
VLAN Configuration
1.
Ensure any VLANs to be protected by EAPS contain the tagged ring ports for
each domain created
2.
Create a control VLAN for each domain and ensure they contain the tagged ring
ports for each specific domain (Maximum of 2 ports in each control VLAN)
EAPS Configuration
1.
Create an EAPS domain
2.
Configure one switch as a master node. All other switches will be transit nodes
3.
Configure the primary port and secondary port for each switch
4.
Add the designated control VLAN to the EAPS domain
5.
Add the protected VLANs to the EAPS domain
6.
Enable the EAPS domain
7.
Repeat steps 1 through 6 for each EAPS domain required
8.
Finally enable EAPS globally
Slide 18
�EAPS Configuration Overview (Domain #2)
The control VLAN (VLAN ctrl-2) will have a tag of 102
Ports 1:1 and 4:1 for the SummitStacks will be added to the ctrl-2 VLAN as tagged ports
Ports 1:1 and 2:1 for the BD8Ks will be added to the ctrl-2 VLAN as tagged ports
The protected VLAN (VLAN data) has a tag of 10
The above ports must be added tagged to the data VLAN on each switch, along with any
end-user ports. End-user ports are usually untagged.
Floor 1 - Edge
1:1
4:1
1:1
SummitStack1
4:1
SummitStack2
1:1
4:1
SummitStack3
1:1
SummitStack4
VLAN: ctrl-2
802.1Q Tag: 102
EAPS Domain: ed-2
1:1
Data Center - Core
1:1
2:1
BD8K1
Slide 19
4:1
2:1
BD8K2
EAPS Domain #2
�Configuring EAPS (SummitStack2) - 1
To create an EAPS domain:
create eaps <eapsDomain>
To configure the EAPS mode:
configure eaps <eapsDomain> mode
[master | transit]
To configure the ring ports:
configure eaps <eapsDomain>
primary <pri_port>
configure eaps <eapsDomain>
secondary <sec_port>
To configure the control VLAN:
configure eaps <eapsDomain> add
control <vlan>
To add the protected VLANs:
configure eaps <eapsDomain> add
protected <vlan>
Slide 20
SummitStack2.1 #
* SummitStack2.2
* SummitStack2.3
* SummitStack2.4
* SummitStack2.5
* SummitStack2.6
create eaps
# configure
# configure
# configure
# configure
# configure
ed-2
eaps
eaps
eaps
eaps
eaps
ed-2
ed-2
ed-2
ed-2
ed-2
mode master
primary 1:1
secondary 4:1
add control ctrl-2
add protected data
�Configuring EAPS (SummitStack2) - 2
To enable an EAPS domain:
enable eaps <eapsDomain>
To enable EAPS globally:
enable eaps
To verify EAPS globally:
show eaps
To verify the EAPS domain:
show eaps <eapsDomain>
Slide 21
* SummitStack2.7 # enable eaps ed-2
* SummitStack2.8 # enable eaps
* SummitStack2.9 # show eaps
EAPS Enabled: Yes
EAPS Fast-Convergence: Off
EAPS Display Config Warnings: On
EAPS Multicast Add Ring Ports: Off
EAPS Multicast Send IGMP Query: On
EAPS Multicast Temporary Flooding: Off
EAPS Multicast Temporary Flooding Duration: 15 sec
Number of EAPS instances: 3
# EAPS domain configuration :
-------------------------------------------------------------------------------Domain
State
Mo En Pri
Sec
Control-Vlan VID
Count
-------------------------------------------------------------------------------ed-2
Complete
M
Y
1:1
4:1
ctrl-2
(102 ) 1
-------------------------------------------------------------------------------* SummitStack2.10 # show eaps ed-2
Name: ed-2
State: Complete
Running: Yes
Enabled: Yes
Mode: Master
Primary port:
1:1
Port status: Up
Tag status: Tagged
Secondary port: 4:1
Port status: Blocked
Tag status: Tagged
Hello timer interval: 1 sec 0 millisec
Fail timer interval: 3 sec
Fail Timer expiry action: Send alert
Last valid EAPS update: None till now.
EAPS Domain has following Controller Vlan:
Vlan Name
VID
ctrl-2
102
EAPS Domain has following Protected Vlan(s):
Vlan Name
VID
data
10
Number of Protected Vlans: 1
�Configuring EAPS (SummitStack2) - 3
To rename an EAPS domain:
configure eaps <eapsDomain>
name <new_name>
To change the ring ports:
disable eaps <eapsDomain>
unconfigure eaps <eapsDomain>
primary <pri_port>
unconfigure eaps <eapsDomain>
secondary <sec_port>
- Remember to re-enable EAPS when the
new ring ports have been assigned
To configure the fail timer expiry
action:
configure eaps <eapsDomain>
failtime expiry action
[send-alert|open-secondaryport]
To verify the changes:
show eaps <eapsDomain>
Slide 22
*
*
*
*
*
*
*
*
*
SummitStack2.11
SummitStack2.12
SummitStack2.13
SummitStack2.14
SummitStack2.15
SummitStack2.16
SummitStack2.17
SummitStack2.18
SummitStack2.19
#
#
#
#
#
#
#
#
#
conf eaps ed-2 name ed-3
disable eaps ed-3
unconfigure eaps ed-3 primary
unconfigure eaps ed-3 secondary
configure eaps ed-3 primary 4:1
configure eaps ed-3 secondary 1:1
enable eaps ed-3
configure ed-3 failtime expiry-action open-secondary-port
show eaps ed-3
Name: ed-3
State: Complete
Running: Yes
Enabled: Yes
Mode: Master
Primary port:
4:1
Port status: Up Tag status: Tagged
Secondary port: 1:1
Port status: Blocked
Tag status: Tagged
Hello timer interval: 1 sec 0 millisec
Fail timer interval: 3 sec
Fail Timer expiry action: Open secondary port
Last update: From Master Id 00:04:96:20:b1:2d, at Fri May 6 10:43:08 2012
EAPS Domain has following Controller Vlan:
Vlan Name
VID
ctrl-2
102
EAPS Domain has following Protected Vlan(s):
Vlan Name
VID
data
10
Number of Protected Vlans: 1
�EAPS Summary
You should now be able to:
Be able to identify the EAPS ring elements
Understand the EAPS domain and VLAN relationship
Know the control VLAN configuration rules
Know the EAPS MAC address
Understand EAPS fault detection
Understand EAPS fault restoration
Be able to identify the steps to create an EAPS ring
Be capable of configuring EAPS
Know how to verify the EAPS configuration and status
Slide 23
�Lab 7 EAPS Lab (Single Ring)
This lab exercise tests your ability to configure two EAPS domains on
top of a single ring topology.
Create EAPS domains
Add control VLAN and any protected VLANs to the domains
Configure your switch to be the master node in the EAPS rings
Configure the inter-switch ports to be primary or secondary ports
Lab Group PC
Enable EAPS globally
Enable the EAPS domains
Verify the EAPS configuration and status
5
dataX
1
Test the ring recovery
192.168.X.11
controlX
X
dataX
192.168.X.1
controlX
13
CoreSwitch-A
controlX
X
dataX
192.168.X.2
13
Slide 24
CoreSwitch-B
SwitchX
Lab Data
192.168.X.101
� 2014 Extreme Networks, Inc.
All rights reserved
