Configuring an ERPS Ring
A ring is the basic ERPS unit. After an ERPS ring is configured, ERPS runs to block redundant links and eliminate loops on Layer 2 networks.
Context
- Create an ERPS ring.
- (Optional) Configure a description for the ERPS ring. The description can contain the ERPS ring ID.
Configure a control VLAN for the ERPS ring. A control VLAN is different from a data VLAN that transmits service packets. On ERPS rings, a control VLAN is used to transmit Ring Auto Protection Switching (R-APS) Protocol Data Units (PDUs), also called the ERPS protocol packets. A control VLAN does not transmit service packets, enhancing ERPS security.
All devices on an ERPS ring must use the same control VLAN. Different ERPS rings cannot have the same control VLAN.
- Configure an ERP instance and map the instance to a VLAN. Ports can be added to an ERPS ring only after an ERP instance is configured for the ring. VLANs can be mapped to protection instances for load balancing.
Specify ERPSv2.
ERPSv2 has the following additional functions compared with ERPSv1:- Supports multi-ring topologies, such as intersecting rings.
- Allows sub-rings to use either VCs or NVCs to transmit R-APS PDUs.
- Supports two manual port blocking modes: FS and MS.
- Supports both revertive and non-revertive switching.
Configure major rings and sub-rings.
By default, an ERPS ring is a major ring. When you deploy ERPS on a multi-ring network, you must configure some rings as sub-rings and set the R-APS PDU Transmission Mode on Sub-rings.
Add Layer 2 ports to the ERPS rings and specify Port Role.
Before adding a port to an ERPS ring, ensure that:No spanning tree protocol is enabled on the port. If a spanning tree protocol has been enabled for a port, run the stp disable command in the interface view to disable the spanning tree protocol.
The port is not a Layer 3 port. If the port is a Layer 3 port, run the portswitch command to switch the port to the Layer 2 mode.
A control VLAN and an ERP instance have been configured for the ERPS ring to which the port will be added.
- ERPSv2 has been specified for the ERPS ring if the port will be specified as an RPL neighbor port.
A ring can either has STP or ERPS enabled. If you enable ERPS, the control VLAN and data VLAN must be mapped to an Ethernet Ring Protection (ERP) instance. Otherwise, a loop may occur because STP is disabled.
Procedure
- Run system-view
The system view is displayed.
- Run erps ring ring-id
An ERPS ring is created, and the ERPS ring view is displayed.
An ERPS ring can be deleted only if it does not have any port. If you attempt to delete an ERPS ring that has a port, the system prompts a deletion failure. Before deleting an ERPS ring that has a port, run the undo erps ring command in the interface view of the port or the undo port command in the ERPS ring view to remove the port from the ERPS ring. Then run the undo erps ring command to delete the ERPS ring.
- (Optional) Run description text
A description is configured for the ERPS ring.
- Run control-vlan vlan-id
A control VLAN is configured for the ERPS ring.
The control VLAN specified by vlan-id must not be one that has been created or used in Smart Link protocol, VLAN mapping, VLAN stacking, port trunk allow-pass, or port default vlan applications.
The control VLAN for an ERPS ring cannot be modified after a port is added to the ring. Before deleting the control VLAN for an ERPS ring that has a port, run the undo erps ring command in the interface view of the port or the undo port command in the ERPS ring view to remove the port from the ERPS ring. Then run the undo control-vlan command to delete the control VLAN.
If an ERPS ring does not have any port, you can run the control-vlan command more than once, but only the latest configuration takes effect.
After a control VLAN is configured, the vlan batch vlan-id1 [ to vlan-id2 ] &<1-10> command, instead of the control-vlan command, is saved in the configuration file.
After a port is added to an ERPS ring that has a control VLAN configured, the port is automatically added to the control VLAN, and the port trunk allow-pass vlan vlan-id command configuration is automatically generated in the interface view of this port in the configuration file.
- Run protected-instance { all | { instance-id1 [ to instance-id2 ] &<1-10> } }
An ERP instance is configured for the ERPS ring.
If you run the protected-instance command for an ERPS ring several times, all the configured ERP instances take effect.
ERP instances for an ERPS ring cannot be modified after a port is added to the ring. Before deleting an ERP instance for an ERPS ring that has a port, run the undo erps ring command in the interface view of the port or the undo port command in the ERPS ring view to remove the port from the ERPS ring. Then run the undo protected-instance command to delete the ERP instance.
- Perform either of the following operations to configure the mapping between the ERP instance and VLANs and ensure that the control VLAN belongs to the configured ERP instance:
Configure the mapping between the instance and VLANs in the MST region view.
- Run stp region-configuration
The MST region view is displayed.
- Run instance instance-id vlan { vlan-id1 [ to vlan-id2 ] } &<1-10>
VLANs are mapped to an MSTI.
A VLAN cannot be mapped to multiple MSTIs. If you map a VLAN that has already been mapped to an MSTI to another MSTI, the original mapping will be canceled.
The vlan-mapping modulo modulo command configures the mapping between MSTIs and VLANs based on a default algorithm. However, the mapping configured using this command cannot always meet the actual demand. Therefore, running this command is not recommended.
- Run stp region-configuration
Configure the mapping between the instance and VLANs in the VLAN instance view.
- Run vlan instance
The VLAN instance view is displayed.
Run instance instance-id vlan { vlan-id1 [ to vlan-id2 ] }&<1-10>
VLANs are mapped to the VLAN instance. The vlan instance command and the stp region-configuration command are mutually exclusive. If the mapping between an MSTI and VLANs has been configured in the MST region view displayed by the stp region-configuration command, you must delete the configured mapping before using the vlan instance command.
- (Optional) Run check vlan instance mapping
The configured mapping is displayed.
- Run vlan instance
- Run version v2
ERPSv2 is specified.
Before specifying ERPSv1 for an ERPSv2-running device, delete all ERPS configurations that ERPSv1 does not support.
- (Optional) Run sub-ring
The ERPS ring is configured as a sub-ring.
An ERPS ring cannot be configured as a sub-ring after a port is added to the ring. Before configuring an ERPS ring that has a port as a sub-ring, run the undo erps ring command in the interface view of the port or the undo port command in the ERPS ring view to remove the port from the ERPS ring. Then run the sub-ring command to configure the ERPS ring as a sub-ring.
Major rings are closed, and sub-rings are open.
- (Optional) Run virtual-channel enable
The R-APS PDU transmission mode is specified for the sub-ring.
This step is needed only for a sub-ring.
If the VC mode is used for sub-ring R-APS PDU transmission, it is recommended that the major ring's VLAN with an ID same as that of the sub-ring's control VLAN transmit only sub-ring R-APS PDUs. If this major ring's VLAN also transmits data packets, attackers may construct bogus sub-ring R-APS PDUs, causing sub-ring loops or even a major ring failure.
- Run either of the following commands to add a port to an ERPS ring and specify the port role.
As MAC address updates cannot be separately sent currently, configuring the direct link between two upstream nodes as the RPL is not recommended.
Before changing the port role, run the shutdown command to shut down the port. Then change the port role and run the undo shutdown command to enable the port.
- Run commit
The configuration is committed.