Configuring Ethernet CFM for the Cisco ASR 1000 Router
IEEE Connectivity Fault Management (CFM) is an end-to-end per-service Ethernet layer Operations, Administration, and Maintenance (OAM) protocol. CFM includes proactive connectivity monitoring, fault verification, and fault isolation for large Ethernet metropolitan-area networks (MANs) and WANs.
This document describes the implementation of IEEE 802.1ag Standard-Compliant CFM (IEEE CFM) and Y.1731 in Cisco IOS XE software for the Cisco ASR 1000 Series Aggregation Services Router. Y.1731 is an ITU-T recommendation for OAM functions in Ethernet-based networks. IEEE CFM and Y.1731 together will be called “Ethernet CFM” throughout this document.
Your software release
may not support all the features documented in this module. For the latest
caveats and feature information, see
Bug Search Tool and the
release notes for your platform and software release. To find information about
the features documented in this module, and to see a list of the releases in
which each feature is supported, see the feature information table.
Use Cisco Feature
Navigator to find information about platform support and Cisco software image
support. To access Cisco Feature Navigator, go to
An account on Cisco.com is not required.
Prerequisites for Configuring
Ethernet CFM for the Cisco ASR 1000 Router
topology and network administration have been evaluated.
service policies have been established.
with CFM domain must be configured with the L2VFI interface command
configuring CFM over L2VFI ensure EVC and Bridge Domain are configured.
under L2VFI must be configured prior to configuring CFM MEP
Restrictions for Configuring
Ethernet CFM for the Cisco ASR 1000 Router
Ethernet CFM on
the Cisco ASR 1000 Series Aggregation Services Router is not compatible with
Locked Signal (ETH-LCK) and Test Signal (ETH-Test) are not
Link Trace (ETH-LTM/ETH-LTR) over L2VFI is not supported.
Configuring MIP/MEP under L2VFI is not supported.
For Connectivity Performance Management functionalities, only
single-ended delay (ETH-DM) is supported.
Information About Configuring Ethernet CFM for the Cisco ASR 1000 Router
IEEE CFM is an end-to-end per-service Ethernet layer OAM protocol that includes proactive connectivity monitoring, fault verification, and fault isolation. End to end can be provider edge to provider edge (PE to PE) or customer edge to customer edge (CE to CE).
Ethernet CFM is distinct from other metro-Ethernet OAM protocols by being an end-to-end technology. For example, Multiprotocol Label Switching (MPLS), ATM, and SONET OAM help in debugging Ethernet wires but are not always end to end. 802.3ah OAM is a single-hop and per-physical-wire protocol. It is not end to end or service aware. Ethernet Local Management Interface (E-LMI) is confined between the user-end provider edge (uPE) and CE and relies on CFM for reporting status of the metro-Ethernet network to the CE.
The benefits of Ethernet CFM are:
End-to-end service-level OAM technology
Reduced operating expense for service provider Ethernet networks
Reduced operating expense for service provider Ethernet networks
Competitive advantage for service providers
An MA identifies a service that can be uniquely identified within a maintenance domain. There can be many MAs within a domain. The MA direction is specified when the MA is configured. The short MA name must be configured on a domain before MEPs can be configured.
The CFM protocol runs for a specific MA.
A maintenance domain is a management space for the purpose of managing and administering a network. A domain is owned and operated by a single entity and defined by the set of ports internal to it and at its boundary. The figure below illustrates a typical maintenance domain.
Figure 1. A Typical Maintenance Domain
A unique maintenance level in the range of 0 to 7 is assigned to each domain by a network administrator. Levels and domain names are useful for defining the hierarchical relationship among domains. The hierarchical relationship of domains parallels that of customer, service provider, and operator. The larger the domain, the higher the level value. For example, a customer domain would be larger than an operator domain. The customer domain may have a maintenance level of 7 and the operator domain may have a maintenance level of 0. Typically, operators would have the smallest domains and customers the largest domains, with service provider domains between them in size. All levels of the hierarchy must operate together.
Domains should not intersect because intersecting would mean management by more than one entity, which is not allowed. Domains may nest or touch but when two domains nest, the outer domain must have a higher maintenance level than the domain nested within it. Nesting maintenance domains is useful in the business model where a service provider contracts with one or more operators to provide Ethernet service to a customer. Each operator would have its own maintenance domain and the service provider would define its domain--a superset of the operator domains. Furthermore, the customer has its own end-to-end domain, which is in turn a superset of the service provider domain. Maintenance levels of various nesting domains should be communicated among the administering organizations. For example, one management approach would be to have the service provider assign maintenance levels to operators.
Ethernet CFM exchanges messages and performs operations on a per-domain basis. For example, running CFM at the operator level does not allow discovery of the network by the higher provider and customer levels.
The following characteristics of domains are supported:
Name is a maximum of 154 characters in length.
Direction is specified when the MA is configured.
Down (toward the wire) MEPs.
A domain can be removed when all maintenance points within the domain have been removed and all remote MEP entries in the continuity check database (CCDB) for the domain have been purged.
The figure below illustrates service provider and customer domains and where the Cisco ASR 1000 router is in the network.
Figure 2. Service Provider and Customer Domains
A maintenance point (MIP) is a demarcation point on an interface or port that participates in Connectivity Fault Management (CFM) within a maintenance domain. Maintenance points on device ports act as filters that confine CFM frames within the bounds of a domain by dropping frames that do not belong to the correct level. Maintenance points must be explicitly configured on Cisco devices. Two classes of maintenance points exist, maintenance end points (MEPs) and MIPs. Support for MIPs varies by Cisco release.
Maintenance association endpoints (MEPs) reside at the edge of a maintenance domain and confine Ethernet Connectivity Fault Management (CFM) messages within the domain via the maintenance domain level. MEPs periodically transmit and receive continuity check messages (CCMs) from other MEPs within the domain. At the request of an administrator, linktrace and loopback messages can also be transmitted. MEPs are either “Up” (toward the bridge) or “Down” (toward the wire). Support for Up MEPs varies by Cisco release.
continuity-checkstaticrmep command is configured on a port MEP and continuity checking does not detect a removed MEP, the port is set to MAC operation down and the interface protocol is set to down. Normal traffic is stopped because the line protocol is down, but CFM packets still pass.
MEP configurations can be removed after all pending loopback and traceroute replies are removed and the service on the interface is set to transparent mode.
Down MEPs for Routed Ports
Down MEPs communicate through the wire.
Down MEPs use the port MAC address.
A Down MEP performs the following functions:
Sends and receives Ethernet CFM frames at its level via the wire connected to the port where the MEP is configured.
Processes all Ethernet CFM frames at its level coming from the direction of the wire.
Drops all Ethernet CFM frames at a lower level coming from the direction of the wire.
Transparently drops all Ethernet CFM frames at a higher level, independent of whether they came in from the bridge or wire.
Ethernet CFM Messages
Ethernet CFM uses
standard Ethernet frames. Ethernet CFM frames are distinguishable by EtherType
and for multicast messages by MAC address. Ethernet CFM frames are sourced,
terminated, processed, and relayed by bridges. Routers can support only limited
Ethernet CFM functions.
Bridges that cannot
interpret Ethernet CFM messages forward them as normal data frames. All
Ethernet CFM messages are confined to a maintenance domain and to an MA. Three
types of messages are supported:
continuity check messages (CCMs) are multicast heartbeat messages exchanged
periodically among MEPs. They allow MEPs to discover other MEPs within a
domain. CCMs are confined to a domain.
CFM CCMs have the
a periodic interval by MEPs. The minimum interval is
remote MEPs at the same maintenance level.
and do not solicit a response.
status of the interface on which the MEP is configured.
linktrace messages (LTMs) are multicast frames that a MEP transmits, at the
request of an administrator, to track the path (hop-by-hop) to a destination
MEP. They are similar to Layer 3 traceroute messages. LTMs allow the
transmitting node to discover vital connectivity data about the path. LTMs are
intercepted by maintenance points along the path and processed, transmitted, or
dropped. At each hop where there is a maintenance point at the same level, a
linktrace message reply (LTR) is transmitted back to the originating MEP. For
each visible MIP, linktrace messages indicate ingress action, relay action, and
include the destination MAC address, VLAN, and maintenance domain and they have
Time To Live (TTL) to limit propagation within the network. They can be
generated on demand using the CLI. LTMs are multicast and LTRs are unicast.
loopback messages (LBMs) are unicast frames that a MEP transmits, at the
request of an administrator, to verify connectivity to a particular maintenance
point. A reply to a loopback message (LBR) indicates whether a destination is
reachable but does not allow hop-by-hop discovery of the path. A loopback
message is similar in concept to an Internet Control Message Protocol (ICMP)
Echo (ping) message.
Because LBMs are
unicast, they are forwarded like normal data frames except with the maintenance
level restriction. If the outgoing port is known in the bridge’s forwarding
database and allows Ethernet CFM frames at the message’s maintenance level to
pass through, the frame is sent out on that port. If the outgoing port is
unknown, the message is broadcast on all ports in that domain.
An Ethernet CFM LBM
can be generated on demand using the CLI. The source of a loopback message must
be a MEP. Both Ethernet CFM LBMs and LBRs are unicast, and LBMs specify the
destination MAC address or MEP identifier (MPID), VLAN, and maintenance domain.
The cross-check function is a timer-driven postprovisioning service verification between dynamically discovered MEPs (via continuity check messages CCMs)) and expected MEPs (via configuration) for a service. The cross-check function verifies that all endpoints of a multipoint or point-to-point service are operational. The function supports notifications when the service is operational; otherwise it provides alarms and notifications for unexpected or missing endpoints.
The cross-check function is performed one time. You must initiate the cross-check function from the CLI every time you want a service verification.
The support provided by the Cisco IOS XE software implementation of Ethernet CFM traps is Cisco proprietary information. MEPs generate two types of Simple Network Management Protocol (SNMP) traps, continuity check (CC) traps and cross-check traps.
MEP up--Sent when a new MEP is discovered, the status of a remote port changes, or connectivity from a previously discovered MEP is restored after interruption.
MEP down--Sent when a timeout or last gasp event occurs.
Cross-connect--Sent when a service ID does not match the VLAN.
Loop--Sent when a MEP receives its own CCMs.
Configuration error--Sent when a MEP receives a continuity check with an overlapping MPID.
Service up--Sent when all expected remote MEPs are up in time.
MEP missing--Sent when an expected MEP is down.
Unknown MEP--Sent when a CCM is received from an unexpected MEP.
HA Feature Support in Ethernet CFM
In access and service provider networks using Ethernet technology, High availability (HA) is a requirement. End-to-end connectivity status information is critical and must be maintained on a hot standby Route Processor (RP).
A hot standby RP has the same software image as the active RP and supports synchronization of line card, protocol, and application state information between RPs for supported features and protocols.
End-to-end connectivity status is maintained on the CE, PE, and access aggregation PE (uPE) network nodes based on information received by protocols such as Ethernet local management interface (LMI) and CFM, and 802.3ah. This status information is used to either stop traffic or switch to backup paths when an interface is down.
Every transaction involves either accessing or updating data among various databases. If the database is synchronized across active and standby modules, the modules are transparent to clients.
The Cisco infrastructure provides various component application program interfaces (APIs) that help to maintain a hot standby RP. Metro Ethernet HA clients CFM HA and in-service software upgrades (ISSU) interact with these components, update the database, and trigger necessary events to other components.
Benefits of CFM HA
Elimination of network downtime for Cisco software image upgrades, allowing for faster upgrades that result in high availability.
Elimination of resource scheduling challenges associated with planned outages and late night maintenance windows.
Accelerated deployment of new services and applications and facilitation of faster implementation of new features, hardware, and fixes than if HA was not supported.
Reduced operating costs due to outages while delivering high service levels.
CFM updates its databases and controls its own HA messaging and versioning, and this control facilitates maintenance.
The redundancy configurations SSO and NSF are both supported in Ethernet CFM and are automatically enabled. A switchover from an active to a standby RP occurs when the active RP fails, is removed from the networking device, or is manually taken down for maintenance. NSF interoperates with the SSO feature to minimize network downtime following a switchover. The primary function of Cisco NSF is to continue forwarding packets following an RP switchover.
For detailed information about SSO, see the “Stateful Switchover” module of the
Cisco IOS High Availability Configuration Guide. For detailed information about the NSF feature, see the “Cisco Nonstop Forwarding” module of the
High Availability Configuration Guide.
ISSU Support in Ethernet CFM
In Service Upgrades (ISSU) allows you to perform a Cisco software upgrade or downgrade without disrupting packet flow. Ethernet Connectivity Fault Management (CFM) performs a bulk update and a runtime update of the continuity check database to the standby route processor (RP), including adding, deleting, or updating a row. This checkpoint data requires ISSU capability to transform messages from one release to another. All the components that perform active RP to standby RP updates using messages require ISSU support.
ISSU is automatically enabled in Ethernet CFM and lowers the impact that planned maintenance activities have on network availability by allowing software changes while the system is in service. For detailed information about ISSU, see the “Cisco IOS In Service Software Upgrade Process” module of the
High Availability Configuration Guide.
How to Configure Ethernet CFM for the Cisco ASR 1000 Router
To have an operator, service provider, or customer domain is optional. A network may have a single domain or multiple domains. The steps listed here show the sequence when all three types of domains will be assigned.
Before You Begin
Knowledge and understanding of the network topology.
Understanding of organizational entities involved in managing the network; for example, operators, service providers, network operations centers (NOCs), and customer service centers.
Understanding of the type and scale of services to be offered.
Agreement by all organizational entities on the responsibilities, roles, and restrictions for each organizational entity.
Determination of the number of maintenance domains in the network.
Determination of the nesting and disjoint maintenance domains.
Assignment of maintenance levels and names to domains based on agreement between the service provider and operator or operators.
Determination of whether the domain should be inward or outward.
1. Determine operator level MIPs.
2. Determine operator level MEPs.
3. Determine service provider MIPs.
4. Determine service provider MEPs.
5. Determine customer MIPs.
6. Determine customer MEPs.
Command or Action
Determine operator level MIPs.
Follow these steps:
Starting at lowest operator level domain, assign a MIP at every interface internal to the operator network to be visible to CFM.
Proceed to next higher operator level and assign MIPs.
Verify that every port that has a MIP at a lower level does not have maintenance points at a higher level.
Repeat steps a through d until all operator MIPs are determined.
Determine operator level MEPs.
Follow these steps:
Starting at the lowest operator level domain, assign a MEP at every UNI that is part of a service instance.
Assign a MEP at the network to network interface (NNI) between operators, if there is more than one operator.
Proceed to next higher operator level and assign MEPs.
A port with a MIP at a lower level cannot have maintenance points at a higher level. A port with a MEP at a lower level should have either a MIP or MEP at a higher level.
Determine service provider MIPs.
Follow these steps:
Starting at the lowest service provider level domain, assign service provider MIPs at the NNI between operators (if more than one).
Proceed to next higher service provider level and assign MIPs.
A port with a MIP at a lower level cannot have maintenance points at a higher level. A port with a MEP at a lower level should not have either a MIP or a MEP at a higher level.
Determine service provider MEPs.
Follow these steps:
Starting at the lowest service provider level domain, assign a MEP at every UNI that is part of a service instance.
Proceed to next higher service provider level and assign MEPs.
A port with a MIP at a lower level cannot have maintenance points at a higher level. A port with a MEP at a lower level should have either a MIP or a MEP at a higher level.
Determine customer MIPs.
Customer MIPs are allowed only on the UNIs at the uPEs if the service provider allows the customer to run CFM. Otherwise, the service provider can configure Cisco devices to block CFM frames.
Configure a MIP on every uPE, at the UNI port, in the customer maintenance domain.
Ensure the MIPs are at a maintenance level that is at least one higher than the highest level service provider domain.
Determine customer MEPs.
Customer MEPs are on customer equipment. Assign an outward facing MEP within an outward domain at the appropriate customer level at the handoff between the service provider and the customer.
The figure below shows an example of a network with a service provider and two operators, A and B. Three domains are to be established to map to each operator and the service provider. In this example, for simplicity we assume that the network uses Ethernet transport end to end. CFM, however, can be used with other transports.
Enables SNMP trap generation for Ethernet CFM mep-unknown, mep-missing, and service-up continuity check events in relation to the cross-check operation between statically configured MEPs and those learned via CCMs.
Returns the device to privileged EXEC mode.
Provisioning Service (CE-A)
Perform this task to set up service for Ethernet CFM. Optionally, when this task is completed, you may configure and enable the cross-check function. To perform this optional task, see "Configuring and Enabling the Cross-Check Function (CE-A)".
Router(config-ecfm)# service Customer1 vlan 101 direction down
Configures an MA within a maintenance domain and enters CFM service configuration mode.
If a service is already configured and you configure a new MA name and also specify the
direction down keyword, a second service is added that maps to the same VLAN. If you configure a new MA name and do not specify the
direction down keyword, the service is renamed to the new MA name.
cross-checking between the list of configured remote MEPs of a domain and MEPs
learned through CCMs.
Configuration Examples for Configuring Ethernet CFM for the Cisco ASR 1000 Router
The following two examples show configurations for a network. Configurations are shown not only for the Carrier Ethernet Cisco ASR 1000 Series Aggregation Services Routers, but also for the devices used at the access and core of the service provider’s network.
example shows only CFM-related commands. All commands that are required to set
up the data path and configure the VLANs on the device are not shown. However,
it should be noted that CFM traffic will not flow into or out of the device if
the VLANs are not properly configured.
No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified.
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.
Feature Information for Configuring Ethernet CFM for the Cisco ASR 1000 Router
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to
www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1 Feature Information for Configuring Ethernet CFM for the Cisco ASR 1000 Router
IEEE 802.1ag-2007 Compliant CFM for ASR1000
Cisco IOS XE Release 3.2S
IEEE CFM is an end-to-end per-service Ethernet layer OAM protocol. CFM includes proactive connectivity monitoring, fault verification, and fault isolation for large Ethernet metropolitan-area networks (MANs) and WANs. Y.1731 is an ITU-T recommendation for OAM functions in Ethernet-based networks.
This feature is the implementation of IEEE 802.1ag Standard-Compliant CFM and Y.1731 in Cisco IOS XE software.
The following commands were introduced or modified:
E-OAM : Multiple port MAs under single MD
Cisco IOS XE Release 3.7S
Support for multiple MAs under a single maintenance domain was added.
The following commands were introduced or modified:
clear ethernet cfm ais,
ethernet cfm lck,
ethernet cfm mep crosscheck,
ethernet cfm mep domain mpid,
show ethernet cfm maintenance-points remote,
show ethernet cfm maintenance-points remote crosscheck,
show ethernet cfm maintenance-points remote detail,
show ethernet cfm traceroute-cache,
CCM—continuity check message. A multicast CFM frame that a MEP transmits periodically to ensure continuity across the maintenance entities to which the transmitting MEP belongs, at the MA level on which the CCM is sent. No reply is sent in response to receiving a CCM.
EVC—Ethernet virtual connection. An association of two or more user-network interfaces.
faultalarm—An out-of-band signal, typically an SNMP notification, that notifies a system administrator of a connectivity failure.
inward-facingMEP—A MEP that resides in a bridge and transmits to and receives CFM messages from the direction of the bridge relay entity.
maintenancedomain—The network or part of the network belonging to a single administration for which faults in connectivity are to be managed. The boundary of a maintenance domain is defined by a set of DSAPs, each of which may become a point of connectivity to a service instance.
maintenancedomainname—The unique identifier of a domain that CFM is to protect against accidental concatenation of service instances.
MEP—maintenance endpoint. An actively managed CFM entity associated with a specific DSAP of a service instance, which can generate and receive CFM frames and track any responses. It is an endpoint of a single MA, and terminates a separate maintenance entity for each of the other MEPs in the same MA.
MEPCCDB—A database, maintained by every MEP, that maintains received information about other MEPs in the maintenance domain.
MIP—maintenance intermediate point. A CFM entity, associated with a specific pair of ISS SAPs or EISS Service Access Points, which reacts and responds to CFM frames. It is associated with a single maintenance association and is an intermediate point within one or more maintenance entities.
MIPCCDB—A database of information about the MEPs in the maintenance domain. The MIP CCDB can be maintained by a MIP.
MP—maintenance point. Either a MEP or a MIP.
MPID—maintenance endpoint identifier. A small integer, unique over a given MA, that identifies a specific MEP.
OAM—operations, administration, and maintenance. A term used by several standards bodies to describe protocols and procedures for operating, administrating, and maintaining networks. Examples are ATM OAM and IEEE Std. 802.3ah OAM.
operator—Entity that provides a service provider a single network of provider bridges or a single Layer 2 or Layer 3 backbone network. An operator may be identical to or a part of the same organization as the service provider. For purposes of IEEE P802.1ag, Draft Standard for Local and Metropolitan Area Networks, the operator and service provider are presumed to be separate organizations.
Terms such as “customer,” “service provider,” and “operator” reflect common business relationships among organizations and individuals that use equipment implemented in accordance with IEEE P802.1ag.
UNI—user-network interface. A common term for the connection point between an operator's bridge and customer equipment. A UNI often includes a C-VLAN-aware bridge component. The term UNI is used broadly in the IEEE P802.1ag standard when the purpose for various features of CFM are explained. UNI has no normative meaning.