2. Services Overview
This chapter provides an overview of the 7210 SAS-R6 and 7210 SAS-R12-series subscriber services, service model, and service entities. Additional information about the individual subscriber services is in subsequent chapters.
2.1. Introduction
A service is a globally unique entity that refers to a type of connectivity service for either Internet or VPN connectivity. Each service is uniquely identified by a service ID and an optional service within a service area. The 7210 SAS-series service model uses logical service entities to construct a service. In the service model, logical service entities provide a uniform, service-centric configuration, management, and billing model for service provisioning.
In the 7210 SAS-series routers, services can provide Layer 2/bridged service between a service access point (SAP) and another service access point (a SAP is where traffic enters and exits the service) on the same (local) router or another router (distributed). A distributed service spans more than one router.
Distributed services use service distribution points (SDPs) to direct traffic through a service tunnel to another 7210 SAS router, SR router, or other router that supports MPLS. SDPs are created on each participating router, specifying the origination address (the router participating in the service communication) and the destination address of another router. SDPs are then bound to a specific customer service. Without the binding process, the far-end router is not able to participate in the service (there is no service without associating an SDP with the service).
2.1.1. Service Types
The 7210 SAS-R6 and 7210 SAS-R12 provide the following types of subscriber services, which are described in more detail in the referenced chapters:
- Virtual Leased Line (VLL) services:
- Ethernet pipe (Epipe) — A Layer 2 point-to-point VLL service for Ethernet frames. See Ethernet Pipe (Epipe) Services for more information about Epipe.
- Virtual Private LAN Service (VPLS) — A Layer 2 multipoint-to-multipoint VPN. See Virtual Private LAN Service for more information about VPLS.
- Internet Enhanced Service (IES) — A routed connectivity service used to provide IP services. See Internet Enhanced Service.
- Virtual Private Routed Network (VPRN) — A Layer 3 IP multipoint-to-multipoint VPN service as defined in RFC 2547bis. See Virtual Private Routed Network Service.
2.1.2. Service Policies
Common to all 7210 SAS-series connectivity services are policies that are assigned to the service. Policies are defined at a global level, then applied to a service on the router. Policies are used to define 7210 SAS-series service enhancements. The types of policies that are common to all 7210 SAS-series connectivity services, and their functions, are:
- SAP Quality of Service (QoS) policies allow for different classes of traffic within a service at SAP ingress and SAP egress.QoS ingress and egress policies determine the QoS characteristics for a SAP. A QoS ingress policy applied to a SAP specifies the number of meters, meter characteristics (such as forwarding class, committed, and peak information rates, and so on) and the mapping of traffic to a forwarding class. A QoS egress policy defines the queue characteristics (such as CBS, CIR, PIR). A QoS policy must be created before it can be applied to a SAP. A single ingress and egress QoS policy can be associated with a SAP.
- Filter policies allow selective blocking of traffic matching criteria from ingressing or egressing a SAP.Filter policies, also referred to as access control lists (ACLs), control the traffic allowed in or out of a SAP, based on MAC or IP match criteria. Associating a filter policy with a SAP is optional. Filter policies are identified by a unique filter policy ID. A filter policy must be created before it can be applied to a SAP. A single ingress and single egress filter policy can be associated with a SAP.
- Accounting policies define how to count the traffic usage for a service, for billing purposes.The routers provide a comprehensive set of service-related counters. Accounting data can be collected on a per-service, per-forwarding class basis, which enables network operators to accurately measure network usage and bill each customer for each individual service, using any of a number of different billing models.
2.2. Nokia Service Model
In the Nokia service model, the service edge routers are deployed at the provider edge. Services are provisioned on the service routers and transported across an IP and/or IP/MPLS provider core network in encapsulation tunnels created using MPLS label-switched paths (LSPs).
The service model uses logical service entities to construct a service. The logical service entities are designed to provide a uniform, service-centric configuration, management, and billing model for service provisioning. Some benefits of this service-centric design include:
- Many services can be bound to a single customer.
- QoS policies, filter policies, and accounting policies are applied to each service instead of correlating parameters and statistics from ports to customers to services.
Service provisioning uses logical entities to provision a service where additional properties can be configured for bandwidth provisioning, QoS, security filtering, and accounting/billing to the appropriate entity.
2.3. Service Entities
The following sections describe the basic logical entities in the service model used to construct a service.
Figure 1 shows service entities for 7210 SAS devices configured in network mode.
Figure 1: Service Entities for 7210 SAS Devices Configured in Network Mode
2.3.1. Customers
The terms “customer” and “subscriber” are used synonymously. The most basic required entity is the customer ID value, which is assigned when the customer account is created. To provision a service, a customer ID must be associated with the service at the time of service creation.
2.3.2. SAPs
Each subscriber service type is configured with at least one SAP. A SAP identifies the customer interface point for a service on a 7210 SAS router (). The SAP configuration requires that slot, MDA, and port information be specified. The slot, MDA, and port parameters must be configured before provisioning a service (refer to the Cards, MDAs, and Ports sections of the 7210 SAS-M, T, R6, R12, Mxp, Sx, S Interface Configuration Guide).
A SAP is a local entity to the router and is uniquely identified by:
- physical Ethernet port
- encapsulation type
- encapsulation identifier (ID)
Depending on the encapsulation, a physical port can have more than one SAP associated with it. SAPs can only be created on ports designated as “access” in the physical port configuration.
The Figure 2 shows SAPs used for customer service delivery, with SDP used for service transport on 7210 SAS devices that support MPLS uplinks (also known as network mode platforms).
Figure 2: SAPs for 7210 SAS Configured in Network Mode
2.3.2.1. SAP Encapsulation Types and Identifiers
The encapsulation type is an access property of a service Ethernet port. The appropriate encapsulation type for the port depends on the requirements to support multiple services on a single port on the associated SAP and the capabilities of the downstream equipment connected to the port. For example, a port can be tagged with IEEE 802.1Q (referred to as dot1q) encapsulation in which each individual tag can be identified with a service. A SAP is created on a specific port by identifying the service with a specific encapsulation ID.
2.3.2.2. Ethernet Encapsulations
The following lists encapsulation service options on Ethernet ports:
- nullSupports a single service on the port. For example, where a single customer with a single service customer edge (CE) device is attached to the port. The encapsulation ID is always 0 (zero).
- dot1qSupports multiple services for one customer or services for multiple customers (Figure 3). The encapsulation ID used to distinguish an individual service is the VLAN ID in the IEEE 802.1Q header. For example, the port is connected to a Ethernet switch with multiple downstream customers.
- QinQThe QinQ encapsulation type adds a IEEE 802.1Q tag to the 802.1Q tagged packets entering the network, to expand the VLAN space by tagging tagged packets, producing a double-tagged frame. The 7210 SAS-R6, and 7210 SAS-R12 support QinQ encapsulation for access ports in network mode.
Figure 3: Multiple SAPs on a Single Port
Figure 3 shows multiple SAPs used for customer service delivery on the same port and belonging to the same service, along with SDP used for service transport on 7210 SAS devices that support MPLS uplinks (also known as network mode platforms). This is supported only in network mode.
2.3.2.3. Services and SAP Encapsulations
Table 5 lists the service and SAP encapsulation information for Ethernet ports.
Table 5: Service and SAP Encapsulation
Port Type | Encapsulation |
Ethernet | null |
Ethernet | Dot1q |
Ethernet | QinQ |
- When a VPLS service with default QinQ SAPs on the ring ports is used for transit traffic in a ring deployment, users can use either G.8032 or M-VPLS with xSTP for ring protection. When using G.8032, the state of the default QinQ SAPs in the VPLS service can be managed using a separate G.8032 control instance.
Note: A G.8032 control instance cannot use default QinQ SAPs.
- MVPLS with xSTP can be used for loop prevention. The default QinQ SAPs inherit the state from the associated MVPLS instance.
2.3.2.4. SAP Configuration Considerations
When configuring a SAP, consider the following:
- A SAP is a local entity and only locally unique to a specific device. The same SAP ID value can be used on another 7210 SAS-series device.
- There are no default SAPs configured on the node. All SAPs in subscriber services must be created.
- The default administrative state for a SAP at creation time is administratively enabled.
- When a SAP is deleted, all configuration parameters for the SAP will also be deleted.
- A SAP is owned by and associated with the service in which it is created in each router.
- A port with a dot1q encapsulation type means the traffic for the SAP is identified based on a specific IEEE 802.1Q VLAN ID value. The VLAN ID is stripped off at SAP ingress and the appropriate VLAN ID placed on at SAP egress. As a result, VLAN IDs only have local significance, so the VLAN IDs for the SAPs for a service need not be the same at each SAP.
- If a port is administratively shutdown, all SAPs on that port will be operationally out of service.
- QinQ access SAPs of type Q1.0 are not supported.
- A SAP cannot be deleted until it has been administratively disabled (shutdown).
- Each SAP can have one each of the following policies assigned:
- Ingress filter policy
- Egress filter policy
- Ingress QoS policy
- Accounting policy
2.3.3. QinQ SAP Configuration Restrictions for 7210 SAS in Network Mode Only
The following are the QinQ access SAP configuration guidelines for 7210 SAS in network mode only.
- Tagged packets received on SAPs configured in a service in which a QinQ SAP is also in use are processed (not applicable when a QinQ SAP is not provisioned in a service).
- When a QinQ SAP is configured in a service, the number of VLAN tags in the packets received on null SAP, dot1q SAP, and QinQ SAP configured in the same service should match the number of VLAN tags implied by the port encapsulation mode. Packets that do not match are dropped by the hardware. That is, packets received with more than two VLAN tags on a QinQ SAP are dropped, packets received with more than one VLAN tag on a dot1q SAP are dropped, and packets received with tags (even packets with a priority tag) on a null SAP are dropped. In this document, such packets are referred to as extra-tag packets.
- When a QinQ SAP is configured in a service, the number of VLAN tags in the packets received on the VC/pseudowire of type VC-VLAN should be exactly one and packets received on the VC/pseudowire of type VC-Ether-should contain no tags (not even priority tags). If either case, packets that contain more VLAN tags than the number specified previously are dropped. In this document, such packets are referred to as extra-tag packets.
- The system will provide a limited number of counters for the extra-tag packets dropped on SAP ingress. These counters are intended for diagnostic use.Table 6 describes the SAP types allowed in a service when QinQ SAP is in use.
Table 6: SAP Types in a Service When QinQ SAP is in Use (Network Mode Operation)
SAP Configured in the Service
SAPs Not Allowed for Configuration in Same Service
QinQ
Q.* SAP, Dot1q default SAP
Q.*
Q1.Q2
Dotq1 default SAP
Q1.Q2
A 0.* QinQ SAP configured in the service will only accept untagged or priority-tagged packets, regardless of whether a QinQ SAP is configured in the service.
| Note: The 7210 SAS supports a mechanism to transport QinQ packets in an Epipe with two or more tags, with some restrictions. For more information, see Ethernet Pipe (Epipe) Services. |
2.3.4. SDPs
An SDP provides a logical way to direct traffic from one router to another through a unidirectional (one-way) service tunnel. The SDP terminates at the far-end router, which directs packets to the correct service egress SAPs on that router. A distributed service consists of a configuration with at least one SAP on a local node, one SAP on a remote node, and an SDP that binds the service to the service tunnel.
An SDP has the following characteristics:
- An SDP is locally unique to a participating router. The same SDP ID can appear on other 7210 SAS-series routers.
- An SDP uses the system IP address to identify the far-end edge router.
- An SDP is not specific to any one service or any type of service. When an SDP is created, services are bound to the SDP. An SDP can also have more than one service type associated with it.
- All services mapped to an SDP use the same transport encapsulation type defined for the SDP.
- An SDP is a management entity. Even though the SDP configuration and the services carried within are independent, they are related objects. Operations on the SDP affect all the services associated with the SDP. For example, the operational and administrative state of an SDP controls the state of services bound to the SDP.
An SDP from the local router to a far-end router requires a return path SDP from the far-end router back to the local router. Each device must have an SDP defined for every remote router to which it needs to provide service. SDPs must be created first, before a distributed service can be configured.
2.3.4.1. SDP Binding
To configure a distributed service from ALA-A to ALA-B, the SDP ID (1) must be specified in the service creation process to bind the service to the tunnel (the SDP). Otherwise, service traffic is not directed to a far-end point and the far-end devices cannot participate in the service (there is no service). To configure a distributed service from ALA-B to ALA-A, the SDP ID (5) must be specified.
Figure 4 shows MPLS service distribution point pointing from ALA-A to ALA-B.
Figure 4: MPLS SDP Pointing From ALA-A to ALA-B
2.3.4.2. Spoke and Mesh SDPs
When an SDP is bound to a service, it is bound as either a spoke-SDP or a mesh SDP. The type of SDP indicates how flooded traffic is transmitted.
A spoke-SDP is treated like the equivalent of a traditional bridge “port” where flooded traffic received on the spoke-SDP is replicated on all other “ports” and not transmitted on the port it was received.
All mesh SDPs bound to a service are logically treated like a single bridge “port” for flooded traffic where flooded traffic received on any mesh SDP on the service is replicated to other “ports” (spoke-SDPs and SAPs) and not transmitted on any mesh SDPs.
2.3.4.3. SDP Using BGP Route Tunnel
SDPs are enhanced to use BGP route tunnel to extend inter-AS support for Layer 2 and Layer 3 VPN services. An SDP can be configured to use the MPLS transport method. MPLS SDP support is enhanced to allow a BGP route tunnel to reach the far-end PE. A single method of tunneling is allowed per SDP (for example, LDP, RSVP-TE LSP, or BGP route tunnel). The BGP route tunnel method is excluded if multi-mode transport is enabled for an SDP.
A single method of tunneling is allowed per SDP (for example, LDP, RSVP-TE LSP or BGP route tunnel). BGP route tunnel method is excluded if multimode transport is enabled for an SDP.
For inter-AS far-end PE, the next-hop for the BGP route tunnel must be one of the local ASBRs. The LSP type selected to reach the local ASBR (BGP labeled route next-hop) must be configured under the BGP global context. LDP must be supported to provide a transport LSP to reach the BGP route tunnel next-hop.
Only BGP route labels can be used to transition from an ASBR to the next-hop ASBR. The global BGP route tunnel transport configuration option must be entered to select an LSP to reach the PE node from the ASBR node. On the last BGP segment, both BGP+LDP and LDP routes may be available to reach the far-end PE from the ASBR node. An LDP LSP must be preferred due to higher protocol priority. This leads to just one label, besides other labels in the stack, to identify the VC/VPN at far-end PE nodes.
2.3.4.4. SDP Keepalives
SDP keepalives actively monitor the SDP operational state using periodic SDP ping echo request and echo reply messages. Nokia SDP ping is a part of the suite of service diagnostics built on a Nokia service-level OA&M protocol. When SDP ping is used in the SDP keepalive application, the SDP echo request and echo reply messages are a mechanism for exchanging far-end SDP status.
Configuring SDP keepalives on a specific SDP is optional. SDP keepalives for a particular SDP have the following configurable parameters:
- admin up/admin down state
- hello time
- message length
- max drop count
- hold down time
SDP keepalive echo request messages are only sent when the SDP is completely configured and administratively up and SDP keepalives are administratively up. If the SDP is administratively down, keepalives for the SDP are disabled.
SDP keepalive echo request messages are sent out periodically, based on the configured Hello Time. An optional message length for the echo request can be configured. If max drop count echo request messages do not receive an echo reply, the SDP will immediately be brought operationally down.
If a keepalive response is received that indicates an error condition, the SDP will immediately be brought operationally down.
When a response is received that indicates the error has cleared and the hold down time interval has expired, the SDP will be eligible to be put into the operationally up state. If no other condition prevents the operational change, the SDP will enter the operationally up state.
For information about configuring keepalive parameters, see Configuring an SDP.
2.3.4.5. SDP Administrative Groups
This feature provides the support of SDP administrative groups, referred to as SDP admin groups. SDP admin groups provide a way for services using a PW template to automatically include or exclude specific provisioned SDPs. SDPs sharing a specific characteristic or attribute can be made members of the same admin group.
The user first creates the admin groups that are to be used by SDPs on this node:
config>service>sdp-group>group-name group-name value group-value create
A maximum of 32 admin groups can be created. The no option is only allowed if the group name is not referenced in a PW template or SDP.
The group value ranges from zero (0) to 31. It is uniquely associated with the group name at creation time. If the user attempts to configure another group name for a group value that is already assigned to an existing group name, the SDP admin group creation is failed. The same happens if the user attempts to configure an SDP admin group with a new name but associates it to a group value already assigned to an existing group name.
Next, the user configures the SDP membership in admin groups:
config>service>sdp>sdp-group group-name
The user can enter a maximum of one (1) admin group name at once. The user can execute the command multiple times to add membership to more than one admin group. The admin group name must have been configured or the command fails. Admin groups are supported on an SDP of type MPLS (BGP/RSVP/LDP). They are also supported on an SDP with the mixed-lsp-mode option enabled.
The user then selects which admin groups to include or exclude in a specific PW template:
config>service>pw-template>sdp-include group-name
config>service>pw-template>sdp-exclude group-name
The admin group name must have been configured or the command is failed. The user can execute the command multiple times to include or exclude more than one admin group. The sdp-include and sdp-exclude commands can only be used with the use-provisioned-sdp option. If the same group name is included and excluded within the same PW template, only the exclude option will be enforced.
Any changes made to the admin group sdp-include and sdp-exclude constraints will only be reflected in existing spoke-SDPs after the following command has been executed:
tools>perform>service>eval-pw-template>allow-service-impact
When the service is bound to the PW template, the SDP selection rules will enforce the admin group constraints specified in the sdp-include and sdp-exclude commands.
config>service>vpls>bgp>pw-template-binding policy-id
config>service>epipe>spoke-sdp-fec>pw-template-bind policy-id
The group value is used to uniquely identify an SDP admin group throughout the network in the 5620 SAM. The node will send both the group name and value to 5620 SAM, or other SNMP device, at the creation of the SDP admin group. In all other operations in the node, such as adding an SDP to an admin group or including/excluding an SDP admin group in a service context, only the group name is sent to the 5620 SAM or the SNMP device.
SDP admin groups can be enabled on all 7210 services that make use of the PW template (that is, BGP-AD VPLS service, BGP-VPLS service, BGP-VPWS and FEC129 VLL service).
2.3.4.6. Mixed-LSP Mode of Operation
The mixed-LSP mode of operation allows for a maximum of two LSP types to be configured within an SDP; a primary LSP type and a backup LSP type. An RSVP primary LSP type can be backed up by an LDP LSP type.
An LDP LSP can be configured as a primary LSP type, which can then be backed up by a BGP LSP type.
At any specific time, the service manager programs only one type of LSP in the line card, which will activate it to forward service packets according to the following priority order:
- RSVP LSP type: one RSVP LSP can be configured per SDP. This is the highest priority LSP type.
- LDP LSP type: one LDP FEC will be used per SDP. The 7210 SAS does not support LDP ECMP.
- BGP LSP type: one RFC 3107-labeled BGP prefix programmed by the service manager.
In the case of the RSVP/LDP SDP, the service manager will program the NHLFEs for the active LSP type, preferring the RSVP LSP type over the LDP LSP type. If no RSVP LSP is configured or all configured RSVP LSPs go down, the service manager will reprogram the line-card with the LDP LSP, if available. If not, the SDP goes operationally down.
When a higher priority LSP type becomes available, the service manager reverts back to this LSP at the expiry of the revert-time timer or the failure of the currently active LSP, whichever comes first. The service manager then reprograms the line card accordingly. If the infinite value is configured, then the SDP reverts to the highest priority LSP type only if the currently active LSP failed.
| Note: LDP uses a tunnel down damp timer which is set to three seconds by default. When the LDP LSP fails, the SDP will revert to the RSVP LSP type after the expiry of this timer. For an immediate switchover this timer must be set to zero. Use the configure>router>ldp>tunnel-down-damp-time command. For more information, refer to the 7210 SAS-M, T, R6, R12, Mxp, Sx, S MPLS Guide. |
If the value of the revert-time timer is changed, it will take effect only at the next use of the timer. Any timer which is outstanding at the time of the change will be restarted with the new value.
In the case of the LDP/BGP SDP, the service manager will prefer the LDP LSP type over the BGP LSP type. The service manager will reprogram the line card with the BGP LSP, if available; otherwise, it brings down the SDP operationally.
| Note: The following are differences in behavior of the LDP/BGP SDP compared to that of an RSVP/LDP SDP.
|
2.3.4.7. G.8032 Ethernet Ring Protection Switching
Ethernet ring protection switching (Eth-ring) provides ITU-T G.8032 specification compliance to achieve resiliency for Ethernet Layer 2 networks. Similar to G.8031 linear protection (also called Automatic Protection Switching (APS)), G.8032 Eth-ring is implemented on Ethernet OAM and often referred to as Ring Automatic Protection Switching (R-APS).
Eth-rings are supported on VPLS SAPs. VPLS services supporting Rings SAPs can connect to other rings and Ethernet service using VPLS, and R-VPLS SAPs. The Eth-ring service enables rings for core network or access network resiliency. A single point of interconnection to other services is supported. The Eth-ring service is a VLAN service providing protection for ring topologies and the ability to interact with other protection mechanisms for overall service protection. This ensures failures detected by Eth-ring only result in R-APS switchover when the lower layer cannot recover, and that higher layers are isolated from the failure.
Rings are preferred in data networks where the native connectivity is laid out in a ring or there is a requirement for simple resilient LAN services. Due to the symmetry and the simple topology, rings are viewed a good solution for access and core networks where resilient LANS are required. The Nokia implementation of G.8032 Eth-ring can be used for interconnecting access rings and to provide traffic engineered backbone rings. The 7210 SAS implementation of G.8032 Eth-ring supports dual interconnected rings with sub-rings.
Eth-rings use one VID per control per ring instance and use one (typically) or multiple VIDs for data instances per control instance. A dedicated control VLAN (ERP VLAN) is used to run the protocol on the control VID. G.8032 controls the active state for the data VLANs (ring data instances) associated with a control instance. Multiple control instances allow logically separate rings on the same topology. The Nokia implementation supports dot1q, and QinQ encapsulation for data ring instances. The control channel supports dot1q and QinQ encapsulation.
2.3.5. SAP and Service Scaling with High SAP Scale Mode
In Layer 2 access networks that are used to backhaul service traffic from business services, mobile backhaul, and residential services, the 7210 SAS-R6 and 7210 SAS-R12 act as a Layer 2 carrier Ethernet switching platform with VLAN-based Layer 2 uplinks. To perform this role, the 7210 SAS-R6 and 7210 SAS-R12 must support a mode that is similar to the access-uplink operating mode available on 7210 SAS-M, with higher SAP and service scaling. To do so, the 7210 SAS-R6 and 7210 SAS-R12 use the SAP scale mode and port-based access ingress policies.
Figure 5 shows the use of Layer 2 uplinks in a Layer 2 access network.
Figure 5: Using Layer 2 Uplinks in a Layer 2 Network
The SAP scale mode is configured using the configure>system>global-res-profile>sap-scale-mode {high | low} command. By default, the low option is configured for low SAP scale mode, which provides backward compatibility. The user can configure the high option to use high SAP scale mode, which allows the configuration of a higher number of services and SAPs. Before changing the sap-scale-mode value, the user must perform the following tasks.
- Remove all service and SAP configurations.
- Change the value of sap-scale-mode and enable per-port egress queuing using the configure>system>global-res-profile>qos>port-scheduler-mode command.
- Reboot the node.
- Reconfigure all SAPs and services as required.
In high SAP scale mode, the system supports higher SAP and service scaling for Epipe/VLL and VPLS services only. SAP and service scaling for IES, VPRN, and R-VPLS services remain unchanged.
QoS policies support port-based access ingress policies on access ports to facilitate the use of access ports as Layer 2 uplinks. With the use of ports as Layer 2 uplinks, the user can apply a single port-based access ingress policy at ingress of an access port, instead of using per-SAP ingress policies. This allows a single policy definition to be used to classify and rate-limit all traffic received over access ports used as Layer 2 uplinks (similar to a network port-based policy applied to network ports used as uplinks) instead of using per SAP ingress policies. Resources must be allocated using the configure>system>resource-profile command to use access ingress QoS policies on an access port.
In addition, only the following QoS policies can be used in the high SAP scale mode to achieve a higher scale:
- access port-based egress queuing and shaping on all ports, including service delivery ports and uplinks
- access port-based ingress classification and policing on uplinks
- Epipe and VPLS SAPs using access port ingress QoS policies (instead of per-SAP ingress policies) on service delivery ports for higher SAP scale
- IES and VPRN SAPs using table-based classification or CAM-based classification
- R-VPLS SAPs using CAM-based classification and policing
The following SAP configuration restrictions apply to the high SAP scale mode; see SAPs for additional SAP configuration guidelines.
- If an R-VPLS Q1.* SAP is configured, SAPs (Q1.Q2 SAP) with a matching Q1 tag cannot be configured in other VPLS, Epipe, IES, and VPRN services on the same port.
- If a VPLS Q1.* SAP enabled with DHCP snooping is configured, SAPs (Q1.Q2 SAP) with a matching Q1 tag cannot be configured in other VPLS, Epipe, IES, and VPRN services on the same port. They can use other values for the Q1 tag. The reverse is also true.
- The dot1p default SAP cannot be configured in R-VPLS services; it is only supported in Epipe, VPLS, IES, and VPRN services.
2.3.5.1. Guidelines for Configuring High SAP Scale Mode
Perform the following steps to change the sap-scale-mode low to the sap-scale-mode high configuration.
- Delete all SAPs.
- Configure the config>system>global-res-profile>qos>port-scheduler-mode command.
- Configure the sap-scale-mode command to use the high option.
- Save the configuration and reboot the node.
2.3.5.2. Guidelines for Configuring Low SAP Scale Mode
Perform the following steps to change the sap-scale-mode high to the sap-scale-mode low configuration.
- Delete all SAPs.
- If the access ingress QoS policy has attachments, reset the policy.
- If the access-ingress-qos-mode command is set to port-mode, configure the command to use the sap-mode option.
- Configure the sap-scale-mode command to use the low option.
- Save the configuration and reboot the node.
2.3.6. Overview of G.8032 Operation
R-APS messages that carry the G.8032 protocol are sent on a dedicated protocol VLAN called ERP VLAN (or ring control instance). In a revertive case, G.8032 protocol ensures that one Ring Protection Link (RPL) owner blocks the RPL link. R-APS messages are periodically sent around in both directions to inform other nodes in the ring about the blocked port in the RPL owner node. In non-revertive mode, any link may be the RPL link.Y.1731 Ethernet OAM CC is the basis of the R-APS messages.
Y.1731 CC messages are typically used by nodes in the ring to monitor the health of each link in the ring in both directions. However, CC messages are not mandatory. Other link layer mechanisms could be considered; for example, LOS (Loss of Signal) when the nodes are directly connected.
Initially, each Ring Node blocks one of its links and notifies other nodes in the ring about the blocked link. When a ring node in the ring learns that another link is blocked, the node unblocks its blocked link, possibly causing FDB flush in all links of the ring for the affected service VLANs, controlled by the ring control instance. This procedure results in unblocking all links except the one link and the ring normal (or idle) state is reached.
In revertive mode, the RPL link will be the link that is blocked when all links are operable after the revert time. In non-revertive mode, the RPL link is no different from other ring links. Revertive mode provides predictability, particularly when there are multiple ring instances, and the operator can control which links are blocked on the different instances. Each time that there is a topology change that affects Reachability, the nodes may flush the FDB and MAC learning takes place for the affected service VLANs, allowing forwarding of packets to continue. Figure 6 shows this initial operational state.
Figure 6: G.8032 Ring in the Initial State
When a ring failure occurs, a node detecting the failure (enabled by Y.1731 OAM CC monitoring) sends R-APS message in both directions. This allows the nodes at both ends of the failed link to block forwarding to the failed link, preventing it from becoming active. In revertive mode, the RPL owner then unblocks the previously blocked RPL and triggers an FDB flush for all nodes for the affected service instances. The ring is now in protecting state and full ring connectivity is restored. MAC learning takes place to allow Layer 2 packet forwarding on a ring. Figure 7 shows the failed link scenario.
Figure 7: 0 to 1 G.8032 Ring in the Protecting State
When the failed link recovers, the nodes that blocked the link again send the R-APS messages indicating no failure this time. This causes the RPL owner to block the RPL link and indicate the blocked RPL link to the ring in R-APS message, when received by the nodes at the recovered link, they unblock that link and restore connectivity (again all nodes in the ring perform an FDB flush and MAC learning takes place). The ring is back in the normal (or idle) state.
Within each path, Y.1731 Maintenance Entity Group (MEG) Endpoints (MEPs) are used to exchange R-APS specific information (specifically to coordinate switchovers) as well as optionally fast Continuity Check Messages (CCMs), providing an inherent failure detection mechanism as part of the protocol. Failure detection of a ring path by one of the mechanisms activates the protection links. Upon failure, reconvergence times are dependent on the failure detection mechanisms.
In the case of Y.1731, the CCM transmit interval determines the response time. The 7210 SAS device supports 100 ms message timers that allow for quicker restoration times. Alternatively, 802.3ah (Ethernet in the First Mile) or LOS can trigger a protection switch where appropriate. In the case of direct connectivity between the nodes, there is no need to use Ethernet CC messaging for liveliness detection.
Revertive and non-revertive behaviors are supported. The RPL is configured and Eth-rings can be configured to revert to the RPL upon recovery.
G.8032 supports multiple data channels (VIDs) or instances per ring control instance (R-APS tag). G.8032 also supports multiple control instances such that each instance can support RPLs on different links, providing for a load balancing capability. However, when services have been assigned to one instance, the rest of the services that need to be interconnected with those services must be on the same instance. That is, each data instance is a separate data VLAN on the same physical topology. When there is any one link failure or any one node failure in the ring, G.8032 protocols are capable of restoring traffic between all remaining nodes in these data instances.
There is no limit on the number of control channels on a port.
Ethernet R-APS can be configured on any port configured for access mode using dot1q, QinQ encapsulation, enabling support for Ethernet R-APS protected services on the service edge toward the customer site, or within the Ethernet backbone. ELINE and ELAN services can be provided Ethernet R-APS protection and, although the Ethernet ring providing the protection uses a ring for protection, the services are configured independent of the ring properties. The intent of this is to cause minimum disruption to the service during Ethernet R-APS failure detection and recovery.
In the 7210 SAS implementation, the Ethernet ring is built from a VPLS service on each node with VPLS SAPs that provides ring path with SAPs. As a result, most of the VPLS SAP features are available on Ethernet rings, if needed. This results in a fairly feature-rich ring service.
The control tag defined under each eth-ring is used for encapsulating and forwarding the CCMs and the G.8032 messages used for the protection function. If a failure of a link or node affects an active Ethernet ring segment, the services will fail to receive the CC messages exchanged on that segment or will receive a fault indication from the Link Layer OAM module.
For failure detection using CCMs, three CC messages plus a configurable hold-off timer must be missed for a fault to be declared on the associated path. The latter mechanism is required to accommodate the existence of an additional 50 ms resiliency mechanism in the optical layer. After it receives the fault indication, the protection module will declare the associated ring link down and the G.8032 state machine will send the appropriate messages to open the RPL and flush the learned addresses.
Flushing is triggered by the G.8032 state machine and the 7210 SAS implementation allows flooding of traffic during the flushing interval to expedite traffic recovery.
2.3.7. Ethernet Ring Sub-rings
Ethernet sub-rings offer a dual redundant way to interconnect rings. The 7210 SAS supports sub-rings connected to major rings, and a sub-ring connected to a VPLS (LDP based) for access ring support in VPLS networks. Figure 8 shows a major ring and sub-ring scenario, and Figure 9 shows a G.8032 sub-ring. In this scenario, any link can fail in either ring (ERP1 or ERP2) and each ring is protected. Also, the sub-ring (ERP2) relies on the major ring (ERP1) as part of its protection for the traffic from C and D. The nodes C and D are configured as interconnection nodes.
Figure 8: Major Ring and Sub-ring Scenario
Figure 9: 0 to 4 G.8032 Sub-ring
Sub-rings and major rings run similar state machines for the ring logic; however, there are some differences. When sub-rings protect a link, the flush messages are propagated to the major ring. (A special configuration allows control of this option on the 7210 SAS.) When major rings change topology, the flush is propagated around the major ring and does not continue to any sub-rings. The reason for this is that major rings are completely connected but sub-rings are dependent on another ring or network for full connectivity. The topology changes need to be propagated to the other ring or network usually. Sub-rings offer the same capabilities as major rings in terms of control and data so that all link resources may be used.
2.3.7.1. Virtual and Non-virtual Channel
The following is a sample sub-ring using virtual-link configuration output on Node C, interconnecting node.
2.3.7.2. Ethernet Ring Sub-ring Using Non-virtual Link
Figure 10 shows 0 to 6 homed to VPLS.
Figure 10: 0 to 6 Sub-ring Homed to VPLS
| Note: In this solution, the 7210 SAS nodes can only be the ring nodes. It cannot be used as the interconnection PE nodes. |
The following is a sample sub-ring using non-virtual link configuration output on PE1, interconnecting node.
All the sub ring nodes part of a sub-ring with non-virtual link should be configured with the “sub-ring non-virtual-link” option.
The following is a sample sub-ring using non-virtual link configuration output homed to a major ring.
2.3.8. Support for Hardware-based 100ms CCM Timers for G.8032 MEPs
On the 7210 SAS-R6 and 7210 SAS-R12, the user must reserve a VLAN-ID for use with only G.8032 MEPs which uses the hardware for CCM processing. No data services or control SAPs can use this VLAN-ID. The CLI command description used to reserve the VLAN-ID is available in the 7210 SAS-M, T, R6, R12, Mxp, Sx, S Interface Configuration Guide.
When using hardware CCMs, a limited amount of control instances is supported per port. Multiple data services/instances can be associated with each of these control instances.
The following is a sample configuration output with the control-sap-tag command.
2.3.8.1. Configuration Guidelines for 7210 SAS-R6 and 7210 SAS-R12
The user needs to reserve VLANs using the system resource-profile command 'g8032-control-sap-tags'. A maximum of up to 4 VLANs needs to be reserved per line card. These VLANs will be used to internally identify G.8032 CCM messages and R-APS messages. These VLANs cannot be used on any of the ports of the IMM, that is, SAPs cannot be configured with VLAN tag value matching any of the configured VLAN tags using this command.
2.3.8.2. LAG Support
The 7210 SAS does not support G.8032 Ethernet rings on LAGs.
2.3.9. OAM Considerations
Ethernet CFM can be enabled on each individual path under an Ethernet ring. Only Down MEPs can be configured on each of them and CCM sessions can be enabled to monitor the liveliness of the path using an interval of 100 ms. Different CCM intervals can be supported on path A and path B in an Ethernet ring. CFM is optional if hardware supports LOS, for example.
Service Down MEPs cannot be configured on the same port as the G.8032 ring ports.
2.3.10. QoS Considerations
When Ethernet ring is configured on two ports located on different IOMs, the SAP queues and virtual schedulers will be created with the actual parameters on each IOM.
Ethernet ring CC messages transmitted over the SAP queues using the default egress QoS policy will use NC (network class) as a forwarding class. If user traffic is assigned to the NC forwarding class, it will compete for the same bandwidth resources with the Ethernet CCMs. Because CCM loss could lead to unnecessary switching of the Ethernet ring, congestion of the queues associated with the NC traffic should be avoided. The operator must configure different QoS policies to avoid congestion for the CCM forwarding class by controlling the amount of traffic assigned into the corresponding queue.
More information about the Ethernet ring applicability in the services solution, refer to the respective Layer 2 sections of the 7210 SAS-R6, R12 Services Guide.
2.3.11. Support Service and Solution Combinations
Ethernet rings are a supported Layer 2 service. The following considerations apply:
- Only ports in access mode can be configured as eth-ring paths.
- Dot1q and QinQ ports are supported as eth-ring path members.
- A mix of regular and multiple eth-ring SAPs and PWs can be configured in the same services.
2.3.12. Configuration Guidelines for G.8032
The following are the configuration guidelines for G.8032:
- Service level MEPs are not available on all SAPs tied to an Eth-ring instance on a port.
- On 7210 SAS-R6 and 7210 SAS-R12 with IMMv2 (that is, IMM-sas-r-b), to improve the service failover time due to failures in the ring path, fast flood is enabled by default only for VPLS services (and not for R-VPLS services). On a failure detection in one of the paths of the eth-ring, along with MAC flush the system starts to flood the traffic onto the available path. No explicit user configuration is needed for this and it does not need resources to be allocated from the ingress internal TCAM pool. When G8032 is enabled for R-VPLS services to enable fast-flood, user needs to explicitly assign resources from the ‘sf-ingress-internal-tcam’ pool using the global system resource profile commands.
- G.8032 instances cannot be configured over a LAG.
- On 7210 SAS-R6 and 7210 SAS-R12, user can enable G.8032 fast-flood by allocating resources to this feature using the command configure> system> global-system-profile> sf-ingress-internal-tcam> g8032-fast-flood.
2.4. Service Creation Process Overview
Figure 11 shows the overall process to provision core and subscriber services.
Figure 11: Service Creation and Implementation Flow
2.5. Deploying and Provisioning Services
The service model provides a logical and uniform way of constructing connectivity services. The basic steps for deploying and provisioning services can be broken down into three phases:
2.5.1. Phase 1: Core Network Construction
Before the services are provisioned, the following tasks should be completed:
- Build the IP or IP/MPLS core network.
- Configure routing protocols.
- Configure MPLS LSPs (if MPLS is used).
2.5.2. Phase 2: Service Administration
Perform preliminary policy configurations to control traffic flow, operator access, and to manage fault conditions and alarm messages. The following tasks should be completed:
- Configure group and user access privileges.
- Build templates for QoS, filter and/or accounting policies needed to support the core services.
2.5.3. Phase 3: Service Provisioning
For service provisioning, the following tasks should be completed:
- Provision customer account information.
- If necessary, build any customer-specific QoS, filter, or accounting policies.
- Provision the customer services on the service edge routers by defining SAPs, and binding policies to the SAPs.
2.6. Configuration Notes
This section describes service configuration caveats.
2.6.1. General
Service provisioning tasks can be logically separated into two main functional areas, core tasks and subscriber tasks, and are typically performed before provisioning a subscriber service.
Core tasks include the following:
- Create customer accounts.
- Create template QoS, filter, scheduler, and accounting policies.
Subscriber services tasks include the following:
- Create Epipe and VPLS services.
- Create a VPRN service (supported only when operating in network mode).
- Bind SDPs
- Configure interfaces (where required) and SAPs.
- Create exclusive QoS and filter policies.