Internet2 Advanced Layer 2 Services (AL2S) Network uses Open Exchange Software Suite (OESS) for provisioning and forwarding table rule insertion via OpenFlow. Users provision circuits within the OESS User Interface (OUI), defining the endpoints, primary path, backup path and MAC addresses (if using MAC forwarding). Users can add multiple endpoints as defined by the parameters of the associated Workgroup, during the provisioning process. Circuits provisioned with more than two endpoints are automatically considered multipoint (MP) circuits.
OESS automatically issues a ‘change path’ (fail-over) whenever a failure event is detected which prevents forwarding on the primary path and a backup path is configured. The backup path becomes active and traffic forwarding resumes within five (5) seconds of detection. Fail-over occurs at the endpoints, switching from the defined primary path to the defined backup path. For two endpoint (or point-to-point) circuits, only modifying the forwarding rules on the endpoints accelerates the fail-over transition, as all forwarding rules along the path of the circuit are predefined, only the ingress and egress points of the network need to be altered.
Multipoint circuits present a challenge with respect to fail-over. Considering the topology of the national backbone, most core nodes are limited to four or fewer directions to adjacent core nodes, in most cases three and some cases two. A circuit defined where the primary path and backup pack utilize the same backbone segment will become isolated should the common backbone segment experience a failure event.
Figure 1 illustrates a design utilizing six nodes in a physical ring topology. Nodes A, B, D and E have endpoints on the configured circuit. Nodes C and F do not have endpoints defined.
The dark blue represents the physical connected topology, while the two green colors define the two paths of a single circuit, bright green for primary and dark for secondary. Only a single path for a given circuit can be active any at any given time. Under normal operations with the circuit utilizing the primary path, the multipoint topology would connect B, A, E and D, where pass-through occurs on F since there are no active endpoints. When a failure event occurs on any segment transporting the primary path, the backup path becomes active. The logical topology would then be A, B, D and E where pass-through occurs on D. If the failure event occurs on the physical link between A and B, A effectively becomes isolated. The circuit will transition to the backup path isolating A from the rest of the logical topology, since both the primary and secondary path traverse the same physical link.
The recommendation for multipoint circuits where endpoints are greater than or equal to four and no completely separate logical primary and secondary topology can be created is to utilize two or more primary circuits with higher layer protocol failover.
Figure 2 illustrates the same six node physical ring topology.
The bright green lines represent two circuits each with it’s own primary path and no secondary path configured. Fail-over would occur with higher layer protocol protection, typically at the IP layer with an Interior Gateway Protocol (IGP) or Exterior Gateway Protocol (EGP), depending if the endpoints are part of a single organization or multiple organizations.