cisco catalyst virtual switching system (vss)
DESCRIPTION
Virtual Switching System (VSS) is a new and exciting technology on Cisco‘s Catalyst 6500 switches, allowing for the virtualization of 2 physically separate Catalyst 6500s into a single logical entity for configuration, management, network design and packet forwarding. Such an architecture opens up new doors into how traditional networks can be designed whilst still maintaining the highest levels of Availability, Forwarding capacities and feature richness on the platform. This session provides a detailed analysis on the architecture of Virtual Switching System and will cover multiple aspects such as its fundamental concepts, implementation, forwarding architecture, hardware and software requirements, network design implications and its impact to System High Availability, QoS, Integrated Security features as well as Operation, Management and Troubleshooting. The target audience for this session are both Enterprise and Service Provider attendees who have worked with and are familiar with the Catalyst 6500 series switches. This session does assume an understanding of the Catalyst 6500 switch architecture and we do recommend the audience to have attended the Catalyst 6500 Architecture session already.TRANSCRIPT
-
BRKCRS-3468
Cisco Catalyst Virtual Switching System
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 2
Cisco Live & Networkers VirtualSpecial Offer Save $100Cisco Live has a well deserved reputation as one the industrys best educational values. With hundreds of sessions spanning foureducational programs Networkers, Developer Networker, Service Provider, IT Management, you can build a custom curriculum that can make you a more valuable asset to your workplace and advance your career goals. Cisco Live and Networkers Virtual immerses you in all facets of Cisco Live, from participating in live keynotes and Super Sessions events to accessing session content to networking with your peers.Visit www.ciscolivevirtual.com and register for Cisco Live and Networkers Virtual. To get $100 USD off the Premier pass, which provides access to hundreds of technical sessions, enter slideshareFY11.
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 3
Agenda Topics VSS Introduction Architecture Hardware Requirements Migration to VSS High Availability Quad Sup Uplink Forwarding Software Upgrades Deployment Considerations & Best Practices Summary
Appendix Topics Operational Management Quality of Service Service Module Integration Deploying VSS with Server Virtualization Data Center L2 Interconnect via VSS
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 4
VSS Introduction
44
Agenda Topics
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 5
Current Network ChallengesEnterprise CampusTraditional Enterprise Campus deployments have been designed in such a way that allows for scalability, differentiated services and
high availability. However they also face many challenges, some of which are listed in the below diagram
Access
L2/L3 Distribution
L3 Core
FHRP, STP, Asymmetric routing,Policy Management
Extensive routing topology, Routing reconvergence
Single active uplink per VLAN (PVST), L2 reconvergence
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 6
Current Network ChallengesData Center
Traditional Data Center designs are increasingly requiring Layer 2 adjacencies between Server nodes due to the use of Server Virtualization technology. However, these designs are pushing the limits of Layer 2 networks, placing
more burden on loop-detection protocols such as Spanning Tree
L2/L3 Core
L2 Access
Dual-Homed Servers to single switch, Single active uplink per VLAN
(PVST), L2 reconvergence
Single active uplink per VLAN (PVST), L2 reconvergence, excessive BPDUs
FHRP, HSRP, VRRPSpanning Tree
Policy Management
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 7
VSS (Physical View)VSS (Physical View)
SiSi
Access Switch orToR or Blades
Server Server Server
10GE 10GE
Access Switch orToR or Blades
Access Switch orToR or Blades
802.3ad
Today (Today)Today (Today) VSS (Logical View)VSS (Logical View)
802.3ador
PagP802.3ad
orPagP 802.3ad
Simplifies operational Manageability via Single point of Management, Elimination of STP, FHRP etc
Doubles bandwidth utilization with Active-Active Multi-Chassis Etherchannel (802.3ad/PagP) Reduce Latency
Minimizes traffic disruption from switch or uplink failure with Deterministic subsecond Stateful and Graceful Recovery (SSO/NSF)
Catalyst 6500 Virtual Switching SystemOverview
SiSi SiSi SiSiSiSi
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 8
Virtual Switching System Enterprise CampusA Virtual Switching System-enabled Enterprise Campus network takes on multiple benefits including simplified management &
administration, facilitating greater high availability, while maintaining a flexible and scalable architecture
Access
L2/L3 Distribution
L3 Core
No FHRPsNo Looped topologyPolicy Management
Reduced routing neighbors, Minimal L3 reconvergence
Multiple active uplinks per VLAN, No STP convergence
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 9
Virtual Switching System Data CenterA Virtual Switching System-enabled Data Center allows for maximum
scalability so bandwidth can be added when required, but still providing a larger Layer 2 hierarchical architecture free of reliance on Spanning Tree
L2/L3 Core
L2 Distribution
L2 Access
Dual-Homed Servers, Single active uplink per VLAN (PVST), Fast L2 convergence
Dual Active Uplinks, Fast L2 convergence, minimized L2 Control
Plane, Scalable
Single router node, Fast L2 convergence, Scalable architecture
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 10
VSS Architecture
1010
Agenda Topics
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 11
Introduction to Virtual Switching SystemConcepts
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 12
Virtual Switching System ArchitectureVirtual Switch Link (VSL)The Virtual Switch Link joins the two physical switch together - it
provides the mechanism to keep both the chassis in sync
A Virtual Switch Link bundle can consist of up
to 8 x 10GE linksAll traffic traversing the VSL link is encapsulated with a 32 byte Virtual Switch Header containing ingress and egress switchport indexes, class of service (COS), VLAN number, other important information from the layer 2 and layer 3 header
Control plane uses the VSL for CPU to CPU communications while the data plane uses the VSL to extend the internal chassis fabric to the remote chassis
Virtual Switch Active
Virtual Switch Standby
Virtual Switch Link
VS HeaderVS Header L2 HdrL2 Hdr L3 HdrL3 Hdr Data Data CRCCRC
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 13
Virtual Switching System ArchitectureInitialization
Before the Virtual Switching System domain can become active, the Virtual Switch Link must be brought online to determine Active and Standby roles.
The initialization process essentially consists of 3 steps:
Role Resolution Protocol (RRP) used to determine compatible Hardware and Software versions to form the VSL as well as determine which switch becomes
Active and Hot Standby from a control plane perspective
Role Resolution Protocol (RRP) used to determine compatible Hardware and Software versions to form the VSL as well as determine which switch becomes
Active and Hot Standby from a control plane perspective
LMPLMPRRPRRP
Link Management Protocol (LMP) used to track and reject Unidirectional Links, Exchange Chassis ID and other information between the 2 switches
Link Management Protocol (LMP) used to track and reject Unidirectional Links, Exchange Chassis ID and other information between the 2 switches
Link Bringup to determine which ports form the VSLLink Bringup to determine which ports form the VSL1
2
3
LMPLMPRRPRRP
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 14
Virtual Switching System ArchitectureVSLP PingA new ping mechanism has been implemented in VSS mode to allow
the user to objectively verify the health of the VSL itself. This is implemented as a VSLP Ping
VSL
Switch1 Switch2VSLP PingVSLP Ping
vss#ping vslp output interface tenGigabitEthernet 1/5/4 Type escape sequence to abort.Sending 5, 100-byte VSLP ping to peer-sup via output port 1/5/4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 ms
The VSLP Ping operates on a per-physical interface basis and parameters such as COUNT, DESTINATION, SIZE, TIMEOUT may also be specified
VSLP PingVSLP Ping
VSLP PingVSLP PingVSLP PingVSLP Ping
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 15
Virtual Switching System ArchitectureVSL Configuration Consistency Check
After the roles have been resolved through RRP, a Configuration Consistency Check is performed across the VSL switches to ensure proper VSL operation.
The following items are checked for consistency:
Switch Virtual Domain IDSwitch Virtual Domain IDSwitch Virtual Switch IDSwitch Virtual Switch ID
Switch PrioritySwitch PrioritySwitch PreemptSwitch Preempt
VSL Port Channel Link IDVSL Port Channel Link IDVSL Port state, interfacesVSL Port state, interfacesPower Redundancy modePower Redundancy modePower Enable on VSL cardsPower Enable on VSL cards
Note that if configurations do not match, the Hot-Standby Supervisor will revert to RPR mode, disabling all non-VSL interfaces
Note that if configurations do not match, the Hot-Standby Supervisor will revert to RPR mode, disabling all non-VSL interfaces
Virtual Switch
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 16
Virtual Switching SystemUnified Control Plane One supervisor in each chassis with inter-chassis Stateful Switchover (SSO) method in with one supervisor is ACTIVE and other in HOT_STANDBY mode
Active/Standby supervisors run in synchronized mode (boot-env, running-configuration, protocol state, and line cards status gets synchronized)
Active supervisor manages the control plane functions such as protocols (routing, EtherChannel, SNMP, telnet, etc.) and hardware control (Online Insertion Removal, port management)
Active SupervisorSF RP PFC
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line CardsCFC or DFC Line CardsStandby HOT Supervisor
SF RP PFCVSL
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line CardsCFC or DFC Line Cards
CFC or DFC Line Cards
SSO Synchronization
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 17
Virtual Switching SystemDual Active Forwarding Planes
Both forwarding planes are active Standby supervisor and all linecards including DFCs are actively forwardingVSS# show switch virtual redundancyMy Switch Id = 1 Peer Switch Id = 2
Switch 1 Slot 5 Processor Information :-----------------------------------------------Current Software state = ACTIVE Fabric State = ACTIVEControl Plane State = ACTIVESwitch 2 Slot 5 Processor Information :-----------------------------------------------
Current Software state = STANDBY HOT (switchover target) Fabric State = ACTIVEControl Plane State = STANDBY
Data PlaneActive
Data Plane Active
SiSiSiSi
Switch1 Switch2
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 18
Virtual Switching System ArchitectureVirtual Switch Domain
A Virtual Switch Domain ID is allocated during the conversion process and represents the logical grouping the 2 physical chassis within a VSS. It is
possible to have multiple VS Domains throughout the network
Use a UNIQUE VSS Domain-ID for each VSS Domain throughout the network.Various protocols use Domain-IDs to uniquely identify each pair.
Use a UNIQUE VSS Domain-ID for each VSS Domain throughout the network.Various protocols use Domain-IDs to uniquely identify each pair.
VSS Domain 10
VSS Domain 30VSS Domain 20
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 19
Virtual Switching System ArchitectureRouter MAC Address AssignmentIn a Virtual Switching System, there is only one router MAC address
to represent both physical chassis as a single logical device.
Router MAC = burnt-in or virtual mac-address
By default, the MAC address allocated to the Virtual Switching System is taken from the first Active Switch burnt-in MAC-address, which is negotiated at system initialization. Regardless of either switch being brought down or up in the future, the same MAC address will be retained such that neighboring network nodes and hosts do not need to re-learn a new address.
Recommendation is to use the virtual mac-address option. This eliminates the possibility of a duplicate MAC address in case the original Supervisor is ever reused within the same network.
Recommendation is to use the virtual mac-address option. This eliminates the possibility of a duplicate MAC address in case the original Supervisor is ever reused within the same network.
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 20
Virtual Switching System ArchitectureVirtual Router MAC Address Assignment
Instead of using default chassis mac-address assignment, from 12.2(33)SXH2 onwards virtual mac-address can be specified as shown below
VSS(config-vs-domain)#switch virtual domain 10VSS(config-vs-domain)#mac-address use-virtual Configured Router mac address is different from operational value. Change will take effect after config is saved and the entire Virtual Switching System (Active and Standby) is reloaded.
The use-Virtual MAC address is assigned from a reserved pool of MAC addresses appended with the VSS domain id. The reserved pool is 0008.e3ff.fc00 to 0008.e3ff.ffff.
The use-Virtual MAC address is assigned from a reserved pool of MAC addresses appended with the VSS domain id. The reserved pool is 0008.e3ff.fc00 to 0008.e3ff.ffff.
VSS# show interface vlan 1Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is 0008.e3ff.fc0a (bia 0008.e3ff.fc0a)
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 21
Virtual Switching System ArchitectureMultichassis EtherChannel (MEC)
Prior to the Virtual Switching System, Etherchannels were restricted to reside within the same physical switch. In a Virtual Switching environment, the two
physical switches form a single logical network entity - therefore Etherchannels can now be extended across the two physical chassis
Regular Etherchannel on single chassis
Multichassis EtherChannel across 2 VSS-enabled chassis
VSS
Both LACP and PAGP Etherchannel protocols and Manual ON modes are
supported
Both LACP and PAGP Etherchannel protocols and Manual ON modes are
supported
Standalone
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 22
Virtual Switching System ArchitectureEtherChannel Hash for MEC
Link 1 Link 2
Etherchannel hashing algorithms are modified in VSS to always favor locally attached interfaces
Etherchannel hashing algorithms are modified in VSS to always favor locally attached interfaces
Blue Traffic destined for the Server will
result in Link 1 in the MEC link bundle being
chosen as the destination path
Orange Trafficdestined for the Server will result in Link 2 in the MEC link bundle being chosen as the destination path
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 23
Etherchannel ConceptsEtherchannel Hash Distribution
The default hashing algorithm will redistribute all the Result Bit Hash values across the available ports when there is a change. This affects all traffic traversing the Etherchannel
RBH (for MEC)2 Link Bundle ExampleLink 1 Link 2Flow 1Flow 1 Flow 2Flow 2Flow 3Flow 3 Flow 4Flow 4Flow 5Flow 5 Flow 6Flow 6Flow 7Flow 7 Flow 8Flow 8
RBH (for MEC)3 Link Bundle Example
Flow 1Flow 1 Flow 2Flow 2Flow 4Flow 4 Flow 5Flow 5Flow 7Flow 7 Flow 8Flow 8
Flow 3Flow 3Flow 6Flow 6
Link 1 Link 2 Link 3
Links 1,2 Links 3,4Links 1,2,3 Links 4,5,6
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 24
Etherchannel ConceptsEtherchannel Hash Distribution Adaptive
Adaptive Hash Distribution Enhancement allows for the addition or removal of links in a bundle without affecting all of the traffic in an Etherchannel. Note in the below example, only Flow 7 and 8 are affected by the addition of an extra link to the Channel
RBH (for MEC)2 Link Bundle Example
RBH (for MEC)3 Link Bundle Example
Flow 1Flow 1 Flow 2Flow 2Flow 3Flow 3 Flow 4Flow 4Flow 5Flow 5 Flow 6Flow 6
Flow 7Flow 8Flow 8
Link 1 Link 2Flow 1Flow 1 Flow 2Flow 2Flow 3Flow 3 Flow 4Flow 4Flow 5Flow 5 Flow 6Flow 6Flow 7Flow 7 Flow 8Flow 8
Link 1 Link 2 Link 3
vss#conf tEnter configuration commands, one per line. End with CNTL/Z.vss(config)#port-channel hash-distribution adaptivevss(config)# ^Zvss#
vss#conf tEnter configuration commands, one per line. End with CNTL/Z.vss(config)#port-channel hash-distribution adaptivevss(config)# ^Zvss#
Available in 12.2(33)SXHAvailable in 12.2(33)SXH
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 25 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
EtherChannel ConceptsEtherChannel Hash
vss#show etherchannel load-balance hash-result interface port-channel 120 switch 1 ip 192.168.220.10 192.168.10.10
Computed RBH: 0x4Would select Gi1/2/1 of Po120
A command can be invoked to assist in determining which link in the bundle will be used - it can use various hash inputs to yield an 8-bucket RBH value
that will correspond to one of the port channel members
Note: specify switch when using hash result command, if not VSS assumes switch while commuting hash results from the hardware.
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 26
Virtual Switching System Architecture MEC Load-Balance Schemes
VSS(config)#port-channel load-balance ?dst-ip Dst IP Addrdst-mac Dst Mac Addrdst-mixed-ip-port Dst IP Addr and TCP/UDP Portdst-port Dst TCP/UDP Portmpls Load Balancing for MPLS packetssrc-dst-ip Src XOR Dst IP Addrsrc-dst-mac Src XOR Dst Mac Addrsrc-dst-mixed-ip-port Src XOR Dst IP Addr and TCP/UDP Portsrc-dst-port Src XOR Dst TCP/UDP Portsrc-ip Src IP Addrsrc-mac Src Mac Addrsrc-mixed-ip-port Src IP Addr and TCP/UDP Portsrc-port Src TCP/UDP Port
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 27
VSS Hardware and Software Requirements
2727
Agenda Topics
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 28
In order to enable the Virtual Switching System feature and configure the Virtual Switch Links (VSL) between 2 Catalyst 6500chassis, the new Catalyst 6500 Virtual Switching Supervisor 720 is required to be used. It is the only Supervisor that will support VSS
as it supports both the new PFC3C/XL forwarding engine
The PFC3C/XL contains new hardware to support the extra LTL indices and mappings required to forward traffic across
multiple physical chassis, lookup enhancements as well as MAC address table handling enhancementsVS-S720-10G-3C/XL
12.2(33)SXH1 or later
VSS RequirementsHardware
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 29
Hardware RequirementsVSL-Capable Interfaces
The VSL requires new port ASICs that exist only on the 10 GigabitEthernet interfaces on the following modules:
These interfaces are based off the new port ASIC, allowing for frames across the VSL to be encapsulated / de-encapsulated
with the VSH
These interfaces are based off the new port ASIC, allowing for frames across the VSL to be encapsulated / de-encapsulated
with the VSH
WS-X6708-10G-3C/XL
VS-S720-10G-3C/XLWS-X6716-10G-3C/XL *
* Support for VSL from 12.2(33)SXI onwards
Note: These interfaces may also be used as standard network interfaces
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 30
VSS Hardware RequirementsVSS Supported Ethernet ModulesModule Descripiton Status
WS-X6704-10G-3C/XL 10GE Linecard 12.2(33)SXH1WS-X6708-10G-3C/XL 10GE Linecard 12.2(33)SXH1
WS-X6716-10G-3C/XL 10GE Linecard 12.2(33)SXH1
WS-X6724-SFP 1000BASE-X Linecard 12.2(33)SXH1
WS-X6748-SFP 1000BASE-X Linecard 12.2(33)SXH1
WS-X6748-GE-TX 10/100/1000 BASE-TX Linecard 12.2(33)SXH1
7600-SIP-400 SIP 400 with Ethernet & PoS SPA Interfaces
12.2(33)SXI4
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 31
VSS Hardware RequirementsService Module Support
Module Description VSS Minimum Software
Service Module Minimum Software
ACE10/ACE 20-6500-K9 Application Control Engine (ACE) 12.2(33)SXI A2(1.2)WS-SVC-FWSM-1-K9 Firewall Services Module (FWSM) 12.2(33)SXI 4.0(4)
WS-SVC-IDSM2-K9 Intrusion Detection System Services Module (IDSM-2)
12.2(33)SXI 6.0(2)E1
WS-SVC-NAM-1WS-SVC-NAM-2
Network Analysis Module (NAM1)Network Analysis Module (NAM2)
12.2(33)SXH1 3.6(1a)
WS-SVC-WISM-1-K9 Wireless Services Module (WiSM) 12.2(33)SXI 3.2.171.6
WS-SVC-FWM-1-K9
Firewall Services Module (FWSM)Application Control Engine (ACE)
ACE10/ACE 20-6500-K9
WS-SVC-NAM-1 WS-SVC-NAM-2
Network Analysis Module (NAM 1&2)WS-SVC-WISM-1-K9
Wireless Services Module (WiSM)
WS-SVC-IDSM2-K9
Intrusion Detection System Services Module (IDSM-2)
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 32
Hardware RequirementsSup720-10G-VSS PFC3C Interoperability With DFC
Sup720-10G-VSS Non-VSS Mode System wide PFC
Mode
Sup720-10G-VSS VSS Mode
System wide PFC Mode
DFC3C PFC3C PFC3CDFC3B PFC3B* Not SupportedDFC3A PFC3A* Not SupportedDFC2 Not Supported Not SupportedCFC PFC3C PFC3C
Classic PFC3C Not supported* Non-VSS mode, inserting DFC3A or DFC3B will be powered down
until a reload, Up on reload systems runs in lowest common denominator DFC mode.
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 33
Supported with 12.2(33)SXI1 (CCO 03/31/09) Supported with 12.2(33)SXI1 (CCO 03/31/09)
Please refer to the SXI1 product bulletin for more informationhttp://www.cisco.com/en/US/products/ps9336/prod_bulletins_list.html
Before12.2(33)SXI1Before12.2(33)SXI1
VSS 1440 Mode Not SupportedVSS 1440 Mode Not SupportedIOS IP Base(available with bundles only)
IOS IP Base(available with bundles only)
12.2(33)SXI1And newer12.2(33)SXI1And newer
IOS IP Servicesand AboveIOS IP Servicesand Above
VSS 1440 Mode SupportedVSS 1440 Mode Supported
VSS 1440 ModeSupportedVSS 1440 ModeSupported
VSS 1440 ModeSupportedVSS 1440 ModeSupported
Software RequirementsVSS Packaging
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 34
Migration to VSS
3434
Agenda Topics
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 35
Migration Steps between Distribution and Access-layer
1. Modify FHRP Configuration2. Configure Multichassis
Etherchannel3. Move L2 Trunk configuration to
MEC interfaces 4. Move Policies to MEC if needed5. Keep Spanning-Tree Enabled
Migration Steps between Distribution and Access-layer
1. Modify FHRP Configuration2. Configure Multichassis
Etherchannel3. Move L2 Trunk configuration to
MEC interfaces 4. Move Policies to MEC if needed5. Keep Spanning-Tree Enabled
Migration Steps between Distribution and core
1. Configure MEC2. Remove Routing Statements
which are not needed.
Migration Steps between Distribution and core
1. Configure MEC2. Remove Routing Statements
which are not needed.
Access
L2/L3 Distribution
L3 Core
Expect Network Disruption During Conversion Process Prepare in advance to minimize downtime
Expect Network Disruption During Conversion Process Prepare in advance to minimize downtime
Migration to VSSOverview
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 36
Migration to VSSConversion Process
The conversion process requires configuration steps on both switches that will form part of the Virtual Switch Domain and requires a reboot of
both switches during the conversion
Standalone VSS
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 37
Migration to VSSConversion Process
For the purposes of this explanation - lets assume the following setup is required
Virtual Switch LinkT5/4
T5/5
T5/4
T5/5
Port-Channel 1 Port-Channel 2
Switch Virtual Domain #100
Switch1 Switch2
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 38
Migration to VSS Conversion Process
Configuration for the conversion takes the following pathSwitch2
Router(config)#host VSSVSS(config)#switch virtual domain 100 Domain ID 10 config will take effect onlyafter the exec command 'switch convert mode virtual' is issued
VSS(config-vs-domain)#switch 1VSS(config-vs-domain)#exitVSS(config)#interface port-channel 1VSS(config-if)#switch virtual link 1VSS(config-if)#interface range tenG 5/4 - 5 VSS(config-if-range)#channel-group 1 mode on
Router(config)#host VSSVSS(config)#switch virtual domain 100Domain ID 10 config will take effect onlyafter the exec command 'switch convert mode virtual' is issued
VSS(config-vs-domain)#switch 2VSS(config-vs-domain)#exitVSS(config)#interface port-channel 2VSS(config-if)#switch virtual link 2VSS(config-if)#interface range tenG 5/4 - 5 VSS(config-if-range)#channel-group 2 mode on
Switch1
1
2
3
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 39
Configuration for the conversion takes the following path
vss#switch convert mode virtualThis command will convert all interface names to naming convention "interface-type switch-number/slot/port", save the running config to startup-config and reload the switch.Do you want to proceed? [yes/no]: yesConverting interface namesBuilding configuration...[OK]Saving converted configuration to bootflash: ...Destination filename [startup-config.converted_vs-20071031-150039]?
AT THIS POINT THE SWITCH WILL REBOOT
Switch2
vss#switch convert mode virtualThis command will convert all interface names to naming convention "interface-type switch-number/slot/port", save the running config to startup-config and reload the switch.Do you want to proceed? [yes/no]: yesConverting interface namesBuilding configuration...[OK]Saving converted configuration to bootflash: ...Destination filename [startup-config.converted_vs-20071031-150039]?
AT THIS POINT THE SWITCH WILL REBOOT
Switch1
Migration to VSSConversion Process
4
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 40
Configuration for the conversion takes the following pathSWITCH CONSOLE OUTPUT
System detected Virtual Switch configuration...Interface TenGigabitEthernet 1/5/4 is member of PortChannel 1 Interface TenGigabitEthernet 1/5/5 is member of PortChannel 1
00:00:26: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switchInitializing as Virtual Switch ACTIVE processor
00:01:19: %VSLP-5-RRP_ROLE_RESOLVED: Role resolved as ACTIVE by VSLP
00:01:19: %VSL-5-VSL_CNTRL_LINK: New VSL Control Link 5/4
SWITCH CONSOLE OUTPUT
System detected Virtual Switch configuration...Interface TenGigabitEthernet 2/5/4 is member of PortChannel 2 Interface TenGigabitEthernet 2/5/5 is member of PortChannel 2
00:00:26: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switchInitializing as Virtual Switch STANDBY processor
00:01:02: %VSLP-5-RRP_ROLE_RESOLVED: Role resolved as STANDBY by VSLP00:01:02: %VSL-5-VSL_CNTRL_LINK: New VSL Control Link 5/4
Switch1 Switch2
Migration to VSSConversion Process
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 41
Configuration for the conversion takes the following pathSWITCH CONSOLE OUTPUT
vss-demo# switch accept mode virtualinterface Port-channel2switch virtual link 2no shutdowninterface TenGigabitEthernet2/5/4channel-group 2 mode onno shutdowninterface TenGigabitEthernet2/5/5channel-group 2 mode onno shutdown
This command will populate the above VSL configuration from the standby switch into the running configuration.The startup configuration will also be updated with the new merged configuration if merging is successful.Do you want to proceed? [yes/no]: yesMerging the standby VSL configuration...Building configuration...00:11:33: %PFINIT-SW1_SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. [OK]
SWITCH CONSOLE OUTPUT
Copyright (c) 1986-2007 by Cisco Systems, Inc.Compiled Wed 10-Oct-07 01:02 by chrisvan00:02:42: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF00:02:42: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFFvss-sdby>Standby console disabledvss-sdby>
Switch2Switch1
Migration to VSSConversion Process Last Critical Step(No Longer required in SXI3 or newer)
5
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 42
Configuration for the conversion takes the following pathSWITCH CONSOLE OUTPUT
vss-demo# switch accept mode virtualThis command is no longer required since standby VSL configuration merge is done automatically.vss-demo#
SWITCH CONSOLE OUTPUT
Copyright (c) 1986-2007 by Cisco Systems, Inc.Compiled Wed 10-Oct-07 01:02 by chrisvan00:02:42: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF00:02:42: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFFvss-sdby>Standby console disabled
vss-sdby>
Switch2Switch1
Migration to VSSConversion Process Last Critical Step is Automated in SXI3 or newer
5
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 43
Configuration for the conversion takes the following path
Both switches are now converted with Switch1 - VSS Active
Switch2 - VSS Hot standby
Switch 2 console is now disabled for normal console activity
vss-sdby>enableStandby console disabledvss-sdby>
Switch2Switch1
vss# sh switch virtual Switch mode : Virtual SwitchVirtual switch domain number : 10Local switch number : 1Local switch operational role: Virtual Switch ActivePeer switch number : 2Peer switch operational role : Virtual Switch Standbyvss#
Migration to VSSConversion Process
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 44
Virtual Switching System ArchitectureVSL Initialization
Sup720-10GESF RP PFC
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line CardsCFC or DFC Line Cards
Sup720-10GESF RP PFC
VSLCFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line CardsCFC or DFC Line Cards
CFC or DFC Line Cards
Initialization1 Initialization1Pre-Parse Config2 Pre-Parse Config2
Bring up VSL Linecards and VSL Ports3
Bring up VSL Linecards and VSL Ports3
Run VSLP4 Run VSLP4Run RRP5 Run RRP5
Inter-chassis SSO6 Inter-chassis SSO6Continue System Bootup7 Continue System Bootup7
VSLPRRPACTIVE Standby Hot
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 45
VS-S720-10GArchitecture: VSL Inband ConnectionAllows for the VSL ports to be brought online very early in the boot process
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 46
High Availability
4646
Agenda Topics
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 47
High AvailabilityRedundancy Schemes
Default redundancy mechanism between the two VSS chassis and their associated supervisors is NSF/SSO
VSL
If a mismatch of information occur between the Active & Standby, the Standby will revert to RPR modeStarting 12.2(33)SXI, minor mis-match in software will be still keep the switch in SSO mode
Switch112.2(33)SXH1
Switch212.2(33)SXH1
Switch112.2(33)SXH1
Switch212.2(33)SXH2
Switch112.2(33)SXI
Switch212.2(33)SXI1
Active Standby
Active
Active
Standby
Standby
VSL
VSL
RPR
NSF/SSO
NSF/SSO
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 48
Virtual Switch Hot Standby
Virtual Switch Active
Virtual Switching System
Virtual Switch ActiveSwitch Is down
Virtual Switch Active incurs a supervisor outage1
2 Standby Supervisor takes over as Virtual switch ActiveVirtual Switch Standby initiates
graceful restart Non Stop forwarding of packets will
continue using hardware entries as Switch-2 assumes active role
NSF aware neighbors exchangeupdates with Virtual Switch Active
Switch1 Switch2
Switch2Switch1Virtual Switching System
Virtual Switching SystemInter Chassis NSF/SSO
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 49
VSL
Switch112.2(33)SXH1Active
Switch212.2(33)SXH1Hot Standby
NSF feature with SSO minimizes the amount of traffic loss following supervisor switchover while continuing to forward traffic using hardware entries. In VSS
environment this feature is required to minimize traffic disruption in the event such as supervisor failure that causes supervisor switchover.
VSS#config tVSS(config)#router ospf 1VSS(config-router)#nsfVSS#show ip ospf Routing Process "ospf 10" with ID 192.168.2.1Start time: 00:15:29.344, Time elapsed: 23:12:03.484Supports only single TOS(TOS0) routesExternal flood list length 0Non-Stop Forwarding enabledIETF NSF helper support enabledCisco NSF helper support enabledReference bandwidth unit is 100 mbps
NSF is supported by the BGP, EIGRP, OSPF & IS-IS
NSF/SSO
High AvailabilityNSF/SSO
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 50
High AvailabilityNSF/SSO Requirements
After the roles have been resolved through RRP, a Configuration Consistency Check is performed across the VSS switches to ensure proper VSL operation.
The following items are checked for consistency:
Switch Virtual Domain IDSwitch Virtual Domain IDSwitch Virtual Switch IDSwitch Virtual Switch ID
Switch PrioritySwitch PrioritySwitch PreemptSwitch Preempt
VSL Port Channel Link IDVSL Port Channel Link IDVSL Port state, interfacesVSL Port state, interfacesPower Redundancy modePower Redundancy modePower Enable on VSL cardsPower Enable on VSL cards
Additionally, software version, installed patches and PFC modes also need to be consistent for NSF/SSO mode to be entered
Additionally, software version, installed patches and PFC modes also need to be consistent for NSF/SSO mode to be entered
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 51
High AvailabilityFailure of MEC member Upstream Traffic
SiSi SiSi
SiSi SiSi
Convergence is determined by Access device Etherchannel
convergence - typically 200ms Typically only the flows
on the failed link are effected
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 52
High AvailabilityFailure of MEC member Downstream Traffic
SiSi SiSi
SiSi SiSi
Convergence is determined by VSS VSS Etherchannel
convergence Typically Sub - 200ms Only the flows on the
failed link are effected
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 53
High AvailabilityDual-Active Detection
In a Virtual Switching System Domain, one switch is elected as Active and the other is
elected as Standby during boot up by VSLP. Since the VSL is always configured as a Port Channel, the possibility of the
entire VSL bundle going down is remote, however it is a possibility
Recommendation is to deploy the VSL with two or more links and distribute those interfaces across multiple modules to ensure the highest redundancy
Recommendation is to deploy the VSL with two or more links and distribute those interfaces across multiple modules to ensure the highest redundancy
Active Hot Standby
Switch1 Switch2
VSL
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 54
Active
Switch1 Switch2
VSL
High AvailabilityDual-Active Detection
If the entire VSL bundle should happen to go down, the Virtual Switching System Domain will enter a Dual Active scenario where both switches transition to Active state and share the same network configuration (IP
addresses, MAC address, Router IDs, etc) potentially causing communication problems through the network
3 Step Process Dual-Active detection using the detection
method enabled in the system. 1
Dual-Active recovery, when VSL recovers , the switch that has all its interfaces brought down in the previous step will reload to boot in a preferred standby state
Further network disruption is avoided by disabling previous VSS active switch interfaces connected to neighboring devices .
2
3 Active
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 55
Enhanced PAgPP AG P+ TL V
P AG P+ TL V
P A GP + TLV
P A GP + TLV
Hot StandbyActive
Switch 1 Switch 2
IP-BFD
Switch 1
VSLPVSLP VSLPVSLP BFDBFD BFDBFD
Switch 2
Hot StandbyActive
Switch 1 Switch 2
Hot StandbyActive
VSLP Fast Hello
Requires ePagP capable neighbor :
3750: 12.2(46)SE 4500: 12.2(44)SE 6500: 12.2(33)SXH1
Direct L2 Connection Requires 12.2(33)SXI
Direct L3 Connection Requires 12.2(33)SXH1
Sub-second convergence Sub-second convergence Seconds of convergence*
High AvailabilityDual-Active Protocols
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 56
VSL
%DUAL_ACTIVE-SW1_SP-1-DETECTION: Dual-active condition detected: all non-VSL and non-excluded interfaces have been shut down
VSS#show switch virtual dual-active summary Pagp dual-active detection enabled: YesBfd dual-active detection enabled: YesNo interfaces excluded from shutdown in recovery modeIn dual-active recovery mode: Yes
Triggered by: Pagp detectionTriggered on interface: Gi1/2/3
Dual-Active Detected
Active Standby
High AvailabilityDual-Active: Recovery Mode
ActiveRecovery
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 57
High AvailabilityDual Active: Recovery Mode
Important ! Do not make any configuration changes while in the Dual Active Recovery mode. Important ! Do not make any configuration changes while in the Dual Active Recovery mode.
Switch 1 Switch 2
VSLRecovery Active
If the config is changed the system will not automatically recover once the VSL becomes active againOne must issue the write memory command and then reload the switch in recovery mode using the reload shelfcommand
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 58
High AvailabilityDual-Active Detection Exclude Interfaces
Upon detection of a Dual Active scenario, all interfaces on the previous-Active switch will be brought down so as not to disrupt
the functioning of the remainder of the network. The exclude interfaces include VSL port members as well as any pre-configured ports which may be used for management
purposes
vs-vsl#conf tEnter configuration commands, one per line. End with CNTL/Z.vs-vsl(config)#switch virtual domain 100vs-vsl(config-vs-domain)#dual-active exclude interface Gig 1/5/1vs-vsl(config-vs-domain)#dual-active exclude interface Gig 2/5/1vs-vsl(config-vs-domain)# ^Zvs-vsl#
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 59
High AvailabilityDual-Active: Restoration
Upon the restoration of one or more VSL interfaces, VSLP will detect this and will proceed to reload Switch 1 so that it will be able to bootup in preferred Hot Standby role after bootup
Switch 1 Switch 2
VSLActiveRecovery
Switch-1 shutdown all active interfaces *Switch-1 shutdown all active interfaces *
RecoveryRecovery
R
Switch-1 will reload and boot up in Hot
standby roleSwitch-1 will reload and boot up in Hot
standby role
Hot Standby
Switch 1 Switch 2
VSLActive
RestorationRestoration
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 60
Quad-Sup Uplink Forwarding
6060
Agenda Topics
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 61
VSS Redundant Supervisor Support
A Supervisor failure event will down the affected chassis decreasing the VSS bandwidth by 50%
Certain devices may only single-attach to the VSS for various reasons
Service Modules/ServersGeographic separation of VSS chassisCosts $$
Supervisor failure events therefore require manual intervention for recovery of the affected chassis
Uplinks are not active when the Supervisor is in ROMMON modeUndeterministic outage timeRelies on manual process to install and convert the new Supervisor with current VSS configuration
Why Redundant Supervisors Are Needed
SiSiSiSi
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 62
VSS Quad-Sup Uplink Forwarding
In the initial VSS release a redundant In-Chassis Supervisor is not supported
Will stop its boot process at the ROMMON stage
Quad-Sup Uplink ForwardingA Second Supervisor installed in the chassis will boot as a Linecard with all of its ports activeNew in 12.2(33)SXI4
If the active Supervisor in the chassis should fail the In-Chassis Standby will reload and then take over the chassis Supervisor functions without human intervention
Provides Active Uplinks in the Standby Supervisor with Deterministic Recovery From a Supervisor Failure
SiSiSiSi
R = Reload
R
1. Supervisor Failure event 2. Chassis reloads3. In-chassis Standby now
becomes VSS standby and chassis dataplane is active again
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 63
STANDBY COLD
SiSi SiSiSSO ActiveSSO Active SSO HotSSO Hot--StandbyStandby
RPR RPR --WarmWarm RPR RPR --WarmWarmVSLVSL
SwitchSwitch--11 SwitchSwitch--22
Virtual Switching System (VSS)Quad-Sup Control Plane Redundant supervisors fully boot Cisco IOS to RPR-WARM redundancy mode
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 64
STANDBY COLD
SiSi SiSiActiveActive ActiveActive
ActiveActive ActiveActiveVSLVSL
SwitchSwitch--11 SwitchSwitch--22
Virtual Switching System (VSS)Quad-Sup- Data plane
From data plane perspective the RPR-Warm supervisor operates similarly to a DFC-enabled line card. Forwarding tables are in sync and data plane is active for module uplinks
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 65
Virtual Switching System (VSS)All Uplinks Active in RPR-WARM Redundancy Mode
SiSi
Standby HOT Supervisor
SF RP PFC
SiSi
Active Supervisor
SF RP PFC
Standby HOT Supervisor
VSLVSL
SwitchSwitch--11 SwitchSwitch--22
SF PFC
RPR-WARM
= Uplinks
SiSiSiSi
SF PFC
RPR-WARM
PFC and crossbar fabric of the In-chassis standby supervisor are active. Use at least one of the ten gigabit interfaces from each supervisor to build the
VSL. Remaining ports can be used for other purposes including uplinks.
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 661
100%
50%
Switch-2
= Line Cards Active
STANDBY COLD
SiSi SiSiSSO ActiveRPR-Warm RPR-Warm
VSLVSL
Switch-1
Virtual Switching System (VSS)Active Supervisor Hardware Failure
SSO Hot Standby
1Active VSS supervisor
incurs a hardware failure
Duration
AvailableBandwidth
SSO
SW1
SW2 SW2
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 671
100%
50%
Switch-2
= Line Cards Active
SSO = SSO Switchover
STANDBY COLD
SiSi SiSiRPR-WarmVSLVSL
Switch-1
SW1
Virtual Switching System (VSS)Active Supervisor Hardware Failure
SSO Active
21. SSO failover to the
hot-standby supervisor in switch-2
2. Switch-1 reloads and comes back online.
3. 50% bandwidth is available during switch-1 reload
SSO
SW2
2
R
R = Reload
Duration
AvailableBandwidth
SW2 SW2
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 681
100%
50%
Switch-2
= Line Cards Active
R = Reload
STANDBY COLD
SiSi SiSiRPR WarmVSLVSL
Switch-1
Virtual Switching System (VSS)Active Supervisor Hardware Failure
SSO Active
1. Switch-1 comes online2. Previous RPR warm
supervisor resumes SSO hot standby state
3. The failed supervisor boots up in RPR warm mode.
4. 100% Bandwidth is available leveraging both switches
SSO Hot StandbyRPR Warm
32
3
Duration
AvailableBandwidth
SW2
SW1
SW2 SW2
SW1
SW2
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 69
The following graph illustrates the aggregate traffic for the VSS system during the active supervisor failover with and without dual supervisor support.
Deterministic supervisor failure recovery
Virtual Switching System (VSS)Active Supervisor Failover
100%
50%SW2 SW2
1 2 3
100%
50%SW2 SW2
1 2 3
Un-deterministic supervisor failure recovery
SW2
Pre SXI4
12.2(33)SXI4
Duration
AvailableBandwidth
AvailableBandwidth
Duration
SW1
SW1 SW1
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 70
VSS Quad-Sup Uplink Forwarding Redundancy Mode
VSS DomainVSS Switch 1(SSO Active)In-Chassis Active
In-Chassis Standby
(RPR- WARM)
VSS Switch 2(SSO Hot Standby)In-Chassis Active
In-Chassis Standby
(RPR- WARM)
RPR-Warm is a new redundancy mode created for the VSS In-chassis Standby Supervisor RPR-Warm mode allows the Supervisor to operate primarily as a linecard, but with some synchronization with the In-Chassis Active Supervisor (Synchronization does not occur across chassis)Supervisor uplink ports are operational and active just like on a linecard
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 71
VSS In-Chassis Standby RPR-WARM Redundancy Mode
In-Chassis Standby SupervisorDownloads and boots new image file Sup720-LCSP runs the Sup720-LC imageRP is in ROMMONOperates mostly as a DFC enabled line cardSome Supervisor subsystems are synched between In-Chassis Active and Standby
Subsystems synched includeStartup-configVlan.datBOOT ROMMON variableCONFIG_FILE ROMMON variableBOOTLDR ROMMON variableDIAG ROMMON variableSWITCH_NUMBER ROMMON variable
VSS Chassis with Dual SupervisorsRunning Quad-Sup Forwarding
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 72
VSS In-Chassis Standby Boot Process
Standby
Yes
No
Active
Begin Boot Sup720-LC
image
Begin Boot Sup720-LC
image
In-Chassis Role
Negotiation
In-Chassis Role
Negotiation
Virtual SwitchVirtual Switch
Boot as Line Card(RPR-WARM)
Boot as Line Card(RPR-WARM)
ReloadReload
Standby
Active
Yes
No
Boot Sup720 image
(Initialize)
Boot Sup720 image
(Initialize)
In-Chassis Role
Negotiation
In-Chassis Role
Negotiation
Virtual SwitchVirtual Switch
Existing process for SSO mode
Existing process for SSO mode
Warm Upgrade to Sup720-LC
image
Warm Upgrade to Sup720-LC
image
Start
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 73
In-Chasss Standby Booting to Sup-LC Image
System detected Virtual Switch configuration...Interface TenGigabitEthernet 2/5/4 is member of PortChannel 2 Interface TenGigabitEthernet 2/5/5 is member of PortChannel 2
*Apr 5 20:27:50.747: %SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging output.Firmware compiled 02-Mar-10 17:41 by integ Build [100]*Apr 5 20:27:50.747: %PFREDUN-6-STANDBY: Initializing as STANDBY processor for this switch!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!Decompressing the image : ################################################################################################################################################################################# [OK]Launching the SPLC image!
Restricted Rights Legend
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 74
Virtual Switching System (VSS)Dual Supervisor Redundancy LED
SSO Active SSO Standby RPR Warm
Redundancy Led status
Blinking OrangeOrange (amber)Green
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 75
Virtual Switching System (VSS)Quad Supervisor Uplink Forwarding Redundancy
CLI Verification Router#sh mod Mod Ports Card Type Model Serial No.--- ----- -------------------------------------- ------------------ -----------
5 5 Supervisor Engine 720 10GE (Active) VS-S720-10G SAD1205069Y6 5 Supervisor Engine 720 10GE (RPR-Warm) VS-S720-10G SAD1205065B
Mod MAC addresses Hw Fw Sw Status--- ---------------------------------- ------ ------------ ------------ -------
5 001e.4aaa.ee70 to 001e.4aaa.ee77 2.0 8.5(2) 12.2(2009050 Ok6 001e.4aaa.ed58 to 001e.4aaa.ed5f 2.0 8.5(2) 12.2(2009042 Ok
Mod Sub-Module Model Serial Hw Status---- --------------------------- ------------------ ----------- ------- -------
5 Policy Feature Card 3 VS-F6K-PFC3C SAD120504EB 1.0 Ok5 MSFC3 Daughterboard VS-F6K-MSFC3 SAD120301PL 1.0 Ok6 Policy Feature Card 3 VS-F6K-PFC3C SAD1203057R 1.0 Ok6 MSFC3 Daughterboard VS-F6K-MSFC3 SAD120301PL 1.0 Ok
Mod Online Diag Status---- -------------------5 Pass6 Pass
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 76
Virtual Switching System (VSS)Quad Supervisor Uplink Forwarding Redundancy Monitoring
Cli Verification Router#sh switch virtual redundancy
My Switch Id = 1Peer Switch Id = 2
Last switchover reason = user forcedConfigured Redundancy Mode = ssoOperating Redundancy Mode = sso
Switch 1 Slot 5 Processor Information :-----------------------------------------------
Current Software state = ACTIVEImage Version = Cisco IOS Software, s72033_rp Software (BOOTLDR =
Configuration register = 0x2Fabric State = ACTIVE
Control Plane State = ACTIVE
Switch 1 Slot 6 Processor Information :-----------------------------------------------
Current Software state = RPR-Warm Uptime in current state = 4 days, 17 hours, 36 minutes
Image Version = >BOOT = disk0:mz-rbh,12;
CONFIG_FILE =BOOTLDR =
Configuration register = 0x2Fabric State = RPR-Warm
Control Plane State = RPR-Warm
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 77
Virtual Switching System (VSS)Quad Supervisor Uplink Forwarding Redundancy Monitoring
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 78
VSS Quad Supervisor Uplink Forwarding Key Points
Quad Supervisor Uplink Forwarding feature is scheduled for release in 12.2(33)SXI4 Quad Supervisor Uplink Forwarding allows for
deterministic recovery from a Supervisor failure event In-Chassis Standby Uplinks are active and operational
under normal conditions In-Chassis Standby Supervisor runs in new redundancy
mode called RPR-WARM Switchover to the In-Chassis Supervisor does require a
reload of the chassis Supervisor role negotiation occurs first within the
chassis, then the winning In-Chassis active Supervisor performs VSS role negotiation between chassis
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 79
Software Upgrades
7979
Agenda Topics
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 80
2. Reset the standby Supervisor and ensure it boots successfully to RPR mode (STANDBY COLD). Hot Standby modules are power down and not forwarding traffic at this point, forwarding capacity will be down to 50%
3. Force a Supervisor switchover, forwarding capacity drops to 0%. Standby Supervisor continue to boot and become the new ACTIVE. Old active Supervisor will reset and load the old image and boot to STANDBY COLD (RPR) state
STANDBY COLD
1. Preparation Steps a) Ensure the old image and new image files
are installed to the local file systems on both Supervisor modules
b) Configure the boot register to auto-load the specified software image file
c) Configure the boot string to load the new software image
P
r
e
p
a
r
a
t
i
o
n
S
t
e
p
s
E
x
e
c
u
t
e
U
p
g
r
a
d
e
SiSi SiSiVSS Active VSS Standby Hot
WS-X6708-10G WS-X6708-10GVSLVSL
VSS Standby Cold
1 2 3
100%
50%
4 5
RVSS Standby ColdVSS ActiveVSS Standby COLD
4. Trial Phase5. Modify boot variable on Switch-1 and reload switch-
1 such that it boots up with new software image. Forwarding capacity will resume back to 100%
VSS Standby HOTR
Switch-1 Switch-2
= Old Version= New Version
R = Reset
SO = Switchover
SO
SW2
SW1/SW2
SW1
VSS Software UpgradePre 12.2(33)SXI Fast Software Upgrade (FSU)
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 81
1. Before ISSU software upgrade, VSS Switch-1 and Switch-2 will be running the old software image.
2. Install the new image to the same location on the file systems of both Supervisors
3. Make sure the boot register is configured for auto boot 0x2102
STANDBY COLD
SiSi SiSiVSS Active VSS Standby Hot
WS-X6708-10G WS-X6708-10G
VSLVSL
R
VSS Standby HOT
VSS Standby Hot
1 2 3
100%
50%
4 5
4. ISSU Acceptversion
5. ISSU Commitversion
VSS Active
= Old Version= New Version
R = Reset
SO = Switchover
SO
SW2 SW1 SW1
3. ISSU runversion
2. ISSU loadversion
Switch-1 Switch-2
P
r
e
p
a
r
a
t
i
o
n
S
t
e
p
s
E
x
e
c
u
t
e
U
p
g
r
a
d
e
VSS Software Upgrade12.2(33)SXI Enhanced Fast Software Upgrade (EFSU)
R
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 82
VSS Software Upgrade Full Image Upgrade Bandwidth Availability Graph
The following graphs illustrate the aggregate bandwidth available to the VSS
1 2 3
100%
50%
4 5
100%
50%
1 2 3 4 5
Fast Software Upgrade bandwidth availability
Enhanced Fast Software Upgrade bandwidth availability
With EFSU, a minimum of 50% bandwidth is available throughout the software upgrade process
At step 3 during RPR switchover, bandwidth will be dropped to 0% for 1-2 minutes
SW2 SW1 SW1SW2 SW1/SW2 SW1
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 83
EFSUInitializing Standby With New Software
After entering the issu loadversion command, the standby chassis will reload to boot the new software image. ..
VSS# issu loadversion sup-bootdisk:New_imageVSS# show issu state
Slot = 22RP State = Active
ISSU State = Load VersionBoot Variable = bootdisk:Old_image,12
Slot = 40RP State = Standby
ISSU State = Load VersionBoot Variable = bootdisk:New_image,12;sup-bootdisk:Old_image,12
issu loadversion active-switch-id/slot active-image-new standby-switch-id/slot standby-image-new
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 84
After entering the issu runversion command the Active Supervisor will reload thus causing the Standby to go Active
VSS# issu runversionThis command will reload the Active unit. Proceed ? [confirm]
VSS# show issu state Slot = 40
RP State = ActiveISSU State = Run Version
Boot Variable = New_image,12;bootdisk:Old_image,12
Slot = 22RP State = Standby
ISSU State = Run VersionBoot Variable = bootdisk:Old_image,12
Switch# issu runversion standby-switch-id / slot [standby-image-new]
EFSUSwitchover to Standby to Run New Software
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 85
EFSU Rollback Timer
VSS# show issu rollback-timerRollback Process State = In progressConfigured Rollback Time = 45:00Automatic Rollback Time = 42:02
VSS(config)# issu set rollback-timer ?WORD Rollback timer in hh:mm:ss or format
Rollback timers gets activated as soon as issu runversion command is issued. It provides a window of time to verify the new software functionality. Users issues issu acceptversion to proceed with new software image or
issu abortversion to go back to previous version.
Rollback timer can be set between zero seconds and two hours. Setting the rollback to zero effectively
disables the timer
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 86
EFSU Process Accept New Software Version
Enter the issu acceptversion command to stop the rollback timer. This allows a trail period where the system can be tested with the
new software image.
VSS# issu acceptversion% Rollback timer stopped. Please issue the commitversion command.VSS# show issu state
Slot = 40RP State = Active
ISSU State = Run VersionBoot Variable = bootdisk:New_image,12;bootdisk:Old_image,12
Slot = 22RP State = Standby
ISSU State = Run VersionBoot Variable = bootdisk:Old_image,12
Switch# issu acceptversion active-switch-id / slot [active-image-new]
Important: Only features that are common to both software versions will be enabled during the ISSU Run Version stage
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 87
EFSU ProcessReset Old Active to Load New SoftwareEnter the issu commitversion command to commit the new software image, the standby supervisor will reload to boot new software image
VSS# issu commitversion10:54:37: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. [OK]
00:32:35: %SYS-SW1_SPSTBY-5-RELOAD: Reload requested - From Active Switch (Reload peer unit).
VSS# show issu stateSlot = 40
RP State = ActiveISSU State = Init
Boot Variable = bootdisk:New_image12; Old_image,12
Slot = 22RP State = Standby
ISSU State = InitBoot Variable = bootdisk:New_image,12; Old_image,12
Switch# issu commitversion standby-switch-id / slot-number [standby-image-new]
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 88
EFSU ProcessFull Image Upgrade Process
Switch-1 Switch-2
StandbyActive ISSU loadVersion
LC
LCLC
Switch-1 Switch-2
Switch-1 Switch-2Switch-1 Switch-2
ISSU RunVersion
ISSU CommitVersion
Following picture illustrates the EFSU steps
StandbyLC
LCLC
Standby
Active
ActiveLC
LC
ActiveLC
LCStandby
LC
LC
= Old Version= New Version
LC
LC
LC
LC
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 89
1. Before ISSU software upgrade, VSS all sups will be running old software image. Make sure all 4 sups have a new image copied to their local flash memory.
STANDBY COLD
SiSi SiSiActive Hot--standby
RPR Warm RPR Warm
VSLVSL
R
VSS Standby Cold
VSS Standby HOT
R
P
r
e
p
a
r
a
t
i
o
n
S
t
e
p
s
E
x
e
c
u
t
e
U
p
g
r
a
d
e
Hot-standby
1 2 3
100%
50%
4 5
4. ISSU acceptversion If network is stable issue ISSU acceptversion which stops the rollback timer, otherwise ISSU process will aborted intermediately.
5. ISSU commitversion Once the image is tested and ready to be rolled out .. ISSU commit version will reload the standby switch (active and standby sups) to boot up with new software version
Switch-1 Switch-2
Active
= Old Version= New Version
R = Reset
SO = Switchover
SO
SW2 SW1 SW1
3. ISSU runversion Standby takes over as active and old active switch (active and standby sups) reloads and comes up as standby with old image.
2. ISSU loadversion Standby chassis (active and standby sups) reloads and comes up with new image
Virtual Switching System (VSS)QuadSup & eFSU
AvailableBandwidth
Duration
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 90
VSS & EFSU Important Points Dual-homed connectivity is required for minimal traffic disruption
Single-homed devices will experience an outage when the attached chassis reloads
Software images files must be ISSU compatible (these are not VSS specific requirements)
EFSU support begins in the SXI trainMust be the same image types, meaning Native to Native or Modular to ModularFor Modular images, both images must use the same installation method, therefore installed mode or binary modeThe software feature sets must be the same between the two software image files
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 91
Deployment Considerations and Best Practices
9191
Agenda Topics
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 92
Virtual Switching SystemDeployment Considerations
Dual-attach connected devices whenever possible
Etherchannel and L3 ECMP hash algorithms have been modified so that local links will always have preference over remote linksMinimal traffic expected to cross VSL link in dual-homed scenario
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 93
VSL Bandwidth Sizing & Considerations
The VSL is an Etherchannelcan include up to eight links
VSL bandwidth should be greater than or equal to the largest bandwidth connection to a single attached device (downlink)Consider the bandwidth on a per VSS chassis basis
Consider the bandwidth for any Service Modules and SPAN sessions Distribute the VSL interfaces across multiple modules for added resiliency Include at least one VSL interface from the Supervisor module for faster VSL bring-up during reloads
SiSi SiSi
SiSi SiSi
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 94
VSS High Availability NSF Configuration and Monitoring
Router# sh ip ospfRouting Process "ospf 100" with ID
10.120.250.4Start time: 00:01:37.484, Time elapsed: 3w2dSupports Link-local Signaling (LLS)
Non-Stop Forwarding enabled, last NSF
restart 3w2d ago (took 31 secs)
Router# sh ip protocol*** IP Routing is NSF aware ***Routing Protocol is "eigrp 100 100"
EIGRP NSF-aware route hold timer is 240s
EIGRP NSF enabled
Recommendation: Non-Stop Forwarding is required for sub-sec supervisor switchover convergence with L3 Routing Protocols
Recommendation: Non-Stop Forwarding is required for sub-sec supervisor switchover convergence with L3 Routing Protocols
EIGRP OSPFSwitch(config)#router ospf 100Switch(config-router#nsf
Switch(config)#router eigrp 100Switch(config-router#nsf
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 95
Operational ManagementReloading the VSS
Should there be a requirement to reload the entire Virtual Switching System (both chassis), the command reload can be used to accomplish this task
vss#reloadWarning: This command will reload the entire Virtual Switching System (Active and Standby Switch).Proceed with reload? [confirm]1d04h: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
****** --- SHUTDOWN NOW ---***
1d04h: %SYS-SP-5-RELOAD: Reload requestedSystem Bootstrap, Version 8.5(1)Copyright (c) 1994-2006 by cisco Systems, Inc.Cat6k-Sup720/SP processor with 1048576 Kbytes of main memory
Virtual Switch
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 96
Operational ManagementReloading a Member of the VSS
vss# redundancy reload ?peershelf
vss# redundancy reload shelf 2Reload the entire remote shelf[confirm]Preparing to reload remote shelf
vss#
Switch1 Switch2
Active Hot Standby
vss# redundancy force-switchover
This will reload the active unit andForce switchover to standby [confirm]
vss#
VSL
NEW command has been introduced to reload a SINGLE VSS member switch
NEW
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 97
VSS High Availability OOB-Mac-Synchronization
Dist-VSS# sh mac-address-table synchronize statistics MAC Entry Out-of-band Synchronization Feature Statistics:---------------------------------------------------------
Switch [1] Module [4]-----------------------Module Status:
Statistics collected from Switch/Module : 1/4Number of L2 asics in this module : 1Global Status:Status of feature enabled on the switch : onDefault activity time : 160Configured current activity time : 480
Recommendation: Enable Out-Of-Band Mac-Synchronization.It is used for synchronizing mac-address tables across forwarding engines.
If WS-6708-10G is present in the VSS system, mac-synchronization is turned on automatically. If not it has to be enabled manually.
Recommendation: Enable Out-Of-Band Mac-Synchronization.It is used for synchronizing mac-address tables across forwarding engines.
If WS-6708-10G is present in the VSS system, mac-synchronization is turned on automatically. If not it has to be enabled manually.
If this feature is not enabled, mac-address-table across different forwarding engines could go out-of-sync and may cause unicast flooding.
If this feature is not enabled, mac-address-table across different forwarding engines could go out-of-sync and may cause unicast flooding.
Dist-VSS#(config)# mac-address-table synchronize % Current activity time is [160] seconds % Recommended aging time for all vlans is at least three times the activity interval
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 98
Dual-Active DetectionMultiple Mechanisms and Recommendations
Recommendations: Use MEC with ePAgP or MEC with VSLP Fast Hello for faster VSL link loss convergence results.
Enable BOTH ePAgP and direct heart-beat link based VSLP Fast Hello methods (if possible )
Enable ePAgP to core (if access-layer is not ePAgP capable
SiSiSiSi
VSLP Fast-Helloor BFD
RedundantVSL Fiber
ePAgP
ePAgP
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 99
DO Configure Switch accept-mode virtual Use unique VSS domain-id within the same network Save backup configuration file in both active & hot-standby bootdisk: Use a minimum of one Supervisor uplink for the VSL, this provides for faster VSL bring up. Enable out-of-band MAC sync mac-address-table synchronize Dual-home connected devices whenever possible, use L2 or L3 Multi-Chassis Etherchannel, L3 ECMP Use ePAgP and VSLP Fast Hello Dual Active Protocol. Enable NSF under routing protocols
VSS Deployment Best Practices
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 100
DO NOT . Tune default VSLP timers unless recommended by cisco Use preemption Issue shutdown for VSL failure, it creates config mismatch. Disconnect cables to create a realistic failure scenario Change VSL hashing algorithm in production. It requires a shut/no shut on PO. Shutting down VSL will cause traffic disruption and dual-active scenario. Write-erase to reset the VSS configuration. Write-erase will erase startup-configuration and rommon variables. VSS bring-up process requires switch-id to be present in rommon variable to boot in VSS mode. Use erase-nvram instead.
VSS Deployment Best Practices Cont
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 101
Summary
101101
Agenda Topics
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 102
Benefit 1: Simplifies Network Designs Build redundant topology without First Hop Redundancy Protocols No Spanning Tree blocking ports Single control plane and management interface Reduces the number of L3 routing protocol peers
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 103
Benefit 2: Scales System Capacity Groups resources together and activates all available bandwidth across redundant Cisco Catalyst 6500 switches Enables standards-based link aggregation for server NIC teaming, maximizing server bandwidth
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 104
Benefit 3: Boost Network Availability Inter-chassis Stateful Failover enables real time applications to continue without disruption Etherchannel based link resiliency provides sub-second recovery Simplifies network designs reducing human error in network operations
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 105
Recommended Literature
www.cisco.com/go/vsswww.cisco.com/go/vss
VSS TroubleshootingVSS Troubleshooting
Migration from Standalone to VSSMigration from Standalone to VSS
RMA ProcedureRMA ProcedureVSS FAQVSS FAQVSS White PaperVSS White Paper
Whats New BulletinWhats New BulletinService Module IntegrationService Module IntegrationVSS Design GuidesVSS Design Guides
Best PracticesBest Practices
www.cisco.com/go/supportwww.cisco.com/go/support
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 107
Operational Management
107107
Agenda Topics
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 108
CiscoView is designed to show the view of both Active and Hot Standby chassis side by side within one page.
CiscoWorks LMS 3.0.1 supports VSS in the RME and CiscoView tool.
Operational ManagementCiscoWorks LAN Management Solution Support
Each chassis is identified by a label indicating whether it is
Active or Standby
Each chassis is identified by a label indicating whether it is
Active or Standby
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 109
Multiple console interfaces exist within a Virtual Switch Domain, but only the active switch console is enabled for command interaction
Virtual Switch Active Virtual Switch Hot Standby
Operational ManagementVirtual Switching System CLI
SWITCH CONSOLE OUTPUT
vss#show module switch 1Switch Number: 1 Role: Virtual Switch Active
---------------------- -----------------------------Mod Ports Card Type Model Serial No.--- ----- -------------------------------------- ------------------ -----------1 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAD074303JX5 5 Supervisor Engine 720 10GE (Hot) WS-S720-10G SAD1047078P7 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL0943435M8 24 CEF720 24 port 1000mb SFP WS-X6724-SFP SAL09158Y0L
vss#sh module switch 2Switch Number: 2 Role: Virtual Switch Standby
---------------------- -----------------------------Mod Ports Card Type Model Serial No.--- ----- -------------------------------------- ------------------ -----------1 8 CEF720 8 port 10GE with DFC WS-X6708-10GE SAL1101D5EP5 5 Supervisor Engine 720 10GE (Active) WS-S720-10G SAD104306WW7 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL09391NZM8 24 CEF720 24 port 1000mb SFP WS-X6724-SFP SAL09158ZZT
Switch1 Switch2
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 110
After conversion, port definitions for switches within the Virtual Switch Domain inherit the Chassis ID as part of their naming convention
VSS#show ip interface briefInterface IP-Address OK? Method Status ProtocolVlan1 unassigned YES NVRAM up up Port-channel1 unassigned YES NVRAM up up Te1/1/1 10.1.1.1 YES unset up up Te1/1/2 192.168.1.2 YES unset up up Te1/1/3 unassigned YES unset up up Te1/1/4 unassigned YES unset up up GigabitEthernet1/2/1 10.10.10.1 YES unset up up GigabitEthernet1/2/2 10.10.11.1 YES unset up up GigabitEthernet2/1/1 unassigned YES unset up up GigabitEthernet2/1/2 unassigned YES TFTP up up GigabitEthernet2/1/3 unassigned YES TFTP up up Te2/1/4 unassigned YES TFTP up up Te2/1/5 unassigned YES TFTP up up
VSS#show ip interface briefInterface IP-Address OK? Method Status ProtocolVlan1 unassigned YES NVRAM up up Port-channel1 unassigned YES NVRAM up up Te1/1/1 10.1.1.1 YES unset up up Te1/1/2 192.168.1.2 YES unset up up Te1/1/3 unassigned YES unset up up Te1/1/4 unassigned YES unset up up GigabitEthernet1/2/1 10.10.10.1 YES unset up up GigabitEthernet1/2/2 10.10.11.1 YES unset up up GigabitEthernet2/1/1 unassigned YES unset up up GigabitEthernet2/1/2 unassigned YES TFTP up up GigabitEthernet2/1/3 unassigned YES TFTP up up Te2/1/4 unassigned YES TFTP up up Te2/1/5 unassigned YES TFTP up up
PORT NUMBERING: PORT NUMBERING:
Chassis-ID WILL ALWAYS be either a 1 or a 2
Operational ManagementSingle Point of Management: Slot/Port Numbering
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 111
Operational ManagementFile System Naming
After the conversion to a Virtual Switching System, some of the File System naming conventions have changed to accommodate the new setup - an
example of the new setup is shown below
Active Supervisor - Slot 5 Hot Standby Supervisor - Slot 5
Virtual Switch Domain
e.g.OLD: disk0:
NEW: sw1-slot5-disk0:
Switch1 Switch2
e.g.OLD: slavedisk0:
NEW: sw2-slot5-disk0:
SWSLOTFILESYSTEMSWSLOTFILESYSTEM
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 112
Operational ManagementFile System NamingSome filenames have remained the same - others have changed -
some examples of file system names in a Virtual Switching System include the following
Virtual Switching SystemVirtual Switching Systemswslotdisk0:swslotdisk0:
Standalone with Dual supStandalone with Dual supdisk0:disk0:
swslotbootflash:swslotbootflash:bootflash:bootflash:
swslotsup-bootdisk:swslotsup-bootdisk:sup-bootdisk:sup-bootdisk:
swslotnvram:swslotnvram:nvram:nvram:
swslotdisk0:swslotdisk0:slavedisk0:slavedisk0:
swslotbootflash:swslotbootflash:slavebootflash:slavebootflash:
swslotsup-bootdisk:swslotsup-bootdisk:slavesup-bootdisk:slavesup-bootdisk:
swslotconst_nvram:swslotconst_nvram:const_nvram:const_nvram:
Virtual Switch
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 113
Operational Management SNMP Support for VSSThe SNMP process for a VSS necessitates support for Puts and Gets across 2 physical chassis, changes to existing MIBs and
support for a new MIB
Virtual Switch Domain
Switch 1 - Active Switch 2 Hot Standby
SNMP Process Active SNMP Process Inactive
SNMP Server
SNMP GetsSNMP Puts
SNMP Modified MIBs
SNMP Modified MIBs
SNMP New MIBs
SNMP New MIBs
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 114
Operational Management New Virtual Switching System MIB
CISCO-VIRTUAL-SWITCH-MIB has been defined to support SNMP access to the Virtual Switching System Configuration - the following MIB variables are
accessible to an SNMP manager
cvsGlobalObjects - Domain #, Switch #, Switch Mode
cvsCoreSwitchConfig - Switch Priority and Preempt
cvsChassisTable - Chassis Role and Uptime
cvsVSLConnectionTable - VSL Port Count, Operational State
cvsVSLStatsTable - Total Packets, Total Error Packets
cvsVSLPortStatsTable - TX/RX Good, Bad, Bi-dir and Uni-dir Packets
This MIB will be the main vehicle though which Network Management stations access information relevant to the operation of the Virtual Switching System
CISCO-VIRTUAL-SWITCH-MIBCISCO-VIRTUAL-SWITCH-MIB
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 115
VSLNetflowData
NetflowData
NetflowData
NetflowData
Netflow Collector NetflowExport
WS-X6748-GE-TX-3C/XLWS-X6708-10GE-3C/XL
Netflow Collection: ActiveNetflow Export: Active
Netflow Collection: ActiveNetflow Export: In-Active
VSS State : ActiveNetflow Collection: ActiveNetflow Export: Active
VSS State : Hot StandbyNetflow Collection: ActiveNetflow Export: In-Active
WS-X6708-10GE-3C/3CXL and WS-X6716-10GE-3C/3CXL has capability to perform direct export from the line card itselfWS-X6708-10GE-3C/3CXL and WS-X6716-10GE-3C/3CXL has capability to perform direct export from the line card itself
Operational ManagementNetflow Export
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 116
Operational ManagementSPAN
In a Virtual Switching System, the number of SPAN sessions is limited to what the VSS Active Supervisor can provide. SPAN capacity on the VSS Hot
Standby is not factored into available SPAN sessionsVirtual Switch Domain
VSS State : ActiveSPAN Management: ActiveReplication: Active
VSS State : Hot StandbySPAN Management: In-ActiveReplication: Active
VSL
Switch 1 Supervisor Switch 2 Supervisor
Virtual Switching System is supported in 12(33)SXH1 which introduces the following SPAN capabilities per Virtual Switching System Domain
TX SPAN Sessions RX/Both SPAN Sessions Total SPAN SessionsVirtual Switch Domain 14 2 16
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 117
Operational ManagementSetting the System-wide PFC Mode
A NEW CLI has been implemented to allow the user to pre-configure the system PFC mode. Any DFC module that does not match the system PFC
mode will not be powered up. This configuration will ensure a system runs in PFC3CXL mode and is not accidentally reverted to PFC3C mode
vss#conf tEnter configuration commands, one per line. End with CNTL/Z.vss(config)#platform hardware vsl pfc mode pfc3cvss(config)#^Zvss#
vsssh platform hardware pfc modePFC operating mode : PFC3CConfigured PFC operating mode : PFC3Cvss#
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 118
Quality of Service
118118
Agenda Topics
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 119
Quality of ServiceClassification and PolicingBoth Classification and Policing functions are handled by PFC QoS, and is executed by either the PFC on the Active and Hot Standby Supervisor, or the ingress linecard DFC. There are 2 important caveats which must be understood
whilst implementing these functionsPolicies can either be applied on L3 interfaces (SVIs or Physical interfaces), or Port
Channels, or L2 interfaces*1
policy-map CLASSIFYclass class-defaultset ip dscp 40
interface GigabitEthernet 2/3/48switchportservice-policy input CLASSIFY
policy-map CLASSIFYclass class-defaultset ip dscp 40
interface PortChannel 10switchportservice-policy input CLASSIFY
* Qos policies on L2 interfaces are supported beginning in 12.2(33)SXI
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 120
Quality of ServiceClassification and Policing
Aggregate policers that are applied on SVIs or Port Channels that have interfaces distributed across multiple forwarding engines are
subject to Distributed Policing caveats
2
policy-map POLICEclass class-defaultpolice average 10000000
Interface GigabitEthernet 1/2/10channel-group 20 mode desireable
Interface GigabitEthernet 2/2/10channel-group 20 mode desireable
interface PortChannel 20service-policy input POLICE
policy-map POLICEclass class-defaultpolice average 10000000
Interface GigabitEthernet 1/2/10channel-group 20 mode desireable
Interface GigabitEthernet 2/2/10channel-group 20 mode desireable
interface PortChannel 20service-policy input POLICE
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 121
Quality of ServiceQoS on the VSL
A few important aspects relating to VSL QoS are as follows:
VSLP and other Control frames are always marked as Priority packets and are always queued and classified as such
1
VSL is always configured as Trust CoS and hence ingress queuing is enabled
2Service Policies are not supported on the VSL3
VSL
Switch1 Switch2
VSLPVSLPFTPFTPHTTPHTTP
CoS Maps, Thresholds and Queues on the VSL are not configurable4
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 122
VSS & Service Module Integration
122122
Agenda Topics
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 123123
VSS Hardware RequirementsService Module Support
Module Description VSS Minimum Software
Service Module Minimum Software
ACE10/ACE 20-6500-K9 Application Control Engine (ACE) 12.2(33)SXI A2(1.2)WS-SVC-FWSM-1-K9 Firewall Services Module (FWSM) 12.2(33)SXI 4.0(4)
WS-SVC-IDSM2-K9 Intrusion Detection System Services Module (IDSM-2)
12.2(33)SXI 6.0(2)E1
WS-SVC-NAM-1WS-SVC-NAM-2
Network Analysis Module (NAM1)Network Analysis Module (NAM2)
12.2(33)SXH1 3.6(1a)
WS-SVC-WISM-1-K9 Wireless Services Module (WiSM) 12.2(33)SXI 3.2.171.6
WS-SVC-FWM-1-K9
Firewall Services Module (FWSM)Application Control Engine (ACE)
ACE10/ACE 20-6500-K9
WS-SVC-NAM-1 WS-SVC-NAM-2
Network Analysis Module (NAM 1&2)WS-SVC-WISM-1-K9
Wireless Services Module (WiSM)
WS-SVC-IDSM2-K9
Intrusion Detection System Services Module (IDSM-2)
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 124
VSS Service Module Integration
Four standalone Service Modules are supported per VSS chassis (eight total service modules for the VSS) VSL bandwidth considerations
Service Module redirected traffic, state sync, and failover traffic. VSL will carry traffic destined to the Service Modules under normal conditions. Design an appropriate number of links for the VSL
-
2010 Cisco and/or its affiliates. All rights reserved. Cisco PublicPresentation_ID 125
Switch-1(VSS Active)
Switch-2(VSS Standby)
Virtual Switch Domain
Data Plane Active
Control Plane Active
Service Module1 Active
Service Module2 Standby
Data Plane Active
Control Plane Hot Standby
Service Module1 Standby
Service Module2 Active
VSL
Failover/State sync Vlan
FWSM & ACE Module HA Modes: Active-Standby per module, One of the service modules in a VSS system will be Active and another one will be standby.
FWSM & ACE Redundancy ModesActive-Standby Per Module
-
2010 Cisco and/or its af