Inter-network Ethernet Service Protection Zehavit Alon Nurit Sprecher John Lemon
advertisement
Inter-network Ethernet Service Protection Zehavit Alon Nurit Sprecher John Lemon Slide 1 Agenda • Inter-network Ethernet Service Protection – Overview – Requirements – Network architecture ▪ Possible connectivity constructions between Ethernet Networks ▪ Recommended construction – Proposed solution • Open discussion and next steps Slide 2 Ethernet Services over Interconnected Networks • Carrier Ethernet services are delivered over interconnected Ethernet networks - untagged, C-VLAN, S-VLAN, B-VLAN • Interconnected networks may, for example, consist of: – a customer’s network connected to a service provider's network – that is also connected to other service providers' networks. PB PBB-TE PBB PBB-TE PB • An end-to-end carrier Ethernet service can span several interconnected packet networks. Slide 3 Ethernet Services over Interconnected Networks • Each Ethernet network may deploy a different packet transport technology which provides its own mechanisms aimed at ensuring network survivability. Examples are: – Bridged Ethernet with MSTP or SPB or G.8032 – Traffic Engineered Ethernet with PBB-TE protection switching PB PBB-TE PB xSTP Interconnected Zone 1:1 Interconnected Zone PBB PBB-TE SPB 1:1 Interconnected Zone PB PB xSTP Interconnected Zone • A protection mechanism is required for the interconnected zone. Slide 4 Interconnected Networks Protection Mechanism: Requirements • Protect against any single failure or degradation of a facility (link or node) in the interconnected zone • Support all standard Ethernet frames: 802.1D, 802.1Q, 802.1ad, 802.1ah • Support interconnection between different network types (e.g. CN-PBN, PBN-PBN, PBN-PBBN, PBBN-PBBN, etc.) • Provide 50ms protection switching • Provide a clear indication of the protection state • Maintain an agnostic approach towards: – the Ethernet technology running on each of the interconnected networks, and – the protection mechanism deployed by each of the interconnected networks Slide 5 Interconnected Networks Protection Mechanism: Requirements (cont’d.) • Avoid modification of the protocols running inside each of the interconnected networks • Ensure that multicast and broadcast frames are delivered only once over the interconnected zone • Allow load balancing between the interfaces that connect the networks to ensure efficient utilization of resources Slide 6 Possible Topologies Mesh Slide 7 Ring Dual Attached Connectivity Mesh Two links are required Slide 8 Ring Three links are required Enhanced Resiliency Mesh Resiliency is enhanced by adding a node with dual attachment to the adjacent network. This provides protection against node failure (with no traffic disruption). Dual attachment is widely deployed. Slide 9 Ring Resiliency is enhanced by adding a node and two links, and by removing the redundant link. This operation may cause traffic disruption (if a facility fails during the upgrade operation). Connectivity between adjacent networks Mesh Ring Adjacent networks are connected by Adjacent networks are connected by 4 direct (single-hop) connections: 8 connections: A-D, A-C, B-D, B-C 2 direct connections A-D, B-C 2 indirect connections A-D, B-C 2 indirect connections B-D 2 indirect connections A-C A D B C A D B C The network local link may also be used to transmit internal traffic in the network (which may result in the utilization of BW required for protection). Slide 10 Protection Path Load Mesh Ring Load sharing is supported across all four links. Load sharing is supported across two links. When a link fails, traffic is shared between the three other links. When a link connecting the networks fails, all traffic between the networks is transmitted via the other single link connecting the networks. When a node fails, traffic is shared between two links. When a node fails, all traffic between the networks is transmitted via the other single link connecting the networks. Slide 11 Load Sharing Mesh Ring Capable of supporting more than two Capable of supporting only two nodes and two links in each network, nodes in each network for connecting the networks with Although nested rings are possible, support for load sharing they can significantly complicate the solution and the operation. Slide 12 Protection Path Cost Mesh The cost of the protection path (in terms of the number of hops) is identical to that of the working path. (Revertive functionality is optional.) Working Protection Slide 13 Ring The cost of the protection path (in terms of the number of hops) is higher than that of the working path. (Revertive functionality is recommended.) Multiple Failures Mesh Mesh topology provides better resiliency in the event of multiple failures. Examples are: Slide 14 Ring Interconnection with Rings (G.8032) Mesh Ring Shared Link G.8032 G.8032 Protection in the interconnection zone A super loop is created. is agnostic with regard to failures Protection in the interconnection zone inside the ring. is not agnostic with regard to failures. A mechanism is required to prevent the transmission of internal traffic from the network in the west (shown above) to the two nodes in the network in the east. Slide 15 Proposed Topologies Mesh that supports dual-homing and that provides enhanced protection in the double dual-homing configuration Slide 16 Solution Principles Blue traffic (VLAN X) is only sent through port 1 (which is protected by port 2). A C Blue traffic is sent through port 2 in the event of failure of link 1-3, or of node B 3 1 4 2 5 7 6 Interconnect zone 8 B D Blue traffic is sent through node C in the event that node A fails. • The protection mechanism is available per Ethernet service in the interconnected zone (i.e. per VLAN). • An Ethernet service is carried only over one of the interfaces which connects the two adjacent networks. • In the event of a fault condition on the link or the peer node, traffic is redirected to the redundant interface. • The service may also be protected by another node to avoid a single point of failure. If a node is no longer able to carry traffic, traffic is redirected over the redundant node. Slide 17 Solution Principles A 10 C F 3 1 B 4 2 9 5 7 6 11 12 8 Interconnect Area 11 13 D E • The interconnected zone may include additional nodes, interfaces and links • Each protected VLAN is configured, (independently of other VLANs) on: – Total of three nodes and four ports - on one of the networks, one node with two ports; on the other network, two nodes with one port on each (i.e. dual-homing) – Total of four nodes and eight ports - on both networks, two nodes with two ports each (i.e double dual-homing) • Each protected VLAN can be transmitted over one out of two/four links. However, at any given time, it is only transmitted over one of the links crossing the interconnected zone. Slide 18 Solution Principles • For each protected VLAN, one of the nodes is responsible for selecting the interface over which the traffic will be transmitted. This node functions as a master. • The master is connected to two nodes. These two nodes follow the master’s decisions and function as slaves. • The master node can be protected by a redundant node. In the event that the master fails, the redundant node functions as the master. This node is called a deputy. The deputy is connected to the same two slaves as the master. SD M SM D The same node may function as a master node for some VLANs (blue), as a deputy node for other VLANs (red), and a slave for other VLANs (green), thus enabling load sharing between the nodes. Slide 19 S S SD SM The role of each node (master, deputy and slave) is set for each VLAN by administrative configuration. Solution Principles For each VLAN, the master/deputy/slave nodes are configured according to the following options: M S M S S D S (a) S (c) (b) M S M D S D (d) • Additional parameters must be configured for the master and deputy nodes (not for the slaves): – working port – the default port to use for traffic – protection port – the port to use when the working port can not be used. Slide 20 Solution Principles • The interface selection algorithm for each VLAN is based on – local configuration – Information provided by link-level CCMs • The protection state of all the protected VLANs is synchronized between peers by means of a single link-level CCM message. Slave1 follows master’s decision and uses port 3 for VLAN X Master chooses the configured working port 1 for VLAN X Master uses this port for VLAN X M Master uses another port for VLAN X 1 2 Slave1 uses this port 3 for VLAN X Slave1 is active, and uses 4 another1port for VLAN X. S Slave2 follows master’s decision and does not use any of its ports for VLAN X Master is working so deputy does not need to take over Deputy is not active for VLAN X D Deputy is not active for VLAN X Slide 21 5 6 7 8 Slave2 is not active for VLAN X S Slave2 2 is not active for VLAN X Solution Principles • If a link fails, the master node uses the protection port (port 2) for VLAN X Link on port 1 is not working, Master chooses the configured protection port 2 for VLAN X Slave1 does not receive anything from the master. It does not use any of its ports for VLAN X M 1 2 Master uses this port for VLAN X 3 1 active for 4Slave is not S VLAN x Master is working so deputy does not need to take over Deputy is not active for VLAN X D Deputy is npot active for VLAN X Slide 22 5 6 7 8 Slav2 follows master’s decision and uses port 7 for VLAN X Slave2 uses this port for VLAN X S Slave2 2 is actctive and uses another port for VLAN X Solution Principles • If the master fails, the deputy is informed about it by the slaves and it becomes active Does not receive anything from master so it doesn't use any port for VLAN X Master failed. Does not send anything Deputy sees that both slaved are not working. It understands that the master is not working so deputy takes over using its working port (6) does not use any of its ports for VLAN X Deputy uses another port for VLAN X M 1 2 D 5 6 Deputy uses this port for VLAN X 3 4 S Slave1 does not work for Slave1 does not 1 work for VLAN X X VLAN Does not receive anything from master so it doesn't use any port for VLAN 7 Slave2 follows does notthis work for Slave2 uses this 2 8 Slave2 deputy’s decision and VLAN X for VLAN X port S uses port 8 for VLAN X Slide 23 Solution Principles • A protected VLAN x is defined on 2 ports: On port A, VLAN x is configured as working entity, while on port B, VLAN x is configured as protection entity Port A VLAN x Working Port B VLAN x Protection • In a live system, the VLAN is transmitted only on one of the ports (working or protection entity). Port A VLAN x Port B VLAN x • The 2 ports on which the VLAN is protected are grouped into a VLAN Protection Group (VPG). The VPG is a logical bridge port (as defined in 802.1Q + ad + ah). VPG Port A VLAN x Slide 24 Port B VLAN x Solution Principles • The VPG forwards VLAN traffic to the port selected by the algorithm. VPG Port A VLAN x Port B VLAN x • VLAN traffic received on a port is forwarded to the VPG. Learning occurs at the VPG level. VPG Port A VLAN x Port B VLAN x • The CCMs are sent and received by ports A and B, and the selection algorithm is implemented on the VPG, based on the information received on both ports. Slide 25 Solution Principles Location of the new shim Slide 26 Intention • Start a new project in the IEEE802.1 aimed at defining a protection mechanism for interconnected networks in the proposed topologies. The mechanism should comply with the requirements introduced in this presentation. • Decide whether we should send a liaison to the MEF in order to receive feedback on (1) the proposed connectivity construction and (2) the requirements. Slide 27 Thank You zehavit.alon@nsn.com nurit.sprecher@nsn.com jlemon@ieee.org Slide 28
