ethoam lfm
TRANSCRIPT
-
8/19/2019 EthOAM LFM
1/27
OAM LFM: Part 1 - The theory 1/ Some terms, before:
OAM for Operations Administration and Maintenance
LFM for Link Fault Management
EFM for Ethernet in the First Mile
2/ Introduction:
OAM is intended for point-to-point or emulated p2p Ethernet links. The OAM block is optional, so it has to
be compatible ith La!er 2 de"ice that do not support OAM LFM. #n other ords, beteen 2 routers
interconnected ith a p2p Ethernet link, one can support OAM LFM and the other one not. The La!er 2 of
this one shouldn$t be impacted b! OAM frames sent b! its peer. OAM LFM disco"ers automaticall! "ia a
disco"er! mechanism, OAM capabilities of neighbors. OAM frames are also inhibited b! the MA% %ontrol
&A'(E mechanism )aka Flo %ontrol*.
OAM Modes:
As LA%&, there are 2 modes for the OAM client. Acti"e and &assi"e. The folloing tab resumes the
beha"iour of Acti"e and &assi"e mode routers+
ote+ Onl! Acti"e clients can initiate disco"er! mode, and also send remote loopback control. #n other
ords, Acti"e client does not take into account loopback messages coming from a &assi"e client. On a
gi"en p2p link, onl! one OAM client as to be in Acti"e mode to auto-disco"er! neighbor$s capabilities.
OAM is intended for point-to-point or emulated p2p Ethernet links. The OAM block is optional, so it has to
be compatible ith La!er 2 de"ice that do not support OAM LFM. #n other ords, beteen 2 routers
http://junosandme.over-blog.com/article-oam-lfm-part-1-the-theory-100830412.htmlhttp://junosandme.over-blog.com/article-oam-lfm-part-1-the-theory-100830412.html
-
8/19/2019 EthOAM LFM
2/27
interconnected ith a p2p Ethernet link, one can support OAM LFM and the other one not. The La!er 2 of
this one shouldn$t be impacted b! OAM frames sent b! its peer. OAM LFM disco"ers automaticall! "ia a
disco"er! mechanism, OAM capabilities of neighbors. OAM frames are also inhibited b! the MA% %ontrol
&A'(E mechanism )aka Flo %ontrol*.
OAM Mode:
As LA%&, there are 2 modes for the OAM client. Acti"e and &assi"e. The folloing tab resumes the
beha"iour of Acti"e and &assi"e mode routers+
ote+ Onl! Acti"e clients can initiate disco"er! mode, and also send remote loopback control. #n other
ords, Acti"e client does not take into account loopback messages coming from a &assi"e client. On a
gi"en p2p link, onl! one OAM client as to be in Acti"e mode to auto-disco"er! neighbor$s capabilities.
OAM Events:
(ome e"ents can interact ith the OAM state machine. e can notice+
- %ritical e"ents+ pre-defined e"ents+ Link fault, /!ing gasp and %ritical e"ents. These 0states1
are implementation specific. The conseuence of recei"ing one of them is to shutdon the la!er
2. For 3unos+ link don state. /!ing gasp is usuall! internal error and the %ritical e"ent referred to
a 0fatal error1 )like hard and soft failure*. This une4pected errors are con"e!ed b! OAM &/'.
- Link e"ents+ Link e"ents includes Framing Errors or (!mbol Errors. A client generates local link
e"ent hen for e4ample the recei"ed framing errors threshold is reached. #t refers to 5/#+ inform
upstream client that errors ha"e occurred on the local recei"e path. The conseuence of
recei"ing this kind of e"ent is generall! configurable. For 3unos, !ou can select one or more
actions+ (!slog, Link don, sending back %ritical E"ent.
OAM PDU:
-
8/19/2019 EthOAM LFM
3/27
OAM &/' are con"e!ed directl! ithin Ethernet frames. OAM Frames are ne"er flooded, the! ha"e a link
local scope. Ethernet frames that carr! OAM &/' use 67+86+%2+66+66+62 for destination address )the
same as LA%&*. The EtherT!pe field is eual to 648869 )slo protocol, as LA%&*. The distinction of
LA%& and OAM frames is done b! the subt!pe field, first mandator! b!te for (lo &rotocol based present
:ust after the EtherT!pe Field. A "alue of 646 is for OAM frames, 6467 is reser"ed for LA%& frames.;ereafter the ireshark capture of the OAM header.
The 0flags1 field is "er! important because it con"e!s both %ritical E"ents flags and (tate Machine
#nformation used during the disco"er! phase. The folloing b!te called OAM &/' code, pro"ides
information regarding OAM data carried b! TL
-
8/19/2019 EthOAM LFM
4/27
5! default OAM LFM client sends periodic &/' e"er! 7 sec. The FA'LT state is the 0begin1 state or the
state directl! selected if the LFM 0ad:acenc!1 holdtime e4pired )b! default ?s* or if a link failure occurred.
-
8/19/2019 EthOAM LFM
5/27
#f the L#@ is '&'& and there is no error, the OAM client mo"es to the A%T#
-
8/19/2019 EthOAM LFM
6/27
The TL< Local #nformation carries the mode of the Local OAM %lient and the (tate of the &arser and Mu4
state machine )OAM sub-la!er is transparent for other frames+ no blocking state* and finall! the Local
capabilities of the OAM client )hard coded or configured*. #n m! case, #$"e :ust configured the L#@
E
-
8/19/2019 EthOAM LFM
7/27
hen =7 recei"es the OAM &/' info from =2 it enters in (E/ LO%AL =EMOTE state as ell. #n this
step, the 2 routers must send Local and =emote TL< information.
After that each router checks if Local and =emote information are compatible. #f !es, the OAM client
enters in the (E/ LO%AL =EMOTE O@ state. The internal state is localDstable is set to T='E. This
means, at the OAM &/' le"el, LO%AL E
-
8/19/2019 EthOAM LFM
8/27
Finall! hen the OAM client recei"es the OAM &/' of its remote peer ith LO%AL (TA5LE at 7, it
mo"es tothe final step + (E/ A state.
-
8/19/2019 EthOAM LFM
9/27
At this step, the disco"er! is complete, the OAM client still sends periodic OAM &/' information to keep
the LFM 0ad:ancenc!1 '& and track some neighbor timeout e"ents. =emember, at each step if local and
remote changes occurred the OAM client can go back to pre"ious state or in case of link failure or
recei"ing critical e"ent mo"es directl! to the FA'LT state.
5elo, a ireshark capture of periodic OAM &/' sends after the disco"er! stage.
Remote Loopback operation:
-
8/19/2019 EthOAM LFM
10/27
=emote Loopback capabilit! allos a router to force its remote peer to place its interface in loopback
mode. #n other ords, all frames e4cept OAM &/' recei"ed b! the remote peer ill be loop back ithout
an! changing. (o, put in loopback mode an interface stops forarding and cuts all neighbor relationships
on this interface. Onl! OAM LFM ad:acenc! sta!s '&. (o this mode is for troubleshooting purposes.
For the abo"e case, e e4plicitl! set the =EMOTEDLOO&5A%@DMO/E on =2. This configuration
triggers the sending of a loopback control OAM &/' )code 646>* from =2 to =7. (o, =7 mo"es in
loopback mode. =7 updates its LO%AL #FO=MAT#O b! setting its &arser state at Loopback and its
Mu4 state in /#(%A=/#B state. #n parallel, =2 updates its &arser state in /iscarding state and keep its
Mu4 in forarding state.
-
8/19/2019 EthOAM LFM
11/27
&arser is responsible of recei"ed MA% frames
Mu4 is responsible of sent MA% frames.
The folloing ireshark captures sho this seuence of messages +
=2 to =7+
Then R1 to R2:
And then R2 to R1:
-
8/19/2019 EthOAM LFM
12/27
OAM Link Events:
This kind of e"ents are triggered hen a Local OAM client detects that the percentage of recei"ed frames
)not OAM &/' but the real Ethernet traffic* are in error, and that the configured threshold for these errors
is reached. There are > kinds of Link E"ent messages, but onl! 2 t!pes of error are monitored+ the s!mbol
error and the framing error. The first concerns the ph!sical la!er 7 )each s!mbol con"e!s se"eral bits* and
the second one concerns the la!er 2 and includes these t!pes of errors+
- Frame Too Long error + indicates that the last frame recei"ed had a frame(iCe be!ond the
ma4imum alloable frame siCe.
- Frame %heck Error indicates that the frame recei"ed as damaged b! a transmission error )aka.F%( error*.
- Length Error+ indicates that the lengthOrT!pe&aram "alue as both consistent ith a length
interpretation of this field )i.e., its "alue as less than or eual to ma4 link e"ent messages are con"e!ed ithin OAM &/' frames ith the code 6467 and each one has
a specific TL
-
8/19/2019 EthOAM LFM
13/27
o Errored (!mbol indo+ represents the number of s!mbols in the period for the ph!sical
la!er )in depends of the rate of the link and the t!pe of coding )ie. >bb &%(**. /efault
is number of s!mbols during one second.
o Errored (!mbol Threshold+ number of errored s!mbols in the period reuired to remotel!
generated this e"ent. /efault is 7 s!mbol.
o Errored (!mbols+ number of s!mbols errors in the period.
o Error =unning Total+ number of s!mbol errors since the OAM subla!er as reset.
o E"ent =unning Total+ number of this kind of e"ent generated since the OAM subla!er
as reset.
- Errored Frame E"ent TL
-
8/19/2019 EthOAM LFM
14/27
-
8/19/2019 EthOAM LFM
15/27
- efault value of OAM !"M parameter #in relation with the $art 1%
- &onfi'uration ( understandin': )ei'h*or discover+ phase
- &onfi'uration ( understandin': Remote loop*ack operation
- &onfi'uration ( understandin': !ink event
- &onfi'uration ( understandin': Action profile
1/ OAM implementation:
Junos supports OAM !"M since the release ,. Junos does not support the &odes /0/2-/0/:
aria*le re3uest and response
!"M has its dedicated process called lfmd OAM $4 send(receive state machine is mana'ed *+
the $$Md process This process mana'es ad5acencies and pdu transmission for several protocols:
67678 O7$"8 9"8 !A&$8 RR$ 6n other words $$Md uses 6$& with others deamons like R$8 !A&$8
!"Md or RR$d To see which ad5acencies(transmissions tasks; are mana'ed *+ $$Md8 +ou can
use this hidden command:
spon'e
-
8/19/2019 EthOAM LFM
16/27
distri*uted at $"@ level Ce can notice: 9"8 !A&$8 !"M8 &"MD However8 it depends on the Junos
version as well as the "$&($&(M$& hardware
"or e0ample: TR6O *ased cards onl+ support $$Md distri*uted !"M since the 111 9efore8 OAM
!"M $4s are handled *+ the Routin'-en'ine To see8 which protocols are distri*uted at $"@ !evel
for which "$&(interface8 use the hidden command #availa*le at least since 1/2%:
spon'e>8 $rotocol: !A&$
istri*uted8 istri*ution handle: 1/,8 istri*ution address: fpc1
6"!-inde0: 88 Protocol: LFM
istrib#ted8 istri*ution handle: ./8 istri*ution address: fpc$
6"!-inde0: ,8 $rotocol: !"M
istri*uted8 istri*ution handle: 1?28 istri*ution address: fpc
FDG
Ce can e0plain this output as follow: "$&/ supports $$M distri*uted for !"M and !A&$ protocols8 if
6 confi'ure these protocols for e0ample on the interface inde0 ,. #6"!% !A&$ and !"M #ad5acenc+
and some $4 messa'es% will *e handled *+ $$M at $"@ !evel #no R@ &$4 consumption%
For LFM confi%#ration with short timer &min 1$$ms' it is stron%l( recommended to #se LFM on
hardware/software that s#pport LFM distrib#tion at PF) le*el+ Otherwise, (o# can e-perience
some #ne-pected LFM ad.acenc( flaps+
The last hidden command allows to see the confi'ured !"M ad5acencies #alread+ up ( means
discover+ complete%:
spon'e
-
8/19/2019 EthOAM LFM
17/27
6f +ou want to *e sure8 when an !"M ad5acenc+ is up8 that no OAM $4 are sent(received *+ the
R@8 +ou can use this tip #here weBve a pro*lem%:
spon'eE *+tes
11:$5:06+1$4807 n OAM, len%th 7
11:$5:06+16057$ O#t OAM, len%th 08
11:$5:06+41$10$ n OAM, len%th 7
11:$5:06+460507 O#t OAM, len%th 08
6f +ou see these packets8 that means OAM !"M is handled *+ the R@ 7tron'l+ not recommended
4/ efa#lt timers:
The followin' ta* provides the default8 min8 ma0 values of OAM !"M timers
803.3ah Junos Default value Min Value Max Value
pdu_timer pdu-interval 1000 ms 100 ms 1000 ms
ocal_lost_link_timer pdu-threshold x3 (pdu-interval) x1 x10
Errored Symbol
Windo
symbol-period 1s 1s 1s
Errored !rame
"hreshold
#rame-error 100ms 100ms 100ms
Errored !rame
"hreshold
#rame-period 1s 1s 1s
Errored !rame Seconds
Summary Windo
#rame-period-
summary
$0s $0s $0s
0/ !onfi%#rin%/tro#bleshootin% LFM:
Ce refer to this dia'ram:
-
8/19/2019 EthOAM LFM
18/27
Discovery phase:
OAM !"M is confi'ura*le at protocols oam ethernet link-fault-mana'ement; "or discover+ phase8
+ou have to set per interface or via appl+-'roup the specific interface parameters
Fedit protocols oam ethernet lin2fa#lt2mana%ementG
spon'e
-
8/19/2019 EthOAM LFM
19/27
Man+ interestin' information are provided *+ the simple command ou can check if OAM !"M
ad5acenc+ is 4$:
- iscover+ state in 7@)NA)
- QQ Remote-7ta*le and !ocal-sta*le set to 1 fla's field /0/
ou have directl+ access to remote information mode(state(capa*ilities 6n this e0ample $atrick is
confi'ured in Active mode8 it supports Remote !oop*ack #aka allow-remote-loop*ack% and unlike
9o* supports link events Moreover8 we have information re'ardin' the Mu0 state: in forwardin'
state #$atrick can send non-OAM $4 frames% and the $arser state: in forwardin' state as well
#$atrick can receive non-OAM $4 frames%
6mportant point: if the discover+ phase failed #for e0ample $atrick has no !"M confi'uration +et%8
there is no action ( impact to the link la+er and conse3uentl+ to other protocols alread+
confi'ured on the link 6n our case8 !A&$ keeps its state up #collectin'(distri*utin'% ou need at
least to have one time a discover+ completel+ successfull+ reached and specific action confi'ured
to have an impact on other protocols attached to the link
Remote Loopack mode:
$ersonall+8 6 donBt use remote loop*ack mode for internal *ack*one link *ut it could *e useful for
testin' the la+er 2 end-end connectivit+ with customer without confi'urin' an+thin' at the la+er
#e0 $@-&@ link%
As 6 written in the $art 1: loop*ack mode cut the normal forwardin' of traffic over the link in !9
All the other protocols will 'o down
Note: Some Junos HW doesn’t support remote loopback, even if you configure allow-remote-
loopback
Remote loop*ack operation allow to force the remote router to switch in !9 mode 6n other words8
all @thernet frames sent to the remote router will *e loop *ack without an+ chan'in' To accept a
remote loop*ack re3uest from a remote peer8 a route has to support this capa*ilit+ #see
a*ove: allow-remote-loop*ack% and to *e confi'ured in Active mode
6n our e0ample8 6Bm 'oin' to confi'ure on 9o* the Remote !oop*ack Mode This action8 once
committed8 will tri''er the sendin' of Remote !oop*ack re3uest from 9o* to $atrick $atrick8
once the re3uest accepted8 will switch its link in !9 mode To acknowled'e the re3uest8 $atrickwill sent via its periodic OAM info $4 the new state of its Mu0 and $arser
On 9o*:
-
8/19/2019 EthOAM LFM
20/27
Once committed8 'o on to $atrick to check its state:
star:E?
"la's:Remote-7ta*le Remote-7tate-alid !ocal-7ta*le $-$
;emote loopbac stat#s: )nabled on local port, isa*led on peer port
;emote entit( information:
Remote M4P action: forwardin%8 Remote parser action: discardin%
iscover+ mode: active8 4nidirectional mode: unsupported
Remote loop*ack mode: unsupported8 !ink events: unsupported
aria*le re3uests: unsupported
As +ou can see8 the OAM is still the onl+ protocol 4$ #fla's/0/ and state machine in 7endNAn+
state% ou can check the remote !9 status8 here we have $atrickBs 'e-/(/(/ link in !9 Moreover8
the remote router 9o* #remote entit+ information% has chan'ed its parser state to discardin'
Remem*er8 we confi'ure remote loop*ack; under 9o* *ut this is $atrick that loops *ack frames
comin' from 9o* 7o 9o* can forward #Mu0 state% frames to the link toward $atrick8 which will
loop *ack them and then 9o* has to discard the !9 frames #$arser state%
On $atrick8 +ou can check the status fla's; of the link 'e-/(/(/ The fla' !ooped; has to *e
ena*led
star
-
8/19/2019 EthOAM LFM
21/27
spon'e:212>>12 O#t 4:1b:c$:d:5:76 = 1:,/:c2:/:/:28 ethert+pe 7low $rotocols #/0,,/>%8 len'th
?.: !A&$v18 len'th E/
1,:>:212>.E n 4:1b:c$:d:5:76 = 1:,/:c2:/:/:28 ethert+pe 7low $rotocols #/0,,/>%8 len'th
?.: !A&$v18 len'th E/1,:>:222>.. Out 2:1*:c/:d:>:E? = 1:,/:c2:/:/:28 ethert+pe 7low $rotocols #/0,,/>%8 len'th
?.: !A&$v18 len'th E/
1,:>:222>.>// 6n 2:1*:c/:d:>:E? = 1:,/:c2:/:/:28 ethert+pe 7low $rotocols #/0,,/>%8 len'th
?.: !A&$v18 len'th E/
He+S Ce see the 9o*Bs !A&$ frames comin' *ack 6t works )iceS
To deactivate the remote loop*ack operation8 5ust delete the previous command on 9o*
-
8/19/2019 EthOAM LFM
22/27
"ramin' error for Junos means "ramin' with invalid frame checksum Availa*le at the interface cli
level:
spon'e s(mbol2period 1?
frame2error 1?
frame2period 1?
frame2period2s#mmar( 1?
To trou*leshoot link events +ou can use the followin' command:
spon'e:E?
"la's:Remote-7ta*le Remote-7tate-alid !ocal-7ta*le /0/
OAM recei*e statistics:
6nformation: 11/>8 )*ent: 18 aria*le re3uest: /8 aria*le response: /
-
8/19/2019 EthOAM LFM
23/27
!oop*ack control: .8 Or'aniIation specific: /
OAM fla's receive statistics:
&ritical event: /8 +in' 'asp: /8 !ink fault: /
OAM transmit statistics:
6nformation: 1.1.,18 )*ent: 08 aria*le re3uest: /8 aria*le response: /
!oop*ack control: /8 Or'aniIation specific: / OAM received s+m*ol error event information:
@vents: /8 Cindow: /8 Threshold: /
@rrors in period: /8 Total errors: /
OAM received frame error event information:
@vents: /8 Cindow: /8 Threshold: /
@rrors in period: /8 Total errors: /
OAM received frame period error event information:
@vents: /8 Cindow: /8 Threshold: /
@rrors in period: /8 Total errors: /
OAM received frame seconds error event information:
@vents: /8 Cindow: /8 Threshold: /
@rrors in period: /8 Total errors: /
OAM transmitted s(mbol error e*ent information:
)*ents: $, @indow: $, hreshold: 1
)rrors in period: $, otal errors: $
OAM c#rrent s(mbol error e*ent information:
)*ents: $, @indow: 5748, hreshold: 1
)rrors in period: $, otal errors: $
OAM transmitted frame error e*ent information:
)*ents: $, @indow: $, hreshold: 1
)rrors in period: $, otal errors: $
OAM c#rrent frame error e*ent information:
)*ents: $, @indow: $, hreshold: 1 )rrors in period: $, otal errors: $
Remote entit+ information:
Remote M4P action: forwardin'8 Remote parser action: forwardin'
iscover+ mode: active8 4nidirectional mode: unsupported
Remote loop*ack mode: unsupported8 !ink events: supported
aria*le re3uests: unsupported
ou can check the total num*er of link event $4s sent and received as well as specific
information of 7+m*ol or framin' errors
To clear the OAM statistics information use this command:
spon'e
-
8/19/2019 EthOAM LFM
24/27
Chen the remote peer receives the !ink @vent $4 and has an Action $rofile referrin' on !ink
@vents8 it:
- @0tract from the received !ink @vent $4 : the errored "rame(s+m*ol count and the
Cindow value
- &ompare @rrored"rame(s+m*ol divided *+ the window with confi'ured threshold in theAction $rofile
- 6f result is = to confi'ured threshold : tri''er Action
Action Profile:
Action $rofile allows +ou to tri''er action#s% in response of specific event The events ma+ *e:
- link-ad5acenc+ down
- link-event received
- protocol-down onl+ used for &&& interfaces #removin' famil+ &&& notifies ,/2ah protocol
with the protocol-down event%
The action ma+ *e s+slo' and(or link down and(or sendin' critical event *it #in OAM $4 info%
ou can specif+ the action to *e taken *+ the s+stem when the confi'ured link-fault event
occurs Multiple action profiles can *e applied to a sin'le interface "or each action-profile8
at least one event and one action must *e specified The actions are taken onl+ when all
of the events in the action profile are true 6f more than one action is specified8 all the
actions are e0ecuted
$refer one Action $rofile per @vent and appl+ multiple Action $rofiles to an interface #lo'ical or;
*etween several Action $rofile%
6 recommend at least one Action $rofile to automaticall+ disa*le the link la+er of an 6nterface
when the OAM client loses the nei'h*or ad5acenc+
-
8/19/2019 EthOAM LFM
25/27
link-discover+ activeL
pdu-threshold L
ne'otiation-options K
allow-remote-loop*ackL
event-thresholds K s+m*ol-period 1L
frame-error 1L
frame-period 1L
frame-period-summar+ 1L
6n our e0ample we declare an Action $rofile that automaticall+ shutdown the link la+er of the
interface 'e-/(/(/ #all protocols will 'o down e0cept OAM !"M% and 'enerate a s+slo' messa'e
when OAM !"M ad5acenc+ is lost
7imple test in our e0ample : 6Bm *lockin' @thernet frame comin' from 9o* on $atrick to simulate
an ad5acenc+ loss
On $atrick 6 can see that the ad5acenc+ is down:
star
-
8/19/2019 EthOAM LFM
26/27
escription: To 7pon'e 9o* 'e-1(/(/
!ink-level t+pe: @thernet8 MT4: 11.8 7peed: 1///m*ps8
MA&-R@CR6T@ @rror: )one8 !oop*ack: isa*led8 7ource filterin': isa*led8
"low control: isa*led8 Auto-ne'otiation: @na*led8 Remote fault: Online
evice fla's : $resent Runnin'
6nterface fla's: Lin2La(er2own 7)M$-Traps 6nternal: /0.//.///
The ph+sical link is still ena*led8 *ut the link la+er is down #see 6nterface fla's% 7o onl+ OAM $4
can *e forwarded throu'h the link
)ow8 we want to add another action profile when framin' errors are detected Just create
another one with onl+ the action: s+slo'
e*ent >
lin2e*ent2rate > frame2error 1?
C
C
action >
s(slo%?
C
C
interface 'e-/(/(/ K
appl(2action2profile < AP2ABO@N AP2F;AM) =?
pdu-interval 1//L
link-discover+ activeL pdu-threshold L
ne'otiation-options K
allow-remote-loop*ackL
event-thresholds K
s+m*ol-period 1L
frame-error 1L
frame-period 1L
-
8/19/2019 EthOAM LFM
27/27
frame-period-summar+ 1L
ou can see that action-profiles are added in lo'ical or manner
Re'ardin' tests of the link events 6 will update this part when 6 will receive m+ OAM !"M licence
for 6P6A 6Bve onl+ successfull+ 'enerated the 7+m*ol-period !ink @vent *+ stressin' the "i*er