Ethernet OAM Overview, page 9-1 CFM, page 9-2 Ethernet LMI, page 9-10
Connectivity Fault ManagementConnectivity Fault Management (CFM) is an end-to-end per-service-instance (per VLAN) Ethernet layer OAM protocol that includes connectivity monitoring, fault verification, and fault isolation. CFM allows you to manage individual customer service instances. Ethernet Virtual Connections (EVCs) are the services that are sold to customers and are designated by service VLAN tags. CFM operates on a per-service-VLAN (or per-EVC) basis. It lets you know when an EVC fails and provides tools to isolate the failure. Link OAMLink OAM allows you to monitor and troubleshoot a single Ethernet link. It is an optional sublayer implemented in the Data Link Layer between the Logical Link Control (LLC) and MAC sublayers of the Open Systems Interconnect (OSI) model. You can monitor a link for critical events and, if needed, put a remote device into loopback mode for link testing. Link OAM also discovers unidirectional links, which are created when one transmission direction fails. Ethernet Link Management Interface Ethernet Link Management Interface (LMI) operates between the customer edge (CE) and the user-facing provider edge (U_PE) devices. It allows you to automatically provision CEs based on EVCs and bandwidth profiles.
Figure 9-1 shows an overview of Ethernet OAM components. CFM applies to a CE-to-CE span, while Link OAM and Ethernet LMI apply to CE-to-U_PE spans.
9-1
Chapter 9 CFM
Figure 9-1
Customer
Service Provider
Customer
CE
Ethernet Access
MPLS Core
Ethernet Access
CE
E-LMI
Customer Domain Provider Domain Operator Domain Operator Domain Connectivity Fault Management Operator Domain
Link OAM
CFM
CFM is an end-to-end, per-service-instance Ethernet layer operations, administration, and maintenance (OAM) protocol. It includes proactive connectivity monitoring, fault verification, and fault isolation for large Ethernet metropolitan-area networks (MANs) and WANs. CFM provides capabilities for detecting, verifying, and isolating connectivity failures in networks with bridges operated by multiple independent organizations, each with restricted management access to each other's equipment. CFM allows you to discover and verify end-to-end, Carrier Ethernet PE-to-PE or CE-to-CE paths through bridges and LANs. End-to-end can be PE-to-PE or CE-to-CE. A service can be identified as a S-VLAN or an EVC service. A customer service instance is an EVC, which is identified by an S-VLAN within an Ethernet island, and by a globally unique service ID. A customer service instance can be point-to-point or multipoint-to-multipoint. CFM consists of maintenance domains. Maintenance domains are administrative regions used to manage and administer specific network segments. Maintenance domains are organized in a hierarchy. The administrator assigns a maintenance level to the domain from 0 (lowest level) to 7 (highest level), and the maintenance level determines the domains position within the CFM hierarchy. CFM maintenance domain boundaries are indicated by maintenance points. A maintenance point is an interface point that participates within a CFM maintenance domain. Maintenance point types include:
9-2
242666
OL-21805-01
Chapter 9
Maintenance End Points (MEPs)Active CFM elements residing at the edge of a domain. MEPs can be inward or outward facing. They periodically transmit continuity check messages and expect to periodically receive similar messages from other MEPs within a domain. (Continuity messages are described in CFM Messages section on page 9-4.) If requested, MEPs can also transmit traceroute and loopback messages. MEPs are responsible for keeping CFM messages within the boundaries of a maintenance domain.
Inward-Facing MEPsCommunicate through the bridge relay and uses the bridge-brain MAC
address. Inward MEPs send and receive CFM frames at their level through the relay function, not through the wire connected to the port where the MEP is configured. Inward MEPs drop all CFM frames at their level (or a lower level) that come from the direction of the wire. In addition, inward MEPs process all CFM frames at their level coming from the direction of the relay function, and drop all CFM frames at a lower level coming from the direction of the relay function. Inward MEPs transparently forward all CFM frames at their level (or a higher level), independent of whether they come from the relay function or wire side. If the port on which an inward MEP is configured is blocked by STP, the MEP no longer transmits or receives CFM messages.
Up MEP and Up MIP is provisioned on the C-VLAN component on a PE device port that
includes 802.1ad services. Up MEP generates double-tagged (CE-VLAN + SP-VLAN) CFM flows. MIPs on the CE-VLAN component process CFM frames that are single-tagged when coming from the wire-side and double-tagged when coming from the relay-function side.MIPs on the SP-VLAN component process untagged CFM frames from the wire and single-tagged CFM frames from the relay-function.
Note
Up MEP and Up MIP is supported on the Cisco ME 3400 Series and Cisco ME 3750 Series Ethernet access switches.
Outward-Facing MEPsCommunicate through the wire and can be configured on routed ports
and switch ports. A MIP configuration at a level higher than the outward MEP level is not required. Outward MEPs on routed ports use the port MAC address. Outward MEPs on port channels use the bridge-brain MAC address of the first member link. When port channel members change, the outward MEP identities do not have to change. Outward MEPs send and receive CFM frames at their level through the wire connected to the port where the MEP is configured. They drop all CFM frames at their level (or at a lower level) that come from the relay direction. In addition, outward MEPs process all CFM frames at their level coming from the wire direction, drop all CFM frames at a lower level coming from the wire direction, and transparently forward all CFM frames at levels higher than the out MEP level, independent of whether they come from the relay or wire side. This function is not applicable to routed ports. If the port on which the outward MEP is configured is blocked by Spanning-Tree Protocol, the MEP can still transmit and receive CFM messages via the wire.
Maintenance Intermediate Points (MIPs)Passive elements that catalog information received from MEPs and other MIPs. MIPs only respond to specific CFM messages such as traceroute and loopback, and they forward those messages within the maintenance domain. MIPs:
Apply to maintenance domains for all S-VLANs enabled or allowed on a port. Are internal to a domain, not at the boundary. Catalog and forward CFM frames received from MEPs and other MIPs using both the wire and
9-3
Chapter 9 CFM
Forward all CFM frames at a higher level independent of whether they arrive from the wire or
relay function.
Are passive points that respond only when triggered by CFM traceroute and loopback messages. Use bridge-brain MAC addresses.
Transparent PointsPassive maintenance points similar to MIPs. However, transparent points do not catalog information from CFM messages; they only forward messages within the domain.
Figure 9-2 shows service provider CFM maintenance domains, including the service provider domain, maintenance level 6, and operator domains, which have a maintenance level of 3 or 4.
Figure 9-2 CFM Maintenance Domains
Operator 1 E1 PE 1 PE 2
Operator 2 PE 3 PE 4
CE 2
MEP Level 6
MIP
MIP
MEP Level 6
MIP
MIP
MEP Level 4
157281
CFM Messages
CFM is based on the exchange of continuity messages among CFM domains:
Continuity CheckThe CFM heart-beat messages exchanged periodically between MEPs. They allow MEPs to discover other MEPs within a domain, and allow MIPs to discover MEPs. Continuity check messages are confined to a domain and an S-VLAN TracerouteTransmitted by a MEP at the request of the administrator to track the path, hop-by-hop, to a destination MEP. Traceroute messages allow the transmitting node to discover vital connectivity data about the path similar to the User Datagram Protocol (UDP) traceroute. LoopbackTransmitted by a MEP at the request of the administrator to verify connectivity to a particular maintenance point. The loopback indicates whether the destination is reachable, but does not allow hop-by-hop discovery of the path. CFM loopback messages are similar in concept to the Internet Control Message Protocol (ICMP) Echo (Ping) command.
9-4
OL-21805-01
Chapter 9
Cross-checkProvide a post-provisioning service connectivity verification. They allow the configuration of a static list of expected remote MEPs per service, and then cross-check this list against what is learned dynamically from the cross-check messages. Cross-check messages generate the appropriate alarms when errors are detected.
9-5
Chapter 9 CFM
Figure 9-3
1 2
MIPs
9-6
OL-21805-01
248317
Chapter 9
Expanding a CFM maintenance domain displays the maintenance domain properties and associations (Figure 9-4).
Figure 9-4 Maintenance Domain Maintenance Associations
Expanding a CFM maintenance association displays the maintenance association properties and its MEPs (Figure 9-4). If a MEP has a remote MEP, a notation appears in the Remote MEPS column. The remote MEP properties can also be viewed.
248316
9-7
Chapter 9 CFM
Figure 9-5
9-8
248315
OL-21805-01
Chapter 9
Table 9-1
Command
Network Provisioning
Applies To All MIPs and MEPs in the domain All MIPs and MEPs in the domain
CLI Commands ethernet cfm domain $domain$level $level$ mep archive-hold-time $holdtime$ ethernet cfm enable ethernet cfm traceroute cache ethernet cfm traceroute cache size $size$ ethernet cfm traceroute cache hold-time $holdtime$
cfm-1-configure-domain
cfm-2-configure-globalparams
cfm-3-configure-mip
All MIPs in the domain, one MIP at a time All MEPs in the domain
cfm-4-define-continuitycheck
Configures the CFM continuity check. Defines the CFM service ID. Configures the domain MEPs.
ethernet cfm cc level $level$ vlan $vlans$ interval $interval$ loss-threshold $loss-threshold$
Service Provisioning
cfm-5-configure-serviceid
All MIPs and MEPs in the domain All MEPs in the domain, one MEP at a time All MEPs in the domain All MEPs in the domain
ethernet cfm domain $domain$ level $level$ service $domain$-$svlanid$ vlan $svlanid$ ethernet cfm mep level $level$ mpid $mpid$ vlan $vlans$
cfm-6-configure-mep
cfm-7-enable-continuitycheck cfm-8-enable-snmpservertraps
Enables the CFM continuity check. Enables the SMMP server trap.
ethernet cfm cc enable level $level$ vlan $vlans$ snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
Diagnostic Commands
cfm-diag-ping-mac
Pings CFM remote MEP supplying MAC Pings CFM remote MEP supplying MPID Pings CFM remote MEP supplying Milticast
ping ethernet $remote-mac$ domain $domain$ vlan $vlans$ ping ethernet mpid $mpid$ domain $domain$ vlan $vlans$ ping ethernet multicast domain $domain$ vlan $vlans$
cfm-diag-ping-mpid
cfm-diag-ping-multicast
9-9
Table 9-1
Command cfm-diag-traceroute-mac
Description
Applies To
CLI Commands traceroute ethernet $remote-mac$ domain $domain$ vlan $vlans$ traceroute ethernet mpid $mpid$ domain $domain$ vlan $vlans$
Traceroute remote MEP supplying MAC Traceroute remote MEP supplying MPID
cfm-diag-traceroute-mpid
Ethernet LMI
Ethernet LMI defines the protocol and procedures that allows CE devices to be automatically configured by the service provider U_PE device. Ethernet LMI also notifies the CE device about EVC status changes. Ethernet LMI protocol communicates the following information to the CE device:
EVC additionsIf a new EVC is added to the network, for example, a new branch office is connected to headquarters, Ethernet LMI notifies the respective CEs after the service provider turns on the service. In particular, the service endpoints are notified of the corresponding VLAN ID to be used by a given service (also known as C-VLAN to EVC map attribute). EVC deletionsIf an EVC is removed from the network, Ethernet LMI notifies the respective CEs after the service provider turns off the service. EVC stateAfter receiving an EVC inactive or active state notification, the CE device can take corrective action, such as rerouting traffic to a different EVC or other WAN service if the EVC is inactive, or returning traffic to normal routes after the EVC becomes active. Remote UNI is downAfter receiving notification that a remote UNI is down notification, the CE device can take corrective action, such as rerouting traffic to a different EVC or other WAN service. The device returns traffic to the normal routes after it receives notification that the remote UNI is up. UNI and EVC attributesEthernet LMI communicates the following UNI and EVC attributes to the CE device:
EVC identificationCommunicates the VLAN ID used to identify each EVC (C-VLAN to
EVC map). This removes the possibility of a VLAN mismatch between the service provider and customer equipment.
Remote UNI identificationCommunicates the names of the remote UNIs associated to a
given CE device service. This information can be used to verify that the right end points are connected by an EVC.
Bandwidth profilesCommunicates bandwidth provided to the CE device. If an enterprise is
subscribed to a 50-Mbps service, the CE device can automatically configure itself to shape the egress traffic to 50 Mbps on the WAN interface. By shaping to 50 Mbps rather than having the service provider police a 100-Mbps stream down to 50 Mbps, enterprise customers reduce the number of dropped packets and increase the throughput they receive. The Ethernet LMI process flow is shown in Figure 9-6 on page 9-11,
9-10
OL-21805-01
Chapter 9
Figure 9-6
Customer
Service Provider
Service Provider
Customer
CE
U-PE
EVC additions/deletions EVC state Remote UNI status UNI and EVC attributes
U-PE
CE
Device EVCsDisplays the device EVCs. You can also view the EVC UNI properties in a separate window. Additionally, from the device EVC you can navigate to maintenance association in the logical inventory, and from the UNI Properties window you can navigate to physical interface inventory for local UNIs. ELMI InterfacesDisplays the interfaces that have Ethernet LMI enabled. Each interface is hyperlinked to allow you to jump to the interface in the Physical Inventory tree.
242665
9-11
Figure 9-7
1 2 3
Link OAM
Link OAM is an optional sub-layer implemented in the Open Systems Interconnection (OSI) Data Link Layer between the Logical Link Control and MAC sub-layers (Figure 9-9).
9-12
OL-21805-01
249221
Chapter 9
Figure 9-8
The Link OAM frames, OAM Protocol Data Units (OAMPDUs), cannot propagate beyond a single hop within an Ethernet network. Link OAM processes include:
DiscoveryDiscovery is the first Link OAM process. During discovery, Link OAM identifies the devices at each end of the link and learns their OAM capabilities. Discovery uses information from the OAM PDUs. During the discovery phase, the following information is advertised within periodic information OAM PDUs:
OAM modeConveyed to the remote OAM entity. The mode can be either active or passive and
can use this information to determine what functions are supported and accessible; for example, loopback capability.
OAM PDU configurationIncludes the maximum OAM PDU size for receipt and delivery.
This information along with the 10 frames per second rate limit can be used to limit the bandwidth allocated to OAM traffic.
Platform identityA combination of an organization unique identifier (OUI) and 32-bits of
vendor-specific information. OUI allocation, controlled by the IEEE, is typically the first three bytes of a MAC address. Discovery includes an optional phase in which the local station can accept or reject the configuration of the peer OAM entity. For example, a node might require that its partner support loopback capability to be accepted into the management network. These policy decisions might be implemented as vendor-specific extensions.
Link monitoringDetects and indicates link faults under a variety of conditions. Link monitoring uses the event notification OAM PDU and sends events to the remote OAM entity when problems are detected on the link. Error events include:
Error Symbol Period (error symbols per second)Number of symbol errors that occurred
during a specified period exceeded a threshold. These errors are coding symbol errors.
Error Frame (error frames per second)Number of frame errors detected during a specified
9-13
Error Frame Period (error frames per n frames)Number of frame errors within the last n
(1-second intervals with at least one frame error) within the last n seconds that exceeds a threshold. Because IEEE 802.3ah OAM does not provide a guaranteed delivery of any OAM PDU, the event notification OAM PDU might be sent multiple times to reduce the probability of a lost notification. A sequence number is used to recognize duplicate events.
Remote Failure indicationInforms peers when a received path goes down. Because link connectivity faults caused by slowly deteriorating quality are difficult to detect, Link OAM communicates such failure conditions to its peer using OAMPDU flags. The following failure conditions can be communicated:
Link FaultLoss of signal is detected by the receiver; for instance, the peer's laser is
malfunctioning. A link fault is sent once per second in the information OAM PDU. Link fault applies only when the physical sublayer is capable of independent transmit and receive operations.
Dying GaspAn unrecoverable condition has occurred; for example, a power failure. This type
of condition is vendor specific. A notification about the condition may be sent immediately and continuously.
Critical EventAn unspecified critical event has occurred. This type of event is vendor
Remote LoopbackAn OAM entity can put its remote peer into loopback mode using the loopback control OAM PDU. Loopback mode helps an administrator ensure the quality of links during installation or when troubleshooting. In loopback mode, every frame received is transmitted back on the same port except for OAM PDUs and pause frames. The periodic exchange of OAM PDUs must continue during the loopback state to maintain the OAM session. The loopback command is acknowledged by responding with an information OAM PDU with the loopback state indicated in the state field. This acknowledgement allows an administrator, for example, to estimate if a network segment can satisfy a service-level agreement. Acknowledgement makes it possible to test delay, jitter, and throughput. When an interface is set to the remote loopback mode the interface no longer participates in any other Layer 2 or Layer 3 protocols; for example Spanning Tree Protocol (STP) or Open Shortest Path First (OSPF). The reason is that when two connected ports are in a loopback session, no frames other than the OAM PDUs are sent to the CPU for software processing. The non-OAM PDU frames are either looped back at the MAC level or discarded at the MAC level. From a user's perspective, an interface in loopback mode is in a link-up state.
Figure 9-9 shows Link OAM placement within a service provider network.
9-14
OL-21805-01
Chapter 9
Figure 9-9
Customer
Service Provider
Service Provider
Customer
802.3ah Ethernet in the First Mile Ethernet Access MPLS Core Ethernet Access
CE
CE
CE
U-PE
Link and OAM capability discovery Link monitoring Remote MIB variable retrieval Remote failure indication Remote loopback
CE
U-PE
802.3ah OAMPDUs
802.3ah OAMPDUs
242667
9-15
Figure 9-10
Figure 9-10 shows the detailed Link OAM properties displayed by double-clicking an OAM entry in the OAM logical inventory table.
Figure 9-11 Link OAM Properties
9-16
OL-21805-01
249223