Apr 222011

What is OAM CFM and what does it mean?

OAM is abbreviation of Operations, Administration, and Maintenance. It consists of several protocols able to monitor and control Layer 2 networks in different ways:

  • Connectivity;
  • Traffic limit allowance;
  • Traffic measurement;
  • Latency;
  • Breakpoint isolation;
  • SNMP traps and alerts;
  • Events propagation;
  • Protection switching etc.

In few words, OAM provides the Layer 2 (and Layer 2.5) networks, the tools for control and monitor Layer 3 networks have.

CFM is the protocol of this family that provides Connectivity Fault Management (CFM). If we are to put Layer 2 and Layer 3 tools side by side, you may notice some similarities (and differences):

Layer 3

Layer 2


traceroute linktrace Full
ping loopback Almost full
TCP keep alive messages Continuity check messages Almost the same
IP/Name resolution Sender ID content Not very
Routing Protection switching Has some similarities
TCPdump / IPTraf SAA Y1731 test SAA is more sophisticated.
ping -f RFC2544 throughput test Not very

Layer 3

Layer 2


Those are some of the similarities. The implementation however is nothing the same as in the Layer 3 network. The L2 CFM protocol uses 8 different Maintenance Domains (MD) for monitoring the different levels of service providers, core networks or system operators. Every level has it’s own number of Maintenance Associations (MA) dedicated to monitor specific provider/provider or provider/customer service, or a VLAN in the network. And every Maintenance Association depends on a set of Maintenance Points (Called also MEPs and MIPs) for it’s monitoring purposes:

OAM monitored network

OAM monitored network

To explain this diagram, we need to know some of the dry-theory language set, used inside.
Maintenance Domain (MD): The network or the part of the network for which faults in connectivity can be managed. The boundary of a Maintenance Domain is defined by a set of MAs and MEPs, each of which can be a connection point to other Maintenance Domains or to customer equipment.
Maintenance Domain name: In addition to the MD Level every domain has it’s own name.
Maintenance Association (MA): A set of MEPs, each configured with the same MAID and MD Level, established to verify the integrity of a single service instance or a single VLAN ID. An MA can also be thought of as a full mesh of MEPs.
Maintenance Association Identifier (MAID): An unique name (identifier) for a Maintenance Association. There are 2 parts of every MAID: the Maintenance Domain Name and the Short MA Name. This way, even with same names in different domains, the MA ID is unique.
Maintenance association End Point (MEP): An actively managed CFM entity, associated with a specific port of a service instance, which can generate and receive CFM PDUs and track any responses. It is an end point of a single MA, and is an endpoint of a separate Maintenance Entity for each of the other MEPs in the same MA.
Maintenance domain Intermediate Point (MIP): A CFM entity that is not actively managed. It is a physical port member of the monitored VLAN or service in the network.
Continuity Check Message (CCM): A multicast CFM PDU transmitted periodically by a MEP in order to ensure continuity over the MA to which the transmitting MEP belongs. No reply is sent by any MP in response to receiving a CCM.

OAM frames from higher domain levels go absolutely transparent over the MPs of lower level domains. This way, a customer line (or service) monitored with Domain of level 7 will have its CFM packets all the way through the Service operator and network provider domains untouched. If the Customer support wants to monitor the line between the border switches in this network, the service provider domain will pass the OAM packets to their destination untouched.

Same is valid with the two Network provider’s Rings in the diagram. They will allow the level 5 domain CFM packets to go to their destination over the active or the backup link of their Rings.

The End points (MEPs) are responsible to filter or process the CFM packets on the ports they are set. If an equal to their Domain level CFM packets are received, the MEPs need to process them. If higher then their level CFM frames are received, the MEPs need to pass them transparently. And if they receive lower level CFM packets – the MEPs need to drop them so they don’t go to supposedly higher level domains behind the Maintenance End point. With this logic – customer equipment is not supposed to receive CFM packets from Provider or Operator equipment and the Operator equipment will not receive CFM packets from the Provider.

The End points (MEPs) also distinguish the different Maintenance associations (MAs) and do not process packets from other associations different from their own. So far, any MA can have a set of no more than 8192 MEPs identified by their ID number (1..8192) and different MAs can have MEPs with same ID numbers (This proved to be bad practice in my work). No matter if the local MEP expects to receive a CCM message from MEP with ID 100, it will discard it if this CCM is sent from another MA. With this logic, regardless Provider 1 and Provider 2 are monitoring their ring networks with the same maintenance domain level, their OAM packets will not interfere with each other. This is important logic, because OAM controlled ring (e.g. R-APS ring) can easily be looped if wrong control packet is received.

Every maintenance point (MEP or MIP) is a physical port on the device. Every MEP generates CCMs (Continuity Check messages). Every MIP has to pass those CCMs to the next MIP or MEP in the same VLAN (or service) as his own.

CCMs are the heartbeat of the OAM monitored network. If the Heartbeat stops – then there is a failure. This failure will generate an event or an SNMP trap. Those events and traps can trigger actions or be logged for later analysis. This is basically what OAM protocol family is all about. (check the next chapter CCMs and MEP types)

 Posted by at 11:41 am

  27 Responses to “OAM CFM basics”

  1. Hi,
    you say that “CCMs are the heartbeat of the OAM monitored network. If the Heartbeat stops – then there is a failure”; so it seems that CCM are always on.
    In this context what is the utility of LBM messages? It seems redundant to me…

    • Loopbacks and linktraces are sent on demand, when you need to find a problem in the network or to find in what manner the path between source and destination is switched (or routed).

      CCMs are sent consistently between MEPs and can be set to generate alarms to log server (or SNMP traps if you prefer). In this case breakage between End Points (MEPs) is found automatically and logged. Linktrace and loopback tools can be later used by a network engineer to find the problem point and clear it.


  2. I have a doubt. I do understand the concept of Domains. But i am finding it hard to get the concept of Association . Association means reserving certain ports for a service to be provided for a higher level customer/ provider ? so in a n port device we associate x ports for a particular service ? Or how how does it work ?

    • In a switched network (layer 2), you can have a dozen of VLANs. For each VLAN you may have different Maintenance Association to monitor the activity on this particular VLAN (e.g. Latency between two End points (MEPs), traffic bottlenecks, linktraces to check where the traffic is actually passing through intermediate points (MIPs) etc.)

      If you are using routed network (layer 3) with services over MPLS you can assign different MAs on each service to monitor them.

      • Thanks for the reply.
        Switch has to be configured about the MA ? If so certain ports on the switch are reserved for this purpose?. Could I get some information/reference about how this configuration happens please?. Also switches get the information about all the MA’s and check for its proper activity?
        I am a beginner in network domain. So forgive me if questions sounds too elementary.

        • No, normal operation on the same ports is configured as usual, then the OAM configuration is set to monitor a specific VLAN ID or Service ID.

          For proper configuration, I need to know what equipment are you using.

          • Thanks. What would be the config for switches ?. In switches, OAM packets or data packets for any MA can be received via any port of the switch ?And based on the Vlan Id or service ID the packets would be forwarded ?

          • Both kind of packets would be forwarded to the other members of the same VLAN (or the SAP/SDP port depending on what service is set and on what port did the packet came). The OAM packets are supposed to be forwarded to the next MIP or MEP port depending what are they monitoring in the first place.

            That’s why I asked you – what kind of switch are you configuring (brand, model etc.) and what is your current configuration. Are you monitoring a service or a VLAN. Are you using a switch or actually a router. What interfaces are routed, with what protocol and what addresses.

            Without more information, I can’t give you more help.

  3. Are the Ethernet Flow Points(EFP) and Maintenance Points the same ?
    And MA is for a per EVC basis?

    • No. According to Cisco’s article:

      An EFP serves four purposes:
      •Identifies all frames that belong to a particular flow on a given interface

      •Provides a capability to perform ingress and egress Ethernet header manipulations

      •Provides a capability to apply features to the identified frames

      •Optionally defines how to forward those frames in the data path

      This is a point in which a data flow path is decided and any QOS or header rewriting is done. It is far different than Maintenance End Point. OAM CFM is a protocol for monitoring, it does not (by itself) provide switching or class-of-service capabilities.

      • Ah ok Thanks.. So in essence Maintenance Points (OAM) monitor the same connection and ports used by the EVC so that any service faults can be proactively detected ?

        • Exactly.

          OAM may monitor services’ access points, measure traffic congestion, latency, jitter etc. It is very useful protocol for large networks, where you need statistics of what is lost and what is late.

  4. absolutely brilliant, very nice explanation

  5. Hi,

    How many MAs are needed if two MEPs and one MIP are created in a network?
    Is MA required for each MEP/MIP?

    • Yes, by all means.

      MIPs/MEPs are all to be in the same MA in all devices if you want to have connectivity.

      One MA should be enough.

  6. so when we create mep on say e-nni and uni to do a loopback , do we actually reserve physical ports for a limited duration, I am trying to understand in terms of resources how does this work, you tear the configuration once you are done testing

    • You don’t reserve the actual port. There is a small resource allocation for 1 packet per second (by default) for any MEP using the port.

      I don’t understand the rest of the question.

  7. Oh got it, did not know that there is a default allocation for 1 packet /second – thanks for the explanation. From what i understand the process is to 1.identify active ports first on EAS and EFS, 2.get the maintenance details, 3.create global, ne, meg details, 4.set eth flags and 5.execute the loopback. Once you get the result you 6.delete global, ne, meg and mep and 7.unset flags. This is how i understand being from the IT background where we did the automated of the manual steps through CLI and converted that into a single click automation from a UI. But just wanted some more details on it to understand what is happening in each step – if you see where i am coming from. All we did was created the API 🙂

    • Create Domain in same level for both switches/routers.
      Create Maintenance group for both.
      Create different MEP IDs on both.
      Check connectivity establishes.
      Issue Loopback tests.

      Delete or disable the above.

      You are into QA?

  8. Thanks for the reply. I am actually into the design team of a BPM tool, so we did automation of these processes for network operation users on the tool for tests like loopback, linktrace, ntd status, network performance etc, but was trying to figure out if this process remains same on any manufacturers device, we did this for ALU’s device.

  9. Hi,
    I am new to configuring CFM. How can I check how many and if any CCM packets are being exchanged on a CISCO ASR 9k device?

    • You can use Cisco’s own “show interface” or “show port” statistics for this. Or you can plug them through a cheap hub and use traffic sniffing software (Wireshark is my favorite) with a PC attached to the same hub.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">



Prove you are human please: * Time limit is exhausted. Please reload CAPTCHA.