Resilient Ethernet Protocol

One REP segment is a chain of ports connected to each other and configured with a segment ID. Each segment consists of standard (non-edge) segment ports and two user-configured edge ports. A router can have no more than two ports that belong to the same segment, and each segment port can have only one external neighbor. A segment can go through a shared medium, but on any link only two ports can belong to the same segment. REP is supported only on Trunk EFP interfaces.

The figure below shows an example of a segment consisting of six ports spread across four switches. Ports E1 and E2 are configured as edge ports. When all ports are operational (as in the segment on the left), a single port is blocked, shown by the diagonal line. When there is a failure in the network, the blocked port returns to the forwarding state to minimize network disruption.

The segment shown in the figure above is an open segment; there is no connectivity between the two edge ports. The REP segment cannot cause a bridging loop and it is safe to connect the segment edges to any network. All hosts connected to routers inside the segment have two possible connections to the rest of the network through the edge ports, but only one connection is accessible at any time. If a failure occurs on any segment or any port on a REP segment, REP unblocks all ports to ensure that connectivity is available through the other gateway.

The segment shown in the figure below, with both edge ports located on the same router, is a ring segment. In this configuration, there is connectivity between the edge ports through the segment. With this configuration, you can create a redundant connection between any two routers in the segment.

REP segments have the following characteristics:

• If all ports in the segment are operational, one port (referred to as the alternate port) is in the blocked state for each VLAN. If VLAN load balancing is configured, two ports in the segment control the blocked state of VLANs.
• If one or more ports in a segment is not operational, causing a link failure, all ports forward traffic on all VLANs to ensure connectivity.
• In case of a link failure, the alternate ports are unblocked as quickly as possible. When the failed link comes back up, a logically blocked port-per VLAN is selected with minimal disruption to the network.

You can construct almost any type of network based on REP segments. REP also supports VLAN load balancing, controlled by the primary edge port but occurring at any port in the segment.

REP has the following limitations:

• You must configure each segment port; an incorrect configuration can cause forwarding loops in the networks.
• REP can manage only a single failed port within the segment; multiple port failures within the REP segment causes loss of network connectivity.
• You should configure REP only in networks with redundancy. Configuring REP in a network without redundancy causes loss of connectivity.

REP does not use an end-to-end polling mechanism between edge ports to verify link integrity. It implements local link failure detection. When enabled on an interface, the REP Link Status Layer (LSL) detects its REP-aware neighbor and establishes connectivity within the segment. All VLANs are blocked on an interface until it detects the neighbor. After the neighbor is identified, REP determines which neighbor port should become the alternate port and which ports should forward traffic.

Each port in a segment has a unique port ID. The port ID format is similar to that used by the spanning tree algorithm: a port number (unique on the bridge), associated to a MAC address (unique in the network). When a segment port is coming up, its LSL starts sending packets that include the segment ID and the port ID. The port is declared as operational after it performs a three-way handshake with a neighbor in the same segment. A segment port does not become operational under the following conditions:

• No neighbor has the same segment ID.
• More than one neighbor has the same segment ID.
• The neighbor does not acknowledge the local port as a peer.

Each port creates an adjacency with its immediate neighbor. Once the neighbor adjacencies are created, the ports negotiate to determine one blocked port for the segment, the alternate port. All other ports become unblocked. By default, REP packets are sent to a PortFast Bridge Protocol Data Unit (BPDU) class MAC address. The packets can also be sent to the Cisco multicast address, which at present is used only to send blocked port advertisement (BPA) messages when there is a failure in the segment. The packets are dropped by devices not running REP.

Because REP runs on a physical-link basis and not a per-VLAN basis, only one hello message is required for all VLANs, reducing the load on the protocol. We recommend that you create VLANs consistently on all switches in a given segment and configure the same allowed VLANs on the REP trunk ports. To avoid the delay introduced by relaying messages in software, REP also allows some packets to be flooded to a regular multicast address. These messages operate at the hardware flood layer (HFL) and are flooded to the whole network, not just the REP segment. Switches that do not belong to the segment treat the messages as data traffic. You can control flooding of these messages by configuring a dedicated administrative VLAN for the whole domain.

The estimated convergence recovery time is less than 200 milliseconds (ms) for the local segment.

One edge port in the REP segment acts as the primary edge port; the other as the secondary edge port. It is the primary edge port that always participates in VLAN load balancing in the segment. REP VLAN load balancing is achieved by blocking some VLANs at a configured alternate port and all other VLANs at the primary edge port. When you configure VLAN load balancing, you can specify the alternate port in one of three ways:

• By entering the port ID of the interface. To identify the port ID of a port in the segment, enter the show interface rep detail command for the port.
• By entering the neighbor offset number of a port in the segment, which identifies the downstream neighbor port of an edge port. The neighbor offset number range is -256 to +256; a value of 0 is invalid. The primary edge port has an offset number of 1; positive numbers above 1 identify downstream neighbors of the primary edge port. Negative numbers indicate the secondary edge port (offset number -1) and its downstream neighbors.

Note	You configure offset numbers on the primary edge port by identifying a port's downstream position from the primary (or secondary) edge port. You would never enter an offset value of 1 because that is the offset number of the primary edge port itself.

• By entering the preferred keyword to select the port that you previously configured as the preferred alternate port with the rep segment segment-id preferred command.

When the REP segment is complete, all VLANs are blocked. When you configure VLAN load balancing, it is triggered in one of two ways:

• You can manually trigger VLAN load balancing at any time by entering the rep preempt segment segment-id command on the router that has the primary edge port.
• You can configure a preempt delay time by entering the rep preempt delay secondscommand. After a link failure and recovery, VLAN load balancing begins after the configured preemption time period elapses. Note that the delay timer restarts if another port fails before the time has elapsed.

Note	When VLAN load balancing is configured, it does not start working until triggered by either manual intervention or a link failure and recovery.

When VLAN load balancing is triggered, the primary edge port then sends out a message to alert all interfaces in the segment about the preemption. When the message is received by the secondary edge port, it is reflected into the network to notify the alternate port to block the set of VLANs specified in the message and to notify the primary edge port to block the remaining VLANs.

You can also configure a particular port in the segment to block all VLANs. VLAN load balancing is initiated only by the primary edge port and is not possible if the segment is not terminated by an edge port on each end. The primary edge port determines the local VLAN load balancing configuration.

To reconfigure VLAN load balancing, you reconfigure the primary edge port. When you change the VLAN-load balancing configuration, the primary edge port again waits for the rep preempt segmentcommand or for the configured preempt delay period after a port failure and recovery before executing the new VLAN load balancing configuration. If you change an edge port to a regular segment port, the existing VLAN load balancing status does not change. Configuring a new edge port might cause a new topology configuration.

REP does not interact with Spanning Tree Protocol (STP) or with Flex Links, but can coexist with both of them. A port that belongs to a segment is removed from spanning tree control and STP BPDUs are not accepted or sent from segment ports. Therefore, STP cannot run on a segment.

To migrate from an STP ring configuration to REP segment configuration, begin by configuring a single port in the ring as part of the segment and continue by configuring contiguous ports to minimize the number of segments. Each segment always contains a blocked port, so multiple segments means multiple blocked ports and a potential loss of connectivity. When the segment has been configured in both directions up to the location of the edge ports, you then configure the edge ports.

Ports in REP segments take one of three roles or states: Failed, Open, or Alternate.

• A port configured as a regular segment port starts as a failed port.
• Once the neighbor adjacencies are determined, the port transitions to alternate port state, blocking all VLANs on the interface. Blocked port negotiations occur and when the segment settles, one blocked port remains in the alternate role and all other ports become open ports.
• When a failure occurs in a link, all ports move to the failed state. When the alternate port receives the failure notification, it changes to the open state, forwarding all VLANs.

A regular segment port converted to an edge port, or an edge port converted to a regular segment port, does not always result in a topology change. If you convert an edge port into a regular segment port, VLAN load balancing is not implemented unless it has been configured. For VLAN load balancing, you must configure two edge ports in the segment.

A segment port that is reconfigured as a spanning tree port restarts according to the spanning tree configuration. By default, this is a designated blocking port. If the PortFast BPDU Guard Enhancement feature is configured or if STP is disabled, the port goes into the forwarding state.

Normally, in a Virtual Private LAN Services (VPLS) network core, all nodes are connected in a full-mesh topology and each node has connectivity to all other nodes. In the full-mesh topology, there is no need for a node to retransmit data to another node. In Figure 3, the common ring provides a path where the packet could be forwarded to another network provider edge (N-PE) router, breaking the split horizon model.

REP emulates a common link connection that so that the REP ring supports the VPLS full-mesh model, but maintains the split horizon properties so that the super-loop does not exist. The emulated common link uses the Clustering over the WAN (CWAN) line card, which is also used for the VPLS uplink. This emulated common link forwards data from the ring to either the VPLS uplink or to the other side of the ring; blocks data coming from the VPLS core network; handles access pseudo-wire for H-VPLS topologies.

REP is disabled on all interfaces. When enabled, the interface is a regular segment port unless it is configured as an edge port.

When REP is enabled, the sending of segment topology change notices (STCNs) is disabled, all VLANs are blocked, and the administrative VLAN is VLAN 1.

When VLAN load balancing is enabled, the default is manual preemption with the delay timer disabled. If VLAN load balancing is not configured, the default after manual preemption is to block all VLANs at the primary edge port.

A segment is a collection of ports connected one to the other in a chain and configured with a segment ID. To configure REP segments, you should configure the REP administrative VLAN (or use the default VLAN 1) and then add the ports to the segment using interface configuration mode. You should configure two edge ports in the segment, with one of them the primary edge port and the other by default the secondary edge port. A segment has only one primary edge port. If you configure two ports in a segment as the primary edge port, for example ports on different switches, the REP selects one of them to serve as the segment primary edge port. You can also optionally configure where to send segment STCNs and VLAN load balancing. For more information about configuring REP Administrative VLANS, see the Configuring the REP Administrative VLAN.

Follow these guidelines when configuring REP:

• Cisco recommends that you begin by configuring one port and then configure the contiguous ports to minimize the number of segments and the number of blocked ports.
• If more than two ports in a segment fail when no external neighbors are configured, one port goes into a forwarding state for the data path to help maintain connectivity during configuration. In the show rep interface command output, the Port Role for this port shows as Fail Logical Open ; the Port Role for the other failed port shows as Fail No Ext Neighbor . When the external neighbors for the failed ports are configured, the ports go through the alternate port state transitions and eventually go to an open state or remain as the alternate port, based on the alternate port election mechanism.
• REP ports must be Layer 2 IEEE 802.1Q or trunk EFP ports.
• You must configure all trunk ports in the segment with the same set of allowed VLANs, or a misconfiguration occurs.
• Be careful when configuring REP through a Telnet connection. Because REP blocks all VLANs until another REP interface sends a message to unblock it, you might lose connectivity to the router if you enable REP in a Telnet session that accesses the router through the same interface.
• You cannot run REP and STP on the same segment or interface.
• If you connect an STP network to the REP segment, be sure that the connection is at the segment edge. An STP connection that is not at the edge could cause a bridging loop because STP does not run on REP segments. All STP BPDUs are dropped at REP interfaces.
• If REP is enabled on two ports on a router, both ports must be either regular segment ports or edge ports. REP ports follow these rules:
  • If only one port on a router is configured in a segment, the port should be an edge port.
  • If two ports on a router belong to the same segment, both ports must be edge ports or both ports must be regular segment ports.
  • If two ports on a router belong to the same segment and one is configured as an edge port and one as a regular segment port (a misconfiguration), the edge port is treated as a regular segment port.
• REP interfaces come up in a blocked state and remains in a blocked state until notified that it is safe to unblock. You need to be aware of this to avoid sudden connection losses.
• REP ports can not be configured as one of these port types:
  • Switched Port Analyzer (SPAN) destination port
  • Private VLAN port
  • Tunnel port
  • Access port
• There is a maximum of 22 REP segments per router.

Resilient Ethernet Protocol (REP) can be configured on Trunk Ethernet Flow Point (EFP )ports at interface level on ASR 903 Series Routers. Trunk EFP ports can have several bridged Vlan services running on them. Vlans can be set as blocking and forwarding state on a Trunk EFP port. A user must enable REP on a port. By default, REP is disabled on all ports.

To configure the REP administrative VLAN, complete the following steps:

• Guidelines for Configuring the REP Administrative VLAN
  

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    interface interface- slot/port/slot

4.    rep segment segment-id [edge [primary]] [preferred]

5.    rep stcn {interface interface-id| segment id-list | stp}

6.    rep block port {id port-id| neighbor-offset | preferred} vlan {vlan-list | all}

7.    rep preempt delay seconds

8.    end

9.    enable

10.    configure terminal

11.    interface interface

12.    service instance trunk service-instance-id ethernet

13.   encapsulation dot1q vlan-id

14.    rewrite ingress tag pop 1 symmetric

15.   bridge-domain from-encapsulation

16.   end

17.    show interfacerep [detail]

18.    copy running-config startup config

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	interface interface- slot/port/slot Example: Router(config)# interface gigabitethernet0/0/1	Specifies the interface, and enters interface configuration mode. Enter the interface ID. The interface can be a physical Layer 2 interface or a port channel (logical interface). The port channel range is a number from 1 to 48.
Step 4	rep segment segment-id [edge [primary]] [preferred] Example: Router(config-if)# rep segment 1 edge preferred	Enables REP on the interface, and identifies a segment number. The segment ID range is from 1 to 1024. Note    You must configure two edge ports, including one primary edge port for each segment. These optional keywords are available. Enter edge to configure the port as an edge port. Entering edge without the primary keyword configures the port as the secondary edge port. Each segment has only two edge ports. On an edge port, enter primary to configure the port as the primary edge port, the port on which you can configure VLAN load balancing. Note    Although each segment can have only one primary edge port, if you configure edge ports on two different switches and enter the primary keyword on both switches, the configuration is allowed. However, REP selects only one of these ports as the segment primary edge port. You can identify the primary edge port for a segment by entering the show rep topologyprivileged EXEC command. Enter preferred to indicate that the port is the preferred alternate port or the preferred port for VLAN load balancing. Note    Configuring a port as preferred does not guarantee that it becomes the alternate port; it merely gives it a slight edge among equal contenders. The alternate port is usually a previously failed port.
Step 5	rep stcn {interface interface-id| segment id-list | stp} Example: Router(config-if)# rep stcn segment 2-5	(Optional) Configures the edge port to send STCNs. Enter interface interface-id to designate a physical interface or port channel to receive STCNs. Enter segment id-listto identify one or more segments to receive STCNs. The range is 1 to 1024. Enter stpto send STCNs to STP networks.
Step 6	rep block port {id port-id| neighbor-offset | preferred} vlan {vlan-list | all} Example: Router(config-if)# rep block port 0009001818D68700 vlan all	(Optional) Configures VLAN load balancing on the primary edge port, identifies the REP alternate port in one of three ways, and configures the VLANs to be blocked on the alternate port. Enter the id port-id to identify the alternate port by port ID. The port ID is automatically generated for each port in the segment. You can view interface port IDs by entering the show interface interface-id rep [detail] privileged EXEC command. Enter a neighbor-offsetnumber to identify the alternate port as a downstream neighbor from an edge port. The range is from -256 to 256, with negative numbers indicating the downstream neighbor from the secondary edge port. A value of 0 is invalid. Enter -1to identify the secondary edge port as the alternate port. Note    Because you enter this command at the primary edge port (offset number 1), you would never enter an offset value of 1 to identify an alternate port. Enter preferred to select the regular segment port previously identified as the preferred alternate port for VLAN load balancing. Enter vlan vlan-list to block one VLAN or a range of VLANs. Enter vlan all to block all VLANs. Note    Enter this command only on the REP primary edge port.
Step 7	rep preempt delay seconds Example: Router(config-if)# rep preempt delay 60	(Optional) Configures a preempt time delay. Use this command if you want VLAN load balancing to automatically trigger after a link failure and recovery. The time delay range is 15 to 300 seconds. The default is manual preemption with no time delay. Note    Use this command only on the REP primary edge port.
Step 8	end Example: Router(config-if-srv)# end	Returns to privileged EXEC mode.
Step 9	enable Example: Router> enable	Enables privileged EXEC mode. Enter your password if prompted.
Step 10	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 11	interface interface Example: Router(config)# interface gigabitethernet0/0/1	Specifies the interface, and enters interface configuration mode. Enter the interface ID.
Step 12	service instance trunk service-instance-id ethernet Example: Router(config-if)# service instance 1 ethernet	Configures a service instance on an interface.
Step 13	encapsulation dot1q vlan-id Example: Router(config-if-srv)# encapsulation dot1q 1 VLAN 10	Defines the matching criteria to be used in order to map dot1q frames ingress on an interface to the appropriate service instance. The allowed range of vlan-id is between 1 and 20.
Step 14	rewrite ingress tag pop 1 symmetric Example: Router(config-if-srv)# rewrite ingress tag pop 1 symmetric	Specifies the encapsulation adjustment to be performed on the frame ingress to the service instance.
Step 15	bridge-domain from-encapsulation Example: Router(config-if-srv)# bridge-domain from-encapsulation	Derives bridge domains from encapsulation.
Step 16	end Example: Router (config-if-srv)end	Returns to privileged EXEC mode.
Step 17	show interfacerep [detail] Example: Router# show interface gigabitethernet0/0/1 rep detail	(Optional) Verifies the REP interface configuration. Enter the interface ID and the optional detail keyword, if desired.
Step 18	copy running-config startup config Example: Router# copy running-config startup config	(Optional) Saves your entries in the router startup configuration file.

To set the preemption for VLAN load balancing, complete these steps on the router that has the segment with the primary edge port.

• Restrictions
  

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    snmp mib rep trap-rate value

4.    end

5.    show running-config

6.    copy running-config startup config

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	snmp mib rep trap-rate value Example: Router(config)# snmp mib rep trap-rate 500	Enables the router to send REP traps, and sets the number of traps sent per second. Enter the number of traps sent per second. The range is from 0 to 1000. The default is 0 (no limit imposed; a trap is sent at every occurrence). Note    To remove the traps, enter the no snmp mib rep trap-ratecommand.
Step 4	end Example: Router(config)# end	Returns to privileged EXEC mode.
Step 5	show running-config Example: Router# show running-config	(Optional) Displays the running configuration, which you can use to verify the REP trap configuration.
Step 6	copy running-config startup config Example: Router# copy running-config startup config	(Optional) Saves your entries in the router startup configuration file.

SUMMARY STEPS

1.    enable

2.    show interface [interface-id] rep [detail]

3.    show rep topology [segment segment-id] [archive] [detail]

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. Enter your password if prompted.
Step 2	show interface [interface-id] rep [detail] Example: Router# show interface gigabitethernet0/1 rep detail	(Optional) Displays the REP configuration and status for a specified interface. Enter the physical interface or port channel ID, and the optional detail keyword, if desired.
Step 3	show rep topology [segment segment-id] [archive] [detail] Example: Router# show rep topology	(Optional) Displays REP topology information for a segment or for all segments, including the primary and secondary edge ports in the segment. Enter the optional keywords and arguments, as desired.