Вы находитесь на странице: 1из 331
JUnIPer d > JUNOS SERVICE 5 5 PROVIDER SWITCHING Junos Service Provider Switching 10.a Student Guide JUNIPEr NETWORKS Worletwida Education Sarvlons £1194 North Mathida Avenue Sunnyvale, A 94089 USA 408-748-2000 ‘wi juniper net ‘Course Number: EDUJUNISEX Chapter 1: Chapter 2: Chapter 3: Chapter 4: Chapter 5: Chapter 6: Ethormet Standards Organizations coon ‘310 MxSeries Layer 2 Fstures 2 : Ch 229 themet Switching and Vitual LANS «+. heme LANE ove onto raging Cconiguring and Montoring VUNG «- ‘conrgiing ard Montorng RE ayer 2 Access Leaning and Forwarding COI ae {ayer 2 Froval Fitoring CII aa {ab L Eterna Stoning and VANS SII! gr Virtual Switches pr At Routing instances Overview 43 ‘contigiring end monitoring Vist Switches : CON Inerconnacing Routing instances CEES IDs ab 2: Vital Stes enero nsoose a6 Provider Bridging .. peered “5A Expaning the aridged Network . 53 Provider Bridging. 53 ‘contigirng ond Montaring Prowse Bridging 519 Provider Gabon Bring 2 sss ‘contigaing and Mentoring Proido Backtone Bridging 43 Lab 3: Prove Bragg 550 ‘Spanning-Tree Protocols. a coer ed voniow of STP : 63 ‘vorow of STP oe 638 vonnow oF STP cuiuni &a ‘vontow of STP : Sess ‘onfigating ana Moniorng Spanning Trea Pretocois : a3 Understanding SPOU, Lop, ara Rot Protest on eas Lab STP SE ees, Juniper Tomo Course Overview ee en Objectives JUMIPeF SSS ‘This to day course dosed to provide students wth nena switching knowledge ‘and configuration sxamples The course Incudes on oversaw of vtehng conceonts suc as, Layer odes lerring bridging, virtual LANS (VANS), solr brine, rower ‘bacbone biging, VLAN tarsltion sanningtree protacoe, and Eternst Oparetion ‘Admins, aa Waintranoe ON, This eoues alee covers unos ooertng ‘stam epncrimplaentatens of integrated Routing and siging (RO) eros, outing Instances, viral switches, lose balancing and part mire Thi ours bed onthe ures 05 Release 10.0R2.10. ‘Tnough demonstrations and hands-on abe, student wl gin experienc in conguring and rmontring te nos OS and in device operation, arte uocessulycomsseting ths cours, You shouldbe abl to + esate care there + Describe te arteren treme stanaars ogaations + Desrbe th Layor2seevess that aa srallabie onthe MX Seles 30 Ethernet Universal Edge Routers, + Deserve the funtion ofan there LAN Deserve earning and forwardingin a bring ronment + Deserise Etnernet ame fitaan. + Inplement VLAN aging + mplement RB + implement Layee 2 few fir + Deserbe the usage of routing stance + ert the function of vital over + esc tne unction of vital swe + Implement vitual swteh, + esrb intrconnacting outing nstancas, + Deserbe she sterent ntti of laces and Electronics Enneers IEE) WLAN ‘sacking modes + anise he components of rover bridging + conigre ana monitor provider bridging. + Describe te components of provider backbone bldg + Configure arc monitor provider backbone bring. + ipiain the purpose a he Sanning Tee Proton (ST + bescbe tne basic operation ofthe STP the Rad Spanning Preocol (AST, the Multiple Spanning Tee Prtool (USIP), andthe VAN Spanning Tee Protocol sre) + Configure and monte the STP, the RSTR tne MSTA, nd the VSTP. 1]? Course Agenda Day 4. Day2 ‘hapar 4:Couse invoastion ‘hapter2:Caror themes ‘apar3Eterrt Switching an Val LANS Lab 1 ethene Sitening and VLAN ‘aper 4vieual Switches Lab 2:Virual tenes choper 5: Prowler Siding Lab 8 Proaer Sing ‘chapter 6:SpanningTree Protcols Lab AST ‘nape 7 Ethernet OAM Lab 5 Ether O8M ‘nape & Eterna ing Potacion Lab 6: Ethernet Ring Protection JUMIPer Cours iganda» ~ Defined and Undefined Syntax Variables Fal this course cstingushes betwen regular text and ta ible. and algo ‘singulsnesbatvan stax aisles whore thevalueis aed sesened(dehred verleles) an sna erables where you must assign the valu undid variables Note that these ‘syjescan be combined wth the nat she 38 wel, sye Desciton cr TTatohare vavabiavalis waveady Varsabte — aeslned Variable ae “Tat where the variables value e [EndeEinad — theeers decrton and tet where cor thevarable's value oe shown nthe BE cag i guide igh afer fom the BadEtined othe user mustinaut Usage Example pelley my-peore (lek on my-poarain the dag. ‘pe wee policy policy-nane. ing 20.0.2 Seectite > gave, andiype JUMIPeEr ‘Document Conventions» JUNIPer NETWORKS Junos Service Provider Switching r Chapter 1: Course Introduction unos Service Provider Sitting Chapter Objectives “After successfully completing this chapter, yot will be able to: + Getto know one another + Identity the objectives, prerequisites, facities, and ‘materials used during this course + Identify additional Juniper Networks courses + Describe the Juniper Networks Technical Certification Progam ‘This Chapter Discusses: + objectives snd course contentinformatin: + Aiona Juniner Neto, ne courses an + Juniper Network Tchnicsl Cenifeaton Program UNTEM, ve unos Seniee Provider Switching Introductions = Before we get started + Whatis your name? + where do you work? ‘= Whatis your primary role in your organization? + What kind of network experience do you have? + Whatis the most important thing for you to learn in this training session? Introductions Those asks several question or you to anewor during os inodtctions, JUNIPer air neon» Gracie -3 unos Service Provide Sithing Gourse Contents = Contents: ‘Chapter 4: Course introduction * Chapter 2: Carrier Ethernet, ‘Chapter 3: Ethernet Switching and Virtual LANS + Chapter 4: Virtual Switones + Chapter 5: Provider Bridging ‘Chapter 6: Spanning:Tree Protocols, ‘+ Chapter 7: Ethernet OAM + Chapter 8: Ethemet Ring Protection (course Contents ‘The slide Its the topics we cscus inthis couse, pe unos Serva Prov cer Swiching Prerequisites "The prerequisites for this course are the following: + Knowledge of the Open Systems Interconnection model + Experience with TCP/IP protocols + Junos 0S configuration experience—the Intreduction to| Junos Software (US) course or equivalent + Routing knowledge~the Junos Routing Essentials (JRE) ‘course or equivalent Prerequisites “The side its the prerequises for this couse JUNIPEr tiene com {unos Serve # Prova Shing Course Administration "The basics: + Signin sheet + Schedule + Class times, + Breaks + Lunet + Break and restroom faciities + Fire and safety procedures + Communications + Telephonesand wireless vices + Intemetaccess General Course Administration The sie documents goneral aspects of classroom atministation, Sasi 8 + Coane elon JUnIPer ve Nee un Service rovicler Sutin Education Materials = Available materials: + Inclass: + Lecture material + Lab ice + Labequipment + online: + eLearning courses Training and Study Materials “Te side dass Education Servoes rates tht are avaiable for eference both Inne classroom ard one ‘ours nvoduetion » Chester 7 JUNIper unas Seve Provider Shing Additional Resources ‘For those who want more: “Juniper Networks Technical Assistance Center JTAC) + hitp//w Juniper net/suppert/requestingsuppor tr ‘Juniper Networks books = Coura toaucton JUNIPer Janes Serve Pouce Switching Satisfaction Feedback F *To receive your certificate, you must complete the survey + Either you will receive a survey to complete at the end of class, or we will e-mail it to you within two weeks + Completed surveys help us serve you better! —— Satisfaction Feedback Suniger Networt usas an electron survey gystamta collet and ane your “ommerts and feedback Depending on the class ou are taking please completa the Shreya the end of te chee or be sve t oo foran emai about tro weeks rom ‘Sass Compliion tat reste jou complete an oine survey form. sure that you provide ds lth your cunt evra address) _Sbmining your eee enetas you oa cotta class completion, We thank you in advance for taka the te one Us impo our educational offerings. v- : C C ours nvoulon » Gheplor 1-9 SUNS Janos Sevic# Prviter Shing Juniper Networks Education Services Curriculum = Formats: + Classroom-based instructor-led technical courses + Online instructor-led technical courses + Hardware installation eLesrning courses as well as technical eLearningcourses = Complete list of courses: ‘http://w juniper net/training/technical_education/ Juniper Networks Education Services Curriculum niger Networks Eduoston Services can help encure that yu hav the knowlodga and shal oly and manta costatectv, nigh gerermanos networ for bath mtrpise and service rovider environment. Wo have een tain stat wth dsp ‘echnical nd industry knowtede, roving you with nstUcoriedhancean courses inte assroom and onine, as wo ab convient, ot paca elseming courses, Course List Yu can ocess te ltest Education Services alferngs covering wide range ot Platoon tsy/wwm unioernetUsning/technes eyxton, a Se (Csanter 0 + Coume nvoduaton JUNPEE unos Serve rovielar Switching Technical Certification Programs "Demonstrate competence with Juniper Networks technology + Multiple tracks + Multiple certification levels + virtten proficlency exams. + Hands-on configuration and troubleshootingexems, + For more information and detalls on how to prepare for the exams + http//wuneunipernet/training/certieaton/ aNToP “The Junper Network YotncalCartifcaton Program UNTCP) consis of Datiormapectig, mulered acre that onasie pripats to demarstate though ‘combination of writen poficency exams and Randy configrtion snd ‘uleshooting mama, competence wth Juries Raters tecoiogy. Suocesstl ‘candidates demonstat thorough understanding of itenet and security| {echolages and Juniper Networks platform congraton end rubleshooting skis. ‘ou ean asm more infomation abou the JNTOP at ito /amaunipecnet/vaining carseat. te JUNIPER msn Gm Junoa Sani rover Staring Juniper Networks Certification Path *Up to four levels of certification for each track Certification Levels, {cen INTOP rk ns on to four certo ols. Juniper Netw Cert !nteme Associate UNCI and Juniper Networs Coitiedintmet Speciast NCIS) ‘tems ore computer-based exams composed af multe chloe questions These ‘computer sabe eras are sominatrad a roti testing enters Work have nopreequlsto ceteation requernats Juniper Networks Cord intomet Profesional UNCP) and niger Netoris Ceri internet Exoert UNCE) exams are composed nants on io exer tat are acminstere a soc Juniper stworks testing centers Professnetievel ana Exgertevt exams requis tat you fest obtain these lower ootieationin the Wack. Paso atthe INTCP Web ste at tp unis net/raiing/ereatir/ freeads information, exam prong and exam oatration, JUNI aS Se snes Service Provicer Switching Certification Preparation = How to prepare: *Trainingand study resources “INTER Web ste py /wr juniper net/tranirg/certicaton/ + EducatonSarvoes valning lasses Iepy//wivw juniper ne taining/teahnical_sducsion/ + JuniperNetworks documentation and whitepapers htp,//won Juniper net/teenpubs/ + Practical exams: lots of hands-on practice + onthejob experience + EeusationSenices tralningc'sses + Equpmentaccess Prepping and Stuaying ‘The side sts same options for hse interested in peprngor nip Networks caneation. ‘ours ivodieuon » Grapler 3 Juniper unos sevice Provider Sting Questions Oo ‘Any Questions? you have any question or concerns about the dass you a attending we suegest ‘hat you vole them now so hat your nto can best eds you needs ding ier Gaus rican JUNIREL JunIPe IPEr Junos Service Provider Switching Chapter 2: Carrier Ethernet C P C unas Senice Poser Swtcirg Shapter Objectives * After successfully completing this chapter, you will be able to: * Describe carrier Ethernet + Deseribe the aitterent Ethernet standards organizations + Describe the Layer 2 services that are available on the Juniper Networks MX Series 3D Universal Edge Routers ‘This Chapter Discusses: + camer eiemet: + Diferoe teenet tensa orgeizstons ane + Layer 2 sev that ar avaable on the Jarier Networks NKSeries 3 Univorsl Edge Routers JUMIPEr ar ae ‘ i Jutos Saie Provider Switching Agenda: Carrier Ethernet Ethernet in the WAN * Ethernet Standards Organizations. = MX Series Layer 2 Features Ethernet in the WAN ‘The slid its th topes we cover inthis chapter. i tous the hight topke first UNPep SSS TS Jutos Seni Provider Sthing Networking Terms = LAN: + Anetwork that is usually Iocated ata single customer site + Connects devices that are very close to one another = MAN: + Anetworicthat is located within a metropolitan area (city or town) + Connects devices that are within a few miles of each other = WAN: ‘Anetwork that can extend far beyond the MAN + Connects devices that can be hundreds and thousands of miles away from each other Local Area Nework ‘ALAN s usualy a network of thera switches and bide tat proves connectivity ‘etwwen end ston that in general are vory ose together Ia mt cates, the nd ations and switches ae wus the same bung “Metropolitan area Network | stopaltan Ave Network (MAN) is ocated within the corns of ey or town ‘here a service prover might havea fiber inratucure ora cable inrasuctre. A a provides te aby to connect customer sites tat ae stad rea each ler, Wide Area Network AVN alos fer sannecivty that extends far beyond he MAN. A WAN tylcaly ‘connects doles tat are hundreds ang thousands mesa fom each oe, ‘Sher JUMIPEF unos Seniee rover Swtehing Service Providers = Service providers (in most cases a phone or cable company) typically own and operate MANs and WANs: + Service providers usually sell the MAN and WAN service to ‘their customers for a monthly fee ‘In general, MAN and WAN networks are mads up of vast underground, underwater, and overhead networks of fiber = Acustomer gains access to the MAN or WAN through a local loop Service Providers When a business doxestoltrconnect wo orare sos hat ae not physialy ‘oar each othe, service provider usualy proweasbAl or WAN connect between those ses tape. Aerie ponder (cable conaany or oc) has tho facies ‘siov ae the milas endl ofbe-tat are necessary to Vanefer dota around he ‘worl A estore fe sere provider gansaccss tthe NAN or WAN tough 2 Teel loop of access ciel thet the sencs provide delves to each ste a Carter Sherset » Chapter 2-5 Juniper unos Sensce Provider Suithing End-to-End Connectivity = Several options exist to provide connectivity between customer sites: + Private line (DSO, T2, E4, or T3) +ATM Frame Relay + Ethernet "The customer must purchase and maintain ‘equipment that can support the Layer 4 and Layer 2 interfaces SitetD Site Connectivity Options ‘customers have eotons when tcomesto dering sendos frm te service provider It ‘he eusiomer sts ae relate) cons to each ater, the eure can purchase 2 Dateline sence Ton tha sance rove. Aptos pine Dot Cree ‘hat customers can order at varying speeds (050, T1,€3, 73, and more}. A the stance between ses rons, so dea thei fr te katona eve, Oar ‘options forststoste connectivity nude Ayrehvonou rast Moda (RTM), ram ely and now ememet Equipment and Expertise ‘Tosupgort the stent connesty, the oustomer must phase the corset auipment and have the expertise tobe abe te support he ew cats, The {ustomer wi eed ethemet exerts forthe LAN, sn the cate of ATM WAN onnectvy, thy wi need ATM experts 3 wel ‘haptare 7 Carer Barat Juniper ve unas Serves Prov der Switching Ethernet as a MAN and WAN Solution * Bandwidth needs from the MAN and WAN + As the bandwidth usage of the customers has increased, ATM and Frame Relay port speeds have not kept uo + Privateline prices have become far too high "Ethernet becomes the MAN or WAN solution: + Ethernet speeds have increased over time + 10 bps, 100 Mbps, 1 bps. and 10 Gbps + Ethernetis a technology that the customer understands, + CustomerIT groups are generally Ethernet exports ‘Allows the customer to have a single interface to the service provider + Intemst access and ste tote connectivity avera engl interface + Lower-cost customer premise equipment + HlghcpeedaTa equipmentsigriicartlyhighercost than Ethernet Bandwidth Becomes a Factor ‘er the last 20 years the noes fr high peat ances tothe Internet as wel as for ‘stotoete connectity has skyrecete. ith moreard mere vdeo, woes, and eter bandwitsroggganpieations bing places on the network ATM and Frame Relay etwas have ot boon acl to Keep up wth the dear Ethernet Is the Solution nem interfaces fasts £0 Gps are aaa. Soon speeds wll excood that lit as wl An Bernat souion in the WAN Denes aot he sence prover ant th customer in many ways Using Ethernet athe WAN sltlon the eto longer needs Ethernet and ATM experts ora te network, Service providers canoer ‘lle services using singe interface to the cusomer, hos of Sonat can eo JUMIper ae Juros Service Provider Swtehing initial Ethernet Challenges * Scalability: * Milions of customer end stations +The service provider envitonmentiearns a large numberof MAC addresses + Redundant connections between the service provider and the customers for resiliency + Spanningtiee protocols simply cannot scale SLAs: + Native Ethernet frames do not provide quality of service + Best effort had heen generally accepted in LAN network = OAM: + Fault management and performance monitoring + Monitoring and troubleshooting Ethemet access lirks + Circuit protection ‘Scalability ‘Aowing an Etorest Wl o ste hae avons posed a chalange tothesevce provider. or instance, fran Eternet sth to ornard Ethene ames must ear the MAG adres ofeach of tne end sation onthe customer nator Fora serves provider sarang thousands fcustarer, thie need mint ean hat eevee rorder-onned swtzres must tela lea milons of WC adress, iso, when Fedundant Irs ext betwoen the series provdar ands eatomars fr eliency Duoses, the question arses, “How can you prevest slong” Tre spanning tse oto of today snp cant sale o prevent he loops of thousancs of customer Service-Lovel Agreements Usaty whens customer purchases WAN sence, sevice ie aereements(SL4s) are Inplce to ensure tat he service provi prvides a goodserie to he cteme Common SLAs would cover rae delay end rare sa, CContrved on nest page hoot Juniper Jones Sere Provicer Seng Operation, Administration, and Maintenance “Te ably ora servos provider to provide and prove the sam lve of service with Etneret that customer eoul gat rom AM, rae Relay, and pristine sored ‘ended toe dovologed. Ethernet was also lacing Operation, Adminstration, ana Malterance (ORM) fetus. For examen te casa of AT, OXM feats would ‘tow administrator to very the stats of ATM perranert tual ecu (PVCS) This Sate capably was necessary fr Ether tual connectors (VCs). iw rat Juniper oe unos Senice Provider Switching Agenda: Carrier Ethemet *Ethemet in the WAN > £themet Standards Organizations “MX Series Layer 2 Features Ethernet Standards Organizations “Tho sl ghights th ole we cscuse net Juniper S JUNIPer nos Sen Provider Swiching Internet Standards Organizations * Ethernet standards organizations are developing standards for Ethernet services, architecture, OAM, and interfaces: * Metro Ethernet Forum + Institute of Electrioal and Electronics Engineers + International Telecommunication Union Ethernet Standards Organizations Several orgonizstons have been working sls te problems that Eherat poses in {he WAN. The tveo primary oanzatons tht are hing ta anabs Ethernet WAN ‘serves ae the Metro Ethernet Forum (MEF) th tuts ofCleces! ond Electonics Engneers (EEE. and the Iterations! elconnunation Union (71, Carer Sern Chapter unos Service Provider Swthing ‘Metro Ethernet Forum = Nonprofit international industry consortium dedicated to accelerating worldwide adoption of carrier Ethernet networks and services + Defines carrier Ethernet (also referred to as Metro Ethernet) a5 2 ubiquitous, standardized, carrier-class service defined by five attributes that distinguish carrier Ethernet from LAN- based Etnernet Metro Ethemet Forum “The MEF, asthe cefnng boty of cartier Emorat,' obaalion organo including Serve providers cat multe sera operators NSOS), network equipment manufetrer, sofre manveetirers sarnconditr Vena Sn testing organizations. Tne goa 9th HEF to acca i carer Shemet networks and sores. The ME Ubigous, standardizes, err cane gore defines ty fe tees irate on the ie) that lsinguien cra Eterot rom LAN based Ehomet, An obectve ct the MEF sto bul» consensus and unite sevice ponders savpment vendors ard ‘stoners an Ethernet sorvceSefntans tannal pactietons sna Intropercbiy ‘Shanta 2-12 + Carte Earns JUNIPEr peo Ju108 Sie Provider Switching Metro Ethernet Forum Attributes (4 of 2) "MEF attributes: . + Standardized services: a . + Eline. ELAN, and Tree : + Requieno changeto customer UN equipment + Suited for corvergedvoles, ideo ‘ahddata networking + Wide choice o aranutarty of bancwicth and quality o service options + Scalability + The ably for millons of eustomersto use the exvioe + Spans access, metropoitan,natonal. anc globe networks wth a wide variety of physical infrastructutesand service provers MEF Attributes: Part 2. Te side csbusses the datnons ofthe Standsréued Services and Soa JunIper unos Service Provider Sting | Metro Ethernet Forum Attributes (2 of 2) = MEF attributes (contd,): Reliability + Rap recovery time + Thanetoork shouldbe able to detect ‘ndrecove from outages without impacting users + Quality of Service + Many bancivcth and quay of service options + StAstor endto-endperformanceaasedon commited formation tat frame os. delay. and delay vrtion + Service Management + Abityto manitor. diagnose, ana centrally manage tener using stancarde-based mplementalions + carter cis OAM MEF Attbutes: Part 2 Tho sto dscusses te datntons of the Reality, Quay Service, end Service bo” MEF Standards (1 of 2) "Carrier Ethernet technical specifications: unos Senoe Provider Swiching Saaeeen errr eens anriate ‘Technical Specifications: Part 4 ‘These shows the MEF doveloped arer Enero eerie spetcatins, Juniper ‘carer Ethernet » Chapter 3-25 Janos Service Provider Sitting MEF Standards (2 of 2) Cartier Ethernet technical specifications (contd,) +All specifications are avallable for download at http://metroethernetforum.ore/ [rea eisar hetero f | k [irae forenoon Technical Specifications: Part 2 “Tho sideshows the cortnuation ofthe MEF dvelopd carrer theme echnical specteatons (ab, "Ghepter2-L6 + Carr Eterat JUNIP' O bo 108 Sei Provider Sutching ‘MEF Equipment and Service Provider Certification ‘= MEF launched a certification program in 2008 to verify compliance of vendor equipment and service-provider services to MEF technical specifications + Eliminates the need for expensive and comrlex testing between equipment vendors + Establishes a solid foundation for carrier Ethernet interoperability + Provides for a single, universally recognized test and certification process + Accelerates cartier Ethernet deployment at reduced costs + Eases making informed decisions about equipment vendors MEF Certification Program “Tonep ints obec wo promote ntroperabity bxween servos providers and ‘eaipment vendors the MEF inveduced now craton pra in 2008, The orifeaton apples to bath saves pevaers and equipment vendo Having 3 ‘Standardized oortfcaton ai but simnats the nee for expensive and corp Intereperabiny tots. unos Sorc Provider Switching Four MEF Certifications “MEF 9 (User-to-network interface capabilities) ‘Juniper Networks-certfied equipment + MxSenies devices ‘*MEF 14 (Frame delay, loss, and jitter): ‘Juniper Networks-certfied equipment + MxSeries devices “MEF 18 (CESOETH): ‘No Juniper Networks-certified equipment, = MEF 21 (Link OAM): “Juniper Networks-certfied equipment + IWxSeries devices + MiSeries Mulservce Edge Routers + T Series Core Routers MEF 9 Certification The MEF 9 coteation tests for compliance wth MEF 6.39, ap 11. This tast lenaures the meeting ofa requremonts tte aero newark neace (UN) Some ofthe tetsu + Nomooping ame dlr: + Single copy brosdcast ana mutsest delivery aad +Customer VLAN (ALAN) 1D preservation MEF 14 Certification ‘The MEF 34 corteatin tet or cumplance wih MEF 9 ara 10. Tis est snsuros + Frame delay svc performance: + Frame deayvadaton senoe pertormance and + Frame as ation sore patrmance Continued on net page Juniper JUnIper Jur0s Soviee Provider Switching MEF 18 Certification ‘Tho MEF 18 oarifiation ets for compton with MEF, Ths cortation ensures ‘he meeting of al quremants for relate anspor of tme-Svslon mui plein (TDN chcuts. Tis certienten icles some othe flowing tests + Encapsulation jes + Payload format: and + betes MEF 21 Cortitication ‘The MEF 21 certification tests or compliance wth WEF 20. The cartfoation ensures ‘he moog ofall equrements for UNI Toe 2andling OAM Features. Carier Ethernet » Chapter 525 unas Service Pevider Stehing Carrier Ethernet Terminology (1 of 2) = Carrier Ethernet terms: UN +A physical interface or port that isthe demarcation betweon the txlstomer andthe eervice provider + UNIType 4: Compliant with MEF 43 and manus coniguable + UNI Type 2: Automate service discover though EtnernetL.ocal Managementinterface: supports OAM + UNI Type 8: Povidesfor dynamic EVC setup + Anthernetntetace operating at 40 Mbps, 100 Mbps, 1 Gbps, (F 10 ops or +Customer equipment Carrier Ethernet Terms: Part 4 “The slit sts some ofthe common terms found a aca Ethernet net "Ghapter2-20 + Carter Ethernet JUNI f fo a sures Serica Provide Switching Garrier Ethernet Terminology (2 of 2) = Carrier Ethernet terms (contd,): + Network-to-network interface «+ Aphysicalintartace or port that isthe demarcation between stint cartier Ethernet networks, operated by one or more servic rovers + Carrier Ethernet network : + Anaccess, metropolitan, national. o lobalEthemet transport etnorkconnecting user endpoints Carrier Ethernet Terms: Part 2 “These oisausses some ofthe common ts ound in a caer Ethernet network per unos Service Provider String Ethernet Virtual Connection EVE: + Connects two or more customer sites or UNIS + Prevents data transfer between sites that are not cart of the same EVC ‘Defined in MEF 6.1. and 10.2 + Pointto-point + Muitipointto-mutipont + Rooted multipoint Ethernet Virtual Connection ‘An (EV0} carrer Etat seni offre by a sonics provider It connect two oF ore sites, Aoqurement ofan EVC isto provert data vancerbetwoon UN that are ot part of he some EVE. Three pes of EVOs ess porto poi, ‘ultipinttomulspont, and rots mulpaint ‘hanter 2-22 + Carier Ethernet Juniper po Janes Service Provider Switching = Eine service EVCs + Two types! + EthernetPriate Line (port based) + Virtual Private Line (VLAN-based) + Allow for communication between only two UNIS Eine Service EVE Apointso point EVs refered to 08 an theme ino (Lie) ENG provides Connect bexwoen an two UNE Wo yes of Eine EVEs et An Ethemet ‘Private Lino EVE ls ort based, where each ofthe UN is ddiated por to customer Al vitulLANS (VLAN) forte UNI can tore the EVE. Vital Prats Une EVCis WAN-bsed, such hat it lows forte napping individual VLAN tothe VG. This mappings the serve prover to maltpien multiple customers Ushi single access port JUAIREE on TT unas Service Provider Saleing Muitipoint-to-Multipoint EV¢ "ELAN service EVCs ‘+ Two types: + Ethernet Private LAN (port-based) + Viral Private LAN VLAN-Dased) + Allows for communication between two oF more UNIs + Ingress broadcastor multicast frames at one UNI are frwardetto allotier UN ELAN Service Eves ‘Mutipone:o Caer Cenet Jun ¥ 3 a yw unas Seniee Poviger Swing Rooted Multipoint EV¢ = E'Tree service EVCs + Two types: + EthernetPivate Toe Port based) + Virtual Private Tree VLAN-based) + Aroot UNI can send ingress frames to one or all leaf UNIS. “+ Aleaf UNI can exchange data only with the reat UNI += Useful for multicast video applications. Tree Service EVES Rooted multipoint EY are refered a8 Eee Es. The side describes the ‘orwaidng properdes ofan Eres EV. Eee EVCScome inthe form af ster an _Envenet ate Tro or Virtual Private Te, sms the Eine EV jUNIer anes Serve Provider Switching MEF Layered Approach = Threedayer model: + Application Layer + Encsuser applications carried by the Etnernet Services Layer + Ethernet Services Layer + Eves ‘Transport Services Layer + Variousnetworkingand macia types that delve the Ethemetservioes MEF's Three-Layer Mode! ‘The MEF nas dered a twee eer model or eatrar Ethernet neces. The -Aepleation Sarvicas Layer supports ender appleaions. The Ethernet Serices Layer carte the applesions sae the main oeus of te MEF. Carer Ethernet reas onthe diame Sances Layer To dalver the hers sarees the rans Servioas Layer uses various networting and medi types. Ts ayer neice technologies ke provider backaone bedgng tl pvte LAN sare (VPLS) acd 'SONET.As showman haste, each ayer othe MEF model ass nda, contol, and management panes. Sie F5S > Croat JUAIPEr arayeye vO" unos Senioe Provider Swtching JEEE Ethernet Standards The IEEE Ethernet standards fall into the 802 category: + IEEE 8023-Physical Layer and Data Link MAC sublayer for wired Ethernet + IEEE 802.4~Bridging and management + 802.10/802.19:Bridgesand VIAN + 802 1nd Provderbidging + 802. 1ah Provider backbonebriaing + 802.tag Connscty fault management + Many more IEEE Standards The tides some ofthe important IEEE Etherntstancars. JUNIPer See aera unos Senice Prove Suhching ITU-T Recommendations "ITU-T is the ITU's telecommunication standardization sector: *G series—Transmission systems and media, digital systems, and networks + 6.8040: ArentectureoF Etnernet Layer networks, + G-8011.1: EthernetPrvate Line Service + 6.80442: Ethernet Virtual Privat Line Service + 6.8032" Ethernet Ring Protection +Y series—Global information infrastructure, IP aspects, and next generation networks + ¥:1730-EthemetOAM requements + ¥732:04M mechanisms ITU-T Recommendations Tne slde shows some othe tamales! Telacommuneatin ion TelecommuniostonStandarizaton (MT) Eterntrecommendatns. Cot JUNIRE® yo Janos Seniee Provider Switching Agenda: Carvier Ethernet * Ethernet in the WAN * Ethemet Standards Organizations MK Series Layer 2 Features MX Serles Layer 2 Features ‘Tha slide els tne topie we dscuss net. JUMIPEr ‘anierEhemet » Chapter 2-29 unos Sanice rover Shing MX Series Highlights * MX Series highlights: + Designed for next-generation services at the Ethernet edge + Functonas Layer 2 switches, Layer 3 routers, or both + Piovideredge for Layee 3 VPN, pesaaaeraa Set + Fullyredundent design + Distibuted packet formaraing + Fullset of Junes 0 routing capabilies + MX240and Mx480 + Mlcange patos + Optmizedfor sites with space and power restrictions Mx Series Highlights “These shows som ofthe gas xSeries dovees. “Fear 30 > Coie re —: JURIPEE bo” unos Senioe Provicer Switching MX Series Layer 2 Features "MX Series devices support: EEE siut + 902.40: Brcging + ¥.4734:CFWand Frame Delay + 802.10: VLAN tage Meaauement + 202.194: Provierbridging _-—*-G.8032:EthernetRing Protection + 8021ah'Provigerbackbone * intefnet Engineering Task Drtaging Force + 802 19g cFW + RFCAT6::VPLS usingBGP + 302.3 clause 57:LFM + RFO4762:4PLS usingLOP Layer 2 Features The sideshows some ofthe Layer2 features supra on Mees devices. JUNIPEFSOS~SOSOSOSC TT unas Servic ® Prove Sithing Summary In this chapter, we: + Described oarrier Ethernet + Described the different Etnemet standards organizations * Described the Layer 2 services that are available on the MX Series devices ‘This Chapter Discussed: + cone there: + diferent Ethene tensors organization: anc + Layer 2 sero hat are smiabie on MKS “ae ae BEL 08 Sone Provider Switching Review Questions 4. List two properties that make carrier Ethernet more desirable than older WAN methods like Frame Relay and ATM. List the three prominent Ethemet standards organizations. . List three Layer 2 services that an MX Series device : can provide. JUNIPEF iriiana Baa unos Service Provide Senin ‘Suis s Gremae BE JUNIP: Junos Service Provider Switching Ne Per Chapter 3: Ethernet Switching and Virtual LANs unas Service Provider Suitehing Chapter Objectives "After successfully completing this chapter, you will be able to: + Describe the functions of an Ethernet LAN + Describe learning and forwarding in a bridging envronment + lmplermant VLAN tagging, + Implement IRB + Implement Layer 2 address learning and forwarding ‘Implement Layer 2 firewall fiters ‘This Chapter Discusses: Te funtion ot an Ethernet LAN: Learning a forwarding bridging environmant: Implementation of vets LAN (LAN) ten Inplementaton of integrated routing an ridge RG Implementation of Layer 2 ars learning and forwarding ond Implementation of Layer 2frewatters. ne ‘hapiar 3-2» EthametSwcing and Vial Ane JUNIPer unos Serie Provider Sutching Agenda: Ethermet Switching and Virtual LANs > Ethemet LANs "Bridging * Configuring and Monitoring VLANs = Configuring and Monitoring IRB * Layer 2 Address Learning and Forwarding * Layer 2 Firewall Filtering Ethernet LANS ‘These ists th apes we ow in this chap. We cuss the highgnted took tit unas Service Poder Steing Overview of Ethernet Ethernet defined: +Family of LAN specifications, standardized in IEEE 802.3 + 108ase-T(802 si)—10 Mbps + 1008a8e-7K(802.9u)~100 Mops + 10008ase-T(802.2ab)~1000Mops + Uses Data Link Layer technology to create LANS, + Shared mecium-asingle broadcastand olision comin + Uniquely cenities all noes.on the LAN with a 48.bit MAC adress. + Uses CSMAVCD to avoid and manage frame collisions. Ethernet Defined Ethernet safely f LAN spestcatios detnedin the institute of lacie! and lecrnics Engineers (IE) 802.3 standard. The sido es some common examales, Including the 803.1, 802.31, and 802.30 spocteatons. Een Ethomet implementation uses unique wringand sighaingstandera-pealy a copperbased rad or fbr epi‘ the Physica aye Atough the arlous mporantations ‘oF Ethernet can use various wring and signaling andar, ney alse a caren etressng format. theme is Data Link Layer etnology, s tne ty Layer 2 ofthe Open Systems. Intreannection (0! model of conenunstions, An Eheret LAW conats ca shared ‘aaium tat encompanes a ingle caaeast and calision domain Network devices, ‘afro as nodea onthe Cternet AN ran cata Innes hat are general Feteed to as rames, Each node on @ LAN hes a ungue deri so that os be Unambiguous ected onthe retwors Ethernet uss the Layer 2 mea acess antl (MAC) adress forts purpose. MAG asaresses are set Neaware ‘urease progronmed nto the Ethernet processor ef ech ode ethernet uses the caie-sense muti aoees wh clisen detection (OSMA/CO) proteol to avid ane manage rae cline, Geer a4 Ghana Scingommearats INP unos Sane Provider Switching Ethernet LANs (4 of 2) "Characteristics: Shared medium + Single collision domain + Nodes can transmit simultaneously Ethernet LANs: Part 4 "Ethernet LAs const of shared mosium that defn a singe colsion doar As ‘breviovs mentoned,Etnernet uss tre CSMAYCD protocol tohelp avo and manage ‘eam clison. The eae topology on a ada sews everes of rade connected ‘rough hub using a copper based physical medun. This ype oF mplmentation atone only a singla seam of data ata tine. Al noes patirpating itis shares Etieret LAN stn o vr that the ie sie bate arsmiting Ite tne sil, the nodes begin vansiting da ames muttpe odes listen anadetoet ha the Snes ide and then begin anemitng data ramas imustaneouyocalision osc. x When colisions our, an ors generated ana taut tthe Wansmiting ‘doves. when a noe raeles elisionentx message, stops tnemiting Immediately an wat fora period oF me before tring 6 senda fame again. the node coanues to detect colisions, ogressiveyncveases the time between ‘onthe LAN. The node ses backat algorithm to cscs tha reesing ‘aransmsion te intervals When anode does sceosfulytanem ethat tinficrepstes out a ports onthe rub ad al oer noses on tha shared theme ‘segment eee his aff fooding approach, coupled with ollains consumes pwr al» Grape JUnIper unos Service Prove String Bthernet LANs (2 of 2) *As the network grows, the likelihood of collisions increases: +s collisions increase. overall LAN efficiency decreases. Ethernet LANs: Part 2 thermot LANs ware egal implemented for smal, simple networ. Overtime, sis hae bozome age ard more compes. Asan EtternetLAN grows, teken003 ‘of collsions on tat LAN ako ows. As re usar in a shared Ethernet segment, ‘Seon patspatng node racsves an inva fail th papain odes for wai ts nat te actual destination. Tis unvants consumption of rework esouroas, long with an nereseg of cllsion,nevabiy decreases the ‘veal efency ont LAN, aerS-6 + Enenetsutounganavewatiate IO f O 2 unos Senee Provider Switching Agenda: Ethomet Switching and Virtual LANs + Ethemet LANs Bridging * Configuring and Monitoring VLANs + Configuring and Monitoring IRB + Layer 2 Address Learning and Forwarding + Layer 2 Firewall Filtering Bridging Tho side hilt the topic we seuss noe. JUMIPEF STINTS OST unos Service Provide Sting Overview of Bridging * Bridging: + Defined in the IEEE 802,10-2004 standara + Segments single collision domain + Isolates the Physical Layer + Learns and maintains a forwarding table (bridge table} + Performs inteligent forwarding decisions based on the bridge table ‘Bridging Defined Define inthe IEE 802.40:2004standara,rdgng addrooes some oft inherent problems orgs shared Ethornet LANs. Bagngusesmieseogmenatonto vice 'Sgecolision domi into mutp, smal, dgedcolisin domain, Reduclng the ‘Sz of cation domain eectvaly roducs te halo thet cols. maha Ths approse alco enhances parformance by allowing mult teams of data to fw trough te sah within a commen LAW or troadeastfomaln, rgngalons a mised colton of interface types and speeds tobe lacy ‘cuped within te same briaged LAN The abit to lgieally rou sina inrfacesin a trdge LAN envionment provides cesign Max not found na ‘shared Etharat LAN environment Srgng buds and mainais forwarding tabla, known 69 brig ade fora estnatins within th rida LAN Tho Widget bane ante ares NAC ‘sdrestes foal devices partspatngin he brig LAN Too bi alo can ei in intesigent orwaraing decisions This porcach reduces unnecessary tafficon he Sar tamioaevee "pee bem unos Service Prov der Swing Bridging: How Does it Work? ‘Transparent bridging builds and maintains bridge tables using the following mechanisms: Leeming + Leams MAC addresses and associates ports + Forwarding + Fornards packets out the proper egress interacetoward the ‘seston + Flooding + Repleates packets aut other pots for unknowndlstination MAC Adtesses: also used when passing multicast and breadcasttratic + Fltering + Units traffic tots associated network segment aging + Ensures brdgetable enties arecurrent Bridging Mechanics “Te wansparent bridge protocol allows a switch clan infomation about al nodes ‘ontno LAN, The sites utes hes ntrmation to reste te acess oop tables Foferad to a gga tbls, hat 'cansuts When fewaraing Uso (or two) ‘fstnaton an the LAN nen a sith feat connects to an Ethernet LAN VLAN, thas n information aout ner nodes o te retwork. Learning. recess sth uses to obtain the MAC faeeses of lthenades on the network stores nese ascrecsos na rig abe. Tleam MAC aaaresss, te such rad al ames that Seect onthe LAN orn the acl VLAN, toning Tor MAG adereses of sending nodes places these ‘ease itis brige tale slong we 9 othe pooas of iotmation fea wee reosiog ante meshed the “Tho wich uses the forwarding mechanism to dether vate, passing from an Incoming itrfae oan outgoing interace tot ese oor over) th Sactinaton. To foraas rams, he such consults the bldg ale determine wheter the abe ‘contains the MAC address caresponding ote destination oft rames. the ‘ig bi cortains an erty forthe casived detation aden, the witch sands ‘he ffs out the rteracesscocinnd withthe MAC arose. The sie lea consults ‘he beget. in he same way when oramiting ems tht originate on devices connect coat te sath, Cantnved an nee pg JUNIPer ernet Sching nd tual UNS » Chapter 3-9 unos Seevice Powe Seine ‘Bridging Mechanies (conta.) Flooding varsparent mechanian vee to deter packets to unknown NAC ‘acess, hein table has no ert fr a paul destination WAC adress, Crit he paca recived isa roadcoe or mules paca, he ch foots the ‘raicoutal interfaces excep the nteace on which twas canna tree oFgiates onthe sec, the sch lode that afi outalintertaces,) Wen tho \ntnown destnation host respands tafe it has boon Fooded though a Switch, ‘he stan learns the MAC address ofthat rode and updates ibid abe with the source MAG adres ofthe ost and ingress pot. “he ftering mechani nts vate ts essoites nett eagmentar YAN. AS th numberof ens In thei abe gone, the suo loss gether an Increasingly compet plete othe inal never segments the pte caries rich nodes belong to which network, The sien soos ts information oe trate. tering prevents te swch om forwarding ua am onenetwork Seger to Fry the site uses aging to ensure that nly aetve NAC adress erties rein the bilge table For each MAC ates nthe ble abe the se reco 2 ‘timestamp of when earned te ifort about the retvork nade Each tne the ‘shch detects rae tom @ MAG saree, updates the Smear. ion the ‘swith periodical checks the inestamp; he timestamp solder tan he iobai-nac-table-aging-tine value (cussed ate ins capt, the _Swch removes the rode's HAC adress from the ridge ate ? unas Seales Ponder Switching MAC Address Learning en MAC Address Learning. Theslieitstates a basiovew of te MAC adres laring proces. ln this example, eaen ach port connects @ hub and he aaa nubs have mute connestog fades, A each nade snd taf toward ta ther odes onthe ria LAN, the ‘ch eviews hatred rants 8 MAG ada tab (abridge ae) base On| ‘he soues adress ofthe sender slong wt he sen porton when racehea the ‘tf inthis example, we soe thatthe MAC adoses fo Ai and AZ are associated wn or g@0/0/0,wheross the MAC edérosses 0°62 ana B2 ae associated wth ort 70/2 unos Srvc Prva Sting Forwarding Known Unicast Frames (4 of 2) [Sete cman | ean en Forwarding Known Unicast Frames: Part 1. Inthe example onesie, At sends a ramet 82. The frame i rapested out al ors onthe attached ub, whi eels in ames travengto bath A2 as wall the “ch shown inte mid ofthe trustation. a2 recsves fe rome and detects that ‘the desthtlon WAC aderass dons not toh He onn MAC aresoy ot whch tn 2 ‘dscarsthe frame. Te wich rcoes the frame, checks th MAC address tabla fro Iathing ent, and towards tho fame out the assocted fort bared onthe loko. ‘sults, Uta, 82 reeves and procasesthe ame whe Bl rece and ‘scars thea ‘apie 3-12» Ethernat Suing an Vital ie JUNIPE be Forwarding Known Unicast Frames (2 of 2) Juniper ures Series Provider Switching Forwarding Known Unicast Frames: Part 2 inthis example, A sends tame oA2. The attactes hub ecb the frome and sends oval ports, vn esis in auplste Fames sent to Aza wll as tothe Swen 2 rece the rome snd tans that the seattion MAC addrene motores [own MAC adress at which te A2 processes be fame. The sth race the ‘fame and chooks the MAC adress tale fora mating ene. The etry in tne MAC ‘ress tabi shove the egress pt, whieh, in hs exams the same port on ‘neh tne snitch reosNed the ram Because te egress porn te WAC adress {eal the same port on whos the rae wos rece the sth tors the fame. ‘there Swishingand Waal LANs + Cnaplr 3-13 unos Sanice Prova Sting Flooding Broadeast, Multicast, or Unknown Unicast Frames Flooding Frames, Flooding i used len 8 NAC adores nt recorded inthe vide table This ‘mechanism salsa used when sendingbrandeast and mery cases, mutteast frames. The exarplon te sie shows Ai sending a trade ame with ‘ostnaton MAC adaess of FFFEFFFE.FFFF tthe LAN. The allachec hub sens the frame out al ars The sich Foods te eoadeas frame oi al ports ateoclated ‘wn te LAN, except forthe port on wich reenact eee The soca shows het, Umass at nodes ante LAN receive the ame, oe sues Senco Provider Switching Viewing the MAG Address Table Use the show bridge mac-table command to view MAC address table entries Sorntisaanecies b gearonco | Viewing the MAC Address Table Use tne show briage:mac-table command ovew alent win the MAC ‘ataress abo. This commana generaas esto leamed WAC saaeases alongwith {ha coraponding VLANs and ntraoes lenge are oraned based on thse ‘ssociated WANS unas Senice® rover Siting ‘Glearing the MAC Address Table "Use the clear bridge mac-table command to clear the MAC address table contents evo boning demain, o¢ "on ise doce ares cntce fab for Sacliie sntertace Clearing MAC Address Table Entries Use the clear Bridge mac-tabe commando clearal entries yin the MAC ‘res tae. Optonly you can us he Inter #acm opion tear ol those MAC {ate entries eared ough the specie terfee, Te following ene Mahan house of tia Enter zace option lserdewitchs show bridge mac-tabte Whe Flags (5 “static WAC, 9 -dynanie Mac, SE “Statistics enabled, 1 -Won configured MAC) outing instance + defau2e-switch Bridging domain : vian_i00, VtAN : 100 wae wae | Logical addzees flags interface Corsisssimpsearys & 70/00 Doraisss:abiea:99 B 0-1/0/3.0, Routing instance : dafaslt-aviten Bridging domain : vian_200, Vian Nac Rac’ togseal Gor21:S9:abiea:97 9 a oor21:59:ab:6a:99 5 a6-1/0/3.0, Continued on nex page pe unos Sonice Povicer Snitching Clearing MAC Address Table Entries (contd! user@awitel> clear bridge mac-teble interface go-1/0/3.0 usee@mvitch> show bridge mao-table wie flags {S -static Ac, D ~dynamic HAC, ‘SE “Statistics enabled, aM -sion configured snc} Routing instance + degault-aviten ‘Bridging dessin | vien 100, VLAN ; 100 uae mac’ ” togicat address flags interface Doratss9-apsRas95 | D 50-1/0/0.0, sac flags (5 -atatic wAc, D ~dynanic mac, ‘SE “Statistics enabled, 1 -Non configured HAC) Routing inatance + defautenawieen Bridging sanain vian_200, VIAN : 200 uae Bac | Legteat address flags interface Boralss9sabiaa97 | 8 geni/o/2-0 5 Swicing an Virtual [ANS » Chapter a7 JUNBEL unas Service Provide Sitting Agend: Ethemet Switching and Virtual LANs = Ethernet LANs * Bridging Configuring and Monitoring VLANs * Configuring and Monitoring IRB * Layer 2 Address Leaming and Forwarding * Layer 2 Firewall Filtering Configuring and Monitoring VLANS ‘The slid Mgnt the tpl we dacs ne. eR eisanraewe Ber pw unos Soni Provider Seitching Overview of VLANs = VLANs: + Segmenta single broadcast domain into mutiple broadcast domains + Allow for grouping users based on business needs, regardless of physical location VLANs Defined _AVLAN sa coletion f network codes that te logealysrouped together to fom Soparate broadcast danas. AVIAN hes the same gonerlatriotes a pte UU, out ows at neses ora pertoulr VIAN to be rousadtogetnerrogardless ot pnsialacauen. One advantage fusing VLAN i eson fey. VAN alow [gouningofiaidual users besed on busines neo. You can eetatish and Fraimainconnectvy win a VLAN cough softws oniguation, wich makes uate such a ajnairic and exe oon nodeysnetwortng emironmonts JUMIPEE RnR csr ao ons Serve Provider Switching ‘Switch Port Modes = Switch ports operate in either access or trunk mode + Aovess mode: + Connectsto network dices (desktops. |P phones. pines and so forts) + Typleaty transmit untagged Etnemet ames fora single VLAN *Trunk mode: + Connectstocthersuitshesora router + Typical transmits tagged Etnernetrrames for multiple VLANS—the exceptions are winen the nathe VLAN option is configured or when contaltratic is sent Switch Port Modes ‘Swit ports eperatain thar aocess mode or turk pode. ‘An acess por connects to nator devices such as destop compte, phones, ‘rns or eserves. Access pots Yoiealy belong to a srg VLAN ar uansmit ‘and recche umagged Eteret ames. ‘trunk port peal connects to another switch orto a cusbmereoge rue Inertaces conigired for rank mde handle wae fer mutsie VLAN, musing ‘he wafer al conigured VLANs over the same piysicaleeneclon, and separating ‘he vac by agar with he aporoprite VIAN. Turk ors can aka carry niague rari when configured wn ine naeive-van-ia sistement. Furthermore turk ports send eonvl Waffle untagges. SSewrs20 + eestoataingertveate IUIPEE re unos Soviee Provider Switching 302,10—Ethemet Frame += 4-byte tag inserted into the Ethernet frame (max 1522 bytes) + Tag Protocol Identifier: 16 bits, default 0x8190 + Priority: 3 bits, 802.4p canonical Format Indicator: 4 bit. default 0 + Unique VLAN identifier: 12 bits 802.19—Ethernet Frame To consistent acsecite trac wth a parteular VAN the india tames must be ‘eaged 9 they pas tought network. These sstrtes on 802.0 eagsee Ethemet ame elong with tekey components Othe tg-, + Tag Protea! enti (PID, + Pri + Canonical Format inceatr (FI and + Unga VLAN eniter() JUAIPGF Senses ra pera at Janes Seno Provide Senin 302.1Q—Trunk Links *Atrunk is a single Ethernet link that can carry traffic for multiple VLANs 802.19 Trunk Links _Arunk i singe Ethernet ink used to cary wae for mute VLAN. Ato ink ‘ypealy interconnects mats switches ora sich wih acstomer edge outer As ‘shown on te se, interorae configured a ru prt hana ae fr mute ‘YLANG, muleioang raf oral configired VLAN ovr = sing sys ‘connection ratner then using separate pysical inks for eae contig VLAN, Sanaa EnaaaaeaTaNE per yer unos Senio Provider Switching Access Port Configuration (1 of 3} "Define the bridge domains (broadcast domains) and VLANs to be used for switching Define a Bridge Domain “oallow an NX Series 30 Etnemet Unreal Ede Foutetoact asa ston and build «2 MAG adres abe you must rst pect ine porteular VLAN Ds tat it il for the pepoee of switching, Te do so, spect the spretateVLAR I as part ots normed big domain, Ts meted request you configure enen VLAN aa part of singe bridge domain On afolowing side we cover now we can spac eavra VLAN within single orogecomain using the vian-id-1se¢ tatoment JUNIPEr ‘ihren Sishngand tial LANs» Grape 2-23 Jones Senice Provider Switching Access Port Configuration (2 of 3) "Assign the interface to the bridge domain andset the interface mode to access [Tie riao- i sot pase oe | Ses] ‘Assign an Interface to Bridge Domain Toatlow an interac to act as an acess port for a prtclar VLAN ou must sect Itsintertace mode es access and you rust sot) the VLAN to which lblores. Far ‘2ezes5 pots you ust ube othe unt nomber. ‘amie 2a» heat Sang and Wal ANS JUNIPer pe sures Servee Provider Switching Access Port Configuration (3 of 3) = The following method is another way to add an access port to a bridge domain: + Acoomplishes the same objective as the process on the previous two slides asic) Another Method ‘The aide shows 2 secondary (rigs! at) metnodio aocomossh adéng the 151/0/0 interisee as an aozees porta VLAN 100. ihe metho is arceptabe, but te recommend hat yu choesa are method green sowusion However You can JUMIPCF CSCS ev totinc oar a = Cir Janes Service Powe Siting 802.19 Trunk Example (4 of 2) or MAES T So"260 210 sap £802.49 Trunk Configuration Example: Part Tesi tustrates an 802.19 trunk congwation expla. tis case telneriace Iscontigured ase wn pot ands assoit wth the van 100 and via. 200 Oke domain. The parting ten vould have» sel congivation or the nerace funeoning as ti The side aso ust the usage ofthe nat ive-vLen-i statement. Ms enfigrationstaiemant does wo thing, Ft, fierce gp-2/0/3reoowes ary Uitaged amas, asscltes those reas a VLAN 100, Secon, Fnerfacs £6:1/0/3 ansmts any outgoing ames tat associate wiAVLAN 200, thay transmit Sseuntagges ames, Notice the visn-a-List statement it specifies the VLANs to which te ntertace ‘wil bea mame The folowingsiatements ar examples oftow you can use the + vaaneld-1iee {100]:VLAN L00ni + vaancid-1ise (100-200); WANs beeen 100 ard 200, + vaan-id-1iee (200-109 212-200): Ar LANs between 109 ane 200, except VAN 130; or + vaancid-1ist (200-109 112 113-2001:A LANsbetwoen 190 and 200, except VLAN 120 ar 112 a. Jones Seniee Providor Switching 302.10 Trunk Example (2 of 2) aun ‘espace vaa-aieper £802.10 Trunk Configuration Example: Part 2 The site shows. secondary (gal sive) methato accomplish adding the 12-1/0/3 intace asa trunk portusng VAN ID 100 and VLAN 10200. Either ‘methods acceptable, but we rocommend that youhoose ane matod to prevent [onfsion Hower yu can use both maths sataneoucy, unas Serce Provider Sching Dealing with Large Numbers of VLANs Service providers typically deal with thousands of bridge domains and VLANs for each switch: “Use a single statement to create multiple bridge domains, + Brig domain names take the fom prafixe-v1 an-nunber Sec eto etapeamine ASSSig arcana "Sage domain vow retectace Dealing with Many VLANs ‘As oposed to configuring invizual ridge domains for eachVLAN used for sting, ‘be hos operating jtam allows forthe coniguaton of mary VLANs within a ingle ‘ridge comin. Th se shows that Instead of ung the vast_2astaternn you ‘would use the vian-{c-1.gt statement The usage ofthis statements sma to ‘Be usage dostibad onthe previous page. When using the vian-ia-List statement the swich automaticaly configures the appropri bridge domain, wien have names tat ak the form preix-vien-nunber were te prefix tthe configures bridge domainname unos Sovice Provider Svtching Monitoring VLAN Assignments Monitoring VLAN Assignments, ‘The sid shows some tay commands used ta montor WAN assignments ntis ramp, tne ge/0/3 terface belongs to te briage aomein named van. 109, ‘heh hea an 802.19 tof 200. Because tis neface's configured asian access or recs and transmits ony uragied frames. fa Wonk ort wore ale ‘configured to pass traf fx the van_200 Bdge dann, would add and rene ‘a 802.10 tg vale of 100 fora trafic for tne van. 00 bridge domain We ook {329 Wank part cantaration ana mentoring example at. ‘chapter JUNIREL unos Servic Prosder Swthing Monitoring 302.1 Trunks (4 of 2) “Use the show interfaces command to determine the interface mode Sa ees Ae rs ae Erie Set ena oer iii SSE en a Se we Tig: trtrpeneteee eapeiaion etcenecacape steel sete, or 1514 igs fentieae Monitoring 802.49 Trunks: Part 1 ‘he show interfaces commana shows thi the ge/0/ ntertace ie cnt ured fortran mode, meaning wil wars VAAN ies peo Juros Seniee Provider Switching Monitoring $02.4Q Trunks (2 of 2) Use the show bridge domain command to determine the interface VLAN assignments ES ‘Monitoring 802.40 Trunks: Part 2 The show bridge domain command shows thelntertaoes and tr VLAN assignments. JUNIPEF SCSI RSTRNT + Gar {oa Seni Provider Switching Monitoring Bridge Statistics ‘eoadeast pockets " SS ‘Monitor Bridge Statistics The show bridge stattetios command displns tafe ststetes end MAC ‘unt internation related to each eg iterface of the ste, (Chapter 3-32 + Bharat Sching and Wu JUMIPEr pe unas Senive Provider Switching Agenda: Ethernet Switching and Virtual LANs * Ethemet LANs * Bridging = Configuring and Monitoring VLAN Configuring and Monitoring IRB * Layer 2 Address Learning and Forwarding "Layer 2 Firewall Filtering ef eet configuring and Monitoring IRB “The ss hignghtsthe tole we cuss net. Jone Serie Provider Suteing IRB Interface IRB allows for both Layer 2 bridging and Layer 3 routing in a bridge domain ‘An IRB interface Is an IP gateway for the hosts of abridge domain IRB Allows for Bridging and Routing Ifyou use Layer 2.only Ethernet itch ro Layer’ funeral, hen you must add 2 separate route to your envrenmant te prodde routing teen the subnet ow ‘nt sce However an WX Serie routr ean act a Dt aay 2 Etemet Swen {nd a outer atthe ean tins. An Inrfaco slog! Layer ineriace vad as ‘an gxtznay foe VAN. Te allowing sos provide come aton and mentoring, ‘ramps fren I intetoe, 8 ‘hepter3“Ba" + Ethernet Swching ond Vtual UNS JUAIP be unos See Providar Switching IRB Configuration Example en iy tee ¢ ee RB Configuration Example The sie provides a configuration exami fran FB aria. In his exams, the ston performs Layer 3 lookup when reels ttf witha destination MAC eas that sto on MC address ortho sian parfor nl outing "poration th attached devices must have configured gateway adresses that match the arose associated wth the coresporng near, JUNIPEr Rares ose unos Sanice Provide Snitching Monitoring an IRB Interface Use the show interfaces command to verify the status of an IRB interface op inne rraazezanae a) | SSS (ere rrr eee rR amo Dour] Monitoring IRB “Tha side Ista kay command used montor an IRBintrece,andshows the outout ‘rom tie show intereacee terse comand. This comand shone te sate and |P adress informatien fron IR interlace. As nested onthe se, toast one _actve port must ssodate wt the bie domain for thar rts to be ‘eminiseatwoy up. rat Swtching and WaT JUnIper ye unos Sevice Provider Switching Verifying Routing "Use the show route command to verify the router's. ability to route between the appropriate subnets ear cas Verifying Routing ‘As with any roster, wen yu configure an Padres for an interac cn that ou routes are utero aeded tothe routing tae. nthe Junos OS, fr each ‘onfigred IP intorfaoo, vo route are edo tothe routing tase One rout ie host route (32 mask thats used to forward Wa tathe Routing Engine (RE) wen locally destined packets ere. ha ther ruta ate othe network subnet ‘wie that earface beers. This outa atows the ute to route pacotsto other hosts on hat same subnet. Tha side snows mat ou routes Were added 9 the nat.O ‘abla. recut of contgung two IRD itaraces JUAIPEF RNS STOUT cree unas Sonic Provider Switching Agenda: Ethernet Switching and Virtual LANs Ethernet LANs * Bridging Configuring and Monitoring VLANs = Configuring and Monitoring IRB ‘D Layer 2 Address Learning and Forwarding = Layer 2 Firewall Filtering Layer 2 Address Learning and Forwarding The site hight the opie we acuss nex. Jur0s Sane Provider Switching MAG Address Learning and Forwarding = Aswitch learns the source MAC addresses from. incoming frames and learns destination MAC addresses as a result of the flooding provesses: + By default, the Junos 0S performs MAC learring, butt allows for you to change the default Layer 2 earning, properties globally, per virtual switch, per bridge domain, and per interface level + Timeout interval for MAC entries (efatt is 3005) + MAC statsties detautiseisabled) + Maximum numberof MAC adress learned defautie 393,235) + Turnoff MAC fearing [MAG Address Learning and Forwarding ‘awe discusses prevousiy inthis chap, sch eams MAC addresses from Incoming ames es we as om ine flooding proces. The Junos 0S alows You > rte the dete VAC earning behovie: Te sets the things that you can ‘change as wi as wnere te changes can app to asmten. The folomngist aroces ‘irae values foreach of the MAC leaning properties: “+ Ac timeout intent 105-10000008 3005s the detau ‘Mpc statisti an be enabled (aeble by fou) Global ac um: 20-s048875 (393235 ne cera + Swit Mac it: 16-104887S (61206 the default . + Brige domain MAC iit 61048575 (5120's re default and + Interface MAC: £-131074 (1028s the defau p@. “oview NAC station once you enable te feature ane the ahew eke Juros Senice rover Sitting Global and Switch Address Settings * Global level (all virtual switches and bridge domains) (lobl-mac-stetiotsce “matie whe mice atistic at svetan seed SSESCTESES Sti the spon eel wad tas splay ine Her n00008 [Bieme-taiog oie dante 8c asses etcng ot ston * Switch level (all bridge domains for the virtual switch) $j tiptigesupeenspe ante neni soaeigueetion dn flonan aap 2 EEEESTT" cua or sopuing tame apo Global Level Settings loa evel etings apy mat virtual switches (cussed 9 ator capt and al edge domains. Switch Level Settings ‘wc level setings apply tal bridge domains assosatd ith avituel seh, ‘chapter3-26 tos Sania Paver Switching ‘Bridge Domain and Interface Address Settings += Bridge domain (all associated logical interfaces) uy groupeeacagt Sue statse Snciquntion sate fee ste atop roSnateiarning Gustnie Syncs te sosast ara + Interface level (single interface) + appay-aroupe ‘Scoupe trom sich Co Soheeit contigeation data Bridge Domain Level Settings Setngs a this evel aot interincas asociatd hte Bdge domain. Interface Level Sotngs at this ove atfoct any the ierace specie inthe conga unos Senco Provider Switching MAG Table Size Example "Specify the mac-table-size number option to limit the number of learned MAC addresses for the bridge domain: ah Layer 2 Learning Example The eamle onthe side shows atthe MAC table sl forthe bridge domain changed fom te cefault oF 5120 ts 4000. By deat. wen the aig dosaln MAC ‘caring iit ie resced, te device doesnot an ary more MA addres ut ‘onwards o floods wae inthe oaee of rsmown desta, The ake shows that {hs default behavior was everden oo tat Enemet frames win unkown ‘estinaons wil drop whon the congue it is reschee, (Ren AE Gratsuiangenrwmarans IU IPEL unos Sonioe Prorder Svtohing Monitor Layer 2 Information "Use show 12-learning commands to view Layer 2 ‘ante at tation mil information Ea Layer 2 Learning and Forwarding Status These shows some othe commands thatyeu can usa to view the Layer 2 earning and forwarding satus forthe ste, unos Senos Provider Switching Agenda: Sthernet Switching and Virtual LANs ® Ethernet LANs = Bridging = Configuring and Monitoring VLANs * Configuring and Monitoring IRB * Layer 2 Address Learning and Forwarding PLayer 2 Firewall Filtering Layer 2 Firewall Fitering ‘The sie highs the tpiowe dacs nex. ‘raptor 3a + Beret Swiching ae Vital AN JUnIPer oe Junas Seni Provider Switching Layer 2 Firewall Filters + Filter frames based on their contents and perform an action on frames that match the filter, ‘Filters can accept or discard packets based on: + Address fields + Protocoltype +YLANID +802 .1p bits +P address of the packet carried within an Ethernet rame ‘+ Many more factors Actions You can use fits to control ne fames destined othe RE 98 wo as cota ames psssng tough ta route. ‘Acceptor Discard You can cee input tors thatatfetonlyintourd wae and output ers that affect ‘only cutbound vat. Fits ean ascent or sar Tamas based onthe contents of the ame’ adds feds, prosecel ype, VLAN ID, ven the 02 3p Bt fel inthe frame teaser unas Senice Provide Staring Layer 2 Firewall Filter Syntax + Syntaxis similar to that for policy statements "Defined under the [edit oor etch) any bese firewall family bridge] cn ne ( hierarchy level ‘came! "Named filters, one or more terms ‘iterustson ‘Terms process sequentially at + Al frames match a term when ‘ction a from condition Is not specified slcemaiens + An implott discard all exists for ‘en eine) ‘ramesthat do not match any term * Actions: Accept or discard 7 + Modifiers: count, galice, and so on -AJunos 0S itr consis of ne oF more nated terms, slat ply statement, ath cern haba sto maton condtons procededby the keyword from, anda set of tons or acton mods prosedod bythe Keyed than. Hierarchy Level Layer2trowalftrs are defined underthe [edit ficewsl family BeLagel section ofthe contiguration het. (One or More Terms, re teem at ant ona tre neem) A ena sas 9 Erameondon fs pesort then al rams mach ifr ras match on tom tho default acon’ to cars th frame sendy Toke caret ensure at wanted ames arenoliscardea. Ue the commansine nace (CL) Sager, copy, and rename funcions to assist inte managemontof your mutter feral ites continued on net page. SRR ES* GratSetangmrvmmtatsIIPEE wo Jos Service Paver Sutehing Actions and Mosifiers ‘After can arcos fame fr normal warding oacarda tame siemty, You can ‘mod these acions by apping« mar. For exo, you can soni the eeu Inoaiertinvement unter We daciae oer modes onthe sowing ses, JUnIper ‘Beret Sucing snd ual LAN + Chapter 3-47 unos Sanice Provider Sting Applying Layer 2 Firewall Filters You can apply Layer 2 firewall filters to either an individual interface, a bridge domain, or to both + Interface level + Youcan apply a single ter for each interface (input. crput. or both) + Appiya chain ofits using the inpmt~Liat or ontpat=1iet statgments + Bridge domain level + Youcan apply a single iter for eschbrgedoman int only) + Interface and bridge domain at the same time (input only) * Tsinaace tris processed tt ftowesty he ree domain al Applying Layer 2 Firewall Fitters ‘ones you congue a renal er, you must appt itt one er mare trees. You face intesface interface-nane unit suber Tanliy beidga esieer! lvl of the coniiaton heey o acpi aftr to lintrfacas that belong to pater Sige domain, youzan apa eval tor atthe [edit bridgerdenain nama forearding-oyelons. flee] lev ‘ofthe configuration ere. eave ers are apled aint ers ta the Intorfaoe and brdge-domain evel, the Junos Olga eongatonates the bide omalniovel ite tothe end ofthe rtrface evel ite, ‘te that you cannot we bse domain-ve ira when re wlan-ta-2hee ‘Satoment was sod to coate th dee domain. ve unos Sonic Provider Stehing How Filters Are Evaluated + Single-term filters’ + Ifthe frame matches all the conditions. the device takes the action in the then statement + ifthe frame does not match all the conditions, the device discards it * Multiple-term filters (terms evaluated sequentially): +The Junos OS sequentially evaluates the traine against the conditions in each term's from statement. beginning with the first term “Ie rare matches, the device takes the action nthe ehen statement +a frame passes throughallthe terme inthe ier without rmatehingary of them the device dscardsit * Filter lists (chains) are concatenated logically into a single filter Single Terms. When areal ite: consis of sng te, he er vlusted as oon tthe ‘nome matches al ts condos, mn cevcs aka he acton Inthe enon statement ‘tno trome docs not match al the canons, the aves scogsi Muttpte Terms, ‘nen a fre fitar consists of more than ane tern the iter sealant sequentially Fist tho frame i otauatoc agit te condtions inthe From Satemeont inte fist nr ithe fare matchos Ye deve takes th action inthe ‘chon statement it does not maton, ts vaste again he condtons the Fromstatamant Inthe second tr. Ths process cansnues url ater he fame maton the Eran condton inane ofthe subsequent terms o uni na mare terms Ira tame passes trough athe torms in he fier nhout matching ay of thr, the ‘device dca Ira tem does not contain a fom sttement, the fame considered match, and the dele tae ta action heteum's then latament Ita ten doos nt contain a then statement, rif) do rt configure an ston in the then statomert hat ste fama ust coursed), and fe Frame matches the conations inthe tarn’s €zamtatarant the davies acopis the rama Continued on next page. Juroe Series Provider Senin Fiter Lists Instead of appyings singe te to an interface using er np oF Reroute, you can apply ist of up to 16 ters You paocn this ston wh the Lape “Lis ard oeepue “list kenords. JUnNIPer ve unos Senlee Provider Switching Firewall Filter Match Conditions (1 of 2) TSB eccot Set Belts satin use tm pane cope to nt sath forecting hare beeen Ease ‘Match Conditions: Part 1. ‘hese shows some of the ary match contr that ou can use ina Layer 2 fava tr JUAIPEG ee ITEM epora oT Jungs Sanvi® Provider Switching Firewall Filter Match Conditions (2 of 2) Match Conditions: Part 2 ‘Tesi shows come ofthe many match conctons that ou can use ina Layer 2 ye unos Serie Provider Sutching Firewall Filter Match Actions = Match actions determine what happens to frames ‘once a match occurs: 1+ Besides accept and discard for actions, you can apply ‘modifiers to frames like setting the forwarding class, andl sganunon eet eseeusl fany args Eltee nampa Geen 30 then oe eae cece Match Actions accept and discardare the actors that you car apy to ame, However you ‘an aap medifers tone amas a5 wel + coune: Ths modifier counts the number of matches hat occur to 3 harmed counter. See te curent aaa saung the show Lowel. commend, + roxwaraing-ciass! thsi sed for mts clasication for cies of serve (655) Essonay, ths satin seas the quoue In whch tis treme should be pace, + 1o2s-orlority: Tia mast lows ou to chang the packet ass pron ofthe IP pack inthe payed ofthe hore acne + nee: Tn mii liu the rome abe eae bythe not tor It there, + noxt-Rop-group: The mor species which nexthop goup wil be ‘poles. + policar: This maser pps a rtokmling pacer to the matching frames. + pore-niezos: Tis moder als cpiasf tha tame tobe sent to an {utbounaltrfece for ara, The orginal fae ova es nora JUAIPEF NTE Cr J Senice Provider Swtcing Firewall—Family Bridge Example "Configure, apply, and view the effects of a firewall tees twats) Example Fiter ‘The slide shows an eam of configuring, apphing. anc vewing he efecto Trew iter To Gea the courers, use te eter ekrevatl command Gaeir34 + Eom Geiongouenatine IEE ae uno Senice Provider Switching Summary In this chapter, we: + Described the functions of Ethernet LANS + Described learning and forwarding in a bridging environment + Discussed implementing VLAN tagging + Discussed implementing IRS + Discussed implementing Layer 2 address learning and forwarding. + Discussed implementing Layer 2 firewall fiters ‘This Chapter Discussed: +The functions of an thames LAN, + Learning and orvarding in a ridng erionment + tlomentaen of WAN tagging + plementation of 86: + implementation of Layer 2aderss teaming and ferwaring: and + implementation of Layer 2 trowel tes unos Service Provider Sting Review Questions Whats the purpose of a bridge domain on an MX Series router? . How does a bridge handle multicast Etherne: frames? What is the purpose of an IRB interface? Which match condition is used in a Layer 2 frewall filter to match on 802.4p priority bits? Review Questions ‘Ghaoter3-86. + Btharat Switcingand Viale “JUNIPer pw unos Sane Provider Switching Lab 4: thernet Switching and VLANs * Configure a bridge domain. *" Configure a Layer 2 interface. "Use operational mode commands to verify the status of a Layer 2 interface. Lab 4: Ethernet Switching and VLANS “The slide provides the obectes fr this a, unas Service Provider Satcing JUNIPEr NerwORKs Junos Service Provider Switching Chapter 4: Virtual Switches Juno Senice Provo Stching Chapter Objectives ‘After successfully completing this chapter, you will be able to: + Describe the use of a routinginstance + Desoribe the function of a virtual router + Deseribe the function ofa virtual switch ‘implementa virtual switch + Interconnectiocal routing instances This Chapter Discusses: + The us ofa routing intone: + Tmefunetion of virtua outer + Tho retion of @vtua stn; + mplomemtion of» vei ste, ana + Interconnection aoe roti instances, {nos Serie ro er Sutohing Agenda: Virtual Switches Routing Instances Overview = Configuring and Monitoring Virtual Switches " Interconnecting Routing Instances ae ES z Routing Instances Overview ‘hes sts th topes we ever in ths chapter. We lcuss the higahted ope ts Js Service Provider Saltching Routing Instances = Several different types of routing s instance existe, ad + Virtualrouter routing instances allow for cl your single chassis to appear as multiple | routers to the outside world | | + Each with ther own separate outing tables, protocols nk state databases, and 20 0n + Detaurtinstance is named default. + Virtual-switch routing instances allow for your single chassis to appear as multiple ‘switches to the outside world + Each has its own MAC abies, VANID epee, and spanningt comaine + Thedefaultinstanceis named defaul t-evi teh Routing Instance Types ‘The Jinos operating sytem provides several iferentoutnginsance types with whieh two In ths couse we wore wth wo pes of outhginstance=" ‘istual-router andvictuel-ewitch, Carentan wo ratinginstance types afow your singe chassis apacar as ethormere tan ane router or ore than ‘ne switen respacaa) Each etl reuter des asa stardsone rte. For exam e2ch tual outer hess own routing table, outa eotecs,rteraces, ana isk bout evethngshat encompasses thetic things Vat crmprae a rowtar inlay, teach confgurod tual ewtch has sawn MAC tbls, vit LAN (AN) T9 spe, lridge domains, panningee domsins, and o forty & June Networks NK Series 3 Univeral Edge Router uses two deft routing instances, or outing uses the ‘Sofaul virtual roulr ft Rs outing table Fer swing uses the ‘Soave switch val ewtan, Vital Swit JUNIPer be JUNIE unos Sais Provider Switching A Simplistic View of Routing Instances = Interface to table default assignment: + Layer 3 interfaces associate with inet..0 + Layer 2 interfaces associate with the default-switch virtual swviten j O lomgaiuraecry ayes to Routing instance and Interface Default Relationship “Tha sida shons avery split vow ofthe deteutlationshio of intraces tothe routing ane MAC tables ofan NX Sere outer, Keen mind tht we have ie ot dsovssen ofthe Packet Forwercing enghe (PFE) ad the assole forwarcing ‘ables. Whon Zoublshaotng val outers and auch, you general can spend your im focuseal on the Routing Enge’s (RES) oxy ofthe rutng an MG abs, ‘nl trusting that equllent opis appear as fruaring odes inthe PFES of your ‘Swit. To view the PFE forwarding tates, beth or eutng and such use the Show route forwarding-eable conmant Ina outngonty enronment, contgued interfaces andthe associate lcel and ‘Sect routes appear inthe daft viel outers tng able, eto, ined Layer a Layer 3 endronment, Layer 3 interfaces orsnua to Wok a secerbed, hares Layor 2 ntaraces, Pawns been asociated fh a ge dora at th {eae bridge- domaine) Morro associate wih te cefautvitol ow tes Mao tabes, Because RB ntaroces se Layer 3 traces tet associated ocala ‘rect ovtes apearinsnet a8 wel [ Vitwal Swishos Grapter 4-5 unos Senice Povicer Steing Routing Instances—Virtual Router *You must assign interfaces. toa virtual router + Place routes associated with those interfaces only in that. virtual router's routing table ‘Assign Interfaces toa Virtual Router 2 detaut, once you configure an itertace wih properts atthe (edi: interfaces interface-nans unit umber family it! lvl ofthe ‘ervey, hat ieaca's ocala der routes are placed nthe net. ovtag table ‘Tooverie that beh, yu simply Ist the nertace ho teace reuting-instances Jnstance-nase! lve ofthe Naren, the joc ang Grectrowtes now appear inthe instance-name. inet routing abe Val ‘outs’ routing abe) > wit Sane JUNIRES io: unos Seni Provider Sitching Routing Instances—Virtual Switeh * Each virtual-switch routing instance operates independently of the other virtual switches: + Routes assisted th RB rteraces are lad in inst. 0 regress he ian i ey belong mama Virtual Switch These shows the routng.nd WAC tbl elaionshps when using virtual svtehes {sen vitual sth, incuang te dtaut wich, nas inert asia for bridging ‘iso youcen cofiguentegratod routing and ig) nteroces or sac it ‘ich he bel an aie routes for al RG ntatsces nal tal sches ae ‘aoe in ine, ty defaut. Hone you can 380 lace them avitual router's ‘outing table by iting te RB Interfaces at he [aes routing instance inetance-nane] tel ha Neary Te folowing slides ove the process of enfauenga wal sith unos Senice Provide String Agenda: Virtual Switches * Routing Instances Overview > Configuring and Monitoring Virtual Switches + Interconnecting Routing Instances Configuring and Monitoring Virtual Switches The side gigs the topie we discuss na. ‘Ghonter 4-8 + Wal Swchos JUNIREr pe unas Sonica Provider Swiching Sonfigure a Routing Instance = Configure a base virtual-switch routing instance: + Define the bridge domains and VLAN IDs that the ewitch will use Virtual Switch Routing instance The oarguration onesie erates avis tual-2v-1 out stance and atows for VIAN Ids 200 ana 200 o be used forthe purpose of Layer 2 eting WAG edie {or those nw bridge domams wl ot 0 wood fr lesrng and forwarding unl you aSSgn atleast ane interact the wrt etn unas Serice Provider Suteing Configuring an Access Port "Configure an interface that acts as an access port for the virtual switch: + Specify he correct vlan=id so that this interfaces ‘associated with the correct bridge domrain Setbutcom su sntectaces e/0/5 co". == > naming utc tee tad cama ‘Virtual Switch Access Port ‘You cortgue te ntartace properties or an socess port ug the exact some process as when defining forthe deat seh fect, ou were to corm the ‘onfguation, ego /0/'5.0 ntertace would be paced te deft ute Be arf notte commit the cantguaton a5 sands,becaus you might ois @ Toop nto our sted network One o te folowing sis shows how to place the Intrtacein tho wrtual sen. Weg esormena tatu perform that step tors ‘commiting tre cantare, ‘Chapter 2.6 > vit Sees JUNIPer unos Seniee Prov dar Switching Configuring a Trunk Port = Configure an interface that acts as a trunk port for the virtual switch: + Specify the correct vLan-id=11 st so that zis interface Is associated with the correct bridge domains Sebevieon at sntctaces ow weet Configure a Trunk Port You configure the itrface properties ora trunk pet usingthe exact same roca a5 when dating or he aaa sri In tu wor to comm te aniguttion on he slide, the go-s/3/.8.0 erfoce wuld be led nthe default Sto. Bo cart not te cam the configuration a estan, eau you mint Inreduce op i your suited network. One ofthe following tee shows New aoe the interface nthe vrtual ston We hgh esonmende thet you pero that stop before comming ne configuration eo Juniper Seer eee Janos Srvc Prove Sitchin Configuring a Virtual-Switch IRB Interface Configure an IRB interface that acts as the IP gateway for a bridge domain within the virtual switch ctolespeice “ou foe aH Configure an IRB Interface You congue the inrtace properties fran I irtertace ung the exst came process as when defining or he deat ewan infaet, #ou wee to comet the {orfguation onthe slid, ter. terface wou be plod inte dato, Be {arf otto cormit the canfaraton ae sands, boonies you mgt isveduoe &| loon into our sted network. Thefoloingstce shows aw to placate interface Inthe wreua ster We recommends that you perform Pt step before contin g ‘he contiguraton Sea meee Ber uns Sendoe Provtder Switching Bind the Interfaces to the Virtual Switch * Specify the interfaces that belong to the virtual switch: + List the trunk and access ports as member interfaces of the viral switen + Ust the IRB as the routinginterface for the Seztoutay soe covttn-sneancer appropriate bridge domain“ [iseseartyereI-aTET within the virtual switch Hntaetaer-ge-17178 ‘Add the interfaces tothe Virtual Switch ‘Aer configuing te asess and wunk prt as shown on the previous slides, you ‘Simpl noes tote intarfaceat the (adit routing-snstances Anetance:nane} lev! f te terarchy. The {2b 1 triacs should be tisted as ‘pe routings Lntortace forthe appropri bige domain ye Juniper Vinal Sones » Grape &-53 ures Senjce Provider Sutehing ‘VWerlfy That Ports Belong to the Virtual Switch "Use the show bridge domain command to ‘ensure that the configuration setting accomplished your goal Te Noes Verify Setings Lookingat the output onthe ste, you can soethat the ge//40 nefac is now bound tothe vizuai~ew-1 outing interes atthe bie dorbains van 109 {nd vlan. 200. lee, ge-2/0/5.0 shoundto te sopra routing tance and beige data. ‘Chapter 4a + Vital Switches JUNIREF unas Seaee Powder Switching Yorify Routing = Ensure that the appropriate routes appear in the inet.0 routing table IRB Routes ‘The local and dec routes nat associate wth ho If iterface shouldbe nthe propery Chapter a8 JUNIPER mons SE Jura Service Powe Stoning Agenda: Virtual Switches = Routing Instances Overview = Configuring and Monitoring Virtual Switches interconnecting Routing Instances Interconnecting Routing Instances The sie his the tpi we sss net. ‘Chapter @-26 + wauat Swiches JUMIPEF wo unos See ProtiderSyitcing Interconnection Methods = Supported methods: + Internal, logical tunnel interface {Layer 3 ony] ‘+ Two extemal, physically looped interfaces (1. cable) ‘Supported Methods of interconnecting Routing Instances ‘As mentioned previously, tothe ouside no virtual routers and virtual switches ‘sppest as inaivaual routers ad switches. Aso sont you might want > Inreannact the vital outers and vt otehosthat are oral to single chassis, Foy vtua rota you can aesomainh thi tk sig ater aoa nal nara ‘ory loplng wo lerfaes together witha sng abo. For vitual switches, is process wars on using the exeral cable metfod The reason wy spanning se tots donot tuneton propery betwoon virtua ewienos s because al vita Stones use te same MAC addres os partf tel once D Inthe Ss protocol os (POLS). Untortunatly, you anne change arta sts MA adress, JUNIPer pone eweet unas Sensc® Prove Sithing Enabling Tunnel Support "You must enable tunneling on the PFE of MX Series routers, ESSE" MMMARSETES nase saceh sate Tunnel Services ‘Ante you nee toute tye tunneling, you must enable unre sevens onthe NK ‘Sees outer. Fo expe, you must enable tne! saris ar 9 gener outing ‘encapsulation (GRE) tunnel an IP ovr P (PAP) Lanne, Pyscel terface Module (Fi enesosulaton or deapsuiton of repster massages, an or urcae, ing loge! tunel interfaces, Each Dense Pore Concertvta (DPC) ona sah has ether 40Gb Eieret pores (10 ports per PFE) or 4 20-Ggab thereto (2 pot pe PFE, Each PTE onan MX Sees DPC can provide unraing services bu yeu must {enable These shows howto enabla tunnel serves on heat rE (gervng '6:1/0/0 through g6-4/0/9) on the 40 .GigatitEiernet 2° in ot ruber 1. One You enable his eae, yu wl notice that you have soverl unre! ype ntefacea, that become avaiable fr your use. Nee that he tune! eaces Use te loge Pic port numberof 10 (rermaly PC prt numbers stop at) When enabling tne ‘anim nna BFF af por 9 BigantEternet OF the Era nr fr that FE is removed om service an ino longa visti nthe eammardinn inerace, a, JUNIPer unos Serve Provider Switching Layer 3 Logical Tunnel interface Configuration *= Configure and assign the logical tunnel interfaces to the appropriate Sap ae inmati ivayoaa virtual routers att Configure and Assign Logical Tunnel Intertaces You congue te fogs tune! intercessor tohow you woul ory other Layer terface You configure each gies tunel ye 3 interface a a toga ui. Tomap one loge unto ance, use te peer-uat seman de ea - tunnel ntaraces oe paced inthe default tl rete Ta places loge tunnel Inaracain aru outer ape he loge! tunel interface athe Cade routing instence instance-nama) lee! ofthe Neary Juniper VitialSwiches > Chapter 9 unos Senice Provide Sitching Layer 2 Physical Loop * Configure and assign the physical interfaces to the appropriate virtual switch Sine ee san Configure and Assign Physical interfaces ‘The sid shows howto conigure and assign Layor 2 Intro t vital wtohes. re unos Service Provider Switching Vorify Switch Settings *Use the show bridge domain command to verify settings... Verity Settings {Looking the outpton hase you can se that he ge-1/1/4.0 interface snow ‘ound to tne virtual -aw-1 ovtg instance anc tne bidge daring van 100 And ian. 200, wreas go-1/ 0/40 belongs tothe deat etch JUNIPer Vian Swiaies » Capi FE unos Sanice Provider Sitting Summary ‘In this chapter, we: + Described the use of a routinginstance + Described the function ofa virtual router + Described the function of a virtual switch + Implemented a virtual switch + Interconnected local routinginstances ‘This Chapter Discussed: "chapter @-22 © Vinal Swans ‘ne use ofa outing Ista: The funtion of vetue outer: ‘Tne funtion a tun ewer nplementation ofa vital nite ne Irtorconneeon ofa outriginstances. JUNIPEr pe unos Serie Provicer Switching Review Questions 1. How can you make your MX Series router appear as multiple routers to other devices? How can you make it appear as multiple switches? 2. After configuring an interface under [edit interfaces], which step do you perform next to ensure that the interface appears as part of the v1 virtual switch? 3. After configuring an IRB interface as part of the vs virtual switch, in which routing table will you find its, associated routes? jUnpep ST unos Service Provider Sting Lab 2: Virtual Switches = Configure virtual-switch routing instances. = Configure bridge domains for the virtual switches, * Create a virtual-switched network by configuring. virtual-switch routing instances, IEDR nil nt Lab 2: Virtual Switches The sie provides the obec fortis, ‘cnanar 4-24 + Val Sots Juniper pe JUNIPE neve i Junos Service Provider Switching Chapter 5: Provider Bridging unos Senice Provide Switching Shapter Objectives ‘After successfully completing this chapter, you will be able to: + Describe the different IEEE VLAN stacking models + Describe the components of provider bridging + Configure and monitor provider bridging + Describe the components of provider backbone bridging + Configure and monitor provider backbone bridging ‘This Chapter Discusses: ‘Ghaple'S-2 > Provider Brdsing Insite of Becca and Bectronies Engineers (EEE) tl LAN VLAN} sacking modes; ‘The components of provider bang Configuration of prove dene ‘Te componans ofa provider backbone ries network PBBN) ane ‘Contiguraton of prover backoone ridelng. JUNIPEr wo unos Serve ProH\Gor Switching Agenda: Provider Bridging Expanding the Bridged Network = Provider Bridging * Configuring and Monitoring Provider Bridging = Provider Backbone Bridging * Configuring and Monitoring Provider Backbone Bridging [es Expanding the Bridged Network ‘The ld atthe topes we ever ths chap e lscuss te hight tops first Juniper Peeves Baagng » Chanter 6-2 Janos Service rover Shing Customer Bridged Network = IEEE 802.10 VLANs allow the customer's local bridged networks to scale: + VLAN tags allow for up 4004 separate broadcast domains, = Service provider scaling issues (for Ethemet virtual connections): + Service provider network needs to be aware of customer's bridging {spanning tree) and VLAN administration + Problem of overlapping VLAN IDs between service provider ‘customers + Service provider bridges leam and store customer MAC eacldresses ‘Scaling Customer Bridged Networks IESE 802.19 VLAN tgung males it possible for a customers brigad naterkto ‘szalenstoed of neesing to add more brig equipment toa growing etwas, VLAN ‘Babin allows for te ogi! soparation ofa raged netnor no many boast ‘domains (or WANS. tha 12. ang VAN ID, 4094 VL are vate for use ‘ona sige ays ethemot neta Ethernet from Service Providers ‘Because os simple nature, serves prover customers ately understan _EermatFora longtime, cores prdershave seared to nay te dlr Chernot iu Greuts (E¥0s tothe customer premises. To acustan, an EC Between vo sites shoud pear asa impo Ethernet nk or VLAN tah the sevice proves ewor ett 802.20 VLAN tagging doesnt prvi the scaly in Ne serves rover network for asec rower to clver hat ype erie Continued on nes page, pe JUNIE Oo i 4up08 Saree Provider Seitching Ethernet from Service Providers (contd) From the serdoe provides pnt of ew, elon isl of om ofthe seating ieee hat mig aie ‘ecause anyone VLAN tag ed enssin an 802.19 fama, customers fd the service provider need to cotanate the uso! WAN ID space Consiserrg tht» series provider might have thocsands of custome ‘is cooration woul be an over eareme efor. ‘Topass Ethernet ames between customer ses, the serlee provider twigs must lear customer WC adessas, “To prvi redundant inks between customers and the eve provider, ruminga orn of he Spanning Tee Peacal (STP) which s generally ot ‘Saale solo, might ke necessary. he SPs of today cannot scale to “support al sevice provider and customer beages of te word na sng eannon tee domain Provider Bing > Caapter SS uns Serie Provider Swing Provider Bridged Network ‘= IEEE 802.1ad provides the standard for stacking VLAN tags: ‘Allows the service provider to provide LAN service through the service provider network + Ezohoutertag(S.VLAN tag) represents a customer(409¢ possile) + Inner tag (C-VLAN ag represents any ofa customer's 4094 VLAN +The service ptewider and the customer use uniquespannagres omains + Alls for VLAN translation between sence proider bridged eters ™ Service provider scaling issues: * Servie provider bridges learn and store customer NAC addresses _< —( eel) ——E a Feb IEEE 802.120 EEE 802.tahas standardized the matodology of tacllng VAN tags The slide ‘ows thotrame lormat hat the tancerd odio. Te tana ave a naw name ‘0 the 802.19 VIAN tg the Customer VLAN (CLAN) ag (CTAB also invades aw tag named the Serves VLAN (SAN) tg (STAG) 8 acting he STA tho "ram, uch less coorination i necessary becwean he customer andthe service rover. A the customer it, the cust’ oan continue o use 802-20 tagging Using (CALAN Ds hat are reevant ony tothatnetwerk (tthe sevice povcers networ ‘3802 @teggos ames ore at the edge of the service poets bred network, ‘he provider ig ras (PEB) eds an STAG 0 tne ame The STAG, sig anal 'SMLAN ID, can cary ry or all ofthe 4094 CALAN tat ee posi in use bythe "customer. Inte simplest caso, a sarc provider can aod single SVLAN ID to ‘presen each of sindvdia customer, whic alows tne serves provide to ‘tently spot nt 4084 cstomers IEEE 002-404 sien lowe fon he ‘ranslbing ots WAN Ds at he ecgo of a sarice powdered network, wich hepsi the coorinaton of VLAN ID usage between service prone, CContnved on net page. Frovderaidane JUNIPer unos Service Provider Switching Scaling issues _Mtnough IEEE 802.106 habs to sve the issue ote ited VLAN 10 Space that we dacussed in relation to IEEE 80219 taggng, it doesnot ove the MAC learning probien, Thats fo femes tbe forwarded atveen bridge inthe service proves ‘network, te bridges each must eam and soe MAC atest laznet fom the cstomer networks. service powder can help lloiate tis roam by Hfng the umber of eamed MN adresses or cholate estar more" the EVE serves fina excead the MAC adores wo JUIPEr Provider Bing » Chapter 7 unos Service Peoider Stclng Provider Backbone Bridged Network = IEEE 802.1ah solves the service provider scaling issues: + Specifies a frame format with two new tag types + Alowsfor neany 16.8 millon EVCS (customers) + Senvice provider backvone bridges co not earn and storecustomers [MACadaressesercept atthe edge ofthe BBN (ELAN only) + Outer WACaddresses ext ont within the PBBN + IEEESO2 tad STAG VLAN IDs ranstat into the TAG Backbone Service Instance D as frames entsr the PBEN IEEE 802.1ah: Provider Backbone Bridging ‘The IEEE 802.2ah standard atts to sole all the EVO soxing sues. Customers ‘an contoue to uve IEEE 802.10 VAN aang ther naval sites sing LAN IDs that ae relevant oly to ther bred network, The eres rower can corti > tse IEE 802 1ad VLAN aggngto provide EVE soviet ts customers (ypicaly at the edge ofthe network) IEEE 802. allows the provider bud out scalable “backbone” network of rdges-thecevter network onthe dide-to prove ‘connec between ts customer o Is nd IEE 802d idee networ, ‘Tha slid shows tho 802.1ah Eten tame format. Notoothat anew set of source ‘ad destinaon MAC adresses a TAG and an HAG noansulat the orignal Citomorrame. The comsination cf the AG and he LAC aows an vil provider to support upto 168 rllon cstamers Ab, because forwarding ofthe ‘ame across te service provider ocurs using the new sous and dstnaton MAC aaaresces tho WAU aacrosos ar local o ue rage ns backbone exwar), te backbone ges ned not eam the customers Mac addressee eal for etnemet Line (@ Lin) EV0s. For hornet LAN (LAN) EVES, only brs at tho ogo of no baokbone lnm customer MAC addresses, We dees Une and ELAN EVES Io more lz iatrin tis chapter Grane + Provaer order Juniper pe’ Janos Senoe Proviser Switching Agenda: Provider Bridging + Expanding the Bridged Network Provider Bridging ™ Configuring and Monitoring Provider Bridging * Provider Backbone Bridging * Configuring and Monitoring Provider 8ackbone Bridging Provider Bridging “The side hig ne topic we cscuss net. unos Service Provider Steins What Is Provider Bridging? = Defined by the IEEE 802.4ad standard: + Allows for service providers to offer the equivalent of separate Ethernet LANs to their customers *+ Easy forthe customarto understang(ethemet) + Easy forthe serie provider to provision (1 VLAN equals customer) + Requires the use of 2 stacked VLAN tags + CMLAN-typicaly contotedty the customer + SVLAN-contrlledby the service provider fe = a ime] om cs "a" | & Provider Bridging Proviso bigngs defined under IEEE 802:Lad twas devopes to alow a servico rover to provide a mere scalable EVC serve tots cusoners A yp prover ‘gd meter (PBN) proves for CLAN tnggngand forvarng atthe eg of tho ‘network sn the ports that face the customer Fora pits tat face the creo he PN, the saver brges forward based ony onthe SVAN ag oaeo meee CIO unos Serve Proce Stohing ‘JAG Formats «Tag formats: svat ag "Tatler Aa dott 86A8 “py tt 802 tp “Dre Ege neat: dott “tinge VAN £2 soutaiag ee Taglar 1 tet 8100 “prety 3 8023p + Carer Fomet ctr 4 dtat 0 * uo VLA eter 12s EEE 802-1ad TAG Formats The side shows he SAG and CTAG formats defi urder EEE 602-104, Note that {he CTAG remains erica tothe IEEE 802.10 VUM tag Te STAG similar buta few fos me ben edeine. For examine, becave the canonical ormat ndiato (Cfo in tho CRG israrly ues or eo oan rng networks. Rhos boon ‘redefined inthe 1X6 to representa rama"s esto be soppes. The Dron Engi rear (OM ve or lato erie, whien we do Nt dscuse nhs ours. Ao, EEE 802.180 as reserved a Tag Potcn Menier (PID) of OxBBAS Tor {he 5186, nowever the unos operating stem deu Behair 19 se the TPO ‘salto Oxa00. juniper ever idee unos Sewice Provide Sitehing Provider Bridging Terms "Each device performs a specific task in a PBN PEN Terms The folowing terms are ued in @ PBN network: ‘aoter SAAB > Provider Bridang PN network of provider bigest provide for ransoarent EVE ‘servoe tthe sence provider's stoners Provider Gri: Abie in the sevice prover’ net that performs | IEEE 802.1d VLAN tagging and forwarding. These rages eam and ‘Sore the MAC acareses of he sonics proves customers, Provider Ee ro (PE): Accepts ana forwards IEEE 802.20 rames to and tram eatoners. PES also encapsulate the reed customer ‘Tames using the IEEE 802. 1ad formato forwad custome mes S:7LAW rie: nanodge provider bls the orvessrames based contyon tne SVAN tag Prov Network Port &porton a provcor ba tat ova rms sed on tne SLAW tage Customer Edge Por: Aprt on 8 PED that const ta ouster ‘esuipmant hat races ad vanes CVLAN ag rates. Customer Network Port A porton a PES thet eseves an transis ‘SLAN tage ames. JUNIBer wo unos Sonioe Pro ider Sucking YLAN Tag Operations = Provider bridges make several different types of adjustments to the VLAN stack: + These options can be configured explicitly manually intensive) or using shortcut (implicit) methods that require minimal configuration + push: Adda outer tag + pop: Remove the outer tag + sup Snap the outer tag witha new one + poppop: Removethe outerand immer tags + push-push Add two tags + staap~swap: Swap the inner and outer tags with new ones + pop-swap: Pop te outer tag and sia the nner tag, + swep-push: Swap the ner tag and add an our tag + ronrite vlan and tag-pratecol-1d EE VLAN Tag Operations ‘The side shows. of te posible operations that prvi biige can perf on (Ctaggeatvames ond Stage rames hata pot eosves and Wanersts unos Senice Provider Sitshing Frame Processing Example (4 of 5) * Service provider provides an EVC to the customer: * Customer uses 802,1@-tagged frames (C-VLAN 100) to connectto the remote site while the service provider network is transparent + SVLAN tagging of toa customer frames duringtranemission across {theservce provider network provides taneparency ‘Service Provider Provides EVC Service to the Customer Inthe exams, the service provide divers an Etemet cet peach of the customer premises, fo prove connoctybetneen Customer Badge 1 and Customer ‘Bridge 2, the customer mus rable a IEE 202.10 VAN ing VIAN © 100 onthe ‘senvoe provider facing pots, The ervice provdorhasalooeaa an SVAN tog 9 200 ‘0 ranspareiy forwar the customer's ames across the FAN. Tis aoston erormec by conguring a begs domain on eacn prover brige specie forthe ‘customer speciyng an SALAN ID of 200, and by onfigungal possible inbound and ‘outbound interfaces to spor the approprato VIAN aggro he customers ike domain Far example, on Brigo 8 th sare provide woul ned to corte 1 Bridge Comin that aczepts Ctaggs frames onthe custanerfacng interface and ‘Stagg Tames (VLA I0 200} on the core facing inertanes pe sures Senvce Provider Swing Frame Processing Example (2 of 3) ‘Frames with a single C-VLAN tag with VLAN ID 100 arrive at Bridge A: “Bridge A performs a MAC lookup to determine the outgoing logical interface ra PEB Processing of Incoming Frames ines CLAW tagged frames anv at Brg (a PES), rgeAperforms a MAC table Toop based on te customers anda domain. I eid Aas previously leaened the Pras Bidene JUNIPeF sures Senco Provider Switching Line Frame Processing Example (4 of 3) = Frames with a B-TAG and an -TAG arrive at BEB2: ‘The incoming interface is associated with the BEB2's B-component +The B-component processes the frame and forwards it to the component “+The Lcomponent processes the frame and ferwards It to customer ‘BEB? Processes IEEE 802.1ah Frames ‘The sido shoneal of the processing tat ocoxs anne BEE2 when passing wate ‘rom the 38 tomate PONE, unos Sonise Provider Switching @Line Frame Processing Example (3 of 5) ‘= Frames with an S-VLAN tag 200 arrive at the remote PBN: + Remember, only the kcomponent of BEB and BEEZ needed to know the MAC addresses of the PBN netvork! Frames Arrive atthe Destination ‘The ie shows the fame format ofthe Ethane frame as aves at PEN appears exact os tad wher PENT vansmited raster Peoaer Bea JUnIper unos Sere Provider Shing Agenda; Provider Bridging + Expanding the Bridged Network = Provider Bridging ® Configuring and Monitoring Provider Bridging + Provider Backbone Bridging Configuring and Monitoring Provider Backbone Bridging TAPES ase ee Configuring and Monitoring Provider Backbone Bridging “he Side ants he topio we dus nox. 2 JOniper ae aE uno Senice Provider Switching Sonfiguring an E-Line EVG (4 of 3) * Configure interfaces for BEB (similar on BEB2): Configure BEB Interfaces In this example, BEB eeu four conti interaces Coos, you must onigue te wo phys interac, but yu also must configure the vital Interfaces (1 and CBP] hat rode the connectybetwoen the Feomponant virtua ‘ch ane the Beomponent vital etch ‘You configure al four iterfoons as unkntrtaces For both the PP and C8 ‘traces you must pecs bidg-domaln type Fore PP irerface ts aes ‘ype svn and or the CBPinerfce lsaluays ype bran For both fe PIS and CBP interfaces, you must spec thot of IDs tnt te mefooe support. For PI, the onl oon i aL -service-groupe (as defined in he Loomponent virtua, ‘wth an fr tn GBP te ony option Is a2 peesaa pemesmee er e unos Serie Provider Stcing Sonfiguring an Z-Line EV¢ (2 of 3) = Configure the component and B-component virtual switches for BEB1: + BEB2 configurations similar Component and & Component Configuration ‘As wth any tual sith, you mus spec the intrfaces that belong on is ase, the wo interfaces are p00 and go-4/1/43. You must also congue the bridge domain forte terface that noes PBN, To aw forthe nO interac to forward wate eral tothe component's cop00 Inetac, you must spe) wich virtual etch will act ase toompanent’s aor nstace. ans case, ne peer instance wilbe tha b-conponent virtual sich Under the wexvice-groupe leet ote herareny, you rst also speci the ypeotEVC that willbe used (E-Lne In this cae] and oul te mapping able of te SIO the rbound netace For ELAN ‘servos your mapping table would map #SID to an €VLAN 1, Fer the Beamponent, you must again spec the interfaces that belong tthe wit ‘ch. Forte ridge domain, you spe tat BALIN Ibs wl bo used You must then ‘map te inbound FIO tagged tres (rom bp0.0}t te appropriate BVLAN JUNIP r TrovderBrighg + Chapter 5 O i unos Seice Provide Switching Configuring an E-Line EVE (3 of 3) = Configure interfaces and a B-component virtual switch for the BCB: ‘BOB Configuration ‘Because the 868 forwards afc based onthe outr MAC sodrestes and the BVLAN 1g, the caniguration forte BCBIs vor Smpe. The sida sows the conigvation ot ? unos Series Provider Switching Yerlfy Bridge Domain Settings ® Verify that the correct interfaces associate with the B-component and the -component “> 5 oe Bridge Domain Settings ‘Tho slide shonstho ouputof tie anew Bridge domain command. For the -comoanent vital sich, you shows expect ta see a logical PP nterace foreach remote EB tat the ocal swt ears ane JONIPEF stare ct unas Service Provider Sutehing Summary ‘In this chapter, we: + Described the IEEE VLAN stacking models + Described the components of provider bridging + Configured and monitored provider bridging + Described the components of provider backbone bridging + Configured and monitored provider backbone bridging, ‘This Chapter Discussed: + EEE VLAN stacking model +The components of provider dng: + Configuration of provider ning: +The components of = PBBNE and + oniguration of provider sachtone beng. “own 58 «Renee wD unos Senie Provider Sutching Review Questions 4. What are some of the scaling issues that can occur ifa service provider were to use IEEE 802.19 VLANs to provide LAN service to its customers? . List three VLAN tag operations that a switch can perform on a frame. Which component of a BEB translates S-VLAN tags to FSIDs? Review Questions, 1 er Foes Bigng + Grier 25 unas Serie Provider Switching Lab 3: Provider Bridging = Configure @ PBN. Lab 3: Provider Bridging ‘The sie provides the obecive fo thi ib ‘hapterS-BO > Provider orcand JUNIPer JUNIREr Junos Service Provider Switching Chapter 6: Spanning-Tree Protocols Juno Sanco Proves Suthing Chapter Objectives + After successfully completing this chapter, you will be able to: + Explain the purpose of spanning tree protocols + Describe the basic operation of STP, RSTP, MSTP, and VSTP + Configure and monitor STP, RSTP. MSTP, and VSTF + Explain the purpose of BPDU, loop, and ract protection ‘This Chapter Discusses: *+ The purpose of panning ee protec + Thebast operation ofthe Spansing Tee Protea (SPY, the Rend Spanning tee Prooco (FST), tee Multpe Spanning re Protea (STP, and the vital LAN (VLAN Spanning ee Potool STP, + Contguaion ane mantoingo ST, RSTP, MS, and VSTP: an + nlementaton bridge pretoea data unt (8°00, oop, ane rot rotation, " hapter 6-2 > Seanning res Protocols JU s 3 i. unos Serve Provider Sting Agenda: Spanning Tree Protocols > Overview of STP = Overview of RSTP = Overview of MSTP = Overview of VSTP = Configuring and Monitoring Spanning Tree Protocols = Understanding BPDU, Loop, and Root Protection Overview of STP The sides tho tonics wo over inthis chaptar. We cuss the highlghted! onic first Juniper “Spann Preto » Chapter 3 4 a unas Senice Provider Satehing sir "STP: + Defined in the IEEE 802 40-1998 specification + Bullds loop-free paths in redundant Layer 2 networks + Automatically rebuilds the tree when the topology changes, + Configuresthe port state of every prt on every participating STP STP is datned nthe astute of Betiza ana Electronics Engrs (EE) 802.40 11995 spectleaton STP a simp Layer 2 prooel tat pent loans and ‘atculats tna best path throug sited network that coral eaundant paths. STP is ncoasary ony when redundant pats exit win a ayer 2 nat SP automatically abulds the bee when 9 toplogy change coer. he unos Servise Provider Svitcing Terns and Concepts (2 of 2) Key terms and concepts of STP: + Bridge 1D: Unique identifier for each switch + Root bride: Switch withthe lowest bridge 1D + Root port: The port on each bridge closest tothe root bridge + Root path cost: A bridge's calculated cost to get from itself to the root bridge + Equalto the recived root path costtrom configuration BPDUS plas the pot eastot the rot por on the bridge + Portcost Every interface on a bridge has an assigned port costvalue + Usedin the calculation of the roc path cost forthe focal bridge + Conigurablevalue(1~200000000) + The default value 20000 for 1 Gigabit ethernet STP Terms and Concepts: Part ‘Alewitchesparipatingin ST hav a unique sige 1D. The xoge Disa Combination of te eytom MAC address and. congurabe priory value, The lonest ‘edge IO terns he rot Erie. ‘ones the rect bide ls determined, each nooo switch determines the least cost stn tom ise ote et bie. The port assocatad with soleastDUs, neighboring sires Desome feria ith eachother {and lear the information eecessary to select a root re. Each bridge croates ts ‘um configuration FOU nases upon the BPOUs et i recolesfom neighboring rosters. NowST bridges simply cod BPDUS as trey would any rutiest Ethernet ramos. Root Bridge Election SIP elt the oot bge dvice based on the ID, which actualy consis af wo tina elements aconigurete print value and» unlgue device benir, wich IS the aston HAC adres. Eaen orig vows the ploy values st ans determunes Ime atonage. te priory value ane ganic le er tan me sant vue sh tater devices, tat coe raceves the vot braga action. the pray valves ae ‘qua! feral devon, STP erauats the briege addres (MAC, and each ridge ‘acts the device wih th lonest WAC addres as We root bse. JUNIper Tae Oe» Bose Juroe Senso Provider Sth Building a Spanning Tree (2 of 3) "The least-cost path calculation to the root bridge determines the port role; the port role determines the port state: pee Oats “Por onthe rootbrdge assume the | airnewmmane designated port ole and forwarding state €2-reewmsmoowsme + Root ports on switches are placed in the forwarding state +The ret brege mil have no toot ports + Designated ports on designated bridges are placedin the forwardingstate +All other ports are placed in the blocking state Port Role and State Determination ‘nce ot bg lection cess a nontat devices gerfore a leastcost pth Eatelation tothe oct bedge, The resus ofthese clelatovsdetrmine tele of {he sich ports The oe of be nidual swith ports detemines tho porta, Allie ports belonging tothe et bide easume the destnated port ole ane forwarding state. ach nonreotewtch determines rot port whi ste prt osest to he oot beige, based on ts ast-coat path ealeulation tothe oo rigs. Each Intrface hs an associated cost tats based on the coigarad speed. Anintrface ‘parting at 10 Mbps asumes.a cost f 000,000, an nteface operating at 300 Mbps assumes a cos of 200,000 an intro operating st 1 Gos assures 3 ‘ant of 20,000 nd a interface operating at 10 Ghos assures a costo 2000, 3 Sitch has two aquateost path tothe root bag, the sok pot with he ewer port ID's selected as ne root por Tha et pot or each ronroot snes laced inthe ‘onvarang site ‘SP selects a designated bridge on bach LAN segment. This election process aso based on the eactcest pat aration from each el tthe foot brge One he esinates bridge selactlonocur,ts por, which connects the LAN sage = chosen a the designated por. f the designated bridge has ule ports contacted to te LAN segment tne port win the lowest Dpartlepstingon that LAN sgrent = selec 3 the cosgratea port A desgnatad prt assure te frwordngstea. A ors not elected as a oat or ora a diated por sos te blocang sate Wile nocd state the prs do nt send any BPOUs. However, heya fr ‘BPOUe SNARES Sematpaees IPF ve JUunIpe unas Serves Provicler Switching Building a Spanning Tree (3 of 3) @eBe * The tree is fully converged ‘All traffic from Host to Host B flows through the root bridge {switch AL) Full Tree Comvergence ‘once each tidge detormines the lean stat ori steh ors, the tro considered ful converged, The convergence dey can take upto 50 seconds when ‘be deau ornarding dey (15 seconds) and max age tine (20 seconds) valves ae Infect. The ermal to eacuat the convgonee clay or STP 2x the forvarding ‘ly the maxsmum ag. nthe exe shown onthe sie, vate passing botween Host Aad Host 8 ans the rot bie Sich A), Samnreiee Proocak » Chapter 6-15 as unas Senice Prove Stching Reconvergence Example (4 of 2) "Steps: + Bridge 6 falls + Bridge E's port leaves the forwarding state + Bridge E sends a TON + Tho TN alnays travels out tha oot port: IReontinues every 2 seconds unt the rect port from B recaives the TEN ACK inte form of a configuration BPOU ‘Bridge B send a TON ACK + Bridge B sends a TON out of the root port + Bridge A sends a TON ACK Reconvergence Example: Part 1 The slid snows ie st sovera stops at exer suring eure and ecorrence ‘Chapter 6-26 + Spanning’Tree Protocol OO JUNIPer unos Senice Provider Sutehing Reconvergence Example (2 of 2) + Steps (contd) 7. The ract bridge sets the topoloay change flagand sends an Updated configuration BPDU Bridges B and C relay the tapatogy change flag todownetream switches All nonroot bridges change the MAC address forwarding table aging timer to equal the forwarding delay ime (default: 15 seconds) Reconvergence Example: Part 2 The sige shows the reminder ofthe step lnolec ina fale and resonvergance cana, Onoe the nonraot ridges change tha MIC adress forwarding tae aging timerto the snotesed interval ang wal tat perder ume (15 scones by defeu), thay hen delete sents rom the NAC table hat wer net refeshed within tat {ime frame. A delete ens must then be aamed once agai trough the normal fearnng process. JOMIPEE SSCs Poe Fara unos Santee rover Swtching Agenda: Spanning Tree Protocols = Overview of STP > Overview of RSTP * Overview of MSTP = Overview of VSTP * Configuring and Monitoring Spanning Tree Protocols "Understanding BPDU, Loop, and Root Protection Overview of RSTP ‘The side tgs the tope we cuss net. JUNIPer pe unos Sec Provider Svitching Rapid STP t defined in IEEE 802.4 and later incorporated into IEEE 202.1D-2004 * Convergence improvements: + Point-t-point link designation + lon fr api recovery rom fares because new oot pr of ‘Gesignated port can transition to forwarcing without wating er the protocol timers to expire + Edge port designation + A pot that connectsto a LAN with no other bridges attached + Iie always nthe forwaraingstato + Direct and indirect link failure and recovery STP Defined STP was orginally tied the IEEE 802.2 crt and was ater nearporatednto ‘te IEE 802.10-2004 specineaten. RST invoauces number af improvements 10 [SP while performing tte same basic uncon. RSTP Convergence Improvements STP proves better reconvergnce te than the ga SP. RST dentifes cortaln links a pointzo-poin. Wen aponttopeint rk ‘a, te atorate nk ean Vanston tothe formarsing state withaut waltngfor ay prteal ters tax. RSTP provides fast network convergence when atpsiogyenanga cccurs and ngrety decreases the Sato transition tne compared to ST. To alin tho proved comergenoe, RSTP uses Sdutonalfesturoc and tnetonaiy, euch dg sort dailone ane ropa decat. {and indoclink fale dotacon and recovery. Ve sarine these features in more otal iter itis haps. Juniper Spanien > Cragin 6-18 unas Sanice Provider Sithing RSTP Port Roles = RSTP introduces new port roles’ + Aternate port + Prouidesan aternate path tothe oot bridge (essentialy a backup forthe rock pert of sen) + Blocks raf while recelvng superior BPDUsfrom a neighdoringswitch + Backup port, + Provides redundantpath to 3 ‘segment (on designatedutenes ont) + Blocks rai whe a more preferred port functions as the designatedport ™ RSTP continues to use the root and designated port roles STP Introduces New Port Roles STP inrodues the atenate and bac por roles. An atenateportisa sith port ‘atnas an atermate-genoralyhghorsoat~path othe oo oi. Ine event hat {he oo port fal the atomate port assumos the le of toot port ands plage ‘he forearang state. Aterato pots replaced inthe ocatang state et rovave supatorBPDUS tom neighboring switches. ltemate port re found on shes ‘arttpatng i ashared LAN sogmant fawn they are no functonngas the esigrated brags. hen a designated trdge has mutipe pots connected to shared LAN segment it secs ons of tase ports a ha cesignated ort. The deiated pot typcaly the or with te lower por 1. RSTP eonaiders all otter sorts othe designate sath {tat connect that same shared LAN segment as back arts the avert tat ‘he designated port's unable a storm see one ofthe tckun prt assumes the ‘exghate porte upon sucess negotaton and lcad ne orwaring sate Backup ports ar placedin the dcaring tate While in hedlacarngstate, backup ors cove superior BPOUE rom to deserted port. Continued Use of Root and Designated Ports STP continues to use the rot and designates pot oes Ony pots selected forthe ‘oot port or designated port ole partcioate Inte active tpsiogy. We described the Durpose ofthe ret port ana designated sorts proowsy nla chapter. Sanaa JUMIPEF sinos Sonics Proviter Switching RSTP Port States = RSTP (802.1D-2004) uses fewer states than STP (802.1D-1998) but has the same functionality RSTP Port States 9 STP uses fewer got tates than STP The tree posible pot stats found in RSTP ‘re cscadig, esning, sa forwarding. Any adrsvatvey Gsbled ort excluded trom ta acto toptogy tvougn configuration, or amie exuded rom foowardingand erring a poceain tne decrdingetate, Pots that are atively learnng but nt curren forwarig ron te learing tae, wheres ports tnt are {oth earning a frwaring rama smutanoous aren the forwarding state AS tha lida indentes, ony those ports seacted sot prs and desanste ports use ‘a forwaring state unos Service Povider Steins RSTBPDUs = RST BPDUs: + Actas keepalives + ROTP-designated ports enc Coriguration BPDUs everyhello time {@stauttor2 seconds) + Provide faster fallure detection + Ifa neighboring bridge receives no BPDU within 3 teste helo Interval (3x2 = 6 seconds), connectivity ta the nelghberisfauty STP BPDUs ‘As previously mentioned STP uses BPOUS o eect rat bce, Kent rx ports for eh ston, ently designated ports fo ech phys LAN segment. prune spose edundantin to ceae a leoptre Uae topology an pot ar oekronedge ‘apology changes, ASTPconigration BPOUs sao function = kespates. Al RST? ‘dg send conguration SPOUs every 2 scons by taut You canst tha wale, necossry. .2y monitoring nsgnboring switches trough the use of POLE, RSTP can detect fates of network camponents much more quick than STF can Wa neighboring bg ecsvesno BPDU within thee ties the halite it essunes Sonnac is fouty and updates the ree. By dete R detects tasures thin 6 ecands whan sing STP, wheres t might taka upto 60 seconde when using ST? ‘On MKSeres coves, Ethernet intracescperatingin lasix mode are ‘oradered peintto-pint inks, When a ature dose a av por operating as & oto pom ink an bocome anew rot pat or designator ans vansiton the sate without watngfor homer wo expr. Swit ports operating a hadulex mode are considers De shared (ortAN) Inks and must wal ft he ‘mer to expr before vanstoning ta the frwarra sat JUNIPEF wo unas Senvco Provider Switching RSTBPDU Format JUNIP O 2 * Small differences from STP BPDUs: | protooiverstono102 (28802 10-2004) + BeOU Type—0102 RST BPOU) Frags + Topoiogy Change cknowedment lag ens) + AgreementFag(Bit7) + Forwarding ag (Bt 8) + LeamingFiag(eit 5) + Port Role (Bits 2 and 4) + Proposal Fiag( Blt 2) + Topology Change Fag (8 4) + Version 4 Length-0x0002 Configuration BPDU Differences ‘RSTPis backward compat with STP. fa device congue for RSTP receives STP [BPOUS, rovers to STP. na puraRSTP erronmert a singe type ofthe BPOU exits named Rapid Spanning Toe BPDU RST BPDU), RST BPOUs uve sila format tothe ‘ST conguration POU. STP devarscatxt he ype of BPOU by ooking atthe protocol version and BPDU typed. Tha BPOUs cna several new las, as showy nthe sl. The folowing is a brie doscipton oto Nags: + TONAeknowosgrent This flags usec when scknawiedgng STP TONS; ‘Aeoront and Propesat These iags aroused to help quickly transition ‘Sen desgnated pot otha orwardirg stat: + Fonarsing ard Learning: Tose lgs ao used to adie te state of ‘the soning oor: + Port Role: Tis ag species the rol othe seringpart: 0 = Unknown, {L= Atarete or Backup, 2 = Root, and 3” Designated and + Topology Change: RSTP use cotigution SPOUS wih ths bt seta not athe swtches hate topology has change. ST BPOU contin a Version 1 Lanth fd thats aveys St 0:0000. This ld ‘we for fre extensions to RSTP. ‘Gpanniioe Promene » Chapter 23 ures Senvice Poder Sutehing RSTP Bridge ID * Bridge priority is configured with a combination of priority and extended system ID + Evaluate as a single priority feld in the election algorithms ‘+ MSTP only considers priority as a 4-bt field fret on] Sa aoe = Coneatenatioi nr ‘Bridge Priority Configuration ver tne, 16 bts was determined obo to big ta representa be’ prioty for becoming the root or designated bg, With te avert of MSP cotered aerials ‘Sapte, the oder 16 poy fld was roon rt two separate elds 2 4 prion es anda {2 Eance Sytem 10 foe RST alas forte convigration of oth values. STP automaticaly poate tho extended tam I fell with uN. STP Bridge Priorty Evaluation though srt snd extended aystem 0 ae conigued septate, RSTP evaluates ‘id's sort fr te rot and esinated bye section rorses by onostanting the wo fds ngeter roa singovaue That costrum abe a 480 He fumngine clacton process (Chapter 6-28» Spann Juniper sures Senice Provider Soitching Transitioning to the Forwarding State * Original STP (802,1D-1998): + Takes 30 seconds before the ports start forwarding traffic after port enablement + 2xForvaraing delay istering + earning) = RSTP (802.1D-2004): + Uses a proposal-and.agreementhandshake on pointto- point links instead of timers 5 + Exceptions ae alternate ports tat immediately ranstion to root ‘nd edge ports that immediately tration tothe forwarding stats + Nonedge-designatedpors transition tothe forwarding stats once ‘eyrecetve exit agreement ‘STP Forwarding State Transition ‘itn te orignal STP, a¢ dined in 802.10-1998, apo can ake mare than 30 seconds before forwards user tai Asa portis enabled, mst renstion trough Ihe istringan leering tates befor yaduatng be ornaaing Site. STP oH two times the forwarding delay (15 socondety dof, fortis ranaten to occur pw STP Forwarding State Transition . STP offers considerable improvemerts when vansioringo the forwarding state STP converges faster because uses «proposal end agreement handshake Imachanism on pot point ins intead ofthe tine ed proces ved Oy STP On iSeries cevces, network pots operating a fuldinee mode are considered . poittepolnt inka, whereas network pots operating n ale dupex mode are onsideved shared (AN nie, oot ports and edge ports transient tha ferwarhgstat neil without ‘exchanging messagos wth other swltehes. Eg prs ae pore tat have iret ‘cannecdonso ond stations. Because these cannactors cannot reste loans the re piocod in the formarang sto wenout any daly e ante port does rt receive 'B°0Us fm the comeing device, Reutematicaly ssumes te lee an e0go port. ‘nena switch receives cntguraton messages one switch port thats coniguod > ‘be an edge por. immediately changes te port toa nema spanningtoe aor. (onedge por Nooedgedesunated ports transition othe fewerang tate only ater receipt of an ‘expicit agreement rom the atached sen. Juniper Janos Srvc Provide Sitting ‘Topology Change Reconvergence Topology changes occur only when nonedge ports transition to the forwarding state: + Porttransitions to the discarding state no longer tigger the STP TCN/TCN Acknowledgment sequence ‘The initiator floods RSTP TCNs (RST BPOU with TCh flag set) ut of all designated ports as well as out ofthe roo: port ‘Because ofthe recelved RSTP TCN, switches flush the majority of MAC addresses in the MAC address forvarding table + Swohes donot flush MAC aderessesteamed tom edge ports + Switches do not flush MAC addresses learned on the por ecelving theToN ‘Topology Changes \Wnen using TP state wanstons on any partipating switch port use a topology change te ccc STP redues the nue of toalogy charges ane mores overall stabil within the network ty generating TONS ont when ned ors wanston 10 ‘he fowerding state. Nonedge gots ere typaly dened as ports at itowonnect ‘switetes, Bago ors are yall defined 3 prs tht connect a soho and STP also provides improved network tatty because it doss nat ganerte a TN hen 8 por tanstions to te dacarding stat. With ASP, TEN arenot generated hen a or is aint disable, exuded from te act topo OLE Configiation, ornament ensuded om forwarding and #aring, na TE a neonaary a gana initing ied lenin ‘ors aswel sth oot port. Unike atonal TP, eighboing swiches that ee not Inthe path of tensor tote oct bdge donot need to wafer this formation fom the oot bridg. As the changes propagate Oyoughout he noterk the swthas ‘sh the major ofthe MAC acdresses located inher NAC addres forwarding tadls. The inaiduasutenes donot howe Fuh MAC acerecse eames em thal localy conigued age pos. Jungs Serves Provider Switching indirect Link Failure = When an indirect link failure occurs: + Switch A's rootport failsit assumes itis the new root, + Switch B receives inferior BPOUs from Switch Ait moves the alternate portto the designated port role + Switch A receives superior BPDUS, knows itis not the root, ‘and designates the port connecting to Switch Bas the root port Indirect Link Follure $ STP peor rap reve for aves, The ide iltrates plea scenario Spanning Tree Prstacol » Chepter-27 JUNIPEF unos Sevio# Provider Shing Direct Link Failure "When a direct link failure occurs: + The alternate port transitions to the forwarding state and assumes the new root portrole following the failure of the old root port + Switch B signals upstream switches to flush their MAC tables by sending RSTP TCNs out of the new root port + Upstream sntches ony sh MAC entries that they leainecon te port that didnet receive tha RSTP TON (excentedgs ports) => srmcoee @ one ‘ener Direct Link Failure The slide lustre 3 ypicalsconato in whieh a coc ink fur ous, © unos Serce Provider Sting RSTP Interoperability with STP +» STP and RSTP interoperability considerations: + Ifa switch supports only the 802.40-1998 STP protocol. it discards any RSTP BPDUS it receives + fan RSTP.capable switch receives 80210-1998 BPDUs, reverts to 802,1D-1998 STP mode on the receiving Interface only + UsesSTP BPDUS Interoperabitty Considerations, ‘tees conawed fr STP and RSTP wit neropente with one snodner Honeve ou should keep ew baste coraderaonsin mina fa swic supports ony STP and Ietconnecte wth «ath running RSTP wit card the RST GPUs, The eT cepabe suite, pon recaivng STP APOUS, rete STP med, thir alin interoperabity between the two dees, Juniper Spannigiee Petocos » Ghapter 6-29 unos Senice Powder Switching Agenda: Spanning Tree Protocols = Overview of STP = Overview of RSTP. Overview of MSTP * Overview of VSTP + Configuring and Monitoring Spanning Tree Protocols * Understanding BPDU, Loop, and Root Protection Overviow of MSTP The de hig th opie we cscuss net. Sinan aa Juniper 3 unas Serve Proveer Switching Multiple STP * Originally defined in IEEE 802,45; later merged into IEEE 802,19-2003 = Provides extensions to RSTP: + Aseparate topology tree for each MSTI + Resource friendly-maps VLANs to one or more instances: provides for load balancing over avaliable links MSTP Defined MSP was orgy defined in the IEEE 802.1 da ne later incorporated nto the 'EEE 80210-2003 speciation. MSTP Enhancements over RSTP _Athoush RSTP provides faster conergonce than STi doesnot make good use ‘fallavaiable paths wining redundant ajer 2 nano With RTP al ratte Wom a ‘YUU olows the same path as daterinad y the panning woe haere, redundant oats ren wld MSTPorecares station thous tho use of ‘rule spanning te instanoas (MST) Each NST cess separate toporoay ee 8nd you can adrinstvatvoly rap it to one or more LMNs lowing users to ‘aimatatvey trap ats to hai ocsotes beter ood shang nts redundant nas wathin 9 Layer aig erommer JOMIPGG Smisek Giese se unos Senice Provider Sutin Multiple Spanning Tree Region An MST region is a group of switches with the same region name, revision level, and VLAN-to-instance mapping + Max of 64 MSTIs perregion + One regional root bridge per Instance * Backward compatible with STP and RSTP through a MST Region IMSTP slows switches to belogeaty goupod no manageate cuss, en a ‘mutle spanning vee (WSN regors. An MST rag ba grap of stones tat snare the same region nome, rvs level ang VLAN orrstance napping parameters sch MST region supports upto 64 MSTIs, MTP great edits the number of [BPDUs ona LAN fy inci te spanning toe ifomaton oral Sein singe [PDL MSTP encodes reloninfaratin afar ne tandard RST? BPOU along with inavval MST messages. The MST configuration massages convey spanning ree Inrmaton foreach instance. STP sie’ rexora oot rig for each MST. The egoal co brid is lected based on the configured bide ror and escuats he speningtoe whine ealgated instance. [MSTP Compatibility with STP and RSTP ‘Because MSTP encodes regan nfomstion aftr he stand RST® APDU, a svtch runeirg RSP interprets MSP GPDUs 9 ASTP PDUs. Te eho faites ll ‘ompatbity between devices cunning MSTP and dvios runing ST or STP. STP swith ousoe of an NST region view te MST repon asa sige RSP eth. The cammon spanning woe (CST, wren ineronnect ll Mt reponse wel es STP ices net bound 18 parca region, facitatas enon paths within an STP SRE = Semezeeposens IEE, eo Jun s 4 unos Serie ProrAder Sitching Common and internal Spanning Tree = The CST interconnects MST regions: + One root bridge will be elected forthe CST + Each MST region appears as a virtual bridge “internal spanning tae extends CT into regions Internalspanning Tes Internaispanning 162. OD ‘Common and Internal Spanning Tree /ALMSTP environments conan a ST, which useatoneroonsetnsividua MST regions an indent STP coves Al ricgasinte CST let sug roc rig, “he rot brie responsi fr tho path calclato forthe CT. A ihatrated on the "eerie outside othe MST rep reat each MST region a virtual Brg regaraess of te actual number cf daviossparcipcngn each MST veo ‘he common and ites spanning tre (IST isa eng opoogy net connects al stahes (RTP ond MSTP devices) tough an acive oplog. Te CST includes 8 ‘Single spanning vee as eaeusted by RSTP together with tha loge eantnuaton ot connect svough ST egors. MSTP cals Ine CST andthe OT ensues ‘onneatty tween LANe ne dels within a brieged newark, SpanningTiee Poecak » Chapter 6-33 unos Sanice Provider Sitting MST BPDU Format (4 of 3) ‘= Ethernet frame: + Source Address—The outgoing port ofthe originating switch * Destination Adéress—The bridge group address {01:30:62:00:00:00) Length + LLC Header + DSAP and SSAP = 0x82 brige STP) MST BPOU Format: Part 4 ‘The side shows that MSTP uses the same Ethernet frame a STP ae RSTP. However, ‘ne BPDUinformation nthe data eae tere The net ew ses csciae the MST POU iferston onthe optonal MEST cnfguaon mesg. “Ghai Spennaiee ames JUNIPer suns SeniceProvicer Switching MSTBPDU Format (2 of 3) c = The MST BPDU fields and format listed on this slide are what allow MSTP to be compatible with RSTP and STP BPDUs + Switches that are external to an MST region use only this information in their spanning-tree calculation + Thisinformation fs usedto bulls the CST + Essential. RSTP is useto interconnect [MT regons or RETP-oniybidges aes | eel Liaentisit 1} oreon ne nonsize MST BPDU Format: Part 2 “Ta tat 3 lds inthe NEST APU contain sil ifomaion © what you would in Inan ASTP POU. Infact an RSTPspeakng switch ewaltes tes elds in the sme ‘manna ost woud any eter RST POU. Tote ove wore (er NSTI regons or "Standalone PtP saslors thee fel sre opreanation of hevirtun bdo tha isan naivaual MSTP region, Tis formation s Used to bull the CS, ‘roacas » Ohapler 6-38 JUNIPE! as i Junoa Sarvs Prove Switching MST BPDU Format (3 of 3) The MST BPDU fields listed on this =a slide, combined with others, allow each | MST region to build an internal spanning tree: + The CST between regions, combined with the intemal spanning trees but within regions result ina singe C:STbetween all bridges + By default, al trafic on all VLANs within 2 region wil follow the internal spenning tee + MST! contguration atows for trate to follow a caferert.patn than the intemal sfancing tree (MST BPDU Format: Part 3 {Each MSTP region bulls 8 spanning wae fo the regen, refecreta a a neal ‘Seancing tee, based upon the BPDU fais on is Sie wel na some ofthe els ‘onthe previous sd (ST PotD, ciST Regional Root Der sofort). Fr atch to Datipate ina regln's internal spaming tree and uss the formation nts portion the BPOU, t must be configured withthe same contgiraton ID heetre, 8 sntohes inthe same region most be configure wh these configuration, THs _soroach to congraion ensues that wen MTP etches ouside of orl STP eon receve MSTP BPDUs, those etchas wil eal nly thaCSTeted inratton(orevious sia). One the intel apaning ve cult by deft a ‘vation al VLAN wl ow (Chapter 6-36 + Spanninaires Pretooas JUAIREE ie unas Seevee ro dar Stching MSTI Configuration Messages ous « MSTI configuration messages allow for more spanning trees to be built within a region: + Each switch participating in the MST wil {0 through the process of electing root bridge, root ports. designated ports, and soforth for the MSTI +The oval configuration ona swith Configuring and Monitoring Spanning Tree Protocols * Understanding BPDU, Loop, and Root Protection Configuring and Monitoring Spanning Tree Protocols, . Te se highlights tha ope wo discuss nat. Jonas Santos Provier Swing Configuring STP ‘configuring STP ‘The ade shows some STP coniguration options along with base STP configuration, [MX Series derces use aversion of STP based on IEE 802402008 witha forced protocol version of OruningRSTPn STP mode, Because oftisimpomentation, yOu ‘an define FST coniguraton gaan, such as ei 20- tse under te feaie protocols stp] configuration hierarchy. To sped ruming 2STPin STP mode, you simply need'o spect) Eorse-version stp. JUNIPer i. JUnNIPer nes Senco ro er Switching Configuring RSTP [ Gefsinpertpoatyvane jucod westerns be grata eatuced | olntnto-pouity fe “Te samp RST configuration orovide onthe sd shows the types configuration ‘retire slong wi various sotngs ‘loco » Gregor 65 unos Sence Prove Svithing Monitoring STP and RSTP (4 of 2) epstte cowiations. Sitortace ‘Bow a sneartae poreneters ca St falespt satay es Dota intormeion sureties show spaaingtee Disge ana tye HEE] on (foo fom = ee a) Ser teey gam =a HEE iS ae Elia tangs | avo seaman “Monitoring Spanning Tree Operation: Part ‘Tis side and tenet ustate some common operational mode commands used to rontor tie eparation o STP and RSP. chante 6-46 panning re Protaeas JUNIPEF unos Snive Prov ar Switching Monitoving STP and RSTP (2 of 2) “Monitoring Spanning Tree Operation: Part 2 ‘The sideshows ypesloutaut forthe show apanning-tree interface and show spaming-tree statistics interface commends. to Jres Service Povo Stehing Configuring MSTP ‘configuring MSTP The sample NST? configuration proved on these show the yl eoniguration structure along wih varus settngs. Saeed SaeaTeeiaee | ve Juniper Spanning Protea > Ghopter 6 unos Service Prov der Switching Monitoring MSTP (4 of 3) sien ee Sconeertotenete Oe: “Monitoring MSTP Operation: Part 4 ‘This de and tre nex wo sla usta Some conan operational mode ‘commands used 9 morte MSTP. Thi slide nghghs the show apaaning-eree inatp coneiguretion conmans, yi you eanuse o ery NSTP configuration aremotr ncn eon revison, and assigned MS parameters. unos Service Provide Sting Monitoring MSTP (2 of 3) UcHeuitco soy spamiegtene tart [iar er] ated tons ynming esse Sotartae pacomnace or ‘Sranning tev intetace paraneece for tertacy poet 1D oarlgated stg revi’ Gels ‘Monitoring MSTP Operation: Part 2 ‘The side hghgnts the vse ofthe ehow apaaning-tree sntartace cornand, hich you use to very the MST interface stats and ole sslrment slang wth Grareio Genernenmaes OIE unos Serie Protcer Suitching Monitoring MSTP (3 of 3) in gee tee TE. ] Monitoring MSTP Operation: Part 3 ‘ne slide higligts he show spsnning-tree Eeidge command, which you uss ‘galolay SP orga parameter for he CIST ng isl MST: Joniper SpanningTiee Protscak » Graptor 6-51 unos Service Provider Switching Configuring VSTP {etasee e-t/0/t3 Configuring VST ‘Te sample VSTP configuration provided onthe sie showstne yes configuration truce along with various stings. JUNIPer ‘~~ unos Senioe rover Swtehing Monitoring VSTP (4 of 2) tnectece oct 1 oegmatee—tnsignatet, © toct_state uaa "ite smnanneeca 0 sponming ene itertacesacamters tor ETTI] rntactace fort 10 Dansgnatas —Segnatas wor rence tees satiaontanano Monitoring VSTP: Part 1. The sidenightghts nese ofthe show spanning-trae interface command, hich you use very the VST irtvaoe status ard ae assignment along with, Jaros Service Prove Sth Monitoring VSTP (2 of 2) —— ‘Simic tig ve Monitoring VSTP: Part 2 ‘Thesis hits the show spanning-tree brfage:omnehd, whi sou use to display STP brdgeparastor forthe nual VANS ‘Caneésa + ‘Spanning Tree Protocols JUNI 5 unas Serco Provider Stching Agenda: Spanning Tree Protecois # Overview of STP # Overview of RSTP 8 Overview of MSTP = Overview of VSTP. * Configuring and Monitoring Spanning Tree Protocols > Understanding BPDU, Loop, and Root Protection UE Understanding BPDU, Loop, and Root Protection ‘he side gt the tpi we cscuss net, ?. Juniper SpanaigTiee Roca + Groner 65S unos Servic Provider Shing Purpose for BPDU Protection * Problem: + Bridge applications running on PCs or “personal” switches can generate BPDUs +STP, RSTP, or MSTP running on a switch could detect those ‘BPDUs and trigger spanning tree miscalculations leading to network outages: Solution: + Enable BPDU protection on Layer 2 interfaces connected to User devices or on interfaces on which no BPDUs are expected + lta protected interface receives a BPDU. the bridge disables the interface and stops forwarding frames by transitioning to ablocking state Purpose for BPDU Protection—Problem ‘4s mentioned previous in tis chaptes the pubes for ST, AST, and MST? fs to brevent Layer 2lops in the networ. The exchange of BFOLs acsees 2 oop ve Layer 2 neta user bidgeappteaton running ona PCa sors personal” ‘such for connecting mule and davicas can also generat OPOUs, hess BPOUS 17 ple up by STP RTP. of WSTPapplations running onthe ste, they can ‘rigger spanning ree miscalations wie tum could cre loop, ning network outages, Purpose for BPDU Protection-Solution You can enabe BPOU preston on etch ntrfaoes on which no POL are expected. a protected terface recov SPOUs, the atch lables the interface Sand tos forwarding tames by Waneioning a Diskng te You can configure BFDU protection on a svitch wth 9 soning ee a8 wall as. on 3 sch thats natrusing STP. (hanter 6-56 + Spanningrea Protocole JUNIPEr ~;. ures Service Provider Sutcing Sonfiguring BPDU Protection (4 of 2) sath STP ok iinay Son -PTE row Disuowtontayer ‘Configuring BPDU Protection: Part 1 ‘Consider patworkin which wo sites, Sitch Asnd Such Bae tthe Distrbuton Layer Aue aten, Sith Cat the sass Layer. Sin C connects > {PC anda users unauthorzed ante by meena he aczeas port, g-8/3/6 ane 15:1/2/7,eopostiey. You nave congue Suite XSite ana Satoh Coo StP-You shoud congue BPDU protection on Site Caocess pots. The slice Inustrates he requed coniguation Wen OPOU protect terses recov [BPDUS, the ntertacos vantlon toa boing tate and stopfowaringframes Juniper Spaniegioe Rolocoe + Grater BT unas Senice Provide Sting Configuring BPDU Protection (2 of 2) Sten STP iy 222-8 ‘Configuring BPDU Protection: Part 2 Now considera nstworcin which two svitcas, Switch Aan Switch Bara atthe Distieution Lye. Athi atch Sch Cs atthe Access Layer Suton C connects to FC anda user's unauthorized eich by moans of te aczes prtgo-1/2/6 and 11/3/7- respect. Sieh Cin not contigurad to gateiate STP. However, you ‘Should protect ts acess ports-go-1/2/6 and go-1/3/7. The ai teats the roauied configuration. When SPOU pretecied trtacesrcsive PDUs the Interfaces arson oa Boeing sate and sap forwarding ames Spanning se Frets JUNIPeF wo unas Senvee Provider Switching Yerlfying BPDU Protection Functionality *To verify BPDU protection functionality: ‘Usethe show spanning-tree interface command before and after enabling the BPDU protecticn feature on an STP-running switch +Usethe show 12-1earning interface command on ‘anon-STP switch + Watoh for state changes, role changes, or both in the ‘output + ewDstate transitions to ALK + DESGrole transitions to DTS (oop Inconsistent) + unblocked transttonsto blocked ‘To unblock the interface: +Usetheclear error bpdu interface operational mode ‘command ‘Verifying of BPDU Protection Functionality ‘To confirm thatthe configuration i wring rope on he STP-running site, use Ie show spanning-tree interface opsrtisal mode cand. To coim ‘nat he configuration f werkirg propery onthe swica thats pat running SP, you “should obeerve the interigees sing the show 12-Learning interface perationa mage comma “Those commands prvi the nvoatin onthe sie nc oe changes on the protected intisces. For example the Ps sen BPDUs athe protected Interfaces Fozaive thm, ta avtaoestrensvonto the D5 re. The 9PDU neorstnt sate ‘changes the irteraoe state to blocking (2), preventing ror orwarcing teati. “Toumnblock he intorfaces you must use the clear axzor bpd interface ‘operational mode command GpannreTree Ptacols » Chapt 6-6 JUN as i unos Service Prove Sitting ‘The Purpose of Loop Protection = The problem: + Switch hardware and configuration errors could cause an STP loop + Anondesignated port might stop receiving superior BPOUS from the designated bridge, causing an interface ta go into the forwarding state (causing a loop) = The solution: + Enable loop protection on all root and alternate ports + Once enabled, selected ports do not interpret the lack of BPDUs as a false positive for making the interface a designated port + Ports tat detect tne loss 8PDUs transition to the “oap Inconsistent state" essentially the same a8 ockIng) +The interface recovers and transitions back to the blocking state when itrecelves a BPDU ‘The Purpose of Loop Protection~Problem tough the purpose of ST, RSTP ane MTP sa provide Laer 2 nop prevention, ‘ch hardware or oftware ert could recut in an eroneavs nrc sate tres rom the biockng state to he forwaring sto. Suah behavior oul load ta Liye? laps and consequent network outages. ‘The Purpose of Loop Protection—Solution ‘hapter6-6o nen oop protection i enabled, the spanning tee topology dec rct ports and teat ports, and ersues that bath are veeshing PDUs. fa loepprotecton-enabied intface sop rceving POLS o ts deslgated pat, reacts woul react ta problem with te ayseal connection onthe neta, eas net arson the narface to erring ate Insan.Krensons he Intaracoo aopnconsstnt sate. The ners recover and then anaes bockto the spanningizee Bockng sate wnen receives @3POU, ‘We recommend tat tou enable loop protection, you shou erable ton at woh Intertaces thet havea chance of becoming rotor designated pots. Loop poten fs ‘most efteive whenitisensbled onal swthes win a Awol ‘You can configure an insrfae for ete oop protction ot protection, but not or etn we unos Serioe Prove Sutehing Configuring Loop Protection * Stop hardware problems from causing loaps in the spanning-tree topology Configuring Loop Protection, ‘ow conser a networkin which one switch, Switch is te Distribution Layer, and ‘wo sues, Sten Band Switch Car tte cess Layer. Bergin an aerate Slate, interface ge1/0/0 of Suton C tacking ave between Sach an ‘Suite thertore the raf forwar hough Sch Atom Such C. 2°OUs are ‘vavosn rom tho root goon Suton Ato both it intrtees. Sch, curing oral operation, ecaes SPOUs rom Suton Bt examen te ede, assume {ate hardvare poor ets on Ste Os ge /0/1stertace sch that both ‘Site Band Sth C Believe te itraes up, bt Sten C cannot cecoive BFOUS from Snitch Bt top protection, Ste C might piace -1/0/0 inerac8 into the forwarding sate, causing a lop. These fustrates th recured onrguration, and shows howto congue loop protetion on interface go-1/0/0to event rm ransioning rom a becking state ta fowardng state and causing [Gopin he opeming ive tpslos You can congue anitertaefrethar loop pretation or et patecton But not JUNI FO} f ‘Ssamnirg ree Protaoe unas Senice Provider Swashing Verifying Loop Protection Functionality **To verify loop protection functionality: +Use the show spanning-tree interface command before and after enabling the loop protection feature + Watch for state changes, role changes, or both in the Interface output + BLKstate remains BLK + ALTTrole transitions to Or (leop inconsistent) +The interface recovers and transitions back tots original state when it receives BPDUS Verification of Loop Protection Functionality ‘Toconfem thet the coniwation s working propery onthe STP-unnin ste, use Oe show spanning-tree interface operation! move command oto onfigrng oo protector This conmand proud information ore nterace's Spanning Yee att, whi should be bceeng (223 ‘once BPOUs ston anvngat te preeced inte, the loos protection i tered ‘on thatintrface You ean use the show spanning-tree interface commend ‘0 obsore the state ofthe itevace Ths command canny tha loa icansiont stator the protected setae, wich prevents the rtertace fra transition the forwarding state. The intarface rovers and arson aoa sag! ste when Ierecoves B°DU. SR Samereepeeae BG Ve ures Service Provicer Sutcing ‘The Purpose of Root Protection * The problem * Bridge applications running on PCs can generate BPOUS and interfere with root port election + Erroneous root port election on a switch "The solution: + Enable root protection on the switch interfaces that should ‘not receive superior BPOUs from the root bridge and should not be elected as the root port +The interfaces become designated ports + Once a superior BPDU arrives on a port with root protection ‘enabled, the port transitions to an inconsistency state. blocking the interface ‘The interface recovers and transitions back to the forwardingstate when it stops receiving superior BPDUS ‘The Purpose of Root Protection—Problem htnough the purpose of STP, RSTR, ani WTP sto yowde Layer 21 provention, 2 ‘oot partalectec trough ine spenningte slgoritm nes the ossblty of having ‘eon wrong elcid. ncaation, user brge apalcaton rinangon PCs ean generat BPDUS, interfering wih vot prt lecuon ‘The Purpose of Root Protection-Soluton Erabl ret protecton on Itricas that shoul notrecalv superior 8POUS and should nate elcta as ra rot port. thes interfaces bacome designated por. tho ridge roles supa BPOUs on a pot that as fot protection enabied that poreanettone oan inonastaay stat, blocking tb into. Ti blocking Dravants aba that should ot be the oot brgstom Being te, afar the rio toe rceving superior BPOUs on the interface wth oat roteton, the interface eturs toa istonngstate olowed bya laming state, ad uttmatoly retuns ta forareng stat. Recovery back oe rvarcing tate le automatc \nen oat protections erased on an intetace, ts enable fo athe STP instances ‘on that irtaracs. The interface blciod ofr lnstances fo wich receives Siperr BPDUS. tense, parteipates inthe spanning tee poten ‘You can congue an interface fret ioop preteen o et pretecton, but nat for bth JUMIPEG SCout ss Juras Sanice Provider Suthing Configuring Root Protection ecess Layer Configuring Root Protection Now consider stworkin when te etches, Sith A, Suto B an Switch. ave atthe Distribution Lae, and one st, Sitch 0, fat the Anas Laer Imartaoe ge4/0/0 of Stn C's congured wi rot pretation. Switch D sands supatorBPDUs, ney gg rot protection on interac ae1/0/0, backing Te ‘de bstrates te raqured configuration. ‘ou con oorgureanintartace for etre oop protection oro rotation, but nat ath GREER SeemnetegneestsUNIPEP . Juno: Seniee row der Swtcing Verifying Root Protection Functionality "To verify root protection functionality: +Usethe show spanning-tree interface command before and after you enable the root protection feature: + Receipt of superior BPDUs on the watched interface triggers. rootprotection + np state changesto BLK ‘+ D2SG role tansttonsto DIS (lop inconsistent) +The interface recovers and transitions back tits original state when itno longer receives superior BPDUS Verification of Root Protection Functionality “Toco tat the conigurtions working prope on the STP-unnng site, use the show spenning-tree interface cperatinal made commana po: to configuring bop prezacton. Ts ommend provdesinfrmation fr he eraos's Spaningtos ata ‘once you congue oo pretation onan interface sn tat interface starts retin superior BP0Us, root protein fs iggred You on uzo the ahew Spanning-tree interface command ip obsove te sate ofthe imsacted interac. This command deplys the eopincorsismnt sat forthe protactad insroes, whe pret the interne frm becoming 2 candi forthe root port ‘nen te rot bg ne longo oclvs serorBPDUs fom the interface, the interface reooers and warattone dock toa frwardng eats, Rocvoryi automat junper unos Service Pender Sting summary In this chapter, we: + Explained the purpose of STPs + Described tne basic operation of STP, RSTP, MSTP. and VSTP. + Configured and monitored STP, RSTP, MSTP, and VSTP + Exolained the purpose of BPDU, loop, ang root protection ‘This Chapter Discussed: + The purpose of SPs; + Theda ooeration of ST, RST. MSTA and STP; ‘onfiguravon and mantaring of ST, RSTP, MS, ond STP: ane “+ Imementston of BDU, oop and ect protection, Guess“ Sewgimeneese BEE {unos Seni Poe der Switching Review Questions 1, Whatis the purpose of STP? 2. Describe the operation of the STP port states. 3. Describe how to build a spanning tree. 4. How are STP, RSTP, MSTP, and VSTP different? z Juniper Soannigee Protocols * chapter 6&7 Jaros Seni Provider Swng Lab 4: MSTP ‘Perform configuration and verification steps typically associated with MSTP. Lab 4: MSP The side provides the abectve otis at, “See Samet JUNI Junos Service Provider Switching IP i Chapter 7: Ethernet OAM Jaros Sanice Proviar Sth, Chapter Objectives After successfully completing this chapter, you will be able to: + Explain typical Operation, Administration, and Maintenance features “Describe the basic operation of link fault management + Describe the basic operation of connectivity fault management. + Configure and monitor Ethernet OAM ‘This Chapter Discusses: Tranter 2 > Ethene ON ‘Ypleal Operation, Adnistation and Maintenance (QAM) estes, ‘The basic operation of nk taut management (FM; ‘Tho base operation of connectivity felt management (FM) end Conrguation end montorngat Eeret OAK. JONES unos Service Powter Svitching Agenda: Ethernet 0AM OAM Overview = LEM CFM = Configuring and Monitoring Ethernet OAM ‘OAM Overview ‘The sd at the topes we ever hs chaptr We cuss tha highlight tople wo JUNIESr unos Service Provider Shing What is OAM? "OAM is a set of functions that allows network operators to monitor the health of the network: ‘+ Determines the location of faulty links of faulty conditions + Measures performancs of the network + Allows for diagnosis testing {loopback and so forth} = Measurements that can be taken: Availabilty + Frame delay + Frame delay variation +Frameloss: ‘OAM Monitors the Health of a Network Foryear, SONETané Asenronous Tale Made ATM) dees have been ble to efor the functions of GA, Gn ecenty have standaraabeen inroduced to beng these same ype of testes to Ethernet he purpose of Ob sto hap network ‘perators Starmine the locaton ofa concn, measu te perfomance Of the ertwor nd allow fr dagros test On lay to Eherat suceecs bacon ‘arer cassis supper or ORM features. (OAM Measurements ‘cove supporting OAM shout determine the following mesuroments: + Ati. Te ato of upme ovr tot tine he measure takes + Frame delay: The tine quedo vansmit fama tom one davon to + Frame del variation: The vtationin frame day messurements beter consecutive tet ames; and + Frame tess:The narbero frames los or tims JUNBer 1? unos Seniee Provider Svitching Ethernet OAM Standards IEEE, MEF, and ITU have developed complimentary standards to allow for Ethernet OAM: + IEEE802.3-2008, clause 57 (was 802.3ah) + LEM-detecting faults ona single ink in an Ethernat network + Knownas Ethernet the Frst Mile OAM sIEEE802 tagand TUT ¥.1731, + OFM-detectngFauls along an entire path ofan Ethernet network + MEF LT + Provides the requtementsthat OAM mechanismsmustsatisty + Provides framenorkto discuss and implement those mechanisms Ethernet OAM Standards, “Tho Insti of Electca and Becborics Engineers (EES), Met Chem Forum (EF, and rtrationalTelecsmmunieaon union “secormunieaton ‘Stand zaton (TUT rgorzations have devioed comotemartaty stands to ‘lo for Edwrnet OAM, IEE 80222008, cause ST, defines a mained of OAM ‘mono ink perfomance detect aus hd pefoen loopback testing aera indo ‘ink: tis usualy used onthe customer’ access nko the rower. The standart ‘eter to as Ezerat the Fst Mile CAM EFM GAM, Toe TEE 802, Species the requirement te cotez faut along enendto- sna pa ‘eter ving CPM, CFM provide ofl monitoring, path acer, foul isolation, 4nd frame delay measurement (TUT ¥4734), The MEF 17 teceialspecestion Setines te aquremets tht rust be satsted By toh an equipment vendor ana orice povider inthe aes of faut management, perfomance montring, Juniper erect owe Grantor 7-5 ¥ i unos sence Provider Switching OAM Basics (4 of 4) ‘= The primary purpose of OAM is to detect network defects: + Defect-some network function is not working as expected + Failure—defects over some time that can cause a network function to stop + Alarm—an indication that somethinghas failed = Continuity check messages: + Unidirectional messages + Santa regula Itervals by ane endpoint + ithe remote end does not receliethe message within a vertain| Interval a faut is detectec potently eausingan alarm ‘OAM Basios In gone OAM has the man purpose of etetngnetvark eects A detects 2 ‘network uncon thatis not werkngas axpected Ia fect antes ut over ‘ne, a derice considers he recurng defect a alu. The dees signa the flare san alarm. An abc sa natieation that alerts a naman snd poorly other ‘devices that something has gone wrng in tenet Continuity Check Messeqes ‘commen feature of OAM is the usage of cont eheck (0) messages. These messages ae unidirectional (no ackrowteens), and thay are sent between \devces hese messages noty anole device hatte acl Gavi tl reachable ‘along tne pat of te CC message. for some reacon fall cca that move ‘he GC messages rom beng dlvored, te remote dowce mit consider at network ‘ath cowe ana generate an aim, JUN| U aS § i te JUAIPer Sanaa Ga unos Seriee rover Stoing OAM Basics (2 of a) * Indications: + Alarm indication signal and Forward Defect Indicator + NoUty downstreamnetuork nodes when allure oF defect occurs + Backward Defect indicator + Notifies upstream network nodes whena fallureoceursin the reverse rection Indications Another featur of OAM protocols isthe use of ndexors to sgl falres in he network. Te agra on the sd shows several daoes that ae marconnecte by Some network media SONET fr errno) The dagam aso shows thatthe network ‘modi hos a wanarst path and aYooive oath, The wample shows tata fiure ha ‘courted on Noda a's transmitpath and Node C's cove path on he nk between Node and Nose C. AM capanities alow tho does the data pat to nate ‘that flue as occured Node sas an lar Iceston ira (AIS) and Forward Detect ndizstor (PDs to tor downstream devices (Node Oya aalure Nas ‘occured along the upsticam path Once Node Drea the AIS and FDI mescages, Temi sand a Backward Defect ndcato (8D) slots vansmt path to infer ods inthe reverse acto of thefalute (Nace Aan Node 8) tat aproblem ext ‘Sownstveam om those dels. unos Sis Prove Stehing ‘OAM Basics (3 of 4) * Loopback messages: + Help narrow the scope of the issue if problem exists on a network with multiple nodes + Allow for detection of a defect between nodes + Comprise two different types: + Nonintzsiveooaback messagos—donot cause deruptonto service ike the ping facity) + Intusive loopback messages—signala remote node ta fo nto a special test mode normal ransitrafie cannot flow) ees ee Loopback Messages Looptack messages are feature of OAM hat lp an sémisratr to find aus in ‘te network Two pss of loopback messages ets and tot types ae nated by an ‘niistratr of a device, Nominrusive loopback messages ie png oP) allow ‘niisvator to drect a device to send a loopback message downstvear to another device wih the expacation at the cave il respond witha lope responce ‘messege. the response ls not ecaved, tha eanistator night need to peorm further testing. Another typeof eosback message's an nave ye, Tis pe of Imessege sto inated by ine amiisvator of «cove, sara dortream ‘eves to pace loop ots interface. Usual, shen thereto dove’snrfoce Ina oop, canna ass noma) tafe. instead of receing any ate ving ne ‘eaehe pat ofthe rem devs looped ntarace, the onote davies oop the tai round and sands tua eut it ara ath. By Sling oop ono femata ‘o he tating devia, then the amintatr can sina Gta path hon tls "sto potenti Sad data pate cD hare Juniper \ wo ues Series Procter Switching OAM Basies (4 of 4) * Linktrace messages’ + Bidirectional continuity check + Similar to traceroute for + Identities nodes along the path of the messages Lnktrace Messages: LUnarace meseagas at a feature of OAM tat sina to he noninusive loopback messages tot we discussed provousy. The dference is ht each device along the patho the lntrace message wil lent Rel by eninge respanseo the nator fhe inktroce mesenger gathering responses om al ofthe devies along ‘he path ofthe messadh, the acmnstatr knows he cory of of along he data path ‘themst OM » Chapter 7-9 JUNIP' OQ unes Service Provider Sulching Agenda: Ethernet OAM "OAM Overview LM CFM * Configuring and Monitoring Ethernet OAM LM “The slide hig te topio we decus net i? unos Seis ProtcerSyitching LPR Capabilities = LFMis limited to a single Ethernet link: + Remote failure Indication + Remoteloopback + Link monitoring + vent notncation + Devoe poling + OAM capability discovery +No als LEM Capabiities Lens detined in EEE 9023, Cue 6. Repoiness method of ORM to be used ona ingot Usual, LFW sed on user to network terface (UM) snk between @ ‘customer and ine service provider. On he singe Etat nk F Mean provi or ‘emeto flue ination, remot oopbace(intusie), ink moneorn, event ‘eaeaton, and LF esnabily discovery Bezauce PM i usod on sgl nk, 00 ‘NS capabes are aval. Juniper Seon omecal ures Senice Provider Suter, LFM Clients = LFM clients communicate at the Ethernet layer: + No IP addressing is necessary + Clients exchange OAM protocol data units + OAMPDUSate sent with a source acres ofthe outgoing pot anc a destination address of 01-80-c2-00-00-02(they ate never flooded). _— = LFM clients can be either active or passive: + Passive clients cannot initiate the discovery process or loopback control messages ‘Atleast one client must be in active mode (both canbe} LEM clients Aste ust hove LM ent capabitis to suppor LM. LIM cons exchange OAM protocol data units (OAMPOUs) that are adresen to 03:806200.00.02—a alent MiG adress. These messages are sent ony across ase ink and never food, TO cFM = Configuring and Monitoring Ethernet OAM orm The side hignigts te tpi we eacuss net. : JUNIPEL Bhemet Ona unos Servic Provide Sitting ‘FM Features * Features: + Fault monitoring using continuity check + Neighbor discoveryand heath check protocol + Path discovery and fault verification using linktrace + Sinilarto 1 traceroute + Fault isolation using a loopback protocol + Similar to IP ping + Frame delay measurement + Detinedin v.1734 using vancor specineTLve (OFM Features Tracie te the ctures that an MX Srios 30 UnheralEage Roster suppers, (ther features dtinadin 1731 ae ot yet sported ave a A Ghamter 7-8 + Eerot Oa JUMIPEr unas Service Provicer Switching Maintenance Domains "An end-to-end network is broken up into maintenance domains: + Each maintenance domain is assigned a level (0 to 7) «+ Asslgnmentof the love's basedon hierarchy-the outermost domain must behigher than the innermost domain Maintenance Domains. ‘CFM operates ina inyered envzonment. A ou ws one next few ies, is layerngalons enctoend ORM Tunetionlty wthoutnaing expose al of te deta ‘ofthe serie provider nator the customer Ea aera Ee CFM networks Sislgned a maintenance donoin ID ara eva Aleel an be tho range of 107 Lvl 5 tough Lave! Tare eserved fr customers Lave 3.and Level dare reserved Fer roves, aa Lave through Level 2 are resend fo oper An operator eve ‘maintenance domain represents 2 suse of te ride network. Besdes hiding the {et of te network forthe upperievel mainanancs domains, is lyerng allONs . for qicerfuldtecian i the network Seeauae afoul cetected inthe Operator + ‘maintenance domain acl eirinates the ne Woubieshoot devices nthe Operator? maintenance domain pw anes Senice Poder Switeing Maintenance Point *Amaintenance point is a port on a bridge: + Three types + Maintenanceassosiation endpoint-at the edge ofa domain + Maintenance association ntamediate point-internaltea domain + Transparent point—does not respond to CFM messages ‘+ Amaintenance point can be @ certain type in one damain ematid another type in another doma ed Maintenance Points ‘Amaintnanoe points a por or ntartoce ona swt, Tree possible yes of ‘maintenance points might be present ie mantenancsdonan A mitonance domain nest lees tno maintenance endpons (MEPs). MEDS areimertsces foundat the edge ofthe maintenance domain. AME> forms rltoehip wa se ME> or ‘several MEDS that rein the sme maintenance domain anda, andthat protect, the same Ethernet vital cicut (EVD) aso caleda malntnance astocaten).A MEP forms 3 eationship with sngia MEP when protesting an eheret ne (Line) EVE and fos reltonnips wit utp Ps wren potcinganEznemet LAN (ELAN) VC. Amongoiher things, MEPS exchange Comesasges winsach ter‘ orsure that ‘the pat between them sup and avalible, Another ype of maintonanc pint maintenance int ‘16 comity ootional. MIPS ae sed tn expose sora ‘maltenence domain ive to anupper eel For xampl, ori the gram where ‘ip uncionaity was cotigured on Oe Lovel& EPs: okra rm ho custome dg on te et sde of te agra at Level shows theehops tothe customer ge onthe righ side, Thotwo MPs tat wore configured t Level + andthe na [MEP at Level 5 respond the lktrace message MPs espn oly to CPM ‘messages that were received rom a MEP at oa higher lve than thelr own. The 'ypeat maintenanoe ports transparent pire AWansperet point isnot conti {oc GIM messages and simply torres tem a regular ta wae JunIPer ye Jno Serve rotor Switching Maintenance Point Roles * Each maintenance point has a role to perform: ‘+The goal is to maintain the integrity of each comain while stil providing each domain with enough information to Isolate fauits ‘Maintenance Point Roles ‘The sid shows tho roles that each typeof malntonance pont laysina CFM natn JUNIPEr Teno oT sures Senice Provider Stehing MEP = AMEP forms a neighbor relationship with other MEPs in the same domain with the exchange of CC messages “Two pes of MEPS: + Down MEP—A MEP (interface) that faces neighboring don + UpMEP-A MEP (interface) that faces anay rom a nelghsoringup MEP *Tobecome neighbors, two MEPs must be configured with the ‘same maintenance domain, maintenance association level andl direction ome MEP0-MEP Relationship ‘once a MEP icone, itattempts to for a neighbor reatonehp with otter MEPS ‘wat rave ae simiatycanigred. The riatoshipestabshes mea ofthe eichangeof CC messages. Eat” MEP is congured wit a MEP D(a numba), The MEP 10 must se ungue among ll MEPsin the network Ecy MEP also scanned wit crecten-strar up down, A down MEP expect od nlghbeing MEPS ‘dower, An up MEP expects oid nalgtoring MEPs vosveam, To bese neighbors, twe MEPs must be configured wn he seme maittenanes domain ‘maintenance assecaten, level end cect, Tis data cried ech GF rmesasee ‘Chater 7-22 > Gamat out JUNIPer unas Serie Pouter Switching GFM Messages The Opcode specifies the type of message: +s defined in IEEE 802.108 + Continutycheck + Loopback eply + Loopbackmessage + Linktacerepiy + Unktacemessage + ITU-TY.1731 specifies others (AIS, ROI, APS, and so on} CFM Messages ‘Tne se shows the format ofa CFM message. IEEE 802-109 dines the yes of ‘asenges, 5 shown onthe el, CC snd Enka neosaga5 a sentto a multicast {ostnaton adores. Tho same specisaon Nos reserved et of Ype, engin, and Values Tt lo forthe fate expansion ofthe CFM tec The TUT woes ‘ome oftheeo extordd TL aow for Ethernet ame day measurement, remote Gefectnseations, and more, Note atthe ast ours ofthe destination address ‘resent the level ofthe sanding MEP wel ashe ype of mass580. fy equal O- ‘an tha message sa CC message destned to teappropeste ew. fy = 8-F, ten ‘a massage ntreca moseagscecined fore O-7, respectively. CFM ‘messages are also encapsulated wih te virtual LAN VLAN] tag ofthe EVC thats beng prteced JonIper Thana nes Service Provider Sateing Continuity Check = AMEP sends CC messages at regular intervals: * The interval is configurable to 100 ms, 10 ms, 4.6, Lim, or 10m + Contains several values + Maintenance domain Level + Maintenance ascosaton!0| + MEP 10 (unique among MEPs) + CC messages are multicast + MEPs only act upon them inthe eamne level + Loss of three consecutive CC messagesis co Messages The slideshows the deta of C0 messages. The remote MEP corlders the lass of thee CC massages alu by dofauk. Ts lous threshold i configuatle Chanter 7-24 + Gthemet OAM ‘Juniper po unos Service Provider Swtching Loopback Protocol * Loopback protocol , + Loopback initiator sends a loopback request + Sentto a speoine MAC address + Loopback responder sends a loopback respense message + Alack of recelved loopback response message by the initiator allows an administrator to determine whether & problem exists in the network aa — ee omens = $< ‘Loopback Protocol “hos shows th dtais ofthe aopback protocol The loool peteo! is smisr ‘opingini Juniper art Om» Graton 3S 4 a Provider Sutin Linktrace Protocol = The administrator initiates the linktrace protocdl + The linktrace initiator sends a linktrace message + Senttoa specie MAC address + Each of the maintenance points along the path forwards the Original linktrace message to the destination MAC address and also sends a linktrace reply listing their own MAC addresses + Respondingtidges are configuredat the same level asthe ntator cr — Lnketrace Protooo! ‘The sideshows the detalls tthe ntrace rotacal. The inkraceprotacassimiaeto the wacerutefunetion ins (Chapa 7-26 > Che von JUNIPEr ve unos Serve Provider Switching Frame Delay Measurement "The administrator initiates frame delay measurements: +The initiator sends the delay measurement message + The delay measurement responder sends a delay measurementreply message + The initiator calculates the twoway delay + (Time reply ecelved)- (Time message sent) = Deby er = 5 Frame Delay Measurement Two types of dla toss ais: eneway and two-nay. An WK Seis router Uses hardvareassetedtimestorping When a9 admiisatr inate # one wy frame olay toe, a ely measuronent massages sen tte remote MEP. The delay ‘sasurerent meresge contains a mestamp, The omete MEP then calles the (aay from he tne the frame was srt tothe tire arried For the reasurement o be aecurte, both deviees musihave Het locks sjstrnize. A two-way test does. at equre the two doves to have ther cocks syerorize, Tho sideshows Me Gets oa tema ame doy test nos Serice Provider Shing Agenda: Ethernet OAM = 0AM Overview = CFM Configuring and Monitoring Ethernet OAM Configuring and Monitoring Ethernet OAM The slide higligts the tple we aacuss net Chapter 7-28» Bhematoaw JUNIPer ve unas Serves Provider Switching, LFM Configuration = LEM settings ESE PET elcasyeconsy-tessr eesan nl ews] eras os eetneestfs) {mais ane] LEM settings ‘The side sows some ofthe typical LFM confguratin settings. Chapiar7-20 JOnIper EhhomatOAW unos Santee Provider Swtching Action Profile Use action profiles to specify how a switch should react to certain events: + Critical Events cause the interface to go into link-dewn state automatically 1S Ebt-tesopr-encpe_ Sat uae soelguttlas tt Plan tet dupe EReSESecpsts tote ofeeacancy otto eee estas Sugistbos SWpeyvatoue "coups com stich > taecst conti gua ata 2H feiwe Seve ee Siete cn heat ‘Action Profiles f Anacton pole allows you to cofigre now the eth shoul react aren vents, ‘ou coniguea pote forthe following event: 3, Link-adacency~1ose: Oseu's when OC massoges ae no longer ‘being reco om the remote peer, 2. Link-event rate: Allows out spec art of rca ferent ‘ypes of event messages tat cause an acon b tare pace 3. protocol-down:Alows the MEP ta menor vhen malterance ‘Sesclatons at niger level 6 down, ‘The slid shows te actons you can take when the event peciied inthe ation profi out, hapie 7-30 JUNIper pe@ ures Serica Provider Sutehing LFM Status * Display the status of LFM with the show oam ethernet Link-fault-management command Anat soy oan gene nota Tene ahr acing, ote pase sts tering (ino cogunatar nsupporteg | os NS Sweind LEM status, Use the show oam athernet Linke-fault-minagemant Command to ‘etermnine the satus of te ntertaces running LEW. The outputshaws the pee's MAC ‘Scdreas tha ttn of tha reatonanip wth that pat and the capable of the baer ‘Chapier 7-31 Juniper horet a Junes Service Provider Slching Remote Loop * Set a loop on the remote peer by adding the xemote-loopback statement to the configuration ae Setting a Remote Loop Inthe example on te sie, Wx is conigued to sea lcopback message a MX2 so ‘at M2 eternal ops its go4/3/6 trace. Once MA's configuration ommtng te fopbsck message vaves to MX Looking at WA's command output, yucan so that ho oc irterace was laced in 800. ‘GaseeF -Brenetom po unos Sanice Provider Switching Testing the Looped Circuit = Send pings from MX1 to MX2: + Success appears at TTLexpirations “+ Astatic Address Resolution Protocol entry is 1ecessary ‘esting the Looped Cireut ‘These shows the tos nacessary to generate ping tafe abossthe looped cet ‘successful tet of te ink comes late fom ot T-expraton messages, The limerorve (TL) expratons show tat he pings weve svesestlyranenited, ‘eseie and looped trough the netsrk unt aT nay expired onthe kernet ‘Control Wessage Protocol (CMP) pactets, JUMIPEESOS~S~S~SC« unos Service Provide Siting CFM Configuration—Customer Bridge = Remote MEP must + Remote MEP must hrave the same smtesiaty romeresaomin, ee ‘maintenance Sueno association. interval, SED, and level a Down MEP Configuration _ay gon MEP must be conigwed wth named maintenance domain lee, 2 named maintananceassocton, aunque MEP I, adecton na ems PID {autdlscovery ean be used as wai. Alo, ¢ CC messege eval must be spectog to bog the negro dlsovery process and mnitonng ofthe snatone EVE Te se ‘also shows new appv an ation prof to a emte MEP. Yas cannat apy an acton profile when using autoscavery. Ghapier?-34 > EhemalGna Juniper ve unos Seni Ponder Switching CFM Configuration—Provider Bridge + You configure a provider edge bridge as a MEP and also as a MIP: sts emia so enews comeriiy-tnangmet sitacts as a MIP only for pero epaccntin dnote (level 4+ 1) Soa . Up MEP Configuration ‘he side shows a ypleslcontiguraton of n up MER To alow fran up MEP to aso actasa MPfor igherlwl simply add inemip-saie-function default ‘Satamen tothe configuration. Juniper ‘therat OA > Chapter 7-35 unas Service Powder Suitehing Displaying Status of CFM = Show information related to CFM ‘Status of CFM ‘Tho si shows a ofthe possible woublesnotng commancs that you can use for om. Juniper {nos Serie rover Switching Vorifying Continuity * View the status of the switch’s MEP-neighbor costatus Use the show oan ethernet connectivity-fauit-managenent interface command tp determine the status of MEPs relationship with avert wee. JUAIPer Jungs Semice Prove Sching ‘CFM Loopback "Use the ping ethernet command to initiate a CFM loopback test + Specity the remote MEP by MEP ID or MAC adress (CFM Loopback. ‘The le shows how to performa loopback et wth the péag sthernat command (Gharier 7-38 + Bernat O&M JUNIRE® 2 unos Serie Prov der Suton CFM Linktrace "Use the traceroute ethernet command to initiate a CFM linktrace test + Intermediary MIPs respond along with the remote MEP, Linktrace ‘To perorm 2 CFM Inkraee oa ramet MEP, sue he traceroute ethernet ‘ommand Note that sry MPs configured at Lvel alo respond to ths nktrace massage ntsted by 2 Love! 5 MEP junpest—“CitsSSOC unos Senice Provider Switching CFM Frame Delay Measurement + Use the monitor ethernet delay-measurement ‘command to initiate a CFM frame delay test Frame Delay Measurement ‘The slid snows how 0 use thomontor ethernet delay-nasmucenant ‘commandto test the reme dotay between MES. goers rere Ber re unas Saree Provider Swithieg Review Frame Delay Statistics ®= The switch maintains a record of previous frame delay measurements ‘Save Frame Delay Measurements ‘Togo back and lookat historic! rama delay measurements suo the chow am othernet conectivity-Eault-manegenent nep-statistion JUMIPEE mow Oa unos sence Provider Switching Summary ‘In this chapter, we: + Explained typical OAM features + Described the basic operation of LEM + Described the basic operation of CFM + Configured and monitored Ethernet OAM ‘This Chapter Discussed: “pial OAM features: +The asi operation of LPM; + Te basi operation of CFM anc + onigraton ane mentoring of Ethernet OX See ea Review Questions . Which Ethernet OAM protocol allows for'setting a loop on a remote switch’s interface? Whatis the difference between an up MEP and a ‘down MEP? What must be true for a MIP to responc to a linktrace message? ye Chapter 7-88 JUMIPEES—S~™SSSSC RO TT Lab 5: Ethernet OAM = Configure LFM. Configure CFM. Lab 6: Ethernet OAM “Those provides the objectives ort lb Chapter Toa > Gihamat Out «SURI mS 4 @ JUNIPe NerwoRt I Junos Service Provider Switching Chapter 8: Ethernet Ring Protection unos Senses Provider Sting Chapter Objectives After successfully completing this chapter, you will be able to: + Explain Ethernet Ring Protection + Configure and monitor Ethernet Ring Protection This Chapter Discusses: + thers Ring Protection RPI and + contiguraton and mentoring o RP. Seow veenameneens EE wo uses Series vider Switching Agenda: Ethernet Ring Protection ERP Overview * Configuring and Monitoring ERP ERP Overview ‘The slid sts th topes we over in this chapter. We alscuss he highlighted ton fie Juniper ert ing Proteaion » Chat sures Senice Provider Sutching Caper aa ERP * ERP is defined in ITU-T G.8032: + Designed to provide sub-50 ms, loop-free protecticn to an Ethernetnetwork + Ethernet network must be in a ring topology + Because of the faster fallover times, ERP can replece spanning tree protacols on the ring + Works best in conjunction with connectivity fautt management—especially on copper inks ERP Define the intentional Teleeommunicaton Union Tecemnuniaton ‘Standardization (U7) 6.8032 reeammendaton, SRP proves hy relate, taba, ‘ns leopree protacton or Ethernet ing topoioges. ER soto fran Ethernet ‘cng wre each sig node (sc) connscts to two elacet nodes, patcating in ‘be samo ing using wo Independent Ine. Tha minum rumor ef nodes on 8 hs 'Stwo, Because ERP can provide su-50 ms, eoptee proton fora rg toate, an aby replace any spanning rs preacal on te ng Using an Ete fiber ng ‘otless the 1200 km andtess an 18 nos, the ste cman te athe te oF fale shoud be ls than 50 ms, Copper Inks can ao e ise, twa recommen that you use connec faut management (FM) a hap cates flues Sateen nodes, ‘heret Rng Protection JUNIPer ines Seniee Povicer Svtcing Ring Protection Link = Asingle link acts as the RPL for the ring: +The RPL-ovner node controls the RPL + During normal operation, the RPL-ownernode places the RPL in a blocked state to prevent a loop in the ring topology “+ When a link fallure occurs on the ring, the RPL-owner node places the RPLin a forwarding state + Wnenthe fled links repaired. the Junos operating systom act in a revertve manner and the RPL owner placas the RPLn biocking Seo _-[eaciaieiamomnenen | Ring Protection tink Toprtet the Ethernet nga sng nk between vo nodes acts the ing roteetionHnk (PL) on the ring One of he alacentnodes, which eterred to 9 the PL owner, convo estate of the APL. During norst operon with no fares (le ste, te RP ouner loc the RPL in the blog state, wich result in © loop fee tpg. nk aur occurs somenteran the ring the ROL ownee Piaoes the APLin a fooracng sta ut the fll ink Yetta. Once th fled Ines repaired, the anos operating system sets naeverive manor returning RPL othe bacang sate Cranes Juniper ecateee nos Serie Prove Stening Node Types " RPL-owner node: * Controls the state ofthe RPL + Initiates ing Automatic Protection Switching messages = Normal node: +All other nodes onthe ring wth no special role + Configured to listen to and forward APS messages + Generate R-APS messages when a local link failure occurs RPLOwner Node ‘he RPL ouer conv the stato ofthe RPL. Our he elastase only node that sends peri Rng Automate ProzactonSwiteing (2-4) messages to ody te oer nodes sbout esa of tho RPL The net ew sos cuss ne des of ‘he Automate Protection Sthing APS) poco and RAPS messagos. "Normal Node ‘A xm node is any other node onthe rng bese the RPL owner. It tens to and forwards APS massages. Aca, aoe ng nk fale ocr, 2 nial rede ‘Sprasal othr nodes tat hele has oooured using RAPS message, JUNIPer unas Serve Provider Swing APS Protocol * APS coordinates the protection actions over the ring: + Requires a dedicated channel (a VLAN) to deiver RAPS: messages between nodes, + single VUAN is chosente sendianc! receive R-APS messages: however. all YLANS on the trunk ae affected by he APS algorithm + Uses CFM frame format + opcode= 40 (RAPS) + Flage=0 APS To coordinate ho efor of protecting he Ethernet ie each node parteipates inthe PS, Each of th two parson each Node must be oanigired fora dedisted channel ‘tual LAN (VLAN) ora ridge domat-tocommusests singe APS proto. ‘ough the APS proto! uses a singe WAN to cormunizste, the changes in the forwarding stat of nertace that oor a5 ares tho auchange of APS. ‘massages aflect tne ese port ofa redo all VANS, TU 6.8032 specifies the use ‘tthe CPM rama format ax dosebedn the Operon, Adminitaion, ana Mantonance (OAM) chapter ofthis cours. To alowaferetaiondetween an LAPS ‘massage fom a CFM message, an RAPS message ses a destination acess of ‘0f-0-47-0000.0, a5 walls an apcode of 40, Juniper ‘hes Rng Protston > Chealer 7 Junes Senvioe Provider Switching APS Frame Data Flelds bela ealeclel [em = R-APS-specific data fields include the following fields: + Request/State 4 bits) + Request/State= 101: represents sla fall + Request/State= 0000 represents na request “+ RPL Blocked (4 bit) + RPL Blocked» 1 represents the RPLis blocked + PL Blocked = 0 represents the RPL Is unblocked *Donot flush (4 bit) = Node ID (MAC address of the node, informational only} RAPS Data Fields Current APS Ras no spocted ype length, and values (18). The slide shows the ata elds fond ian RAPS message. Teflon desesbes each cata ed + Raques/State 6s): Curent only two values are defines. A vase of 0000 isused when a ode warts ta sal tat detec fabure on ‘te ng request, & value of 1011 fused when anode wants to ‘gral thet on teroce has fed (Sign! Fal ste. + Reserved (4b): This values sways 0000 Thee reserved for + RPL Blocked (1: Usage fortis eas sow an the i. Ony the PL nor ea ine! RPL lsh. racer for firs ae. odo (8 octets): This fl is MAC adres nie to the rin node, + Reserved 2 (24 octets): This value al 2005 Tis fa is ese or “Chapter8- + Ethernet Ring Protecton o unos Sonce Provider Switching APS—idle State (Normal Operation) = RPL-owner node places RPLin the blocked state: + RPLowner (Node A) sends R-APS messages out of all ports every 5 seconds + Request/State= No request + Danotrush= 0 (Fish) + RPL Blocked = (RPL is Blocked) + All other switches place ring ports in the unblocked state secu ERS] pommel" wes hee, Idle State ‘wen no flues occur onthe Ethernet ng ai nodes ar inthe le sat. During the Ide cat, the RPLonmer paces te RPL na lckingtata, Also, the SPL owner fonds parol evry 5 seconds) APS messages at aigal that alu Is present onthe nig Request State =no equost) tal switches shoud Ms tole ac tables (Do nt tush =0), end hate RPL Iscurentyblocwed [RPL Blocked = 1) ‘Allather swchesfush tba MAC ables ence (n te rs recaved RAPS message) wale unblocking both o thle nng ors Ring Proiacion » Chapter JUNIPSS Juros Srvc Provide Siting APS—Signal Failure (4 of 2) «Signal failure: + Occurs when a failure is detected on an unblocked ring link (CFM fallure detection, and so on} + Node 8 and Node c: + Wator hold interval to exe (default) + Switch from ile state to protection state + look aled ports and fish MAC tabies + Sendra LAPS messagasin the fist 10 ms flionedby one every seconds(Request/State= alghal fall Do not ksh = 0) unt ‘slgnafalied condition oears ae Signal Failure: Part 1 ‘signa flue occurs when anode detects a alure an ig pot. inte ama, Node an Node C detect fare onthe ik bates them. The Juno OS doesnot ‘rent support noite. n othe wore, Node 8 and ode ead inreiatly ‘othefale ink The nates sites fom te le tate toe protection state, Sock the aod ports tush thelr SC table, and signa to al he her nde hat =igral {are has oozured using APS messages. The RAPS mesiages tal the ober nades that afalure has ocoured (Reques/Stato~ signa fl anathat be nades should Tush ir aC abies (Be ne Tish 0, Node B and Nade Ccatnuay send APS massages overySoaoands unt he sgnal fare condones, ‘Chanter 8-10" > Etemet Rng rotation JUNIPEr 1. unes Serves Provider Switching APS—Signal Failure (2 of 2) = Signal failure (contd.): + Al switches except Node B and Node C: + Switch fom tole statet the protection eat + Flush MACtabes and stop sending RAPS messages + RPLowner (Node A} + Unbloeks PL, + Listonsfor subsequent APS messages rom Node C and NodeD (Subsequentslgnalfal RAPS messages donot m-iget flushes) mee ea) Signal Faure: Part 2 Upon caving te signa fll RAPS message temnNode Band Node al other nodes (eluding the RPL owner swtan othe prtecion state, Mush thelr MAC tables, and stop sending -APS messages. he RPL owner Dicks the RPL and iste for bsoquent PASS message tom Node Aand Node. Juniper Theme’ Ring Peteton + Chapter 8-2 unos Senice Provider Sting APS—Restoration (1 of 2) * Signal fail condition clears on the link between Node B and Node C “Node B and Node ¢: + Continueto block the previous filed tink + Sendo request F-APS messages (Request/State = noreques!: 00 etflush = 1) and continue untl they resele-an RAPS message hom Node a oe SS] Restoration ofa Failed Link: Part 1 ‘nen te fair is repared between Node Band Node tay bein sanding out new RAPS messages. Tha RAPS messages tel heather nodes bat th falar Request Stats “no request is no longer prasent and tthe} shel no sh their MA tables (D0 not fh = 1) Nede 8 and Node ka the prevtusy fale prt In he boc state preventing oo) un they ecelve RAPS mssagen rom Nod A described nie folowing se, Spmrea eeermeareeten IPE te JunesSanvow Provider Swtehing APS—Restoration(2 of 2) * Signal fail condition clears on the link between Node B and Node C (contd.) + Node A (after receiving no request R-APS messages} = Wait orth restore timer to axa cefault is § mines) 1 Blocks RPL andtransmits 2 RAPS message(RecuesY/Stat = no request APLBlocked » 1 Donotflush = 0) + Allother switches lush ther MAC tables and unblock any blocked ringports + Aliswithes change from th protection state to he tle state Restoration of Falled Link: Part 2 Upon reosiving te na request RAPS messages from Node Bara Node C, Node A Sart restore timer, The caus © minutes, Youcan configure te restove tar in {minute steps betwoon 5 and 12 nutes, Once ts reso ter expires, Node A ‘looks tha APL and vansmis APS messages that signal the oer nodes that no {ature a present onthe ng (aquest/Sato =o requ hat te RPL nas been Dioduec (Pc Backed =} and that he oer nodes souls Mush ther MAC tables (D0 ot us =O), Gnos they reset the RAPS messages rom Node A, te other noes ‘usa he MAC abies and unlock ay rgports st Ned been bloke. Ais pln, JUNIPEr Tina Ring Potzaon » Chapter 8-13 unos Service Provider Svthing Agenda: Ethernet Ring Protection + ERP Overview configuring and Monitoring ERP Configuring and Monitoring ERP Tele hgh tne tape we disuse ne. JUNIPer ? Jones Serves Proviler Switching ERP Configuration * Configuration options ‘contest ume ‘ Sete ne ‘crt gta | ERP Configuration Options ‘The ide shows alo the optinsavaabe when carfguring ERP You must contre aneast-inerface anda west interface ou Rood net configure the to Intrtaces in ary spec ader. You os speny gba or rrgspeaevarsions ofthe {te inte (mes) for ER: ‘quara-Lnvexva} (Ssabied by dfaut: Conguabl in 20 ms Intrvals fom 10 ms to 2000 rs, ts ued to prevent node rom rcobing outastd RAPS macrages, Crow an RAPS mesa ie "cai the guar mor tarts. Ary RAPS messages that ave before theexpraton of te guard tine ep. pold-inverval:We deserved this mtenal onthe prvous sis. _eestore-intecval: We desaribe:hisintervalonthe previous is, Wimiper Erne Potacon > aptar a5 JUNAIPEF Janos Santee Provider Switching ERP Configuration—RPL Owner "Node A configuration RPL Owner Configuration ‘The ste shovs a pial contguratin forthe RPL owner ne Ft you must configure te two interfaces tat patopate nthe Ethernet ing frie APS chanel (UN and ogo domains eate, VAN 100 sed a the cormaneaton| ‘hanna! betweon nodes. Conigue ERP under (adit protocole protect ton~group. The folowing area f things tte above the ERP nigraton fF t= RL owner + oumust configure the RPL owner node spacial athe ing-protection-1inke omer! + The ntetaoas ar inrchangeabia with regard selecting then to ct asta west~intertace and east-interface slong 2ayou _specky cneof them as being the ing-protestson-tink-end and + Fortunkmode interface, you must slo spec the VLAN. “Bhemet Ang Proseton JUNIPer unos Sonice Provider Sting ERP Configuration—Normal Node ® Node B configuration Normal Node Configuration ‘The a shows atypical configuration fora normal od. © O a Juniper unos Service Provider Sweching ERP Monitoring * Display the status of ERP iy heya ge enti * ERP Status ‘The sideshows al ofthe posible commands to monitor ER® We ase each one onthe net ow des ‘Chanter iB» Eterna ing rotecbon JUAIper wo JUMIPEE meen omer uses Sarce Provider Switching R-APS Information * Display the status of R-APS protocol data units RAPS Information ‘The command on te slide shows te detals he RAPS messages to which He loca rede i curenystening or whens fowardng Based on he output you cn el Uhat the toca! node (ods Asta RPe owner Bacase the RAPS message oranates from & and ts evertanginat te RP scarred Bockod Junos Seni Provier Swing ERP Interface Status * Display the status of ring ports Imerface Status ‘The command on the se shows the stato he oes! nade itarfaces in elation to ERA.Notethat the Admin State showsthattis TPP ready. Tha state means that ‘ie Enemet flow forwarding function (he contol ehenne fe avalabe to foward AS ti ae ana snes Senice Providor Switcning ERP Node State ® Display the status of the local node Local Node Details ‘Te command onthe slideshows the APS State the locs rode, 8 ell as some ofthe localy configured timer ales. vi. JUnAIper BhernetRing Potesion = Ganev Chapter 8-22 + Eherel Rig Proton Junos Senice Provider Scie, ERP Statistics * Display statistics of the local node APS Statistics ‘Tecommanonthe se sons the quantiles of specie vets that hive ocurred, You can reset these values Oy surg the clear protaction-group cthornet-ring statistics group-name name command JUNIPer Jungs Service Provider Switching Summary In this chapter, we: + Explained ERP + Configured and monitored ERP ‘This Chapter Discussed: + The fundementalsof ERP: ana + coniguation and mentoring of RP. Juniper sures Senice Poder Switening Review Questions 1. When copper links exist between ring nodes, which other protocol should you use in conjunction with ERP? 2. What can cause the RPL owner to stop sending periodic R-APS messages? 3. Once a signal fail condition clears, how long does the RPL owner wait until it begins sending periodic R-APS messages? What is the name of the timer? Review Questions “Chgier6-2 + EhamatRnghaiiion JUNIPer . nea Senice Provider Swehing Lab 6: Ethernet Ring Protection * Configure ERP. "Monitor ERP. Lab 6: Ethernet Ring Protection ‘The sd roves tho objectives for this a. unas Senice Provider Sultcing (Chapter B28 » Ethernet Ring Pretacton JUNIper 1. Appendix A: Acronym List as, om -.,amm ndlcaton signal 29s | ‘tomate Protection Switching ane: ‘Asynohroneus Transfer Mods aca. | Beckoore oor bie eo. ‘Seceward Detect Inceater re backbone edge biago aD CUTIE cere nn age PU —— : CII ge protocol data une BIG SITIES so Backbone VAN ta, BUM. IIIT Weadeaat anges wih rinown destnation ana rutveast Buan : an ae Baska VAN cop ‘usicmer Backbone Por cc ‘comtnuly oheok eal! “canerical Format Incest. oni : CITI connect fauttmanagement ost, Gammon and intemal spanring woe cu. ‘commanaine interface cos | ass of serve csmayeo. ‘ac sense mut sccece with collsion detection or ‘commonspanring vee one (istomer IAN tag cman customer VLAN Del rep ElgtyIneator oe ‘ense Pon Concentrator Bsa oaioaon serves occess point Euan. Eeyersa a Line! Ethernet Line ERP dermal tng Protection eve inemet veut connection ol Forward Defect inatar rE “onarc outing eneapsuation ‘cut graphical ver interface Tews intamet Cartas Message Protocol eee insite of letea ana Eecwenes Engineers ire. ‘over > Ire, Incagited tating and bing ey Bacsbone Serve Instance 1D rae idaeone Senta nstance fi. intaveaona Tetecommunicatian Union nur International Tescommuniclion Union Tdeconmunizato Sondordzation aNTeP SuriperNetwors Technica Cerifeson Program Lea link aut msnagement ac ‘media soces contol aw icropatan Aves Network er eo heme Fora ep a inaintnanee association ord point vr COSI iaintanaroe assovatonitemecate point msi Cn ——— Mutplaistance STP 0 eeeeeeeeeeeseeeeeseeses SEIT pe sees operator JUNIPer Den at = AE pastes apie st Ries. Re PL Rsverau Sma. sip. mM. 7 smutipe spanning tee SII ii spanning ee instance a ‘Mute Spanaing Tee Protooct INT peaion, dminirston, and Msintanance oo eens OAM peoet date Unt ci Soper Stes ntresnnection SILL powder bookoone bridge ‘ier backoone bridged networ : provider bridged network ower and ethemet Boots Packet Forwscing Engins : hyslea interac Module Crowder instance Por parmanent vital ecu erLAN Spanning Tree Plus Rapid PeritaN Spanning Tee Plas FingAutonatc Peteston Switching Rout Engine : ing protection tke SCCTIRtgtd Spantng Tree BPOU SITS Rapd panting Tree Protocol : SL gant! agreement — ‘sore WAN tg SII Spanning Tee Protocol : oe 0 VIAN toplgyehanig retication ; SOIT ametton nulpexing a ‘yperenetvaie ag Protect een: time ove CIT bet Custer aor \scrtonetworc interface a CCITT sel pate AN sen : VIAN Spanning Tee Potoco! Teroaym lat JUNIPEr ?@ Appendix B: Answer Key chapter 4: Chapter 2: Chapter 4: Course introduction Ths chapter contains no review questions. Carer Ethernet ne providers can offermora thatone canicatoan indicia ostomer over single access por withcariertnemot,and enters customers need ol ie Eterna exports to marae 2 ‘The thee prominent Eherst standards organzatios ere the MEF, helEEE, and the TU, 3 ‘Wx Saris davon can provide prover bdging procs backbone bdgng Srl OAM. Ethernet Switching and Virtual LANS 2 bridge domain tows you to spect which VLANG wt he use for Layer 2smtshing 2 ‘de epneraly forwards muleact fame out of every interface exept fer the one rom eh they were received. 3 ‘ARG inertoce etininsts the nee for an extemal router to reulebetween VLAN. 903 a 89 Peston forthe hoete tanned toa VLAN 4 ‘Te stehcorttion use na Layer 2 roa ier to mate on 802.19 pny bits tearn-vian-ip-petority Virtal Switches For mutipe routs you can configure vinatroutrrutnginstaneas. For multe switches, youean congue vituaawich outnginstances. 2 Yournustctthointorfaea atthe {eait routing-inotances vet) levee te hiorarchy to eneue that appearsas part the vet wrual switch 3 {87 default, you can fn he routes astoiated wth IRB ntrtace Inthe et. ang abe JUMIPEE se Chapter 5: Chapter 6: Chapter 7: Provider Bridging ‘The sere provider and potential thousands of customers must stare ited number of ‘LAN bs whan a serie provider uses IEEE 802-10 VLAN to prove LAN service Aso, wach service provider avn must eam the MAC adresse offs custome: 2 ‘Three VLAN tag operators that a eth can econ on frame arson push, ae swap, 3 ‘Tha Hoomponan varsats :VLAN tgs to Ds ‘Spanning Tree Protocols 1 ‘TP simple Layer 2protool hat prevents loons and clelates he bast path through Stehed network that contains redundant sath STP automaticaly ebuids the wee who & ‘opoley orange acu 2 Blocking crs all data packets ae recelves BPOUs. Utening rol data packets anc listers to BPDUs. Leaning des net forwaré data tai but us fe MAC ates abl ‘Fomardng forwards dst vat na vara and eoeves SPDUs,isabod does nok aroipste in STP (adminisratvalydeaiad), 3 ‘The base stops inven bung a spanning tre are that thes exchange BP DUS, each ‘nal rg elects singe root begs base on the racaned BPOUS and he ties eterno the oe and state of naivaual ports, ot wich te the ees considered fly converges. STP improves inkconvergence ne sigincaay ovr STP. MSP supers u to 64 reafone odallows oad blancingover redundant inko-ST?andRSTP dot. VSTP lows for perAN Spanning toes. Ethernet OAM 1 Least or setanga erate oop, 2 ‘down MEP expects to tnd neighboring MEPs downetroam. An up MEP expect tof neighboring MPs uptreom, 3 ‘The MIP must be configured st oe evel blow he MEP that inl the ntrace message. ‘eawar key JUNIPer i? Chapter &: Ethernet Ring Protection ‘Youshoud se CFM wih ERP for faster protection ines. 2 An RPL owner soos sanding ts own RAPS massages wen ecaves an FLAPS mesSag#for snotner nade tat species Sra are a ‘Te RPL owner wats unt te Restore Timer hes exe. The delat is 5 minutes. JUNIP' wor Kay» a a ‘Sa > pasweriey JUNIPer