BRKDCT-2309

Migration Use Cases for Catalyst 6500 Supervisor 2T BRKDCT-2309

Faraz Siddiqui, Network Consulting Engineer

2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public

Objectives for BRKDCT-2309

3

BRKARC-3465 Cisco Catalyst 6500 Switch Architecture

TECCRS-2065 Cisco Catalyst 6500 Technical Deep Dive

BRKCRS-3143 Troubleshooting Cisco Catalyst 6500 Series Switches

BRKCRS-2468 Cisco Catalyst Virtual Switching System (VSS)

Understand the

architectural

building blocks of

Supervisor 2T,

hardware and

software

dependencies

Identifying Migration

use cases of

Supervisor 2T and

step by step

migration

walkthrough (what is

happening during

each step)

Provide best

practices,

configuration and

reference material

for Migration process

and VSS technology

More sessions on Catalyst 6500

4

Plan

Execute

Verify


VSS Sup720

For Your Reference

Blue: Layer 3 Ethernet link

Red: Layer 2 Ethernet link

Supervisor 2T

VSS Sup 2T

Dual Supervisor 720 Dual Supervisor 2T

5

Presentation Legend

Single Supervisor 720

Acronyms Used

VSS Virtual Switching System

Sup Supervisor

2T 2 Terabit Switching

HSRP Hot Standby Redundancy Protocol

STP Spanning Tree Protocol

VSL Virtual Switch Link

MEC Multi Chassis Etherchannel

VLAN Virtual LAN

L2/L3 Layer 2 and Layer 3

ECMP Equal Cost multi-path

CFC Centralized Forwarding Card

DFC Distributed Forwarding Card

PFC Policy Feature Card

MSFC Multi-layer Switch Feature Card

X-Bar Cross Bar Switch Fabric

Access Switch


Agenda

6

Migration Use cases description of Standalone, HA and VSS , test traffic profile

Migration Walk Through approach, migration Steps, STP and HSRP interaction, traffic re-routing

Supervisor 2T Architecture Overview architecture building blocks, hardware and software requirements

Current Network Challenges network design with spanning Tree, User downtime, VSS Solution

Results Summary and Best Practices convergence summary, verification of Sup2T, VSS verification

Current Network Challenges


Traditional | With Spanning Tree

Business Continuity Challenges: STP Loops and Slow Routing Convergence

The Challenge

Complex network

design

Typical Deployment Scenario

Single active uplink per VLAN

50% bandwidth utilization only

Spanning Tree loops

First Hop Routing Protocol

Convergence

Productivity Loss User Downtime (seconds)

Complex

Config to

Manage

Access Switch or ToR or Blades

10GE


SiSiSiSi

VLAN

10 VLAN

15

VLAN

10 VLAN

15

Switch 1 Switch 2

HSRP Active 10

HSRP Standby 15

HSRP Active 15

HSRP Standby 10 X

X

Routing

Reconvergence


Business Continuity Enhanced Availability and Simplified Network Design with VSS

VSS | Physical View

10GE


LACP LACP or PagP

Server

SiSi SiSi

VSS | Logical View

Server Access Switch or ToR or Blades

LACP or PagP LACP

The Solution

4 Tbps Virtual

Switching System

Simplified Network

Design

Spanning Tree and First

Hop Redundancy

Protocols Eliminated

Minimized Traffic

Disruption

Subsec Stateful and

Graceful Recovery (SSO

/ NSF)

Double Bandwidth

Utilization

With Active-Active Multi-

Chasis Etherchannel (LACP

/ PagP)


Agenda

10






Catalyst 6500 Supervisor 2T


Supervisor 2T Architecture Overview

12

Deployment at Core & Distribution layers

2Tbps switching capacity (4Tbps with VSS)

Line-rate encryption (MACSec)

New hardware and software features


New MSFC5 with single Dual-Core CPU &

single IOS image

New 26 Channel 2T Switch Fabric which

provides 80Gbps per slot

New PFC4 featuring improved performance &

scalability, along with new & enhanced hardware

features

New Connectivity

Management

Processor (CMP)

New USB based

console support

Cisco TrustSec (CTS)

on ALL Uplink ports

10G Uplinks

Supervisor 2T At @ Glance

13


Supervisor 2T Block Diagram

14

Fabric Connector Shared Bus Connector

Crossbar

Switch Fabric

26 x 40G Fabric

Channels

Fabric Intf 1

Fabric Intf 0

Port ASIC 0 Port ASIC 1

SFP-2 SFP-3 SFP-1 X2-1 X2-2

Bus Replication ASIC

1GE FDX

MGMT Port

USB Port

Compact Flash

Serial Port

Local-Bus

Fabric

Replication ASIC MSFC5

DRAM

Bootdisk

Connectivity MGMT

processor

PFC4

Layer 2 forwarding Engine

Layer 3/4 forwarding Engine

Front

Panel

CTS ASIC CTS ASIC


Policy Feature Card 4 Introduction

15

PFC4 - Default PFC (EARL8) FIB & Netflow at 256K entries PFC4XL - Upgrades FIB & Netflow Table to 1M entries

PFC4

Increased MAC Table (128K) L2 Bridge Domains (16K) L3 Logical Interfaces (128K) Increased Forwarding (60Mpps) Increased Throughput (80Gbps)

Scalability Native (H)VPLS MPLS Aggregate Labels (16K) Multi-point EoMPLS L2oGRE VRF-based NAT & FnF

Virtualization

IPv6 Tunneling in FIB Unicast RPF for IPv6 IPv6 Multicast in FIB 512K Multicast Routes IGMPv3 / MLDv2 Snooping

IP Routing Cisco TrustSec & SGACLs Increased ACL TCAM (256K) Increased ACL Labels (16K) Per-Port / Per-VLAN QoS Distributed Policers (512)

QoS & Security

Flexible Netflow (FnF) Egress Netflow L2 (per VLAN) Netflow TCP Flags Per-Protocol Counters

Monitoring


Classification ACL Table #1

Netflow Hash Table

Adjacency Table

FIB TCAM

Adjacency Statistics

128K MAC Table

Netflow Data Table

LIF Map Table

Netflow Statistics

RPF Map Table

Classification ACL Table #2

LIF Table

LIF Statistics

Exception Table

Bus Backplane

Contains location of flow in Netflow Table

Contains several key packet fields for flow

Collection of NF statistics for each active flow

Contains CEF IPv4, IPv6 prefixes & MPLS entries

Contains Layer 2 rewrite information & pointers

Contains the Egress ACL entries (128K)

Contains the Ingress ACL entries (128K)

Contains table of exception cases & action to take

Collection of ADJ statistics for each active flow

Table of Src-Port info for Multicast & uRPF

Contains Logical Interface Mapping info

Contains the actual LIF Database entries

ACE Counters

Contains LIF Usage statistics

128K CAM containing L2 MAC address table

Collection of ACL hit statistics & other info

Layer 3 / 4 Forwarding

Engine

Layer 2 Forwarding Engine

Fabric Replication ASIC

Policy Feature Card 4 Earl 8 Overview

16


Policy Feature Card 4 EARL8 Processing

17

Ingress ACL Ingress QoS L3 Lookup Ingress

NetFlow Headers

From L2 Engine

Egress ACL Egress

NetFlow Egress QoS

IFE Process

OFE Process

Headers To L2 Engine

Rewrite Result

Generation

The forwarding engine ASIC has 2 processing pipelines @ 60Mpps:

1. Input Forwarding Engine (IFE)

2. Output Forwarding Engine (OFE)

As each packet header enters the L3 Forwarding ASIC, the IFE pipeline will perform L3 Lookup and Ingress Security, QoS & Netflow processing

The header is merged with IFE results and then passed to the OFE pipeline, which will perform Egress Security, QoS & Netflow processing, to generate final result.

*also applies to each DFC4


Multilayer Switch Feature Card 5 Introduction

18

Single Dual Core processor

Combines the functionalities of the Switch Processor (SP) & the Route Processor (RP)

Single Bootdisk filesystem

Enhanced CPU Performance

2GB or 4GB DDR3 DRAM

Connectivity Management Processor (CMP)

On-Board Failure Logging (OBFL)

Mini Protocol Analyzer (MPA)


Multilayer Switch Feature Card 5 Block Diagram

19

Control Plane CPU 1.5 GHz

Core 0 Core 1

Inband Channel 1GE FDX

To Base-Board

OBFL Flash 4 MB

Network Management

port

USB 2.0 Host

Compact Flash

Serial Port

Ethernet Out of Band

Channel 100 Mbps HDX

Rommon 4 MB

I/O ASIC

256 MB Memory

CMP CPU 266 MHz

Rommon 32 MB

MUX Bootdisk

Front Panel

2 x 2 GB DDR2 Memory

NVRAM 4MB

10/100/100 Auto-MDI

Type A Type B

OBFL Flash 4 MB

Rommon 4 MB

I/O ASIC

NVRAM 4MB


Multilayer Switch Feature Card 5 "Lights Out" Management with CMP

The Connectivity Management Processor (CMP) supports new capabilities that will aid Network Administrators in managing the system:

RP Image Recovery

- TFTP boot of the system

RP File Transfer

- Image copy via TFTP

Remote RP Reset

- Hard or Soft reset

RP Console Logging

USB Support

- Booting via Approved USB flash

- USB serial console access

Removes the need for a separate Telnet Server for console access

Has unique GOLD tests

20


Multilayer Switch Feature Card 5 Accessing the CMP

Sup2T#

Sup2T#M

Sup2T#M

Sup2T#

Sup2T-cmp login: root

Password:

Cisco CMP Software

TAC support: http://www.cisco.com/tac

Copyright (c) 2009-2011, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained herein are owned by

other third parties and are used and distributed under license.

Some parts of this software may be covered under the GNU Public

License or the GNU Lesser General Public License. A copy of

each such license is available at

http://www.gnu.org/licenses/gpl.html and

http://www.gnu.org/licenses/lgpl.html

Sup2T-cmp#

Ctrl-C, Shift-M, Ctrl-C, Shift-M, Ctrl-C, Shift-M Enter root as default login

Enter default as default password

CMP suffix added to the prompt

When the system comes online, RP initially owns the console.

Use the following key sequence to switch between two consoles:

(Ctrl-C, Shift-M) three times to switch to CMP console

(Ctrl-R, Shift-M) three times to switch to RP console

21


2T Switch Fabric Introduction

Integrated 2Tbps Switch Fabric

26 Channels to support the 6513-E

Dual Queues (Hi/Lo) per fabric channel

Redundant channel to Standby for faster traffic convergence, during SSO switchover...

Provides backplane interconnects

Fabric traces are distributed across each slot

Each Fabric trace can operate at either 20Gb/sec or 40Gb/sec

Mixing 6700 & 6900 (20G & 40G) modules does not affect speeds of other modules

22


2T Switch Fabric High Availability

If using VS-S720-10G or VS-SUP2T-10G with a redundant Standby Supervisor, then two (2) fabric channels are connected "back to back":

Standby Supervisor uplink connection to Active Supervisor

Active Supervisor bus connection to Standby Supervisor

The Standby Supervisor is in DFC Mode, with its Bus connection disabled

With Sup2T the redundant Standby Supervisor enables its redundant channels for WS-6908-10GE and WS-6904-40GE modules, for "hitless" failover...

Active

Supervisor

Standby

Supervisor

Line Card

Slot 1

Line Card

Slot 13

23


Feature Sup720 Sup720-10G Sup2T

Number of Channels 18 20* 26

Aggregate Bandwidth 720 Gbps 720 Gbps 2 Tbps

Channel Speeds (bps) 8G / 20G 8G / 20G 20G / 40G

Fabric Redundancy Yes Yes Yes

SSO Fabric Hot Synch No Yes* Yes

Redundant Channels No No Yes

Fabric Priority (QoS) Single Fabric Hi / Lo

Priority

Single Fabric Hi / Lo

Priority

Hi Priority Fabric

Lo Priority Fabric

Clear Block Support Yes Yes Yes

Switching Modes (DBUS Header Size)

Bus, Truncated,

Compact

Bus, Truncated,

Compact Truncated, Compact

Requires E-Series No No* Yes

NOTE: Compact switching mode provides optimal Fabric performance...

720 vs 2T Fabric Hardware Data-Plane

24


Supported 6700 Series w/ CFC

WS-F6K-DFC4-E 6716-10G Fiber

WS-F6K-DFC4-A 6704-10G w/ DFC3

WS-F6K-DFC4-A 6700 Series 1G w/ DFC3

WS-F6K-DFC4-E 6716-10T Copper

6908-10G 6708-10G Fiber

Supported Legacy Services Modules

Supported 6100 Series

Upgrading the Install Base to Sup2T

25

Sup720 Sup2T


Distributed Forwarding

26

DFC Interoperability with PFC

PFC3A PFC3B PFC3BXL PFC3C PFC3CXL PFC4 PFC4XL

DFC3A Compatible Operate as

PFC3A Operate as

PFC3A Operate as

PFC3A Operate as

PFC3A X X

DFC3B Operate as

DFC3A Compatible

Operate as PFC3B

Operate as PFC3B

Operate as PFC3B

X X

DFC3BXL Operate as

DFC3A Operate as

DFC3B Compatible

Operate as PFC3B & DFC3B

Operate as PFC3BXL

X X

DFC3C Operate as

DFC3A Operate as

DFC3B

Operate as PFC3B & DFC3B

Compatible Operate as

PFC3C X X

DFC3CXL Operate as

DFC3A Operate as

DFC3B Operate as DFC3BXL

Operate as DFC3C

Compatible X X

DFC4 X X X X X Compatible Operates as

PFC4

DFC4XL X X X X X Operates as

DFC4 Compatible


Catalyst 6500 E Series Chassis

27

Enhanced (E) Series chassis offer: higher bandwidth higher power capacity, better signal integrity to support Supervisor 2T

3, 4, 6, 9 & 13-slot versions

Classic Data Bus traces/connectors

Crossbar Fabric traces/connectors

Redundant Power supplies

Enhanced Fan for system cooling

6509-V-E chassis offers redundant fan trays & air filtration


SWITCH FABRIC

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

The 720Gbps Switch Fabric has 18 channels which are distributed across the available

slots (6503 , 6504 , 6506 & 6509 each get 2 (dual) fabric channels, per slot) but what

about the 6513 & 6513-E? How do we split 18 channels across 13 slots?

Slots 1 - 8 each get a single fabric channel

Slots 9 - 13 each get dual fabric channels

8 x 1 = 8

5 x 2 = 10

8 + 10 = 18 Total fabric channels

Sup720 + 6513 / 6513-E Fabric-Channel Assignment

Sup720 Fabric + 6513/6513-E

28


The 2Tbps Switch Fabric has 26 channels which are distributed across the available

slots (6503-E , 6504-E , 6506-E , 6509-E & 6509-V-E already get 2 (dual) fabric channels,

per slot) but what about the 6513-E ?

1

3 2

4 5

7 6

8 9

11 10

12 13

14

16 15

17 18

20 19

21 22

24 23

25 26

SWITCH FABRIC

13 x 2 = 26

Sup2T + 6513-E Fabric-Channel Assignment

Slots 1 - 13 each get dual fabric channels

NOTE: This is now possible due to the additional

fabric channel traces (physical connectors & wires)

on both the Supervisor2T -AND- 6513-E

Hence, Supervisor 2T + 6513 (non-E) chassis

combination will NOT be supported...

Sup2T Fabric + 6513/6513-E

29


Sup720 vs. Sup2T- Switching L2 (IPv4 / IPv6) Scaling

30

Feature Sup720 Sup2T

MAC Address Table 3A/B: 64K

3C: 96K 128K

CAM Hash Table Single Bank Dual Bank

L2 Bridge Domains 4K (VLAN) 16K (BD)

Adjacency Entries 1M 1M

MST Virtual Ports 100K 120K

R/PVST Virtual Ports 12K 16K

DAI, DHCP Snooping & SourceGuard

Entries 8K 12K

Policy-Based Forwarding (PBF) 32K 64K

EFP (Ethernet Flow Point) N/A 32K

EVC (Ethernet Virtual Connection) N/A 4K

L2oGRE Tunnels N/A 1K

* Available in future IOS software releases


Sup720 vs. Sup2T- Routing IPv4 Route Scaling

31

Feature Sup720 Sup2T

FIB TCAM (non XL)

FIB TCAM (XL)

256K Entries

1M Entries

256K Entries

1M Entries

TCAM Entry Size 144 bits 288 bits

BGP Prefixes / Peers 750K / 1K 1M / 2K

OSPF Prefixes / Peers 20K / 50 30K / 75

EIGRP Prefixes / Peers 20K / 50 30K / 75

RIPv2 Prefixes / Peers 10K / 10 50K / 50

ARP Entries 30K 100K

FHRP Instances 500 1K

NAT / PAT Entries 256K (Ingress Only) 512K Ingress / 512K Egress

Policy Routing (PBR) Entries 2K 4K

IP GRE Tunnels 1K 5K

ECMP Load Sharing 16 paths 16 paths


Agenda

32






Supervisor 2T Migration Use Cases


Migration Use cases

34

Migrate single/dual Sup720 in the pair of Catalyst 6500 series non-E chassis with legacy hardware to single Sup2T in pair of E-chassis with supported

linecards

Typical deployment in campus and datacenter Core layer

Single/Dual

Supervisor

Migrate single Sup720 in pair of Catalyst 6500 series non-E chassis with legacy hardware to single Sup2T in pair of E-chassis with supported linecards

Convert the standalone Sup2T to VSS mode Typical deployment in campus Core/Distribution and datacenter Distribution

layer

Standalone

to VSS

Migrate Sup720 deployed as VSS in pair of Catalyst 6500 series non-E chassis with legacy hardware to Sup2T in VSS mode with supported linecards

Typical deployment in campus Core/Distribution and datacenter Distribution layer

VSS to VSS


Single Supervisor

35

Topology and traffic details

Single Sup720 deployed in pair of Non-E chassis at distribution layer

Vlans are divided in group of Red and Green

Dist-1 is configured as HSRP Primary/STP root for Red vlans

Dist-2 is configured as HSRP Primary/STP root for Green vlans

Spirent traffic generator is used to inject 5000 mac addresses, 100 VLANs, 5000 simulated transmit

nodes (Layer 2), 50 SVIs at each core, 50 HSRP

groups, 5000 ARP entries (Layer 3)

Port Channel is connected between Catalyst pair at Layer2/Layer 3 boundary

Layer 3 termination at distribution layer

End-hosts are connected to access switch

Dist-1 Dist-2


Dual Supervisors

36


Dual Sup720s deployed in pair of Non-E chassis at distribution layer (HA or SSO mode)


Dist-1 is configured as HSRP Primary/STP root for Red vlans

Dist-2 is configured as HSRP Primary/STP root for Green vlans




Port Channel is connected between Catalyst pair at Layer2/Layer 3 boundary



Dist-1 Dist-2


Virtual Switch System

37


Sup 720 deployed in pair of Non-E chassis at distribution layer


Dist-1 and Dist-2 acting as one logical switch (STP root) and vlans are load balanced across both links

of MEC

Access switch is connected to VSS through MEC

VSL port channel is connected between Catalyst pair at Layer2/Layer 3 boundary






Dist-1 Dist-2

VSS Introduction


Current Network Challenges Enterprise Campus

Traditional Campus Multi-Layer Design

Access

L2/L3

Distribution

L3 Core

FHRP, STP,

Asymmetric routing,

Policy Management

Extensive routing

topology, Routing

reconvergence

Single active uplink

per VLAN (PVST), L2

reconvergence

39


Current Network Challenges Data Center

Traditional Data Center Multi-layer design

L2/L3 Core

L2 Access

Dual-Homed Servers to

single switch, Single

active uplink per VLAN

(PVST), L2

reconvergence

Single active uplink per

VLAN (PVST), L2

reconvergence, excessive

BPDUs

FHRP, HSRP, VRRP

Spanning Tree

Policy Management

L2/L3

Distribution

40


Simplifies operational Manageability via Single point of Management, Non-loop design, minimize reliance on STP, eliminate FHRP etc

Scales system capacity with Active-Active Multi-Chassis Etherchannel (802.3ad/PagP), no blocking links due to Spanning Tree

Minimizes traffic disruption from switch or uplink failure with Deterministic subsecond Stateful and Graceful Recovery (SSO/NSF)

Catalyst 6500 Virtual Switching System Overview

41


Server

10GE

Traditional

SiSi SiSi

VSS (Physical View)

SiSi

Server

10GE


802.3ad

802.3ad or

PagP

SiSiSiSi

Server Access Switch or ToR or Blades

VSS (Logical View)

802.3ad or

PagP 802.3ad


Virtual Switching System Enterprise Campus

VSS Distribution Design

Access

L2/L3

Distribution

L3 Core

No FHRPs

No Looped topology

Policy Management

Reduced routing

neighbors, Minimal

L3 reconvergence

Multiple active

uplinks per VLAN, No

STP convergence

42


Virtual Switching System Data Center

VSS Data Center Design

L2/L3 Core

L2

Distribution

L2 Access

Dual-Homed

Servers, Single

active uplink per

VLAN (PVST), Fast

L2 convergence

Dual Active Uplinks,

Fast L2 convergence,

minimized L2 Control

Plane, Scalable

Single router node,

Fast L2 convergence,

Scalable architecture

43


Virtual Switching System Architectural Concepts

Virtual Switch Domain

Virtual Switch Link

Active Standby Hot Control Plane

Switch 1 Switch 2 Data Plane

44


Virtual Switching System Architecture Virtual Switch Link (VSL)

45

The Virtual Switch Link joins the two physical switch together - it

provides the mechanism to keep both the chassis in sync

Virtual Switch Active

Virtual Switch Standby

Virtual Switch Link

VS Header L2 Hdr L3 Hdr Data CRC


Virtual Switching System Architecture Initialization

The initialization process consists of 3 main steps:

Role Resolution Protocol (RRP) used to determine compatible Hardware and

Software versions to form the VSL as well as determine which switch becomes

Active and Hot Standby from a control plane perspective

LMP RRP

Link Management Protocol (LMP) used to track and reject Unidirectional Links,

Exchange Chassis ID and other information between the 2 switches

Link Bringup to determine which ports form the VSL 1

2

3

LMP RRP

46


Virtual Switching System Architecture VSLP Ping

A new ping mechanism has been implemented in VSS mode to allow

the user to objectively verify the health of the VSL itself. This is

implemented as a VSLP Ping

VSL

Switch1 Switch2

VSLP Ping

vss#ping vslp output interface tenGigabitEthernet 1/5/4

Type escape sequence to abort.

Sending 5, 100-byte VSLP ping to peer-sup via output port 1/5/4, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 ms

The VSLP Ping operates on a per-physical interface basis and parameters such as COUNT,

DESTINATION, SIZE, TIMEOUT may also be specified

VSLP Ping

VSLP Ping VSLP Ping

47


Virtual Switching System Architecture VSL Configuration Consistency Check

After the roles have been resolved through RRP, a Configuration Consistency Check is performed across the

VSL switches to ensure proper VSL operation. The following items are checked for consistency:

Switch Virtual Domain ID

Switch Virtual Switch ID

Switch Priority

Switch Preempt

VSL Port Channel Link ID

VSL Port state, interfaces

Power Redundancy mode

Power Enable on VSL cards

Note that if configurations do not match, the Hot-Standby Supervisor will revert to RPR

mode, disabling all non-VSL interfaces

Virtual Switch

48


Virtual Switching System Unified Control Plane

49

One active supervisor in each chassis with inter-chassis Stateful Switchover (SSO)

Active supervisor manages the control plane functions such as protocols (routing, EtherChannel, SNMP, telnet, etc.) and hardware control (Online Insertion Removal, port management)

Active/Standby supervisors run in synchronized mode (boot-env, running-configuration, protocol state, and line cards status gets synchronized)

Active Supervisor

SF RP PFC

CFC or DFC Line Cards





Standby HOT Supervisor

SF RP PFC

VSL








SSO

Synchronization


Virtual Switching System Dual Active Scenario

VSL is the heart of the VSS functionality

Protecting VSL link bundle is the best practice design

Use one port from Supervisor and other from line cards to form a VSL bundle

Use diverse fiber path for each VSL links

Manage traffic forwarded over VSL link by avoiding single homed devices

In case of loss of all members of the VSL bundle, the standby supervisor will go active, creating dual active condition

Dual active leads to

Two independent routers with same control plane information e.g. IP address, router ID etc.

Error disabling of access-layer due to two STP BPDU sent with different source MAC

50


Virtual Switching System Dual Active Forwarding Planes

51

Both forwarding planes are active

Standby supervisor and all linecards including DFCs are actively forwarding

VSS# show switch virtual redundancy My Switch Id = 1 Peer Switch Id = 2 Switch 1 Slot 5 Processor Information : ---------------------------------------------- Current Software state = ACTIVE Fabric State = ACTIVE Control Plane State = ACTIVE Switch 2 Slot 5 Processor Information : ---------------------------------------------- Current Software state = STANDBY HOT (switchover

target) Fabric State = ACTIVE Control Plane State = STANDBY

Data Plane Active

Data Plane Active

SiSiSiSi

Switch1 Switch2


Virtual Switching System Architecture Multichassis EtherChannel (MEC)

Etherchannels can now be extended across the two physical chassis

Regular Etherchannel on single

chassis

Multichassis EtherChannel across 2

VSS-enabled chassis

VSS

Both LACP and PAGP Etherchannel

protocols and Manual ON modes are

supported

Standalone

52


Virtual Switching System Architecture EtherChannel Hash for MEC

Link 1 Link 2

Etherchannel hashing algorithms are modified in VSS to always favor

locally attached interfaces

Blue Traffic destined

for the Server will

result in Link 1 in the

MEC link bundle being

chosen as the

destination path

Orange Traffic

destined for the Server

will result in Link 2 in

the MEC link bundle

being chosen as the

destination path

53


Etherchannel Concepts Etherchannel Hash Distribution

The default hashing algorithm will redistribute all the Result Bit Hash values across

the available ports when there is a change. This affects all traffic traversing the

Etherchannel

RBH (for MEC)

2 Link Bundle Example Link 1 Link 2

Flow 1 Flow 2 Flow 3 Flow 4 Flow 5 Flow 6 Flow 7 Flow 8

RBH (for MEC)

3 Link Bundle Example

Flow 1 Flow 2 Flow 4 Flow 5 Flow 7 Flow 8

Flow 3 Flow 6

Link 1 Link 2 Link 3

Links 1,2 Links 3,4 Links 1,2,3 Links 4,5,6

54


Etherchannel Concepts Etherchannel Hash Distribution Adaptive

Adaptive Hash Distribution Enhancement allows for the addition or removal of links

in a bundle without affecting all of the traffic in an Etherchannel. Note in the below

example, only Flow 7 and 8 are affected by the addition of an extra link to the

Channel RBH (for MEC)


RBH (for MEC)


Flow 1 Flow 2 Flow 3 Flow 4 Flow 5 Flow 6

Flow 7 Flow 8

Link 1 Link 2

Flow 1 Flow 2 Flow 3 Flow 4 Flow 5 Flow 6 Flow 7 Flow 8

Link 1 Link 2 Link 3

vss#conf t

Enter configuration commands, one per line. End with CNTL/Z.

vss(config)#port-channel hash-distribution adaptive

vss(config)# ^Z

vss#

55


Virtual Switching System Architecture VSL Initialization

Initialization 1 Initialization 1

Pre-Parse Config 2 Pre-Parse Config 2

Bring up VSL Linecards and

VSL Ports

3 Bring up VSL Linecards and

VSL Ports 3

Run VSLP 4 Run VSLP 4

Run RRP 5 Run RRP 5

Inter-chassis SSO 6 Inter-chassis SSO 6

Continue System Bootup 7 Continue System Bootup 7

56


Virtual Switching System Resilient VSL Configuration

Protecting VSL bundle is of the highest priority.

VSL bundle is a special purpose EtherChannel however all the best practices of designing and configuring of any general EtherChannel applies to VSL bundle

Redundancy of VSL is important to avoid dual ACTIVE condition and instability of VSS

Diversify VSL bundle on two separate hardware just like any resilient EtherChannel design

VSL link hardware selection also affect the QOS configuration on the rest of the ports on supervisors.

57


VSL Design Link Diversification (Dual-Sup Design Option #1)

58

Minimum of two links provides protection from port and SFP failures

Separate linecard provides protection from certain interface failures on a single Supervisor

Diverse physical paths protect from physical layer outages

Requires a VSL-capable linecard

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

VSS Active

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

VSS Standby

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

Ten 1/5/4 Ten 2/5/4

Ten 1/1/1 Ten 2/1/1


VSL Design Link Diversification (Dual-Sup Design Option #2)

Minimum of two links provides protection from port and SFP failures

Diverse physical paths protect from physical layer outages

No additional VSL-capable linecards are required (Minimal Cost)

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

VSS Active

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

VSS Standby

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

CFC or DFC Linecard

Ten 1/5/4 Ten 2/5/4

Ten 1/5/5 Ten 2/5/5

59


Agenda

60






61

Plan

Execute

Verify

Supervisor 2T Migration Walk through


Migration Tips

63

SiSi

10GE


SiSiSiSi

Distribution switches MUST BE Spanning-tree ROOT

Plan the migration with identified backup strategy

Make sure to save the configs at each step to disk0: or bootflash:

Use console connection during Migration process (if possible), telnet or ssh connections can be lost .

It is a best practice to move the HSRP(Layer 3) first to redundant switch followed by spanning tree root for optimal results and convergence

Download the Sup2T supported image in advance to external compact flash before migration

Use root guard at the edge ports to protect external switch introducing superior BPDUs, e.g. temporary connectivity

Use Spanning tree portfast on all the access ports connected to servers and hosts


Software Recommendation

64

Platform IOS version

Minimum Recommended

Supervisor 720 12.2 (SXI3) 12.2(SXJ)

Supervisor 2T 12.2 (SY) 15.1(SY1)

15.1 train is the long lived release

Catalyst 6500 with Sup 720 Minimum Recommended Cisco IOS Release http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/ol_14271.html

Catalyst 6500 with Sup 2T Recommended Cisco IOS Release http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/release_notes.html

VSS cannot be formed between Sup 720 running 12.2 SX and Sup 2T running 12.2(SY) or 15.0 (SY)

For Your Reference


Case 1 : Single/Dual Supervisor 720 Migration

65


STP & HSRP Active

Traditionally, traffic is load-balanced among distribution switches using vlan load-

sharing and HSRP configuration

Case 1: Standalone Supervisor Migration Current Network

66

Access

Distribution

L3 Core

STP & HSRP Active

Red Vlan Green Vlan Dist-1 Dist-2


Verifying STP and HSTP states on Dist-1 Switch

67

Dist-1#sh spanning-tree vlan 10

VLAN0010

Spanning tree enabled protocol rstp

Root ID Priority 8192

Address 0017.df3f.e80a

This bridge is the root

Hello Time 2 sec Max Age 20 sec Forward Delay

15 sec

Bridge ID Priority 8192



15 sec

Aging Time 480

Interface Role Sts Cost Prio.Nbr Type

------------------- ---- --- --------- --------

Gi8/2 Desg FWD 4 128.898 P2p Peer(STP)

Po1 Desg FWD 1 128.1665 P2p

Dist-1#sh standby brief

P indicates configured to preempt.

|

Interface Grp Pri P State Active Standby Virtual IP

Vl10 10 120 P Active local 10.100.100.2 10.100.100.3

Vl20 20 110 P Standby 20.100.100.2 local 20.100.100.3

Case 1 : Pre Migration Checks


VLAN0020



Address 0019.3004.3814

Cost 1

Port 1665 (Port-channel1)


15 sec


Address 0017.df3f.e814


15 sec

Aging Time 480


------------------ ---- --- --------- --------


Po1 Root FWD 1 128.1665 P2p

How to read Dist-1 is root bridge for vlan 10 and

secondary root for vlan 20

Dist-1 is HSRP active for group 10


Green vlans traversing

through the Dist-2 will

be affected due to HSRP

change for 4 secs,

largely depends on the

HSRP timers

STP & HSRP

Active

Red Vlan

Green Vlan

Dist-1 Dist-2

Case 1: Migration of Dist-2 Switch Step-1 Shift the HSRP Primary to Dist-1

68

Make Dist-1 switch HSRP primary for Green vlans

Neighboring devices will detect this change and switch all traffic to Dist-1 switch

Dist-2(config)#int vlan 20 Dist-2(config-if)#standby 20 priority 100

*Apr 20 02:00:15.047: %HSRP-5-STATECHANGE: Vlan20 Grp 20 state Active -> Speak

*Apr 20 02:00:26.515: %HSRP-5-STATECHANGE: Vlan20 Grp 20 state Speak -> Standby






Dist-1#

*Apr 20 02:01:19.559: %HSRP-5-STATECHANGE:Vlan20 Grp 20 state Standby -> Active




Vl10 10 120 P Active local 10.100.100.2 10.100.100.3

Vl20 20 110 P Active local 20.100.100.2 20.100.100.3


Red vlans traversing


be affected, due to STP

root change, for 30 secs,


STP mode

STP & HSRP

Active

Red Vlan

Green Vlan

Dist-1 Dist-2

Case 1: Migration of Dist-2 Switch Step-2 Move Spanning root primary to Dist-1

69

Make Dist-1 switch STP root for Green vlans


Shutdown Dist-2 physical interfaces to completely remove Dist-2 switch from the network

Dist-1(config)#spanning-tree vlan 20 root primary

Dist-1(config)#end


VLAN0020





Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec




Aging Time 480


------------------- ---- --- --------- -------- ----------------




Case 1 : New Supervisor 2T insertion Step-3 Insertion of Sup 2T and configuration

Remove Sup720 and all incompatible linecards from the chassis

Replace non-E with E-series chassis and insert Supervisor 2T

Boot Sup2T compatible image from rommon, copy the saved configuration from compact flash to running

Validate the configs for Sup2T

Dist-2 with Sup2T will bootup as HSRP/STP secondary for all vlans as configured

The traffic will still be flowing through the Dist-1

Access

Distribution

L3 Core

STP & HSRP

Active

Red Vlan Green Vlan

Dist-1 Dist-2

STP & HSRP

Secondary

rommon>boot disk0:s2txx_new_sup2t_image

Boot the new Supervisor 2T image from compact disk in

rommon prompt,copied from cisco.com

-------- -------

Dist-2#copy disk0:saved_config system:running_config


Access

Distribution

L3 Core

STP & HSRP

Active

Red Vlan

Green Vlan

Dist-1 Dist-2

STP & HSRP

Secondary

Case 1: Migration of Dist-2 Switch Step-4 Un-shut the interfaces on Sup2T

71

After config validation un-shut Dist-2 physical interfaces and port-channel between two peers

Dist-2 will become HSRP/STP secondary

There will be no impact on the traffic flowing through Dist-1 till this step

Dist-2(configs)#int range gi2/48,gi2/3 4, int po 1

Dist-2(configs-if-range)#no shut

Dist-2#show interfaces gi2/48 To Access Switch

GigabitEthernet2/48 is up, line protocol is up (connected)

Hardware is C6k 1000Mb 802.3, address is 001f.6cf6.528f (bia

001f.6cf6.528f)

- Omit Output -

Dist-2#show interfaces Po 1 To Primary HSRP Switch

Port-channel1 is up, line protocol is up (connected)

Hardware is EtherChannel, address is 588d.09e6.81ab (bia

588d.09e6.81ab)

- Omit Output -

Dist-2#show interfaces gi2/4 To Core Block

GigabitEthernet2/4 is up, line protocol is up

(connected)

Hardware is C6k 1000Mb 802.3, address is

001f.6cf6.527c (bia 001f.6cf6.527c)

- Omit Output -


Verifying STP and HSTP states on Dist-2 Switch after migration

72


VLAN0020




Cost 1




Address 0019.3004.3814


Aging Time 480


------------------- ---- --- --------- --------





|




Case 1 : Post Migration Checks


VLAN0010




Cost 1




Address 0019.3004.380a


Aging Time 480


------------------- ---- --- --------- --------



How to read Dist-2 is now secondary root bridge

for vlan 10 and vlan 20

Dist-2 is HSRP standby for group 10 and 20 after migration


Case 1 : Verification Supervisor 2T Verification

73

Dist-2#show version

Cisco IOS Software, s2t54 Software (s2t54-

IPBASEK9-M), Version 15.1(1)SY, RELEASE SOFTWARE

(fc5)

Technical Support:

http://www.cisco.com/techsupport

Copyright I 1986-2011 by Cisco Systems, Inc.

Compiled Tue 27-Sep-11 02:02 by prod_rel_team

ROM: System Bootstrap, Version 12.2(50r)SYS2,

RELEASE SOFTWARE (fc1)

Dist-2uptime is 51 minutes

Uptime for this control processor is 51 minutes

System returned to ROM by power on

System image file is "bootdisk:s2t54-ipbasek9-

mz.SPA.151-1.SY.bin"

Last reload reason: power-on

- Omit Output -

Cisco WS-C6509-E (M8572) processor (revision)

with 1769472K/262144K bytes of memory.

Processor board ID SMG0929N81U

CPU: MPC8572_E, Version: 2.1, (0x80E80021)

CORE: E500, Version: 3.0, (0x80210030)

CPU:1500MHz, CCB:600MHz, DDR:600MHz

L1: D-cache 32 kB enabled

I-cache 32 kB enabled

Last reset from power-on

Dist-2# show module

Mod Ports Card Type Model Serial No.

--- ----- --------------------------------------

1 8 DCEF2T 8 port 10GE WS-X6908-10G SAL16095SXR

2 48 CEF720 48 port 10/100/1000mb Ethe WS-X6748-GE-TX SAL1208GW5C

5 5 Supervisor Engine 2T 10GE w/CTS (Acti VS-SUP2T-10G SAL16020SSN

Mod MAC addresses Hw Fw Sw Status

--- ---------------------------------- ------ ------------

1 442b.0311.5588 to 442b.0311.56cf 1.1 12.2(50r)SYL 15.1(1)SY Ok

2 001f.6cf6.5260 to 001f.6cf6.52f2 2.7 12.2(14r)S5 15.1(1)SY Ok

5 588d.098a.b517 to 588d.098a.b654 1.2 12.2(50r)SYS 15.0(1)SY Ok

Mod Sub-Module Model Serial Hw Status

---- --------------------------- ------------------ -----------

1 Distributed Forwarding Card WS-F6K-DFC4-E SAL16095R3F 1.2 Ok

2 Centralized Forwarding Card WS-F6700-CFC SAL1207GEH3 4.0 Ok

5 Policy Feature Card 4 VS-F6K-PFC4 SAL16010C7B 1.1 Ok

5 CPU Daughterboard VS-F6K-MSFC5 SAL16020TKS 1.3 Ok

Mod Online Diag Status

---- -------------------

1 Pass

2 Pass

5 Pass

Verify the Sup2T insertion

and software version using

show module and show version


- a brief 4 sec traffic drop was seen for Green vlans during HSRP convergence

- during Spanning tree root primary change, 30 sec traffic disruption was seen

for Green vlans due to STP re-calculations

Case 1 : Secondary Switch Migration Convergence result during Dist-2 Upgrade

74


Red and Green vlans

traversing through the

Dist-1 will experience a

brief outage due to

HSRP change for 4 secs,


HSRP timers


75

Configure Dist-1 switch as HSRP secondary for all the vlans, Dist-2 will become HSRP primary

Neighboring devices will detect and switch all traffic to Dist-2 switch

Dist1(config)#int vlan 20

Dist-1(config-if)#standby 20 priority 90



Dist1(config)#int vlan 10

Dist-1(config-if)#standby 10 priority 90








Dist-2#






Vl10 10 100 P Active local 10.100.100.2 10.100.100.3

Vl20 20 100 P Active local 20.100.100.2 20.100.100.3

Access

Distribution

L3 Core

STP & HSRP

Active

Red Vlan

Green Vlan

Dist-

1 Dist-2


Vlans traversing through

the Dist-1 will be

affected, due to STP root

change, for 30 secs,


STP mode


76

Adjust the priorities to make Dist-2 STP root primary and Dist-1 STP root secondary for all vlans

Neighboring devices will detect and switch traffic to Dist-2 switch


Dist-2(config)#spanning-tree vlan 10,20 priority 4096

Dist-2(config)#end


VLAN0020









Aging Time 480


------------------- ---- --- --------- -------- ----------------



Access

Distribution

L3 Core

STP & HSRP

Active

Red Vlan

Green Vlan

Dist-

1 Dist-2



Repeat the steps from step 3 step 5 to upgrade Sup2T in Dist-1 switch

Verify that Supervisor 2T come up with supported software image

Verify that Red vlan traffic is taking Dist-1 path and Green vlan traffic is taking Dist-2 path

Verify all the L3-routing is converged

All the unsupported linecards will remain in power denied state

Both the chassis in distribution pair have now been migrated to new generation Supervisor 2T

Same steps has to be followed for Dual Supervisors 720 in HA mode

Red vlans traversing through the Dist-2

will be affected, due to STP root change

and HSRP convergence, for 34 secs


- a brief 4 sec traffic drop was seen for all vlans during HSRP convergence


for all vlans due to STP re-calculations


78


Case 1 : Final State Design

79

Access

Distribution

L3 Core

STP & HSRP Active

Red Vlan Green Vlan Dist-1 Dist-2 STP & HSRP Active

Case 2 : Standalone to Virtual Switch System (VSS) Migration with Sup720

80


VSS Migration Tips

81

VSS domain switch MUST BE spanning-tree ROOT

Make sure to save the configs at each step to disk0: or bootflash:

Use console connection during Migration process

It is a best practice to move the HSRP(Layer 3) first to redundant switch followed by spanning tree root for optimal results and convergence

Remove HSRP configs and assigns the same virtual IP addresses to vlan SVIs.

Download the Sup2T supported image in advance to external compact flash before migration

Use root guard at the edge ports to protect external switch introducing superior BPDUs, e.g. temporary connectivity

Use Spanning tree portfast on all the access ports connected to servers and hosts

Do not use loop guard as it will disable the entire MEC channel on fault detection

VSS (Physical View)

SiSi

Server

10GE


802.3ad

802.3ad or

PagP

SiSiSiSi


Access

Distribution

L3 Core

STP & HSRP Active

Red Vlan

STP & HSRP Active

Green Vlan Dist-1 Dist-2

Traditionally, traffic is load-balanced among distribution switches using vlan load-

sharing and HSRP configuration

Case 2: Standalone Supervisor Migration in VSS Current Network

82


Migration Steps between Distribution and

Access-layer

1. Modify FHRP Configuration

2. Configure Multichassis Ethrechannel

3. Move L2 Trunk configuration to MEC

interfaces

4. Move Policies to MEC if needed

5. Keep Spanning-Tree Enabled

Migration Steps between Distribution and

core

1. Configure MEC

2. Remove Routing Statements which

are not needed.

Access

L2/L3

Distribution

L3 Core

Multi Step Process

Case 3: Standalone to VSS Migration Migration to VSS

83


Verifying STP and HSTP states on Dist-1 Switch

84


VLAN0010






15 sec




15 sec

Aging Time 480


------------------- ---- --- --------- --------





|


Vl10 10 120 P Active local 10.100.100.2 10.100.100.3


Case 2 : Pre Migration Checks


VLAN0020



Address 0019.3004.3814

Cost 1



15 sec




15 sec

Aging Time 480


------------------ ---- --- --------- --------



How to read Dist-1 is root bridge for vlan 10 and

secondary root for vlan 20

Dist-1 is HSRP active for group 10


Green vlans traversing


be affected due to HSRP

change for 4 secs,


HSRP timers

STP & HSRP

Active

Red Vlan

Green Vlan

Dist-1 Dist-2


85

Make Dist-1 switch HSRP primary for Green vlans


Dist-2(config)#int vlan 20 Dist-2(config-if)#standby 20 priority 100








Dist-1#





Vl10 10 120 P Active local 10.100.100.2 10.100.100.3

Vl20 20 110 P Active local 20.100.100.2 20.100.100.3


Red vlans traversing


be affected, due to STP

root change, for 30 secs,


STP mode

STP & HSRP

Active

Red Vlan

Green Vlan

Dist-1 Dist-2


86

Make Dist-1 switch STP root for Green vlans



Dist-1(config)#spanning-tree vlan 20 root primary

Dist-1(config)#end


VLAN0020









Aging Time 480


------------------- ---- --- --------- -------- ----------------





Remove Sup720 and all incompatible linecards from the chassis

Replace non-E with E-series chassis and insert Supervisor 2T

Boot Sup2T compatible image from rommon, copy the saved configuration from compact flash to running

Validate the configs for Sup2T

Dist-2 with Sup2T will bootup as HSRP/STP secondary for all vlans as configured

The traffic will still be flowing through the Dist-1

Access

Distribution

L3 Core

STP & HSRP

Active

Red Vlan Green Vlan

Dist-1 Dist-2

STP & HSRP

Secondary

rommon>boot disk0:s2txx_new_sup2t_image

Boot the new Supervisor 2T image from compact disk in

rommon prompt,copied from cisco.com

-------- -------

Dist-2#copy disk0:saved_config system:running_config


Case 2 : Verification Supervisor 2T Verification

88

Dist-2#show version

Cisco IOS Software, s2t54 Software (s2t54-

IPBASEK9-M), Version 15.1(1)SY, RELEASE SOFTWARE

(fc5)

Technical Support:

http://www.cisco.com/techsupport

Copyright I 1986-2011 by Cisco Systems, Inc.

Compiled Tue 27-Sep-11 02:02 by prod_rel_team

ROM: System Bootstrap, Version 12.2(50r)SYS2,

RELEASE SOFTWARE (fc1)

Dist-2uptime is 51 minutes

Uptime for this control processor is 51 minutes

System returned to ROM by power on

System image file is "bootdisk:s2t54-ipbasek9-

mz.SPA.151-1.SY.bin"

Last reload reason: power-on

- Omit Output -

Cisco WS-C6509-E (M8572) processor (revision)

with 1769472K/262144K bytes of memory.

Processor board ID SMG0929N81U

CPU: MPC8572_E, Version: 2.1, (0x80E80021)

CORE: E500, Version: 3.0, (0x80210030)

CPU:1500MHz, CCB:600MHz, DDR:600MHz

L1: D-cache 32 kB enabled

I-cache 32 kB enabled

Last reset from power-on

Dist-2# show module

Mod Ports Card Type Model Serial No.

--- ----- --------------------------------------

1 8 DCEF2T 8 port 10GE WS-X6908-10G SAL16095SXR

2 48 CEF720 48 port 10/100/1000mb Ethe WS-X6748-GE-TX SAL1208GW5C

5 5 Supervisor Engine 2T 10GE w/CTS (Acti VS-SUP2T-10G SAL16020SSN

Mod MAC addresses Hw Fw Sw Status

--- ---------------------------------- ------ ------------

1 442b.0311.5588 to 442b.0311.56cf 1.1 12.2(50r)SYL 15.1(1)SY Ok

2 001f.6cf6.5260 to 001f.6cf6.52f2 2.7 12.2(14r)S5 15.1(1)SY Ok

5 588d.098a.b517 to 588d.098a.b654 1.2 12.2(50r)SYS 15.0(1)SY Ok

Mod Sub-Module Model Serial Hw Status

---- --------------------------- ------------------ -----------

1 Distributed Forwarding Card WS-F6K-DFC4-E SAL16095R3F 1.2 Ok

2 Centralized Forwarding Card WS-F6700-CFC SAL1207GEH3 4.0 Ok

5 Policy Feature Card 4 VS-F6K-PFC4 SAL16010C7B 1.1 Ok

5 CPU Daughterboard VS-F6K-MSFC5 SAL16020TKS 1.3 Ok

Mod Online Diag Status

---- -------------------

1 Pass

2 Pass

5 Pass

Verify the Sup2T insertion

and software version using

show module and show version


- a brief 4 sec traffic drop was seen for Green vlans during HSRP convergence


for Green vlans due to STP re-calculations


89


Dist - 1 Dist - 2

VSL Link Bundle

T5/4

T5/5

T5/4

T5/5

Port-Channel 1 Port-Channel 2

Switch Virtual Domain #100

Convert Sup2T in Dist-2 to run in VSS mode

Supervisor uplink interfaces are utilized to form a VSL link

Case 2 - Conversion to VSS

90

Step- 4 Configuration for the conversion takes the following path

Dist- 2 Dist-2(config)#switch virtual domain 100 Domain ID 100 config will take effect only

after the exec command 'switch convert mode virtual' is issued

Dist-2(config-vs-domain)#switch 1

Dist-2(config-vs-domain)#mac-address use-virtual

Dist-2(config)#udld enable

Dist-2(config)#spanning-tree mode rapid-pvst

Dist-2(config)#spanning-tree vlan 2-999 priority 24576

Dist-2(config-red)#int po 1

Dist-2(config-if)#switch virtual link 1

WARNING: Interface Port-channel1 placed in restricted config

mode. All extraneous configs removed!

WARNING: Interface TenGigabitEthernet5/4 placed in restricted

config mode. All extraneous configs removed!



Dist-2(config)#int range tenGigabitEthernet 5/4 5

Dist-2(config-if-range)#shutdown

Dist-2(config-if-range)#channel-group 1 mode on

Dist-2# show switch virtual

Switch Mode : Standalone

Not in Virtual Switch mode due to:

Domain ID is configured but invalid SWITCH_NUMBER 0 setting.

This implies an incomplete or failed Virtual Switch

conversion process.

Configure Switch Virtual Domain


91

Configure Switch id

Configure virtual mac address

Enable udld

Configure spanning tree for all vlans

Configure VSL port-channel

Assign the Sup2T uplinks to VSL port-channel

Verify that the switch is still working in standalone mode


Dist - 2

Dist-2#switch convert mode virtual

This command will convert all interface names

to naming convention "interface-type switch-number/slot/port,

save the running config to startup-config and

reload the switch.

NOTE: Make sure to configure one or more dual-active detection methods

once the conversion is complete and the switches have come up in VSS mode.

Do you want to proceed? [yes/no]:

Converting interface names

Building configuration

[OK]

Saving converted configuration to bootdisk:

Destination filename [startup-config.converted_vs-20130420-021633]?

AT THIS POINT THE SWITCH WILL REBOOT

SWITCH CONSOLE OUTPUT After reload *Apr 20 04:59:53.999: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch

*Apr 20 05:00:04.843: %VSL_BRINGUP-6-MODULE_UP: VSL module in slot 5 switch 2 brought up

*Apr 20 05:02:06.363: %VSLP-5-RRP_PEER_TIMEOUT: VSLP peer timer expired without detecting peer. Resolving role as

Active

*Apr 20 05:02:06.415: %VSLP-2-VSL_DOWN: VSL links down and not ready for any traffic

*Apr 20 05:03:59.795: %DIAG-SW2-6-DIAG_OK: Switch 2 Module 1: Passed Online Diagnostics

*Apr 20 05:03:59.987: %SATVS_IBC-SW2-5-VSL_DOWN_SCP_DROP: VSL inactive - dropping cached SCP packet:

(SA/DA:0x0/0x4, SSAP/DSAP:0x0/0x1, OP/SEQ:0x1030/0x8, SIG/INFO:0x1/0x21, eSA:0000.0100.0000)

Case 2 - Conversion to VSS Step- 5 Convert the mode to virtual

92

The most important

command

Switch will reload after

proceeding with this

command

How to read the output

Switch will bootup as ACTIVE with VSL link in shutdown

state


VSS Switch - 1 VSS# sh switch virtual role

Switch Switch Status Preempt Priority Role Session ID

Number Oper(Conf) Oper(Conf) Local Remote

------------------------------------------------------------------

LOCAL 1 DOWN FALSE(N ) 110(110) ACTIVE 0 0

In dual-active recovery mode: No

Dist-2 is now

converted to

Sup 2T VSS in

Active role


93

How to read the output

Checking the local switch

Configured switch id is 1

VSL status is down

No Pre-empt configuration

Configured and Operational priority is 110, derived during bootup

Since there is no other peer, the switch boots up as ACTIVE switch


1. Pre-configure MEC (Multi Chassis Ether Channel) using Switch-1 local interfaces, Switch-2 will

be Dist-1 once it is converted, interfaces can be added to MECs after its conversion to VSS at later steps

2. Move HSRP Virtual IP address to Vlan interfaces

3. Remove HSRP config, (active and standby chassis will be using active chassis burnt-in mac-

address and Vlan ip address . HSRP is no longer required )

4. Turn On NSF-SSO (Non-Stop forwarding) feature for routing protocol

5. VSS simplifies the routing configuration

6. Modify STP configuration such that VSS switch-1 be the root for all vlans

Pre-configuration steps can also be performed after converting Dist-2 to VSS as

well. Pre-configuration helps to reduces amount of packet loss during migration.

Case 2 - Conversion to VSS Step- 6 Pre-configure VSS Switch-1

94

Now that Dist-2 is successfully converted and It is operating in VSS mode, perform

below steps to pre configure VSS Switch-1 (Dist-2)


Gig1/1/1

Gig1/1/2

Gig1/1/3

Gig1/1

Gig1/2

Gig1/3

TGig2/1 TGig1/1/21 TGig2/2 TGig1/2/2

Access

Distribution

L3 Core

STP & HSRP

Active

Red Vlan

Green Vlan

Dist-1 Dist-2

Case 2 - Conversion to VSS Pre-configure VSS Switch-1

VSS

95


Case 2 Configuration Migration Step- 6 Configuration Migration: Pre-Configure MEC

96

VSS Active

Configure MEC

Move Interface

configuration to MEC

VSS Active

interface TenGigabitEthernet1/2/1

ip address 192.168.4.2 255.255.255.0

interface GigabitEthernet1/1/2

switchport

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20

VSS(config-if)#int po10

VSS(config-if)#switchport

VSS(config-if)#switchport trunk encap dot1q

VSS(config-if)#switchport trunk allowed vlan 10,20

VSS(config-if)no shut

VSS(config-if)#int gig 1/1/2

VSS(config-if)#switchport

VSS(config-if)# channel-group 10 mode desirable

Traditional config

Choose a unique port channel (MEC) id for each of the neighbor device

that is dual homed to VSS

VSS(config)#int gig 1/1/1

VSS(config-if)#no ip add

VSS(config-if)#int po20

VSS(config-if)#ip add 192.168.4.2 255.255.255.0

VSS(config-if)no shut

VSS(config-if)#int gig 1/1/1

VSS(config-if)#channel-group 20

mode desirable

MEC to Core

MEC to Access


Case 2 Configuration Migration Step- 6 Configure port channel in VSS neighbor device

97

Core

Configure Layer-3

port channel

Core(config-if)#int gig 1/1

Core(config-if)#no ip address

Core(config-if)#int po20

Core(config-if)# ip address 192.168.4.2

255.255.255.0

Core(config-if)#no shut

Core(config-if)#int gig 1/1

Core(config-if)#channel-group 20 mode

desirable

VSS neighbor device interfaces will be down at this moment , port channel

can be configured without interfering traffic flowing through Dist-1

Access(config)#int po10

Access(config)#switchport

Access(config)# switchport trunk encapsulation

dot1q

Access(config)#switchport mode trunk

Access(config)#no shut

Access(config)#int range gig 1/1

Access(config-if#channel-group 10 mode

desirable

Access Configure Layer-2

port channel


interface Vlan10

ip address 10.1.1.2 255.255.255.0

standby 10 ip 10.1.1.1

standby 10 priority 110

!

interface Vlan20

ip address 20.1.1.2 255.255.255.0

standby 20 ip 20.1.1.1

standby 20 priority 110

VSS Active

VSS(config)#interface Vlan10

VSS(config-if)# no standby 10 ip 10.1.1.1

VSS(config-if)# no standby 10 pri 110

VSS(config-if)#ip address 10.1.1.1

255.255.255.0

VSS(config)#interface Vlan20

VSS(config-if)# no standby 20 ip 20.1.1.1

VSS(config-if)# no standby 20 pri 110

VSS(config-if)# ip address 20.1.1.1

255.255.255.0

VSS Active

Traditional config

Remove HSRP Standby config

Move HSRP Standby IP Address to

the Vlan interfaces

End devices are still pointing their arp entries to HSRP mac-address, till the entry times

out or re-arp would update their cache. Temporarily connectivity may be lost during this

time.

Case 2 Configuration Migration Step- 6 Configuration Migration : Remove Gateway Protocol

98


Case 2 Configuration Migration Step- 6 Configuration Migration : Update Routing Protocol config

99

VSS#sh run | beg ospf router ospf 10

log-adjacency-changes

network 10.1.1.0 0.0.0.255 area 0

network 20.1.1.0 0.0.0.255 area 0

network 192.168.4.0 0.0.0.255 area 0

network 192.168.5.0 0.0.0.255 area 0

VSS(config)#router ospf 10

VSS(config-router)# nsf

VSS(config-router)# no network 192.168.5.0

0.0.0.255 area 0

VSS Active

Enable NSF/SSO and Remove Routing statements that are no longer needed with VSS

Core

Previous L3 interfaces are merged

as MEC, hence some routing

statement are not needed..

Core#sh run | beg ospf

router ospf 1

log-adjacency-changes

network 192.168.4.0 0.0.0.255 area 0

network 192.168.5.0 0.0.0.255 area 0

Demo-Core(config)#router ospf 1

Demo-Core(config-router)# nsf

Demo-Core(config-router)#no network

192.168.5.0 0.0.0.255 area 0

Previous L3 interfaces are merged

as MEC, hence some routing

statement are not needed..


Case 2 Sup 2T Migration in VSS mode Step 7 : Verify VSS Switch-1 connectivity

VSS Switch-1 is configured to forward

traffic while we disconnect Dist-1 and

migrate to VSS mode

Verify VSS Switch-1 Configuration and

connectivity

1. Enable VSS switch-1 interfaces

2. Very L2 connectivity to access

switches

3. Verify L3 connectivity to core switches

4. After VSS switch-1 connectivity

verification , shutdown Dist-1

interfaces to switch traffic over to VSS.

5. 50 secs, traffic loss is expected during

this step when all flows move from

Dist-1 to VSS-Switch-1

Gig1/1/1 Gig1/1/2

Gig1/1/3

Gig1/1

Gig1/2

Gig1/3

TGig2/1 TGig1/1/21 TGig2/2 TGig1/2/2

Access

Distribution

L3 Core

STP & HSRP

Active

Red Vlan Green Vlan

Dist-1 Dist-2

VSS

100


Dist - 1 Dist - 2

VSL Link Bundle

T5/4

T5/5

T5/4

T5/5

Port-Channel 1 Port-Channel 2

Switch Virtual Domain #100

Convert Sup2T in Dist-1 to run in VSS mode

Supervisor uplink interfaces are utilized to form a VSL link


101

Repeat the same set of Steps from 1 7

Dist- 1 Dist-1(config)#switch virtual domain 100 Domain ID 100 config will take effect only

after the exec command 'switch convert mode virtual' is issued

Dist-1(config-vs-domain)#switch 2

Dist-1(config-vs-domain)#mac-address use-virtual

Dist-1(config)#udld enable

Dist-1(config-red)#int po 1

Dist-1(config-if)#switch virtual link 1

WARNING: Interface Port-channel1 placed in restricted config

mode. All extraneous configs removed!





Dist-1(config)#int range tenGigabitEthernet 5/4 5

Dist-1(config-if-range)#shutdown

Dist-1(config-if-range)#channel-group 1 mode on

Dist-1# show switch virtual

Switch Mode : Standalone

Not in Virtual Switch mode due to:

Domain ID is configured but invalid SWITCH_NUMBER 0 setting.

This implies an incomplete or failed Virtual Switch

conversion process.

Configure Switch Virtual Domain


102

Configure Switch id

Configure virtual mac address

Enable udld

Configure VSL port-channel

Assign the Sup2T uplinks to VSL port-channel

Verify that the switch is still working in standalone mode


Case 2 Sup 2T Migration in VSS mode Step- 8 Sup 2T VSS Migration Completion

103

Do a no shut on VSL link between Switch1-VSS (Dist-2) and Switch-2 VSS (Dist-1), Switch2-VSS switch will

reload and resume the STANDBY role

Dist-1(config)#interface po 2

Dist-1(config-if)#no shut

*Apr 20 05:22:26.587: %VSLP-SW2-5-RRP_MSG: Use 'redundancy reload shelf'

to bring this switch to its preferred STANDBY role

*Apr 20 05:22:26.587: %DUAL_ACTIVE-SW2-1-RECOVERY: Dual-active condition

detected: Starting recovery-mode, all non-VSL and non-excluded

interfaces have been shut down

Dist-1(recovery-mode)#redundancy reload shelf

System configuration has been modified. Save? [yes/no]: yes

Building configuration

[OK]

Reload this shelf [confirm]

Preparing to reload this shelf

*Apr 20 05:23:42.083: %RF-SW2-5-RF_RELOAD: Shelf reload. Reason: Admin

reload CLI

*Apr 20 05:23:42.083: %VSLP-SW2-3-VSLP_LMP_FAIL_REASON: Te2/5/4:

Disabled by Admin self reload

*Apr 20 05:23:42.083: %VSLP-SW2-3-VSLP_LMP_FAIL_REASON: Te2/5/5:

Disabled by Admin self reload

*Apr 20 05:23:42.087: %VSLP-SW2-2-VSL_DOWN: All VSL links went down

while switch is in ACTIVE role

after the Dist-1 comes back up, do a no shut on MEC port

channels to load balance the

traffic over to remaining

channel members

no shut on VSL port channel 1 and port channel 2 on both

VSS switches

Both VSS switches will detect this change using VSL control

messages

Switch-1 is already working in VSS as ACTIVE switch, use

redundancy reload shelf

command to bring the Dist-1

in preferred STANDBY state


Case 2 Sup 2T Migration Completion in VSS mode

104

Supervisor 2T Migration is completed in VSS mode , at this point both switches are active

and traffic will be load-balanced on all MEC member interfaces

Access

Distribution

L3 Core

VSS

BRKDCT-2309

Documents

Transcript of BRKDCT-2309