Protection of UNIs and E-NNIs
description
Transcript of Protection of UNIs and E-NNIs
Slide 1
Protection of UNIs and E-NNIs
Zehavit AlonNurit Sprecher
September 2009
Slide 2 May, 2008
Recap
• The subject of Inter-network Ethernet Service Protection was introduced during the meeting in May in: http://www.ieee802.org/1/files/public/docs2009/new-alon-service-protection-in-interconnectned-areas-0509-v01.ppt
• Two possible topologies were introduced and compared
Mesh Ring
The comparison indicted that
mesh is superior to ring.
Slide 3 May, 2008
Recap (cont’d)
• The mesh topology has advantages and drawbacks: – Advantages
▪ Direct (single-hop) connectivity between the attached networks ensuring a short path and low latency during transmission between the attached networks
▪ Capability to enable efficient and simple load-sharing across all the (direct) links with optimum resource utilization
– Drawback Any protection event (i.e. switchover or revert) in the interconnected zone
affects the topology of at least one of the attached networks.
Slide 4 May, 2008
Drawback overcome
• Note: A construct with 5 links is also supported. The left side operates like the partial mesh topology while the right side behaves like the full mesh topology.
Partial MeshFull Mesh
Slide 5 May, 2008
Drawback overcome (cont’d)
The full mesh construct benefits from the advantages of the mesh. It minimizes the effects of protection events within the interconnected zone on the topology of the related attached networks, reducing them to the level of inevitable effects:
– Each protected VLAN is transported over one of the links traversing the interconnected zone.
– Topology changes in the attached network are minimized by (when possible) using the connectivity between the node in the same network.
Slide 6 May, 2008
• The protection mechanism provides local protection of Ethernet services (VLANs) between network boundaries.
• The nodes, ports, and links connecting the adjacent networks are referred to as the interconnected zone.
• The node in each of the networks which at any given moment conveys traffic from the network to the interconnected zone, as well as from the interconnected zone to the network, is referred to as the traffic gateway (TG).
Reminder and definitions
Inte
rcon
necte
d
Zon
e
Inte
rcon
necte
d
Zon
e
Inte
rcon
necte
d
Zon
e
Inte
rcon
necte
d
Zon
e
Example route TG
TG
TG
TG TG
TG
TG
TG
Slide 7 May, 2008
Requirements
• Protect against any single failure or degradation of a facility (link or node) in the interconnected zone
• Support all standard Ethernet frames: 802.1D, 802.1Q, 802.1ad, 802.1ah
• Support interconnection between different network types (e.g. CN-PBN, PBN-PBN, PBN-PBBN, PBBN-PBBN, etc.)
• Provide 50ms protection switching
• Provide a clear indication of the protection state
• Maintain an agnostic approach regarding– the Ethernet technology running on each of the interconnected
networks, and
– the protection mechanism deployed by each of the interconnected networks
Slide 8 May, 2008
Requirements (cont’d.)
• Avoid modification of the protocols running inside each of the interconnected networks
• Ensure that multicast and broadcast frames are delivered only once over the interconnected zone
• Allow load-balancing between the interfaces that connect the networks to ensure efficient utilization of resources
• Minimize the effects of protection events within the interconnected zone on the topology of the related attached networks, reducing them to the level of unavoidable effects
Slide 9 May, 2008
Solution PrinciplesFailure effects
• When a traffic gateway node fails, changes in the attached network (to which the node belongs) are inevitable.
• A new node becomes the traffic gateway replacing the failed traffic gateway.
Slide 10 May, 2008
Solution PrinciplesFailure effects
• When a link between traffic gateway nodes fails, a bypass route may (when possible) be established between the nodes to prevent changes in the attached network (replacing the failed link, while keeping the traffic gateways).
Slide 11 May, 2008
Solution PrinciplesNode roles
• For each protected VLAN, a node in one network is connected to the nodes in the other network. This node, referred to as the master, is responsible for selecting the link over which the traffic will be conveyed between the networks.
• The master is connected to two nodes in the adjacent network. These two nodes follow the master’s decisions and are referred to as slaves.
M S
S
Slide 12 May, 2008
Solution PrinciplesNode roles (cont’d)
• The master can be protected by a redundant node which may replace the master as the decision-making node. This node is referred to as the deputy. The deputy is connected to the same two slaves as the master.
• The master and deputy are referred to as control nodes.
M S
S
D
M
D
M
S
S
S
S
The role of each node (master, deputy, and slave) is set for each VLAN by administrative configuration.
The same node may function as a master node for some VLANs (blue), as a deputy node for other VLANs (red), and as a slave for other VLANs (green), thus enabling load-sharing between the nodes.
D
Slide 13 May, 2008
Solution PrinciplesPort configurations
In the control nodes, one of the ports connecting the networks is configured as working, the other as protection.
• The working port is the preferred port (administratively enabled) for conveying traffic in the absence of other considerations. (A consideration that precedes port configuration is the preservation of the traffic gateway.)
• The slaves have no configurations on these ports.
Master
Slave1
Deputy Slave2
W
W
P
P
Slide 14 May, 2008
Solution Principles Additional (optional) connectivity
The nodes on the same network may also be connected: • Slave nodes - provide a means to bypass a failed link without
changing the traffic gateway.
• Control nodes (master and deputy) provide direct health monitoring between the control nodes.
Master
Slave1
Deputy Slave2
Slide 15 May, 2008
Solution PrinciplesAdditional port configuration
The ports connecting the control nodes to each other are configured as internal. This also applies to the ports connecting the slave nodes to each other. Internal ports are optional.
• An internal port may be configured on all node types (master, deputy, and slave).
• The state “absent” is used when there is no internal port. (This state distinguishes the configuration from that in which an existing internal link failed. In both cases, the port does not receive a message form its peer.)
Master
Slave1
Deputy Slave2
W
W
P
P
I
I
I
I
Slide 16 May, 2008
Solution HighlightsMaster
• The master becomes a traffic gateway:– Always when it operates in revertive mode
– If the deputy is not already a traffic gateway in non-revertive mode
• The master chooses the port for conveying traffic according to:
– Existence of a traffic gateway amongst the slaves
– Port configuration and link states (in the absence of a traffic gateway)
Master
Slave1
Deputy Slave2
W
W
P
P
I
I
I
I
Slide 17 May, 2008
Solution PrinciplesSlaves
A slave that receives a request to become a traffic gateway from a control node will:
– become a traffic gateway:▪ when there is an internal link, and the other slave is not a traffic gateway
▪ when the internal link is absent
– become an intermediate node in a bypass that redirects traffic to the other slave
▪ when there is an internal link, and the other slave is a traffic gateway
Master
Slave1
Deputy Slave2
W
W
P
P
I
I
I
I
The master behaves in the same way. The slave decides whether or not to
form a bypass.
Slide 18 May, 2008
Solution HighlightsDeputy
• The deputy becomes a traffic gateway:– immediately, when it looses connectivity with the master (when the control
nodes are connected)
– when there is no traffic gateway amongst the slaves for a predetermined period of time (which indicates that there is no traffic gateway amongst the control nodes) and the control nodes are not connected
• The deputy chooses the port to convey traffic according to:– the existence of a traffic gateway amongst the slaves
– port configuration and link states (in the absence of a traffic gateway)
Slave2
Slave1
Deputy
W
W
P
P
I
I
I
I
Master
Slave2
Slave1
Deputy
W
W
P
P
Master
Slide 19 May, 2008
Solution principles Revertive modes
Revertive mode is supported by the control nodes at 2 levels: port level and node level
W
PM
W
PDP1
P2 S2
P1
P2 S1
I
I
I
I
• Port-level revertive mode Traffic is restored to the configured working port.
• Node-level revertive mode Traffic is restored to the master after it recovers from a failure.
W
PM
W
PDP1
P2 S2
P1
P2 S1
I
I
I
I
W
Note: Node revertive may have an effect on the attached networks - TG
changed.
Note: Port revertive may have an effect on the attached networks - TG changed.
Slide 20 May, 2008
Facility failure
State
M S1 D S2 M-S1 S1-S2 D-S2 M-D M-S2 D-S1 Mrecovers
Node revertive mode
Linkrecovers
Link revertive mode
M D
M-S1 D-S1 M-S2 - - M-S2-S1 - - - - - - - D-S1 -
D-S2 - - M-S2 D-S1 - - D-S1-S2 - - - M-S2 D-S1 - M-S1
M-S2 D-S2 - - M-S1 - - - - M-S1-S2 - - M-S1 D-S1 -
D-S1 - D-S2 M-S1 - - - - - - D-S2-S1 M-S1 - - M-S1
M-S2-S1 D-S1 M-S2 - M-S1 - M-S1 - - M-S1 - - M-S1 D-S1 -
M-S1-S2 D-S2 M-S2 - M-S1 M-S2 M-S2 - - - - - - D-S1 -
D-S1-S2 - D-S2 M-S2 D-S1 - D-S2 - - - D-S2 M-S2 - - M-S1
D-S2-S1 - D-S2 M-S1 D-S1 - D-S1 D-S1 - - - M-S1 D-S1 - M-S1
S2
M S1
D
Transition table
Note 1: A bypass to a failed link always goes through a slave (never through a control node).
Note 2: The last two columns are for constructs that only have five links. (The control nodes are not connected.)
Note 3: The scenario in which there are only four links can be reached, when applicable, by removing the S1 S2 connectivity.
Slide 21 May, 2008
State machine
• Each node retains its own state (TG or not) and the states (active/standby) of its ports (P1, P2, and I) which are part of the interconnected zone.
• The node is updated on the state of the peer ports and the nodes connected to it via information received over the links connected to the other nodes.
• Each node may change its own state and the state of its ports according to the configuration, the state of the node and the ports, and according to the information received.
P1
P2SI
M
DS
S S
S S
A A
S S
Slide 22
Selected Scenarios
Slide 23 May, 2008
Start Up
W
PM
W
PDP1
P2S2
P1
P2 S1
I
I
I
I
S S S S
S S
S S
S S
S S
S S
S S S S
S S
A A
S S
S S
Master
The master changes its state to active, becomes a
traffic gateway, and chooses the working port to convey
traffic. It creates new messages and sends them
over the ports
The slave receives a request on P1 to become a traffic gateway. It
changes its state to active to become a traffic gateway, and chooses the port on which the
request arrived (P1) for conveying traffic. It creates new messages and sends them over
its ports.
A S
A S
A A
A S
A S
Entity Local Remote
Current
node port
Node Standby
W Standby S S
P Standby S S
I Standby S S
New
Node
W
P
I
Entity Local Remote
Current
node port
Node Standby
W Standby S S
P Standby S S
I Standby S S
New
Node Active
W Active S S
P Standby S S
I Standby S S
Entity Local Remote
Current
node port
Node Standby
P1 Standby S S
P2 Standby S S
I Standby S S
New
Node
P1
P2
I
Entity Local Remote
Current
node port
Node Standby
P1 Standby S S
P2 Standby S S
I Standby S S
New
Node
P1
P2
I
Entity Local Remote
Current
node port
Node Standby
W Standby S S
P Standby S S
I Standby S S
New
Node
W
P
I
Entity Local Remote
Current
node port
Node Standby
P1 Standby A A
P2 Standby S S
I Standby S S
New
Node Active
P1 Active A A
P2 Standby S S
I Standby S S
The master receives an indication from the slave that it became a traffic gateway using port P1. It does not change its state or the messages it sends over its ports.
Entity Local Remote
Current
node port
Node Standby
W Standby S S
P Standby S S
I Standby S S
New
Node Active
W Active A A
P Standby S S
I Standby S S
Entity Local Remote
Current
node port
Node Standby
W Standby A S
P Standby S S
I Standby S S
New
Node
W
P
I
Entity Local Remote
Current
node port
Node Standby
P1 Standby A S
P2 Standby S S
I Standby A S
New
Node
P1
P2
I
The slave receives an indication from the master that it is a traffic gateway but
does not receive a request to become a traffic gateway. It also receives an
indication from the other slave that it too is a traffic gateway. The slave does not change its state and the messages it
sends over its ports.
The deputy receives an indication from the master that it is a traffic gateway plus an indication from
the slave on the working port that it is also a traffic gateway. The
deputy does not change its state and the messages it sends over its
ports.
EndThe mater and Slave 1 are traffic
gateways; they use the link connecting the working port of the master and P1 of Slave1. The deputy and Slave 2 are
aware of the situation. They do not convey traffic.Deputy
Slave 1
Slave 2
BeginningThe scenario start when all nodes are started for the first time; no
traffic is conveyed. The nodes start with all ports in standby; none acts
as a traffic gateway.
Slide 24 May, 2008
Link fails
W
PM
W
PDP1
P2S2
P1
P2 S1
I
I
I
I
A A A A
A S
S S
S S
S S
S S
S S S S
A S
S S
A S
A S
The master does not receive health messages from Slave 1
and realizes that it lost connectivity with it. It
chooses the protection port to convey traffic.
The link connecting the master and Slave 1 failed.
A A
A S
Entity Local Remote
Current
node port
Node Active
W Active A A
P Standby S S
I Standby S S
New
Node
W
P
I
Entity Local Remote
Current
node port
Node Active
P1 Active A A
P2 Standby S S
I Standby S S
New
Node
P1
P2
I
Entity Local Remote
Current
node Port
Node Standby
P1 Standby A S
P2 Standby S S
I Standby A S
New
Node
P1
P2
I
Entity Local Remote
Current
node port
Node Standby
W Standby A S
P Standby S S
I Standby A S
New
Node
W
P
I
EndThe master and Slave 1 are
traffic gateways. Slave 2 is used as an intermediate node in a bypass created between the
master and Slave 1.
Master
Deputy
Slave 1
Slave 2
Entity Local Remote
Current
node port
Node Active
W Active
P Standby S S
I Standby S S
New
Node Active
W Standby
P Active S S
I Standby S S
BeginningThe scenario starts with traffic being conveyed between the master and Slave 1 using the
working port of the master and P1 of the slave.
The slave receives a request on P1 to become a traffic gateway. It is aware of the fact that the slave connected
through the internal port is a traffic gateway. It activates the internal port but does not become a traffic gateway. It will pass all packets received on P1 to the
internal port. Packets received from the attached network will be dropped. It creates new messages and
sends them over its ports.
S A
S S
S A
Entity Local Remote
Current
node port
Node Active
P1 Active
P2 Standby S S
I Standby S A
New
Node Active
P1 Standby
P2 Standby S S
I Active S A
Entity Local Remote
Current
node port
Node Standby
P1 Standby A A
P2 Standby S S
I Standby A S
New
Node Standby
P1 Active A A
P2 Standby S S
I Active S S
The slave that acts as a traffic gateway loses connectivity with
the master. After a short while, it receives a request over the
internal port indicating that the other slave is using it as a
bypass. It activates the internal port.
A S
A A
A S
Slide 25 May, 2008
Slave fails
W
PM
W
PDP1
P2S2
P1
P2 S1
I
I
I
I
A A A A
A S
S S
S S
S S
S S
S S S S
A S
S S
A S
A S
The master does not receive health messages from Slave 1
and realizes that it lost connectivity with it. It
chooses the protection port to convey traffic.
The slave acting as the TG of this network fails.
A A
A S
Entity Local Remote
Current
node port
Node Active
W Active A A
P Standby S S
I Standby S S
New
Node
W
P
I
Entity Local Remote
Current
node port
Node Active
P1 Active A A
P2 Standby S S
I Standby S S
New
Node
P1
P2
I
Entity Local Remote
Current
node port
Node Standby
P1 Standby A S
P2 Standby S S
I Standby A S
New
Node
P1
P2
I
The master receives an indication from the slave that it became a traffic gateway using port P2. It does not change its state or the messages it sends over its ports.
The deputy receives an indication from the master that it is a traffic gateway as well as an indication
from the slave on the protection port that it too is a traffic gateway. The
deputy is aware that it is not connected to Slave 1. It does not
change its state and the messages it sends over its ports.
EndThe master and Slave 2 act as traffic gateways using the link connecting the protection port
of the master and P1 of Slave 2.
The deputy and Slave 2 are aware of the situation. They do
not convey traffic.
Master
Deputy
Slave 1
Slave 2
Entity Local Remote
Current
node port
New
Entity Local Remote
Current
node port
Node Active
W Active
P Standby S S
I Standby S S
New
Node Active
W Standby
P Active S S
I Standby S S
BeginningThe scenario starts with traffic being conveyed between the master and Slave 1 using the
working port of the master and P1 of the slave.
The slave receives a request on P1 to become traffic gateway. It does not have connectivity with Slave 1, so it change its
state to active to become a traffic gateway, and chooses the port on which
the request arrived (P1) to convey traffic. It creates new messages and sends them
over its ports.
A A
A S
A SEntity Local Remote
Current
node port
Node Standby
W Standby A S
P Standby S S
I Standby A S
New
Node
W
P
I
Entity Local Remote
Current
node port
Node Standby
P1 Standby A A
P2 Standby S S
I Standby
New
Node Active
P1 Active A A
P2 Standby S S
I Standby S S
Slide 26 May, 2008
Master fails
W
PM
W
PDP1
P2S2
P1
P2 S1
I
I
I
I
A A A A
A S
S S
S S
S S
S S
S S S S
A S
A S
A S
The master acting as the TG of this network fails.
Entity Local Remote
Current
node port
Node Active
W Active A A
P Standby S S
I Standby S S
New
Node
W
P
I
Entity Local Remote
Current
node port
Node Active
P1 Active A A
P2 Standby S S
I Standby S S
New
Node
P1
P2
I
Entity Local Remote
Current
node port
Node Standby
P1 Standby A S
P2 Standby S S
I Standby A S
New
Node
P1
P2
I
Master
Deputy
Slave 1
Slave 2
Entity Local Remote
Current
node port
Node Standby
W Standby A S
P Standby S S
I Standby A S
New
Node
W
P
I
BeginningThe scenario starts with traffic being conveyed between the master and Slave 1 using the
working port of the master and P1 of Slave 1.
Entity Local Remote
Current
node port
Node
W
P
I
New
Node
W
P
I
The deputy senses that the master failed. It becomes a traffic gateway and uses the port that is connected to a slave which is a traffic gateway
(if there is such). It creates new messages and send them over its
ports.
Entity Local Remote
Current
node port
Node Standby
W Standby A S
P Standby S S
I Standby
New
Node Active
W Active A S
P Standby S S
I Standby
A A
A S
A S
Slave 1 senses that it lost connectivity with the master and it
receives a request to become a traffic gateway on P2. Since it is already a traffic gateway, it only
needs to deactivate P1 and activate P2. It creates new messages and
sends them over its ports.
Entity Local Remote
Current
node port
Node Active
P1 Active
P2 Standby S S
I Standby S S
New
Node Active
P1 Standby
P2 Standby A A
I Standby A S
A S
A A
A SEnd
The deputy is a traffic gateway and conveys traffic using its
working port. Slave 1 is a traffic gateway of the attached
network and it conveys traffic using P2.
Slide 27 May, 2008
Proposal
Start a new project in the IEEE 802.1 aimed at defining a protection mechanism for Ethernet services in UNI/E-NNI (interconnected networks).• Adopt the proposed topologies.
• The mechanism should comply with the requirements introduced in this presentation.
Slide 29
Backup
Slide 30 May, 2008
S1 failed
M failed
S2 failed || LRM && S1 recovered
D failed
D-S2 failed
M1-S1 failed
M-S1-S2
M S1
S2D
D-S1 failed
D-S2-S1
M S1
S2D
M-S1 failed ||S1-S2 failed || S1 failed
S1-S2 failed ||D-S2 failed || S2 failed
D-S1
M S1
D S2
M-S2-S1
M S1
S2D
S1 failed
D-S1-S2
M S1
S2D
M-S1
M S1
S2D
LRM && M-S1 recovered || S2 failed
M-S2
M S1
S2D
D-S2
M S1
D S2
NRM && M recovered ||D failed
M-S2 failed
D failed
S1 failed
D-S1 failed || S1-S2 failed || S1 failed
M-S2 failed || S1-S2 failed || S2 failed
M failed
S1 failed
S2 failed
D failed
M failed
M failed
S2 failed
Flow Chart