Inter-network Ethernet Service Protection

1
Inter-network Ethernet Service Protection

• Zehavit Alon
• Nurit Sprecher
• John Lemon

2
Agenda

• Inter-network Ethernet Service Protection
• Overview
• Requirements
• Network architecture
• Possible connectivity constructions between
  Ethernet Networks
• Recommended construction
• Proposed solution
• Open discussion and next steps

3
Ethernet Services over Interconnected Networks

• Carrier Ethernet services are delivered over
  interconnected Ethernet networks - untagged,
  C-VLAN, S-VLAN, B-VLAN
• Interconnected networks may, for example, consist
  of
• a customers network connected to a service
  provider's network
• that is also connected to other service
  providers' networks.
• An end-to-end carrier Ethernet service can span
  several interconnected packet networks.

4
Ethernet Services over Interconnected Networks

• Each Ethernet network may deploy a different
  packet transport technology which provides its
  own mechanisms aimed at ensuring network
  survivability. Examples are
• Bridged Ethernet with MSTP or SPB or G.8032
• Traffic Engineered Ethernet with PBB-TE
  protection switching
• A protection mechanism is required for the
  interconnected zone.

PB xSTP
11
SPB
11
PB xSTP
5
Interconnected Networks Protection Mechanism
Requirements

• Protect against any single failure or degradation
  of a facility (link or node) in the
  interconnected zone
• Support all standard Ethernet frames 802.1D,
  802.1Q, 802.1ad, 802.1ah
• Support interconnection between different network
  types (e.g. CN-PBN, PBN-PBN, PBN-PBBN,
  PBBN-PBBN, etc.)
• Provide 50ms protection switching
• Provide a clear indication of the protection
  state
• Maintain an agnostic approach towards
• the Ethernet technology running on each of the
  interconnected networks, and
• the protection mechanism deployed by each of the
  interconnected networks

6
Interconnected Networks Protection Mechanism
Requirements (contd.)

• Avoid modification of the protocols running
  inside each of the interconnected networks
• Ensure that multicast and broadcast frames are
  delivered only once over the interconnected zone
• Allow load balancing between the interfaces that
  connect the networks to ensure efficient
  utilization of resources

7
Possible Topologies

• Mesh

• Ring

8
Dual Attached Connectivity
Mesh Ring
Two links are required Three links are required
9
Enhanced Resiliency
Mesh Ring
Resiliency is enhanced by adding a node with dual attachment to the adjacent network. This provides protection against node failure (with no traffic disruption). Resiliency is enhanced by adding a node and two links, and by removing the redundant link. This operation may cause traffic disruption (if a facility fails during the upgrade operation).
Dual attachment is widely deployed.
10
Connectivity between adjacent networks
Mesh Ring
Adjacent networks are connected by 4 direct (single-hop) connections A-D, A-C, B-D, B-C Adjacent networks are connected by 8 connections 2 direct connections A-D, B-C2 indirect connections A-D, B-C2 indirect connections B-D2 indirect connections A-C The network local link may also be used to transmit internal traffic in the network (which may result in the utilization of BW required for protection).
A
D
C
B
11
Protection Path Load
Mesh Ring
Load sharing is supported across all four links. When a link fails, traffic is shared between the three other links. When a node fails, traffic is shared between two links. Load sharing is supported across two links. When a link connecting the networks fails, all traffic between the networks is transmitted via the other single link connecting the networks. When a node fails, all traffic between the networks is transmitted via the other single link connecting the networks.
12
Load Sharing
Mesh Ring
Capable of supporting more than two nodes and two links in each network, for connecting the networks with support for load sharing Capable of supporting only two nodes in each network Although nested rings are possible, they can significantly complicate the solution and the operation.
13
Protection Path Cost
Mesh Ring
The cost of the protection path (in terms of the number of hops) is identical to that of the working path. (Revertive functionality is optional.) The cost of the protection path (in terms of the number of hops) is higher than that of the working path. (Revertive functionality is recommended.)
Working
Protection
14
Multiple Failures
Mesh Ring
Mesh topology provides better resiliency in the event of multiple failures. Examples are
No traffic
No traffic
No traffic
15
Interconnection with Rings (G.8032)
Mesh Ring
Protection in the interconnection zone is agnostic with regard to failures inside the ring. A super loop is created. Protection in the interconnection zone is not agnostic with regard to failures. A mechanism is required to prevent the transmission of internal traffic from the network in the west (shown above) to the two nodes in the network in the east.
Shared Link
G.8032
G.8032
16
Proposed Topologies

• Mesh that supports dual-homing and that provides
  enhanced protection in the double dual-homing
  configuration

17
Solution Principles
Blue traffic (VLAN X) is only sent through port 1
(which is protected by port 2).
Blue traffic is sent through port 2 in the event
of failure of link 1-3, or of node B
Interconnect zone
3
B
1
A
4
2
7
D
8
Blue traffic is sent through node C in the event
that node A fails.

• The protection mechanism is available per
  Ethernet service in the interconnected zone (i.e.
  per VLAN).
• An Ethernet service is carried only over one of
  the interfaces which connects the two adjacent
  networks.
• In the event of a fault condition on the link or
  the peer node, traffic is redirected to the
  redundant interface.
• The service may also be protected by another node
  to avoid a single point of failure. If a node is
  no longer able to carry traffic, traffic is
  redirected over the redundant node.

18
Solution Principles
Interconnect Area
3
B
1
A
4
2
10
9
7
D
8
11
11
12
13

• The interconnected zone may include additional
  nodes, interfaces and links
• Each protected VLAN is configured, (independently
  of other VLANs) on
• Total of three nodes and four ports - on one of
  the networks, one node with two ports on the
  other network, two nodes with one port on each
  (i.e. dual-homing)
• Total of four nodes and eight ports - on both
  networks, two nodes with two ports each (i.e
  double dual-homing)
• Each protected VLAN can be transmitted over one
  out of two/four links. However, at any given
  time, it is only transmitted over one of the
  links crossing the interconnected zone.

19
Solution Principles

• For each protected VLAN, one of the nodes is
  responsible for selecting the interface over
  which the traffic will be transmitted. This node
  functions as a master.
• The master is connected to two nodes. These two
  nodes follow the masters decisions and function
  as slaves.
• The master node can be protected by a redundant
  node. In the event that the master fails, the
  redundant node functions as the master. This node
  is called a deputy. The deputy is connected to
  the same two slaves as the master.

D
D
S
S
M
S
M
M
S
S
D
S
20
Solution Principles

• For each VLAN, the master/deputy/slave nodes are
  configured according to the following options
• Additional parameters must be configured for the
  master and deputy nodes (not for the slaves)
• working port the default port to use for
  traffic
• protection port the port to use when the
  working port can not be used.

21
Solution Principles

• The interface selection algorithm for each VLAN
  is based on
• local configuration
• Information provided by link-level CCMs
• The protection state of all the protected VLANs
  is synchronized between peers by means of a
  single link-level CCM message.

Slave1 follows masters decision and uses port 3
for VLAN X
Master chooses the configured working port 1 for
VLAN X
Master uses this port for VLAN X
Slave1 uses this port for VLAN X
Slave1 is active, and uses another port for VLAN
X.
Master uses another port for VLAN X
Slave2 follows masters decision and does not use
any of its ports for VLAN X
Master is working so deputy does not need to take
over
Slave2 is not active for VLAN X
Deputy is not active for VLAN X
Slave2 is not active for VLAN X
Deputy is not active for VLAN X
22
Solution Principles

• If a link fails, the master node uses the
  protection port (port 2) for VLAN X

Link on port 1 is not working, Master chooses the
configured protection port 2 for VLAN X
Slave1 does not receive anything from the master.
It does not use any of its ports for VLAN X
1
3
S1
Master uses this port for VLAN X
2
4
Slave is not active for VLAN x
Slav2 follows masters decision and uses port 7
for VLAN X
Master is working so deputy does not need to take
over
7
Slave2 uses this port for VLAN X
Deputy is not active for VLAN X
S2
8
Slave2 is actctive and uses another port for VLAN
X
Deputy is npot active for VLAN X
23
Solution Principles

• If the master fails, the deputy is informed about
  it by the slaves and it becomes active

Does not receive anything from master so it
doesn't use any port for VLAN X
Master failed. Does not send anything
does not use any of its ports for VLAN X
1
3
S1
Slave1 does not work for VLAN X
Slave1 does not work for VLAN X
2
4
Deputy sees that both slaved are not working. It
understands that the master is not working so
deputy takes over using its working port (6)
Does not receive anything from master so it
doesn't use any port for VLAN
Deputy uses another port for VLAN X
5
7
S2
Slave2 follows deputys decision and uses port 8
for VLAN X
6
8
Slave2 does not work for VLAN X
Deputy uses this port for VLAN X
Slave2 uses this this port for VLAN X
24
Solution Principles

• A protected VLAN x is defined on 2 ports On port
  A, VLAN x is configured as working entity, while
  on port B, VLAN x is configured as protection
  entity
• In a live system, the VLAN is transmitted only on
  one of the ports (working or protection entity).
• The 2 ports on which the VLAN is protected are
  grouped into a VLAN Protection Group (VPG). The
  VPG is a logical bridge port (as defined in
  802.1Q ad ah).

Port A
Port B
VLAN x Working
VLAN x Protection
Port A
Port B
VLAN x
VLAN x
VPG
Port A
Port B
VLAN x
VLAN x
25
Solution Principles

• The VPG forwards VLAN traffic to the port
  selected by the algorithm.
• VLAN traffic received on a port is forwarded to
  the VPG. Learning occurs at the VPG level.
• The CCMs are sent and received by ports A and B,
  and the selection algorithm is implemented on the
  VPG, based on the information received on both
  ports.

VPG
Port A
Port B
VLAN x
VLAN x
26
Solution Principles
Location of the new shim
27
Intention

• Start a new project in the IEEE802.1 aimed at
  defining a protection mechanism for
  interconnected networks in the proposed
  topologies. The mechanism should comply with the
  requirements introduced in this presentation.
• Decide whether we should send a liaison to the
  MEF in order to receive feedback on (1) the
  proposed connectivity construction and (2) the
  requirements.

28
Thank You

• zehavit.alon_at_nsn.com
• nurit.sprecher_at_nsn.com
• jlemon_at_ieee.org