How to Configure ERPS on Industrial Network Switch

What is Ethernet Ring Protection Switching(ERPS)?

Ethernet Ring Protection Switching, or ERPS, is an effort at ITU-T under G.8032 Recommendation to provide sub-50ms protection and recovery switching for Ethernet traffic in a ring topology while ensuring that there are no loops formed at the Industrial Network Switch Ring.

G.8032v1 supports a single-ring topology, and G.8032v2 supports multiple rings/ladder topology.  Ethernet Rings can provide wide-area multipoint connectivity more economically due to their reduced number of links.

Each Ethernet Ring Node is connected to adjacent Ethernet Ring Nodes participating in the same Ethernet Ring, using two independent links. Two adjacent Ethernet Ring Nodes bound a ring link, and a port for a ring link is called a ring port. The minimum number of Ethernet Ring Nodes in an Ethernet Ring is three.

Ring Network Protocol for Industrial Switch

Generally, redundant links are used on an Ethernet switching network such as a ring network to provide link backup and enhance network reliability. However, redundant links may cause loops, leading to broadcast storms and rendering the MAC address table instability. As a result, communication quality deteriorates, or even communication services are interrupted. Table 1-1 describes ring network protocols supported by devices.

Ring Network Protocol Advantage Disadvantage Recovery Time
STP/RSTP/MSTP 1. Applies to all L2 networks.
2. A standard IEEE protocol allows Fiberroad Devices
to communicate with non-Fiberroad devices.
Provides a low convergence speed on a large network,
which can’t meet the carrier-class reliability requirement.
RSTP: 2seconds
STP: 30-50 seconds
ERPS 1. Features fast convergence speed, ensuring carrier-class reliability.
2. A standard ITU-T protocol allows Fiberroad devices to
communicate with non-Fiberroad devices.
3. Supports single and multi-ring topologies in ERPSv2.
Requires complex manual configuration of many functions. ERPS:<50ms

ERPS Basic Concept

ERPS mainly includes ERPS ring, node, port role and port status

ERPS Instance

ERPS instance is formed by the same instance ID, control VLAN and interconnected switches.

Control Channel

The Control channel is the transmission VLAN of ERPS protocol, and the protocol packet will carry the corresponding VLAN tag.


RPL(Ring Protection Link) is, Link designated by a mechanism that is blocked during the idle state to prevent a loop on the bridged ring.


ERPS ring is ERPS basic unit. It comprises a set of the same control VLAN and the interlinked L2 switch equipment.


The L2 switch added in the ERPS ring is called nodes. Each node can not be added to more than two ports in the same ERPS ring. The nodes are divided into RPL Owner, Neighbor, and Ring Node.

Port Role

In ERPS, port roles include RPL Owner, Neighbor and Common:

1) RPL Owner: An ERPS ring has only one RPL Owner port configured by the user and prevents loops in the ERPS ring by blocking the RPL Owner port. The node that owns the RPL Owner port becomes the RPL Owner node.

2) RPL Neighbour: An ERPS ring has only one RPL Neighbor port configured by the user, and it must be a port

connected to the RPL Owner port. If the network is normal, it will block together with the RPL Owner port to

prevent loops in the ERPS ring. The node with the RPL Neighbor port becomes the RPL Neighbor node.

3) Ring Node: The common port. The ports except for the RPL owner and Neighbor port are Ring Node ports. If the

node has only the common port, which will become the Ring node.

Port Status

In the ERPS ring, the port status of the ERPS protocol is divided into two types.

1) Forwarding: In Forwarding status, the port forwards user traffic and receives / forwards R-APS packets. Moreover, it forwards R-APS packets from other nodes.

2) Blocking: In the Blocking status, a port in the blocking status does not participate in frame forwarding and also discards frames received from the attached network segment. However, ERPS messages are forwarded.

ERPS Operating Mode

Word mode includes Revertive and Non-revertive:

Revertive: When the link fails, the RPL link is in the release protections state, and the RPL link is re-protected after the faulty link is restored to prevent loops.

Non-revertive: After the fault is rectified, the faulty node remains faulty(without forwarding) and the RPL link remains in the release protection state.

ERPS Operation

ERPS Components

ERPS Instance is a logical ring that runs over a physical ring composed of a set of VLANs. Each node contains an instance. It is made up of:

  • Two ERPS ring ports
  • A control VLAN that carries Ring-Automatic Protection Switching(R-APS) messages.
  • One or more Protected Data VLANs that the instance protects when the ring fails.
ERPS industrial network switch

ERPS Ring Ports

These are the physical interface ports or interface Link Aggregation Groups (LAGs) that are used by the instance. All nodes must have two ERPS ring ports in the major ring case. Traditionally, these are referred to as East and West ring ports.

RAPS channel VLAN(Control VLAN)

R-APS messages are carried over a channel. In G.8032, this channel is implemented using a VLAN. Each ERP instance uses a tag-based VLAN called the raps-channel for sending and receiving R-APS messages. All the nodes in the ring are required to use this raps-channel VLAN, and this VLAN must have the ERP ring ports as members. The function of the R-APS VLAN is to monitor the ring and maintain its operational functions. The R-APS VLAN carries no user data.

R-APS messages flow through the ring to control its protection-switching behaviour.

Each node along the path will receive the R-APS message on the raps-channel VLAN and copy it for local processing.

It will also attempt to forward the original version at L2 switching speed to its other ring port. If the raps-channel VLAN on the other ring port is blocked, then the R-APS message is not forwarded to the other nodes.

The raps-channel control VLAN is blocked from being forwarded to other nodes where the protected data VLANs are blocked from being forwarded.

NOTE: Sub-rings without a virtual channel are an exception discussed below. In this case, the raps-channel VLAN is not blocked from being forwarded even though the protected data VLANs are blocked.

The node that generates the R-APS messages will always send over both of its ring ports regardless of whether or not the raps-channel VLAN is being blocked on its ring ports. Similarly, R-APS messages will be received and processed regardless of whether or not the raps-channel VLAN is being blocked on its ring ports. Below is the R-APS Message Format,

Specific Information (32 octets) is below:

Request/State Reserved 1 RB DNF BPR Status Reserved Node ID
(6 octets
Node ID
Reserved 2(24 octets)

Request/Status(4bits) – ‘1101’ = FS , ‘1110’ = Event, ‘1011’ = SF, ‘0111’ = MS, ’0000’ = NR, Other = Future

Status – RB (1bit) – Set when RPL is blocked (used by RPL Owner in NR)

Status – DNF (1bit) – Set when FDB Flush is not necessary

NodeID (6octets) – MAC address of message source node (Informational)

Reserved1(4bits), Status Reserved(6bits), Reserved2(24octets)

NOTE: RAPS (Ring Auto Protection Switch) virtual channel: In the intersecting ring, the intersecting node between, used to transmit sub-ring protocol packets but not belonging to the sub-ring is called the RAPS virtual channel of the sub-ring.

Protected Data VLAN

Each ERP instance protects one or more data-carrying VLANs (called data traffic). All the nodes in the ring are required to have the same protected VLANs. The protected VLANs should have the ERPS ring ports as members.

ERPS Industrial Network Switch RPL Owner

The RPL provides the blocking of traffic under normal operating conditions, thus preventing loops. The RPL consists of an Owner on one end and a Neighbor on the other. It is the Owner that provides the main control for protection switching. Under normal operating conditions both ends of the RPL perform a block. However, the Owner continuously generates R-APS No Request RPL-Blocked(NR, RB) messages and is in charge of the RPL’s blocking and forwarding states.

Under normal operation, the RPL-Owner generates R-APS(NR, RB) messages when there are no failures. It periodically sends these, every 5 seconds, over both of its ring ports. These messages indicate which of its East or West ring ports is blocked. Each node along the way receives the R-APS, recording the Node-id and Block Port Reference (BPR) in the message. This is used to detect a topology change.

NOTE: Configuring a G.8032 ring without an RPL-Owner is never recommended. While the G.8032 protocol can operate without an RPL-Owner, as other nodes in the ring can send R-APS messages and block traffic under both normal and failed conditions, the RPL-Owner provides predictability as to where the ring block will occur under normal conditions. The RPL-Owner is also needed for revertive operations.

Revertive and Non-Revertive Operations

G.8032 also provides for revertive operations. Once the failure clears and after a waiting time of typically 5 minutes, the ring switches back to its normal mode of operation. G.8032 also provides for a non-revertive operation, where once the failure abates, a protection switch back to the normal state does not occur. In this case, the links where the failure had occurred remain blocked, and the RPL remains unblocked. A clear command, described below, is provided for you to control whether a revertive or non-revertive operation is allowed.

1. REVERTIVE In the ideal case, the link between the Root Node and the Root Neighbor is blocked. In case of Signal Failure or operator commands like Forced Switch or Manual Switch occurs, the link as mentioned above gets unblocked to steer the traffic. Upon recovery, the same link should get blocked to prevent the formation of a loop. In the Revertive mode of operation, the Ring Protection Link gets blocked automatically upon recovering the failed link.

2. NON-REVERTIVE In Non-Revertive mode, the Ring Protection Link doesn’t get blocked automatically after recovering the failed link or operator commands. The failed link or the link upon which the operator command was issued remains in the blocked state, thereby preventing a loop formation. The advantage behind this here is to avoid unnecessary toggling between states. This toggling may necessitate flushing of learnt MAC address on the ports.

NOTE: When revertive operations are used, the ring will not revert immediately. Reversion does not start until the wail-to restore has expired, which is 5 minutes by default.

Forced Switch(FS) and Manual Switch(MS)

Forced Switch (FS) is a command that can force a ring to switch. The command is issued at a given node and a given interface on the ring. This results in a block being applied at that interface, an unblock on the opposite interface, and an R-APS Forced Switch (FS) message flowing around the ring. This will result in the

RPL becoming unblocked. Any other nodes that had a block previously will also unblock when they get this message. FDB flushes also occur along the way.

Notes: Forced Switch(FS) commands can be issued at multiple locations along the ring. However, doing so may result in the ring becoming segmented. The Manual Switch(MS) command is nearly identical to a forced Switch(FS) command except that only one Manual Switch(MS) command can be issued on the ring. It also has a lower priority than a Forced Switch(FS) command when a node has many requests that it needs to process simultaneously.

To undo this operation, use the clear command at the same node. This will cause the clearing node to unblock any previously applied block. It will also send an R-APS No Request(NR) message, which will cause the RPL to become blocked again.

ERPS State

There are five states in the ERPS protocol

  • IDLE State

This state represents no signal fail or any administrative command (Forced/Manual Switch) prevailing over the ring. The RPL(Ring Protection Link) is blocked(Doesn’t carry data traffic, but Tx/Rx the APS PDUs)

  • Protection State

This state represents the Signal Fail condition in the Ring. Normally the RPL is unblocked to steer the traffic in the ring. When more than one Signal Fail occurs in the Ring, it segments the ring. Traffic flow is disturbed.

  • Pending State

This state occurs when the issuer revokes the Signal Fail condition, and the RPL is not still blocked. Generally, the Root node after receiving the No Request Message (indication of No Signal Fail condition) waits till the Wait-To-Restore time to block the RPL. This is the condition where the Ring goes into Pending State. It also occurs during the waiting period in wait-to-block after revoking the forced/manual switch.

  • Forced Switch

This is management triggered state. When an administrator needs to make a port down participating in the ring, this management entity will come into action. When a Forced Switch object is issued on the port, the port goes down, and the APS PDU propagates around the ring indicating the status. When the clear management object is set on the port, this Forced Switch is revoked.

Notes: This has higher precedence to Signal Fail status. So even when some node faces a signal Fail, this will supersede it.

  • Manual Switch

Similar to the Forced Switch, the Manual Switch is also management triggered. The difference is that it has a lower priority compared to Forced Switch. When there is a Forced Switch or Signal Fail Prevailing over the ring, this condition is rejected by the ERPS process. The clear management object will revoke the Manual Switch state.


There are four timers involved in the ERPS protocol. The last two timers are the delay timers and are employed only on the Root Node.

  • Hold-off Timer

After the expiry of the Hold-off timer, the problem in the physical layer is communicated to the ERPS Control Process. For example, it defers the indication of Signal Fail on one of the ring ports for a period of configured Hold-off time.

  • Guard Timer

This timer is used to prevent outdated messages from interfering with the ERPS State machine of that ring. When the node clear’s its Signal Fail condition, the guard timer is started. When the guard timer runs, it rejects all the APS PDU except the ‘event’ message. This timer prevents any latent information from arriving from the ring’s far end.

  • Wait-To-Block Timer

As mentioned earlier, the Wait-to-Block timer is employed at that Root Node. This timer is used when the ring recovers from the operator command (Forced Switch or Manual Switch). When the Wait-to-Block Timer expires the Ring Protection Link is blocked.

  • Wait-To-Restore Timer

When the ring recovers the Signal Failure the Root Node starts the Wait-to-Restore Timers. Upon expiry, the Ring Protection Link is blocked. It is blocked at once if it is a revertive mode of operation. In the case of non-revertive, it is blocked when the operator command “clear” is given.

ERPS Messages

Different types of ERPS Messages are

1. SIGNAL FAIL (SF) – This message denotes the failure of the Ring Link.

2. NO REQUEST (NR) – This indicates the clearing of the failure in the Ring Link

3. NO REQUEST ROOT BLOCKED (NR, RB) – This is transmitted by the Root node, denoting that the Ring Protection Link is blocked.

4. FORCED SWITCH (FS) – This message indicates that a Forced Switch has occurred.

5. MANUAL SWITCH (MS) – This message indicates that a Manual Switch has occurred.

ERPSv1 and ERPSv2

ERPSv1 and ERPSv2 are currently available. ITU-T released ERPSv1 in June 2008, and ERPSv2 in August 2010. EPRSv2, fully compatible with ERPSv1, provides enhanced functions. Table 1-2 compares ERPSv1 and ERPSv2.

Function ERPSv1 ERPSv2
Ring Type Supports single ring only Supports single ring and multi-rings. A multi-ring topology comprises
major rings and sub-rings.
Port Role Supports the ring protection link(RPL)
owner port and ordinary ports
Supports the RPL owner port, RPL neighbor port, and ordinary ports
Topology change
Not supported Supported
R-APS PDU transmission
mode on sub-rings
Not supported Supported
Revertive and non-revertive
Support revertive switching by default
and does not support non-revertive switching or
switching mode configuration
Manual port blocking Not supported Supports force to switch(FS) and manual switch(MS)