Introduction
I’m writing a short summary of REP as part of my CCDE studies. REP is an alternative protocol
used in place of STP and is most often run in ring based topologies. It is not limited to
these topologies however and it can also interact with STP if there is a desire to do so.
REP is Cisco proprietary, other vendors have similar protocols like EAPS from Extreme Networks.
Basic REP
REP uses the concept of segments. A segment ID is configured on all switches
belonging to the same segment. Two edge ports are selected where the REP
segment ends. These edge ports must not have connectivity with each other.
One port is blocking and this port is called the alternate port. All other
ports are transit ports.
Traffic flows towards the edge ports.
REP port roles
REP ports are either failed, open or alternate.
- All regular segment ports start out as failed ports
- After adjacencies have been determined, ports move to Alternate state. After negotiations on Alternate port is done the remaining ports move to open state while one port stays in Alternate state.
- When a failure occurs on a link all ports move to failed state. When the Alternate port receives the notification it is moved to open state.
Failure Detection
REP does not work the same way that EAPS does. EAPS sends out a poll on one port
and expects to see it back on the other port facing the ring. It has a master node
that is responsible for this action.
REP works by detecting link failure (Loss of Signal). REP also forms adjacencies
with directly connected switches. Because the main method of converging is to detect LoS
that means that the network should be designed without converters or shared segments that
could affect the detection of a failure. REP Link Status Layer (LSL) is responsible for
detecting REP aware neighbors and establishing connectivity within a segment. After
connectivity has been setup, REP will choose which port is to be alternate and the other
ports will be forwarding. The alternate port can also manually be selected if desired.
Convergence
Like mentioned earlier the main mechanism is to detect Loss of Signal. In the rare case
that the interface does not go down but connectivity it lost, REP must rely on timers.
The default is that the interface will stay up for five seconds when LSL hellos have
not been received from a neighbor.
When a link fails a notification is sent to a multicast destination address. This notification
is flooded in hardware speeding up the convergence. When a switch receives the notification
it must flush its L2 MAC table.
Interaction with STP
REP can interact with STP by generating TCN BPDUs. This could be desirable if you run REP
in a metro network and then have STP running in the network above that. Generally though
it would be best to not have that a large L2 segment so the REP segment should be
connected to a PE that runs MPLS/IP to the core.
End Port Advertisements
Starting from the edge ports End Port Advertisements (ESA) are sent out every four seconds.
These messages are used to discover the REP topology. The messages are relayed by all
intermediate ports and means that all the switches in the same segment knows what the
topology looks like and the state of all the ports in the segment. This can also be used
to see what the topology looked like before a failure because REP has an archive feature.
Other features of REP
REP supports preemption, meaning that when a failed link comes back the network can go
back to what it looked like before the failure. Manual preemption can also be used but
it will cause a temporary loss of traffic.
REP also supports VLAN load balancing meaning that the topology can look different
depending on the VLAN. However REP is not per VLAN in the sense that the hellos are
always sent on one VLAN compared to PVST+/RPVST+ which sends BPDUs per VLAN.
REP uses a concept of administrative VLAN which can be configured, the default is
to use VLAN 1.
Security
Like any control plane protocols that are running in our networks, they can be open for
attacks. What would happen if someone faked PDUs for REP trying to make the network
converge in an unexpected manner or kept sending these PDUs to flap ports at a
very high rate.
Obviously this could be a dangerous scenario. Cisco thought of this and implemented a key
mechanism that starts from the Alternate port. The key consists of a port ID and a random
generated number created when the port activates. This key is distributed through the
segment to the other devices which can then use this key to unblock the alternate port.
Summary
REP is a Cisco proprietary protocol mainly used in metro based ring networks. It is likely
to converge faster than STP and can achieve best case convergence of around 50 ms. REP
can interact with STP by sending TCN BPDUs. REP is a similar technology to EAPS with some
differences. REP is supported on Cisco ME switches.
In the future I think protocols like REP and EAPS will start to fade away as metro based
networks go all MPLS/IP.
You mention MPLS/IP replacing things like REP in access rings, curious have you dealt with MPLS TP at all?
Not yet I haven’t. What about you?
Nah, had a quick look on XR at it but there just aren’t enough hours in the day. It’s on my roadmap in work though. IP/MPLS routers are just too expensive for not-PE deployments, some of the vendors we are looking at would offer decent density switch that supports TP for a tenth of the price of a mid sized PE so I can see that aspect appealing to a lot of carriers.
I think the ME3600/3800 boxes are really interesting and quite decently prized. Not the best port density though. But being able to run L2 services and then carry them over MPLS instead of switching VLANs or Q-in-Q is so much nicer.
The days of switching in the metro access should be confined to history. There is far too much kit out there to suit any SP budget or requirement to not have to resort to using low end switches, I saw Bob McCouch saying yesterday the upstream ISP he was looking at was using a 3500 for aggregation, unbelievable! MPLS makes things so easy, I love it! So simple and so effective.
Thank you Daniel! I’ve been waiting for your REP post 🙂
how does the ip/mpls compares with REP ? REP is completely a L2 feature whereas IP/MPLS is L3 (except that it can provide vpls or xconnect based mpls L2 vpns, it still does not work entirely on L2)
REP is a protocol used mainly for ring topologies that provides fast convergence at layer 2. MPLS is an overlay protocol that is used to provide layer 2 or layer 3 services. It relies on normal IP forwarding and BGP.
How does the REP segment choose to be the alternate port? Could it also be the primary edge port or secundary?
how do you enable rep protocol on a router
how do you enable rep protocol on a cisco 3850&3750 switch / router.
It requires recent software. See this guide: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-1/configuration_guide/b_161_consolidated_3850_cg/b_161_consolidated_3850_cg_chapter_010001011.pdf
I have upgraded to ios ver15.0 but when i typ the rep segment 100 it prompting ^
% Invalid input detected at ‘^’ marker.
eg
Interface g1/1/2
Switchport mode trunk
Rep segment 100
% Invalid input detected at ‘^’ marker.
rep command is not working on my cisco switch 3750 and 3850
Could it combined with Port-Channel Interfaces?
Yes, it’s just not ideal as it increases convergence time.