Introduction
Ethernet Ring Protection Switching (ERPS) is a Layer 2 protection mechanism defined by ITU-T G.8032, designed to provide sub-50ms recovery in Ethernet ring topologies in the event of link or node failures, without causing broadcast storms or loops. ERPS is ideal for metro Ethernet, access networks, and enterprise ring architectures, like those often deployed with cnMatrix switches. In ERPS, there is a central node called the RPL (Ring Protection Link) Owner Node, which blocks one of its ports to ensure that no loop is formed for Ethernet traffic. The link blocked by the RPL owner is called the Ring Protection Link (RPL), and the node at the other end of the RPL is known as the RPL Neighbor Node. Links in the ring will never form loops that fatally affect network operation and service availability. If no failure happens in other links of the ring, the RPL blocks the traffic and is not used. Under ring failure conditions, the RPL owner is responsible for unblocking traffic over the RPL. A ring failure results in protection switching of the RPL traffic, and an Automatic Protection Switching (APS) protocol is used to coordinate the protection actions over the ring. Protection switching blocks traffic on the failed link and unblocks the traffic on the RPL. When the failure clears, revertive protection switching blocks traffic over the RPL and unblocks traffic on the link where the failure is cleared. This behavior ensures high reliability and network stability in Ethernet ring deployments.
Sample Topology
-
All switches participate in a single ring: Ring 1 (VLAN 1000)
-
The RPL is configured on Switch E (10.10.0.5) on port Gi 0/1
-
Each switch is configured with:
- Two working ports (part of the ring)
- local-mep and remote-mep for OAM monitoring and ring signaling.
ERPS Configuration Overview
Below is a simplified example of ERPS configuration on cnMatrix switches:
!
aps ring enable
aps ring group 1
aps working <port1> <port2> vlan <VLAN-ID>
aps working port1 local-mep <ID> remote-mep <ID>
aps working port2 local-mep <ID> remote-mep <ID>
aps protect <port> (only on RPL owner switch)
aps group active
!
Configuration Parameters Explained
| Command | Description |
|---|---|
| aps ring enable | Enables ERPS feature globally |
| aps ring group 1 | Defines ring group ID (must be same across all switches in the ring) |
| aps working | Defines the two ports participating in the ring |
| vlan | The VLAN on which ERPS is operating (e.g., 1000) |
| local-mep | MEP (Maintenance End Point) ID for the local interface |
| remote-mep | Remote peer’s MEP ID for link monitoring |
| aps protect | Designates the Ring Protection Link (RPL) owner’s blocked port |
| aps group active | Activates the ERPS ring group |
Configuration Example: Switch E (RPL Owner)
!
aps ring enable
aps ring group 1
aps working gigabitethernet 0/1 gigabitethernet 0/2 vlan 1000
aps protect gigabitethernet 0/1
aps working port1 local-mep 54 remote-mep 52
aps working port2 local-mep 71 remote-mep 72
aps group active
!
How It Works
- When all links are healthy, the RPL port is blocked (in our case, Switch E blocks Gi 0/1).
- If a failure occurs anywhere in the ring, ERPS unblocks the RPL to restore connectivity.
- Once the failure is restored, ERPS reverts to the original state to maintain loop-free forwarding.
Notes
- All switches in a ring must share the same ring group ID and VLAN ID.
- Ensure that MEP IDs are unique per switch and correctly mapped.
- Only one switch should have the aps protect command—it is the RPL owner.
Benefits of ERPS with cnMatrix
- Fast convergence (<50 ms)
- Loop prevention without STP
- VLAN-specific protection
- Simplified monitoring with MEPs
cnMatrix currently supports ERPSv1, which does not support sub-ring (dual-ring) topologies. ERPSv2, which supports the dual-ring topology configuration, will be available in a future firmware release.
If you need deeper insights or troubleshooting tips, please refer to the cnMatrix User Guide.