VSS-34682010
Transcript of VSS-34682010
Cisco Catalyst Virtual Switching SystemBRKCRS-3468
Cisco Live & Networkers VirtualSpecial Offer Save $100Cisco Live has a well deserved reputation as one the industrys best educational values. With hundreds of sessions spanning four educational programs Networkers, Developer Networker, Service Provider, IT Management, you can build a custom curriculum that can make you a more valuable asset to your workplace and advance your career goals. Cisco Live and Networkers Virtual immerses you in all facets of Cisco Live, from participating in live keynotes and Super Sessions events to accessing session content to networking with your peers. Visit www.ciscolivevirtual.com and register for Cisco Live and Networkers Virtual. To get $100 USD off the Premier pass, which provides access to hundreds of technical sessions, enter slideshareFY11.
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
2
Agenda TopicsVSS Introduction Architecture Hardware Requirements Migration to VSS High Availability Quad Sup Uplink Forwarding Software Upgrades Deployment Considerations & Best Practices SummaryPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved.
Appendix Topics Operational Management Quality of Service Service Module Integration Deploying VSS with Server Virtualization Data Center L2 Interconnect via VSS
Cisco Public
3
Agenda Topics
VSS Introduction
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
4
Current Network ChallengesEnterprise CampusTraditional Enterprise Campus deployments have been designed in such a way that allows for scalability, differentiated services and high availability. However they also face many challenges, some of which are listed in the below diagramExtensive routing topology, Routing reconvergence
L3 Core
L2/L3 Distribution
FHRP, STP, Asymmetric routing, Policy Management
AccessPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
Single active uplink per VLAN (PVST), L2 reconvergence5
Current Network ChallengesTraditional Data Center designs are increasingly requiring Layer 2 adjacencies between Server nodes due to the use of Server Virtualization technology. However, these designs are pushing the limits of Layer 2 networks, placing more burden on loop-detection protocols such as Spanning TreeFHRP, HSRP, VRRP Spanning Tree Policy Management
Data Center
L2/L3 Core
Single active uplink per VLAN (PVST), L2 reconvergence, excessive BPDUs Dual-Homed Servers to single switch, Single active uplink per VLAN (PVST), L2 reconvergence L2 AccessPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
6
Catalyst 6500 Virtual Switching SystemToday (Today)10GESi Si Si
Overview
VSS (Physical View)10GESi
VSS (Logical View)
802.3ad or PagP
802.3ad
802.3ad or PagP
802.3ad
Access Switch or ToR or Blades
Server
Access Switch or ToR or Blades
Server
Access Switch or ToR or Blades
Server
Simplifies operational Manageability via Single point of Management, Elimination of STP,FHRP etc
Doubles bandwidth utilization with Active-Active Multi-Chassis Etherchannel(802.3ad/PagP) Reduce Latency
Minimizes traffic disruption from switch or uplink failure with Deterministic subsecondPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved.
Stateful and Graceful Recovery (SSO/NSF) Cisco Public
7
Virtual Switching SystemEnterprise CampusA Virtual Switching System-enabled Enterprise Campus network takes on multiple benefits including simplified management & administration, facilitating greater high availability, while maintaining a flexible and scalable architectureReduced routing neighbors, Minimal L3 reconvergence
L3 Core
L2/L3 Distribution
No FHRPs No Looped topology Policy Management
AccessPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
Multiple active uplinks per VLAN, No STP convergence
8
Virtual Switching SystemData CenterA Virtual Switching System-enabled Data Center allows for maximum scalability so bandwidth can be added when required, but still providing a larger Layer 2 hierarchical architecture free of reliance on Spanning TreeSingle router node, Fast L2 convergence, Scalable architecture Dual Active Uplinks, Fast L2 convergence, minimized L2 Control Plane, Scalable Dual-Homed Servers, Single active uplink per VLAN (PVST), Fast L2 convergence
L2/L3 Core
L2 Distribution
L2 Access
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
9
Agenda Topics
VSS Architecture
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
10
Introduction to Virtual Switching SystemConcepts
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
11
Virtual Switching System ArchitectureVirtual Switch Link (VSL)The Virtual Switch Link joins the two physical switch together - it provides the mechanism to keep both the chassis in syncAll traffic traversing the VSL link is encapsulated with a 32 byte Virtual Switch Header containing ingress and egress switchport indexes, class of service (COS), VLAN number, other important information from the layer 2 and layer 3 headerVS Header L2 Hdr L3 Hdr Data
A Virtual Switch Link bundle can consist of up to 8 x 10GE links
Control plane uses the VSL for CPU to CPU communications while the data plane uses the VSL to extend the internal chassis fabric to the remote chassis
CRC
Virtual Switch Link Virtual Switch ActivePresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
Virtual Switch Standby12
Virtual Switching System ArchitectureBefore the Virtual Switching System domain can become active, the Virtual Switch Link must be brought online to determine Active and Standby roles. The initialization process essentially consists of 3 steps: 1 2Link Bringup to determine which ports form the VSL Link Bringup to determine which ports form the VSL Link Management Protocol (LMP) used to track and reject Unidirectional Links, Link Management Protocol (LMP) used to track and reject Unidirectional Links, Exchange Chassis ID and other information between the 2 switches Exchange Chassis ID and other information between the 2 switches
Initialization
LMP LMP RRP RRP
LMP LMP RRP RRP
3
Role Resolution Protocol (RRP) used to determine compatible Hardware and Role Resolution Protocol (RRP) used to determine compatible Hardware and Software versions to form the VSL as well as determine which switch becomes Software versions to form the VSL as well as determine which switch becomes Active and Hot Standby from a control plane perspective Active and Hot Standby from a control plane perspectivePresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
13
Virtual Switching System ArchitectureA new ping mechanism has been implemented in VSS mode to allow the user to objectively verify the health of the VSL itself. This is implemented as a VSLP PingVSLP Ping VSLP Ping VSLP Ping VSLP Ping
VSLP Ping
VSL
VSLP Ping VSLP Ping
Switch1
VSLP Ping VSLP Ping
Switch2
The VSLP Ping operates on a per-physical interface basis and parameters such as COUNT, DESTINATION, SIZE, TIMEOUT may also be specifiedvss#ping vslp output interface tenGigabitEthernet 1/5/4 Type escape sequence to abort. Sending 5, 100-byte VSLP ping to peer-sup via output port 1/5/4, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 ms
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
14
Virtual Switching System ArchitectureVSL Configuration Consistency CheckAfter the roles have been resolved through RRP, a Configuration Consistency Check is performed across the VSL switches to ensure proper VSL operation. The following items are checked for consistency:Switch Virtual Domain ID Switch Virtual Domain ID Switch Virtual Switch ID Switch Virtual Switch ID Switch Preempt Switch Preempt Switch Priority Switch Priority
Virtual Switch
VSL Port state, interfaces VSL Port state, interfaces Power Enable on VSL cards Power Enable on VSL cards Note that if configurations do not match, the Hot-Standby Supervisor will revert to RPR mode, disabling all non-VSL interfacesPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
VSL Port Channel Link ID VSL Port Channel Link ID
Power Redundancy mode Power Redundancy mode
15
Virtual Switching SystemUnified Control PlaneOne supervisor in each chassis with inter-chassis Stateful Switchover (SSO) method in with one supervisor is ACTIVE and other in HOT_STANDBY mode Active/Standby supervisors run in synchronized mode (boot-env, running-configuration, protocol state, and line cards status gets synchronized) Active supervisor manages the control plane functions such as protocols (routing, EtherChannel, SNMP, telnet, etc.) and hardware control (Online Insertion Removal, port management)
CFC or DFC Line Cards CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
Active SupervisorCFC or DFC Line Cards CFC or DFC Line Cards CFC or DFC Line Cards
SF
RP
PFC
VSL SSO Synchronization
CFC or DFC Line Cards
CFC or DFC Line Cards
Standby HOT SupervisorCFC or DFC Line Cards CFC or DFC Line Cards CFC or DFC Line Cards
SF
RP
PFC
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
16
Virtual Switching SystemDual Active Forwarding PlanesBoth forwarding planes are active
Standby supervisor and all linecards including DFCs are actively forwardingVSS#
My Switch Id = 1 Peer Switch Id = 2
show switch virtual redundancySi Si
Switch 1 Slot 5 Processor Information : ---------------------------------------------Current Software state = ACTIVE Switch 2 Slot 5 Processor Information : ---------------------------------------------Current Software state = STANDBY HOT (switchover target)
Data Plane Active
Data Plane Active
Fabric State = ACTIVE Control Plane State = ACTIVE
Fabric State = ACTIVE Control Plane State = STANDBY
Switch1
Switch2
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
17
Virtual Switching System ArchitectureVirtual Switch DomainA Virtual Switch Domain ID is allocated during the conversion process and represents the logical grouping the 2 physical chassis within a VSS. It is possible to have multiple VS Domains throughout the network
VSS Domain 10
VSS Domain 20
VSS Domain 30
Use a UNIQUE VSS Domain-ID for each VSS Domain throughout the network. Various protocols use Domain-IDs to uniquely identify each pair.Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
18
Virtual Switching System ArchitectureRouter MAC Address AssignmentIn a Virtual Switching System, there is only one router MAC address to represent both physical chassis as a single logical device.By default, the MAC address allocated to the Virtual Switching System is taken from the first Active Switch burnt-in MAC-address, which is negotiated at system initialization. Regardless of either switch being brought down or up in the future, the same MAC address will be retained such that neighboring network nodes and hosts do not need to re-learn a new address.
Router MAC = burnt-in or virtual mac-addressRecommendation is to use the virtual mac-address option. This eliminates the possibility of a duplicate MAC address in case the original Supervisor is ever reused within the same network.Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
19
Virtual Switching System ArchitectureVirtual Router MAC Address AssignmentInstead of using default chassis mac-address assignment, from 12.2(33)SXH2 onwards virtual mac-address can be specified as shown belowVSS(config-vs-domain)#switch virtual domain 10 VSS(config-vs-domain)#mac-address use-virtual Configured Router mac address is different from operational value. Change will take effect after config is saved and the entire Virtual Switching System (Active and Standby) is reloaded.
VSS# show interface vlan 1 Vlan1 is up, line protocol is up Hardware is EtherSVI, address is 0008.e3ff.fc0a (bia 0008.e3ff.fc0a)
The use-Virtual MAC address is assigned from a reserved pool of MAC addresses appended with the VSS domain id. The reserved pool is 0008.e3ff.fc00 to 0008.e3ff.ffff.Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
20
Virtual Switching System ArchitectureMultichassis EtherChannel (MEC)Prior to the Virtual Switching System, Etherchannels were restricted to reside within the same physical switch. In a Virtual Switching environment, the two physical switches form a single logical network entity - therefore Etherchannels can now be extended across the two physical chassisStandalone VSS
Both LACP and PAGP Etherchannel protocols and Manual ON modes are supported
Regular Etherchannel on single chassisPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
Multichassis EtherChannel across 2 VSS-enabled chassis21
Virtual Switching System ArchitectureEtherChannel Hash for MECEtherchannel hashing algorithms are modified in VSS to always favor locally attached interfaces
Blue Traffic destined for the Server will result in Link 1 in the MEC link bundle being chosen as the destination path
Link 1
Link 2
Orange Traffic destined for the Server will result in Link 2 in the MEC link bundle being chosen as the destination path
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
22
Etherchannel Concepts
The default hashing algorithm will redistribute all the Result Bit Hash values across the available ports when there is a change. This affects all traffic traversing the EtherchannelRBH (for MEC) 2 Link Bundle Example Link 1 Link 2 Flow 1 Flow 1 Flow 3 Flow 3 Flow 5 Flow 5 Flow 7 Flow 7 Flow 2 Flow 2 Flow 4 Flow 4 Flow 6 Flow 6 Flow 8 Flow 8
Etherchannel Hash Distribution
Links 1,2 Links 1,2,3
Links 3,4 Links 4,5,6
Flow 1 Flow 1 Flow 4 Flow 4 Flow 7 Flow 7
RBH (for MEC) 3 Link Bundle Example Link 1 Link 2 Link 3 Flow 2 Flow 2 Flow 5 Flow 5 Flow 8 Flow 8
Flow 3 Flow 3 Flow 6 Flow 6
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
23
Etherchannel Concepts
Adaptive Hash Distribution Enhancement allows for the addition or removal of links in a bundle without affecting all of the traffic in an Etherchannel. Note in the below example, only Flow 7 and 8 are affected by the addition of an extra link to the ChannelRBH (for MEC) 2 Link Bundle Example Link 1 Link 2 Flow 1 Flow 1 Flow 3 Flow 3 Flow 5 Flow 5 Flow 7 Flow 7 Flow 2 Flow 2 Flow 4 Flow 4 Flow 6 Flow 6 Flow 8 Flow 8 RBH (for MEC) 3 Link Bundle Example Link 1 Link 2 Link 3 Flow 2 Flow 2 Flow 4 Flow 4 Flow 6 Flow 6
Etherchannel Hash Distribution Adaptive
Flow 1 Flow 1 Flow 3 Flow 3 Flow 5 Flow 5
Flow 7 Flow 8 Flow 8
vss#conf t vss#conf t Enter configuration commands, one per line. End with CNTL/Z. Enter configuration commands, one per line. End with CNTL/Z. vss(config)#port-channel hash-distribution adaptive vss(config)#port-channel hash-distribution adaptive vss(config)# ^Z vss(config)# ^Z vss# vss#
Available in 12.2(33)SXHPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
24
EtherChannel ConceptsEtherChannel HashA command can be invoked to assist in determining which link in the bundle will be used - it can use various hash inputs to yield an 8-bucket RBH value that will correspond to one of the port channel members
vss#show etherchannel load-balance hash-result interface portchannel 120 switch 1 ip 192.168.220.10 192.168.10.10 Computed RBH: 0x4 Would select Gi1/2/1 of Po120Note: specify switch when using hash result command, if not VSS assumes switch while commuting hash results from the hardware.
Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Presentation_ID 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Cisco Public
25
Virtual Switching System ArchitectureVSS(config)#port-channel load-balance ? dst-ip dst-mac dst-mixed-ip-port dst-port mpls src-dst-ip src-dst-mac src-dst-mixed-ip-port src-dst-port src-ip src-mac src-mixed-ip-port src-portPresentation_ID
MEC Load-Balance SchemesDst IP Addr Dst Mac Addr
Dst IP Addr and TCP/UDP Port Dst TCP/UDP Port Load Balancing for MPLS packets Src XOR Dst IP Addr Src XOR Dst Mac Addr Src XOR Dst IP Addr and TCP/UDP Port Src XOR Dst TCP/UDP Port Src IP Addr Src Mac Addr Src IP Addr and TCP/UDP Port Src TCP/UDP Port
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
26
Agenda Topics
VSS Hardware and Software Requirements
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
27
VSS RequirementsHardwareIn order to enable the Virtual Switching System feature and configure the Virtual Switch Links (VSL) between 2 Catalyst 6500 chassis, the new Catalyst 6500 Virtual Switching Supervisor 720 is required to be used. It is the only Supervisor that will support VSS as it supports both the new PFC3C/XL forwarding engine
12.2(33)SXH1 or laterThe PFC3C/XL contains new hardware to support the extra LTL indices and mappings required to forward traffic across multiple physical chassis, lookup enhancements as well as MAC address table handling enhancements
VS-S720-10G-3C/XLPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
28
Hardware RequirementsVSL-Capable InterfacesThe VSL requires new port ASICs that exist only on the 10 GigabitEthernet interfaces on the following modules:Note: These interfaces may also be used as standard network interfacesWS-X6708-10G-3C/XL
VS-S720-10G-3C/XL These interfaces are based off the new port ASIC, allowing for frames across the VSL to be encapsulated / de-encapsulated with the VSHWS-X6716-10G-3C/XL * * Support for VSL from 12.2(33)SXI onwards
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
29
VSS Hardware RequirementsVSS Supported Ethernet ModulesModule WS-X6704-10G-3C/XL WS-X6708-10G-3C/XL WS-X6716-10G-3C/XL WS-X6724-SFP WS-X6748-SFP WS-X6748-GE-TX 7600-SIP-400 Descripiton 10GE Linecard 10GE Linecard 10GE Linecard 1000BASE-X Linecard 1000BASE-X Linecard 10/100/1000 BASE-TX Linecard SIP 400 with Ethernet & PoS SPA Interfaces Status 12.2(33)SXH1 12.2(33)SXH1 12.2(33)SXH1 12.2(33)SXH1 12.2(33)SXH1 12.2(33)SXH1 12.2(33)SXI4
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
30
VSS Hardware RequirementsService Module SupportModuleACE10/ACE 20-6500-K9 WS-SVC-FWSM-1-K9 WS-SVC-IDSM2-K9 WS-SVC-NAM-1 WS-SVC-NAM-2
DescriptionApplication Control Engine (ACE) Firewall Services Module (FWSM) Intrusion Detection System Services Module (IDSM-2) Network Analysis Module (NAM1) Network Analysis Module (NAM2)
VSS Minimum Software12.2(33)SXI 12.2(33)SXI 12.2(33)SXI 12.2(33)SXH1 12.2(33)SXI
Service Module Minimum SoftwareA2(1.2) 4.0(4) 6.0(2)E1 3.6(1a) 3.2.171.6
WS-SVC-WISM-1-K9Application Control Engine (ACE)
Wireless Services Module (WiSM)Firewall Services Module (FWSM)
Wireless Services Module (WiSM)
ACE10/ACE 20-6500-K9Network Analysis Module (NAM 1&2)
WS-SVC-FWM-1-K9
WS-SVC-WISM-1-K9 Intrusion Detection System Services Module (IDSM-2)
Presentation_ID
WS-SVC-NAM-1 WS-SVC-NAM-2
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
WS-SVC-IDSM2-K9
31
Hardware Requirements
Sup720-10G-VSS PFC3C Interoperability With DFCSup720-10G-VSS Non-VSS Mode System wide PFC Mode PFC3B* Not Supported PFC3C PFC3C PFC3A* PFC3C Sup720-10G-VSS VSS Mode System wide PFC Mode Not Supported Not Supported Not Supported Not supported PFC3C PFC3C
DFC3C DFC3B DFC3A DFC2 CFC
Classic
* Non-VSS mode, inserting DFC3A or DFC3B will be powered down until a reload, Up on reload systems runs in lowest common denominator DFC mode.Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
32
Software RequirementsVSS PackagingSupported with 12.2(33)SXI1 (CCO 03/31/09) Before 12.2(33)SXI1 IOS IP Base VSS 1440 Mode Not Supported VSS 1440 Mode Supported 12.2(33)SXI1 And newer VSS 1440 Mode Supported VSS 1440 Mode Supported
(available with bundles only)
IOS IP Services and Above
Please refer to the SXI1 product bulletin for more information http://www.cisco.com/en/US/products/ps9336/prod_bulletins_list.htm lPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
33
Agenda Topics
Migration to VSS
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
34
Migration to VSSOverviewL3 Core Migration Steps between
1. 2.
Distribution and core Configure MEC Remove Routing Statements which are not needed.
L2/L3 Distribution
Access
Migration Steps between Distribution and Access-layer 1. Modify FHRP Configuration 2. Configure Multichassis Etherchannel 3. Move L2 Trunk configuration to MEC interfaces 4. Move Policies to MEC if needed 5. Keep Spanning-Tree Enabled
Expect Network Disruption During Conversion Process Prepare in advance to minimize downtimePresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
35
Migration to VSSConversion ProcessThe conversion process requires configuration steps on both switches that will form part of the Virtual Switch Domain and requires a reboot of both switches during the conversion
Standalone
VSS
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
36
Migration to VSSConversion ProcessFor the purposes of this explanation - lets assume the following setup is required Switch1T5/4 T5/5 Port-Channel 1 T5/4 T5/5 Port-Channel 2
Switch2
Virtual Switch Link
Switch Virtual Domain #100
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
37
Migration to VSSConversion ProcessConfiguration for the conversion takes the following path Switch1Router(config)#host VSS VSS(config)#switch virtual domain 100 Domain ID 10 config will take effect only after the exec command 'switch convert mode virtual' is issued VSS(config-vs-domain)#switch 1 VSS(config-vs-domain)#exit VSS(config)#interface port-channel 1 VSS(config-if)#switch virtual link 1 2 1
Switch2Router(config)#host VSS VSS(config)#switch virtual domain 100 Domain ID 10 config will take effect only after the exec command 'switch convert mode virtual' is issued VSS(config-vs-domain)#switch 2 VSS(config-vs-domain)#exit VSS(config)#interface port-channel 2 VSS(config-if)#switch virtual link 2 VSS(config-if)#interface range tenG 5/4 - 5 VSS(config-if-range)#channel-group 2 mode on
3
VSS(config-if)#interface range tenG 5/4 - 5 VSS(config-if-range)#channel-group 1 mode on
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
38
Migration to VSSConversion ProcessConfiguration for the conversion takes the following path Switch1vss#switch convert mode virtual 4 This command will convert all interface names to naming convention "interface-type switch-number/slot/port", save the running config to startup-config and reload the switch. Do you want to proceed? [yes/no]: yes Converting interface names Building configuration... [OK] Saving converted configuration to bootflash: ... Destination filename [startupconfig.converted_vs-20071031-150039]?
Switch2vss#switch convert mode virtual This command will convert all interface names to naming convention "interface-type switch-number/slot/port", save the running config to startup-config and reload the switch. Do you want to proceed? [yes/no]: yes Converting interface names Building configuration... [OK] Saving converted configuration to bootflash: ... Destination filename [startupconfig.converted_vs-20071031-150039]?
AT THIS POINT THE SWITCH WILL REBOOT
AT THIS POINT THE SWITCH WILL REBOOT
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
39
Migration to VSSConversion ProcessSWITCH CONSOLE OUTPUT
Configuration for the conversion takes the following path Switch1SWITCH CONSOLE OUTPUT
Switch2
System detected Virtual Switch configuration... Interface TenGigabitEthernet 1/5/4 is member of PortChannel 1 Interface TenGigabitEthernet 1/5/5 is member of PortChannel 1 00:00:26: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch Initializing as Virtual Switch ACTIVE processor 00:01:19: %VSLP-5-RRP_ROLE_RESOLVED: Role resolved as ACTIVE by VSLP
System detected Virtual Switch configuration... Interface TenGigabitEthernet 2/5/4 is member of PortChannel 2 Interface TenGigabitEthernet 2/5/5 is member of PortChannel 2 00:00:26: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch Initializing as Virtual Switch STANDBY processor 00:01:02: %VSLP-5-RRP_ROLE_RESOLVED: Role resolved as STANDBY by VSLP
00:01:19: %VSL-5-VSL_CNTRL_LINK: Control Link 5/4
New VSL
00:01:02: %VSL-5-VSL_CNTRL_LINK: Control Link 5/4
New VSL
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
40
Migration to VSS
Conversion Process Last Critical Step(No Longer required in SXI3 or newer)SWITCH CONSOLE OUTPUT vss-demo# switch accept mode interface Port-channel2 switch virtual link 2 no shutdown interface TenGigabitEthernet2/5/4 channel-group 2 mode on no shutdown interface TenGigabitEthernet2/5/5 channel-group 2 mode on no shutdown
Configuration for the conversion takes the following path Switch1virtual5SWITCH CONSOLE OUTPUT Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 10-Oct-07 01:02 by chrisvan 00:02:42: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF 00:02:42: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF vss-sdby>
Switch2
Standby console disabled vss-sdby>
This command will populate the above VSL configuration from the standby switch into the running configuration. The startup configuration will also be updated with the new merged configuration if merging is successful. Do you want to proceed? [yes/no]: yes Merging the standby VSL configuration... Building configuration... 00:11:33: %PFINIT-SW1_SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. [OK]
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
41
Migration to VSS
Conversion Process Last Critical Step is Automated in SXI3 or newerConfiguration for the conversion takes the following path Switch1SWITCH CONSOLE OUTPUT Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 10-Oct-07 01:02 by chrisvan 00:02:42: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF 00:02:42: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF vss-sdby> SWITCH CONSOLE OUTPUT vss-demo#
Switch2
This command is no longer required since standby VSL configuration merge is done 5 automatically. vss-demo#
switch accept mode virtual
Standby console disabled vss-sdby>
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
42
Migration to VSSConversion ProcessConfiguration for the conversion takes the following path Switch1vss# sh switch virtual Switch mode : Virtual Switch Virtual switch domain number : 10 Local switch number : 1 Local switch operational role: Virtual Switch Active Peer switch number : 2 Peer switch operational role : Virtual Switch Standby vss#vss-sdby>enable
Switch2Standby console disabled vss-sdby>
Both switches are now converted with Switch1 - VSS Active Switch2 - VSS Hot standby Switch 2 console is now disabled for normal console activity
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
43
Virtual Switching System Architecture1 2 3 4 5 6 7
VSL InitializationInitialization Bring up VSL Linecards and VSL Ports Run VSLP Run RRP Inter-chassis SSO Continue System Bootup Pre-Parse Config
1 2 3 4 5 6 7
Initialization Bring up VSL Linecards and VSL Ports Run VSLP Run RRP Inter-chassis SSO Continue System Bootup Pre-Parse Config
CFC or DFC Line Cards CFC or DFC Line Cards CFC or DFC Line Cards
CFC or DFC Line Cards
SF
CFC or DFC Line Cards CFC or DFC Line Cards CFC or DFC Line Cards
Sup720-10GE ACTIVE
RP
PFC
VSLP RRP
VSL
CFC or DFC Line Cards CFC or DFC Line Cards
SF
CFC or DFC Line Cards CFC or DFC Line Cards CFC or DFC Line Cards
Sup720-10GE Standby Hot
RP
PFC
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
44
VS-S720-10G
Architecture: VSL Inband Connection
Allows for the VSL ports to be brought online very early in the boot process
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
45
Agenda Topics
High Availability
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
46
High Availability
Redundancy SchemesDefault redundancy mechanism between the two VSS chassis and their associated supervisors is NSF/SSOSwitch1 12.2(33)SXH1VSL
Switch2 12.2(33)SXH1
Active
NSF/SSO
Standby
If a mismatch of information occur between the Active & Standby, the Standby will revert to RPR mode Starting 12.2(33)SXI, minor mis-match in software will be still keep the switch in SSO mode Switch1 12.2(33)SXH1VSL
Switch2 12.2(33)SXH2
Active
RPRVSL
Standby
Switch1 12.2(33)SXI
Switch2 12.2(33)SXI1
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Active
NSF/SSO
Cisco Public
Standby
47
Virtual Switching SystemInter Chassis NSF/SSO2Standby Supervisor takes over as Virtual switch Active Virtual Switch Standby initiates graceful restart Virtual Switching System Non Stop forwarding of packets will continue using hardware entries as Switch-2 assumes active role NSF aware neighbors exchange updates with Virtual Switch Active
Virtual Switch Active
Virtual Switch Hot Standby
Switch1
Switch2Switch Is down Virtual Switch Active
1
Virtual Switch Active incurs a supervisor outagePresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
Switch1
Virtual Switching System
Switch248
High AvailabilityNSF feature with SSO minimizes the amount of traffic loss following supervisor switchover while continuing to forward traffic using hardware entries. In VSS environment this feature is required to minimize traffic disruption in the event such as supervisor failure that causes supervisor switchover.Switch1 12.2(33)SXH1 ActiveNSF/SSO
NSF/SSO
Switch2 12.2(33)SXH1 Hot Standby
VSLVSS#config t VSS(config)#router ospf 1 VSS(config-router)#nsf
NSF is supported by the BGP, EIGRP, OSPF & IS-IS
VSS#show ip ospf Routing Process "ospf 10" with ID 192.168.2.1 Start time: 00:15:29.344, Time elapsed: 23:12:03.484 Supports only single TOS(TOS0) routes External flood list length 0 IETF NSF helper support enabled Cisco NSF helper support enabled Reference bandwidth unit is 100 mbps
Non-Stop Forwarding enabled
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
49
High Availability
After the roles have been resolved through RRP, a Configuration Consistency Check is performed across the VSS switches to ensure proper VSL operation. The following items are checked for consistency:Switch Virtual Domain ID Switch Virtual Domain ID Switch Virtual Switch ID Switch Virtual Switch ID Switch Preempt Switch Preempt Switch Priority Switch Priority
NSF/SSO Requirements
VSL Port state, interfaces VSL Port state, interfaces Power Enable on VSL cards Power Enable on VSL cards Additionally, software version, installed patches and PFC modes also need to be consistent for NSF/SSO mode to be enteredPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
VSL Port Channel Link ID VSL Port Channel Link ID
Power Redundancy mode Power Redundancy mode
50
High Availability
Failure of MEC member Upstream Traffic Convergence is determined by Access device
Si
Si
Etherchannel convergence - typically 200ms
Typically only the flows on the failed link are effected
Si
Si
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
51
High AvailabilityConvergence is determined by VSS VSS Etherchannel convergence
Failure of MEC member Downstream Traffic
Si
Si
Typically Sub - 200ms Only the flows on the failed link are effected
Si
Si
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
52
High AvailabilityDual-Active DetectionIn a Virtual Switching System Domain, one switch is elected as Active and the other is elected as Standby during boot up by VSLP. Since the VSL is always configured as a Port Channel, the possibility of the entire VSL bundle going down is remote, however it is a possibility
Switch1 VSL Active
Switch2
Hot Standby
Recommendation is to deploy the VSL with two or more links and distribute those interfaces across multiple modules to ensure the highest redundancy
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
53
High AvailabilityDual-Active DetectionIf the entire VSL bundle should happen to go down, the Virtual Switching System Domain will enter a Dual Active scenario where both switches transition to Active state and share the same network configuration (IP addresses, MAC address, Router IDs, etc) potentially causing communication problems through the network 3 Step Process 1 2 3Dual-Active detection using the detection method enabled in the system. Further network disruption is avoided by disabling previous VSS active switch interfaces connected to neighboring devices . Dual-Active recovery, when VSL recovers , the switch that has all its interfaces brought down in the previous step will reload to boot in a preferred standby state
Switch1
Switch2
Active
VSL
Active
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
54
High AvailabilityDual-Active ProtocolsEnhanced PAgP VSLP Fast Hello IP-BFD
P PA A G G PP ++
P PA
TTL V LV
Switch 1
A GP GP + +TT LL VV
Switch 2
Switch 1
Switch 2
Switch 1
Switch 2
Active
Hot Standby
Active
VSLP VSLP
VSLP VSLP
Hot Standby
Active
BFD BFD
BFD BFD
Hot Standby
Requires ePagP capable neighbor :3750: 12.2(46)SE 4500: 12.2(44)SE 6500: 12.2(33)SXH1
Direct L2 Connection Requires 12.2(33)SXI
Direct L3 Connection Requires 12.2(33)SXH1
Sub-second convergencePresentation_ID
Sub-second convergenceCisco Public
Seconds of convergence*55
2010 Cisco and/or its affiliates. All rights reserved.
High Availability
Dual-Active: Recovery Mode%DUAL_ACTIVE-SW1_SP-1-DETECTION: Dual-active condition detected: all non-VSL and non-excluded interfaces have been shut down
Active Recovery
VSL
Standby Active
VSS#show switch virtual dual-active summary Pagp dual-active detection enabled: Yes Bfd dual-active detection enabled: Yes No interfaces excluded from shutdown in recovery mode In dual-active recovery mode: Yes Triggered by: Pagp detection Triggered on interface: Gi1/2/3Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
Dual-Active Detected
56
High Availability
Dual Active: Recovery ModeImportant ! Do not make any configuration changes while in the Dual Active Recovery mode. If the config is changed the system will not automatically recover once the VSL becomes active again One must issue the write memory command and then reload the switch in recovery mode using the reload shelf command
Switch 1 VSL Recovery
Switch 2
Active
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
57
High Availability
Dual-Active Detection Exclude InterfacesUpon detection of a Dual Active scenario, all interfaces on the previous-Active switch will be brought down so as not to disrupt the functioning of the remainder of the network. The exclude interfaces include VSL port members as well as any pre-configured ports which may be used for management purposesvs-vsl#conf t Enter configuration commands, one per line. End with CNTL/Z. vs-vsl(config)#switch virtual domain 100 vs-vsl(config-vs-domain)#dual-active exclude interface Gig 1/5/1 vs-vsl(config-vs-domain)#dual-active exclude interface Gig 2/5/1 vs-vsl(config-vs-domain)# ^Z vs-vsl#
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
58
High Availability
Dual-Active: RestorationUpon the restoration of one or more VSL interfaces, VSLP will detect this and will proceed to reload Switch 1 so that it will be able to bootup in preferred Hot Standby role after bootupRecoverySwitch 1 VSL Switch 2
RestorationSwitch 1 VSL Hot StandbyR
Switch 2
Recovery Switch-1 shutdown all active interfaces *
Active
Active
Switch-1 will reload and boot up in Hot standby role
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
59
Agenda Topics
Quad-Sup Uplink Forwarding
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
60
VSS Redundant Supervisor SupportWhy Redundant Supervisors Are NeededA Supervisor failure event will down the affected chassis decreasing the VSS bandwidth by 50% Certain devices may only single-attach to the VSS for various reasonsService Modules/Servers Costs $$ Geographic separation of VSS chassis
Si
Si
Supervisor failure events therefore require manual intervention for recovery of the affected chassisUndeterministic outage time
Uplinks are not active when the Supervisor is in ROMMON mode Relies on manual process to install and convert the new Supervisor with current VSS configuration
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
61
Provides Active Uplinks in the Standby Supervisor with Deterministic Recovery From a Supervisor FailureIn the initial VSS release a redundant In-Chassis Supervisor is not supportedWill stop its boot process at the ROMMON stageSi Si
VSS Quad-Sup Uplink Forwarding
Quad-Sup Uplink ForwardingNew in 12.2(33)SXI4
A Second Supervisor installed in the chassis will boot as a Linecard with all of its ports active
If the active Supervisor in the chassis should fail the In-Chassis Standby will reload and then take over the chassis Supervisor functions without human intervention 1. 2. 3. Supervisor Failure event Chassis reloads In-chassis Standby now becomes VSS standby and chassis dataplane is active again 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
R
R
= Reload 62
Presentation_ID
Virtual Switching System (VSS)Redundant supervisors fully boot Cisco IOS to RPR-WARM redundancy mode Switch-1 Switch-2
Quad-Sup Control Plane
RPR -Warm
SSO Active
Si
STANDBY COLD
SSO Hot-Standby RPR -Warm
VSL
Si
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
63
From data plane perspective the RPR-Warm supervisor operates similarly to a DFC-enabled line card. Forwarding tables are in sync and data plane is active for module uplinks Switch-1 Switch-2
Virtual Switching System (VSS) Quad-Sup- Data plane
Active
Active
STANDBY COLD
Si
VSL
Active Active
Si
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
64
Virtual Switching System (VSS)
All Uplinks Active in RPR-WARM Redundancy ModeUse at least one of the ten gigabit interfaces from each supervisor to build the VSL. Remaining ports can be used for other purposes including uplinks. PFC and crossbar fabric of the In-chassis standby supervisor are active.
Si
Si
Switch-1 SwitchSF RP PFC
Switch-2 SwitchSF RP PFC
Standby HOT Supervisor Active Supervisor
Standby HOT Supervisor
SF
Si
PFC
SF
Si
PFC
RPR-WARM
VSL
RPR-WARM
= UplinksPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
65
Virtual Switching System (VSS)Active Supervisor Hardware FailureActive VSS supervisor incurs a hardware failureSSO ActiveRPR-Warm
1
Switch-1
Switch-2
SSO
Si
STANDBY COLD
SSO Hot Standby RPR-Warm
VSL
Si
Available Bandwidth= Line Cards ActivePresentation_ID 2010 Cisco and/or its affiliates. All rights reserved.
100 % 50%
SW1
SW2
SW2
Cisco Public
1
Duration
66
Virtual Switching System (VSS)Active Supervisor Hardware Failure1.
2
Switch-1
Switch-2
2. 3.
SSO failover to the hot-standby supervisor in switch-2 Switch-1 reloads and comes back online. 50% bandwidth is available during switch-1 reload
R
SSO
Si
STANDBY COLD
RPR-WarmVSL
SSO Active
Si
R SSO
= Reload
Available Bandwidth
100 % 50%
SW1
= SSO Switchover = Line Cards Active
SW2
SW2
SW2
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
1
2
Duration
67
Virtual Switching System (VSS) Active Supervisor Hardware Failure1. Switch-1 comes online
3
Switch-1
Switch-2
2. Previous RPR warm supervisor resumes SSO hot standby state
3. The failed supervisor boots up in RPR warm mode. 4. 100% Bandwidth is available leveraging both switches
RPR Warm SSO Hot Standby
Si
STANDBY COLD
VSL
SSO Active RPR Warm
Si
Available BandwidthR
100 % 50%
SW1
SW1
= Reload = Line Cards Active
SW2
SW2
SW2
SW2
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
1
2
3
Duration
68
The following graph illustrates the aggregate traffic for the VSS system during the active supervisor failover with and without dual supervisor support.
Virtual Switching System (VSS) Active Supervisor FailoverPre SXI4
100 % 50%
12.2(33)SXI4SW1 SW2 SW2 SW2
Available Bandwidth 1 2 3 Duration
100 % 50%
SW1 SW2 SW2
SW1
Un-deterministic supervisor failure recovery
Available Bandwidth 1
2
3
Duration
Deterministic supervisor failure recoveryPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
69
VSS Quad-Sup Uplink Forwarding Redundancy ModeVSS DomainVSS Switch 1 (SSO Active) In-Chassis Active VSS Switch 2 (SSO Hot Standby) In-Chassis Active
In-Chassis Standby (RPR- WARM)
In-Chassis Standby (RPR- WARM)
RPR-Warm is a new redundancy mode created for the VSS In-chassis Standby Supervisor RPR-Warm mode allows the Supervisor to operate primarily as a linecard, but with some synchronization with the In-Chassis Active Supervisor (Synchronization does not occur across chassis) Supervisor uplink ports are operational and active just like on a linecardPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
70
VSS In-Chassis Standby RPR-WARM Redundancy ModeIn-Chassis Standby SupervisorDownloads and boots new image file Sup720-LC SP runs the Sup720-LC image RP is in ROMMON Operates mostly as a DFC enabled line card Some Supervisor subsystems are synched between In-Chassis Active and Standby Startup-config Vlan.dat BOOT ROMMON variable CONFIG_FILE ROMMON variable BOOTLDR ROMMON variable DIAG ROMMON variable SWITCH_NUMBER ROMMON variable71
Subsystems synched includeVSS Chassis with Dual Supervisors Running Quad-Sup Forwarding
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
VSS In-Chassis Standby Boot ProcessStartBoot Sup720 image (Initialize)
Begin Boot Sup720-LC image
Existing process for SSO mode
Active
In-Chassis Role Negotiation
In-Chassis Role Negotiation
Active
Reload
Standby
Standby
No
Virtual Switch
Virtual Switch
No
YesWarm Upgrade to Sup720-LC imagePresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
YesBoot as Line Card (RPRWARM)72
In-Chasss Standby Booting to Sup-LC ImageSystem detected Virtual Switch configuration... Interface TenGigabitEthernet 2/5/4 is member of PortChannel 2 Interface TenGigabitEthernet 2/5/5 is member of PortChannel 2 *Apr 5 20:27:50.747: %SYS-3-LOGGER_FLUSHING: System pausing to ensure console debugging output. Firmware compiled 02-Mar-10 17:41 by integ Build [100] *Apr 5 20:27:50.747: %PFREDUN-6-STANDBY: Initializing as STANDBY processor for this switch!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Decompressing the image : ####################################################################################### ####################################################################################### ### [OK] Launching the SPLC image! Restricted Rights Legend
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
73
Virtual Switching System (VSS)Dual Supervisor Redundancy LEDSSO Active Redundancy Led status SSO Standby RPR Warm
Green
Orange (amber)
Blinking Orange
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
74
Virtual Switching System (VSS)CLI VerificationRouter#sh mod Mod Ports Card Type Model Serial No. --- ----- ----------------------------------------------------------------5 5 Supervisor Engine 720 10GE (Active) VS-S720-10G SAD1205069Y 6 5 Supervisor Engine 720 10GE (RPR-Warm) VS-S720-10G SAD1205065B Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------5 001e.4aaa.ee70 to 001e.4aaa.ee77 2.0 8.5(2) 12.2(2009050 Ok 6 001e.4aaa.ed58 to 001e.4aaa.ed5f 2.0 8.5(2) 12.2(2009042 Ok Mod Sub-Module Model Serial Hw Status ---- --------------------------- ------------------ ----------- ------- ------5 Policy Feature Card 3 VS-F6K-PFC3C SAD120504EB 1.0 Ok 5 MSFC3 Daughterboard VS-F6K-MSFC3 SAD120301PL 1.0 Ok 6 Policy Feature Card 3 VS-F6K-PFC3C SAD1203057R 1.0 Ok 6 MSFC3 Daughterboard VS-F6K-MSFC3 SAD120301PL 1.0 Ok Mod Online Diag Status ---- ------------------5 Pass 6 Pass
Quad Supervisor Uplink Forwarding Redundancy
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
75
Virtual Switching System (VSS)Cli VerificationRouter#sh switch virtual redundancy My Switch Id = 1 Peer Switch Id = 2 Last switchover reason = user forced Configured Redundancy Mode = sso Operating Redundancy Mode = sso Switch 1 Slot 5 Processor Information : ----------------------------------------------Current Software state = ACTIVE Image Version = Cisco IOS Software, s72033_rp Software (BOOTLDR = Configuration register = 0x2 Fabric State = ACTIVE Control Plane State = ACTIVE Switch 1 Slot 6 Processor Information : ----------------------------------------------Current Software state = RPR-Warm Uptime in current state = 4 days, 17 hours, 36 minutes Image Version = > BOOT = disk0:mz-rbh,12; CONFIG_FILE = BOOTLDR = Configuration register = 0x2 Fabric State = RPR-Warm Control Plane State = RPR-WarmPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
Quad Supervisor Uplink Forwarding Redundancy Monitoring
76
Virtual Switching System (VSS)
Quad Supervisor Uplink Forwarding Redundancy Monitoring
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
77
VSS Quad Supervisor Uplink ForwardingKey PointsQuad Supervisor Uplink Forwarding feature is scheduled for release in 12.2(33)SXI4 Quad Supervisor Uplink Forwarding allows for deterministic recovery from a Supervisor failure event In-Chassis Standby Uplinks are active and operational under normal conditions
In-Chassis Standby Supervisor runs in new redundancy mode called RPR-WARM Switchover to the In-Chassis Supervisor does require a reload of the chassis Supervisor role negotiation occurs first within the chassis, then the winning In-Chassis active Supervisor performs VSS role negotiation between chassisPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
78
Agenda Topics
Software Upgrades
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
79
VSS Software UpgradePreparation Steps1. Preparation Steps a) Ensure the old image and new image files are installed to the local file systems on both Supervisor modules b) Configure the boot register to auto-load the specified software image file c) Configure the boot string to load the new software image 2. Reset the standby Supervisor and ensure it boots successfully to RPR mode (STANDBY COLD). Hot Standby modules are power down and not forwarding traffic at this point, forwarding capacity will be down to 50% 3. Force a Supervisor switchover, forwarding capacity drops to 0%. Standby Supervisor continue to boot and become the new ACTIVE. Old active Supervisor will reset and load the old image and boot to STANDBY COLD (RPR) state 4. Trial Phase 5. Modify boot variable on Switch-1 and reload switch1 such that it boots up with new software image. Forwarding capacity will resume back to 100%R SOPresentation_ID
Pre 12.2(33)SXI Fast Software Upgrade (FSU)Switch-1 Switch-2
SO R
VSS Standby COLD VSS Active VSS Standby HOT WS-X6708-10G
Si
STANDBY COLD VSS Standby Cold VSS Standby Hot VSS Active VSL WS-X6708-10G
Si
R
Execute Upgrade
100%
VSS Standby Cold
50%
SW2
SW1
= Reset = Switchover
= Old Version = New VersionCisco Public
1
2
2010 Cisco and/or its affiliates. All rights reserved.
3 4 SW1/SW2
5 80
VSS Software UpgradePreparation Steps1. Before ISSU software upgrade, VSS Switch-1 and Switch-2 will be running the old software image. 2. Install the new image to the same location on the file systems of both Supervisors 3. Make sure the boot register is configured for auto boot 0x2102
12.2(33)SXI Enhanced Fast Software Upgrade (EFSU)Switch-1 Switch-2
SO R
VSS Standby Hot VSS Active WS-X6708-10G
2. ISSU loadversion
Si
STANDBY COLD VSS VSS Active Standby Hot WS-X6708-10G
R
VSL
Si
Execute Upgrade
3. ISSU runversion 4. ISSU AcceptversionVSS Standby HOT 100%
5. ISSU Commitversion
50%
SW2
SW1
SW1
= Old Version = New VersionPresentation_ID
R SO
= Reset = Switchover 1Cisco Public
2
3
4
5 81
2010 Cisco and/or its affiliates. All rights reserved.
VSS Software Upgrade
Full Image Upgrade Bandwidth Availability GraphThe following graphs illustrate the aggregate bandwidth available to the VSSFast Software Upgrade bandwidth availability Enhanced Fast Software Upgrade bandwidth availability
100%
100%
50%
50%
1
SW2
2
3
SW1/SW2
4
At step 3 during RPR switchover, bandwidth will be dropped to 0% for 1-2 minutesPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved.
SW1
5
1
2
SW2
3
SW1
4 SW1
5
With EFSU, a minimum of 50% bandwidth is available throughout the software upgrade processCisco Public
82
EFSU
Initializing Standby With New SoftwareAfter entering the issu loadversion command, the standby chassis will reload to boot the new software image. ..issu loadversion active-switch-id/slot active-image-new standby-switch-id/slot standby-image-newVSS# issu loadversion sup-bootdisk:New_image VSS# show issu state Slot = 22 RP State = Active ISSU State = Load Version Boot Variable = bootdisk:Old_image,12 Slot RP State ISSU State Boot Variable = = = = 40 Standby Load Version bootdisk:New_image,12;sup-bootdisk:Old_image,12
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
83
EFSU
Switchover to Standby to Run New Software
After entering the issu runversion command the Active Supervisor will reload thus causing the Standby to go Active
Switch# issu runversion standby-switch-id / slot [standby-image-new]
VSS# issu runversion This command will reload the Active unit. VSS# show issu state Slot RP State ISSU State Boot Variable Slot RP State ISSU State Boot Variable = = = = = = = =
Proceed ? [confirm]
40 Active Run Version New_image,12;bootdisk:Old_image,12 22 Standby Run Version bootdisk:Old_image,12
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
84
EFSU
Rollback TimerRollback timers gets activated as soon as issu runversion command is issued. It provides a window of time to verify the new software functionality. Users issues issu acceptversion to proceed with new software image or issu abortversion to go back to previous version.VSS# show issu rollback-timer Rollback Process State = In progress Configured Rollback Time = 45:00 Automatic Rollback Time = 42:02 VSS(config)# issu set rollback-timer ? WORD Rollback timer in hh:mm:ss or format
Rollback timer can be set between zero seconds and two hours. Setting the rollback to zero effectively disables the timer
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
85
EFSU Process
Accept New Software VersionEnter the issu acceptversion command to stop the rollback timer. This allows a trail period where the system can be tested with the new software image.Switch# issu acceptversion active-switch-id / slot [active-image-new]VSS# issu acceptversion % Rollback timer stopped. Please issue the commitversion command. VSS# show issu state Slot RP State ISSU State Boot Variable Slot RP State ISSU State Boot Variable = = = = = = = = 40 Active Run Version bootdisk:New_image,12;bootdisk:Old_image,12 22 Standby Run Version bootdisk:Old_image,12
Important: Only features that are common to both software versions will be enabled during the ISSU Run Version stagePresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
86
EFSU Process
Reset Old Active to Load New SoftwareEnter the issu commitversion command to commit the new software image, the standby supervisor will reload to boot new software imageSwitch# issu commitversion standby-switch-id / slot-number [standby-image-new]VSS# issu commitversion 10:54:37: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. [OK] 00:32:35: %SYS-SW1_SPSTBY-5-RELOAD: Reload requested - From Active Switch (Reload peer unit). VSS# show issu state Slot RP State ISSU State Boot Variable Slot RP State ISSU State Boot Variable = = = = = = = = 40 Active Init bootdisk:New_image12; Old_image,12 22 Standby Init bootdisk:New_image,12; Old_image,12
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
87
EFSU Process
Full Image Upgrade ProcessFollowing picture illustrates the EFSU stepsLC Active LC Switch-1 LC Standby LC Switch-2 ISSU loadVersion LC LC Switch-1 LC Standby LC Switch-2 ISSU RunVersion
Active
Standby LC Switch-1
LC
Active LC Switch-2
LC
ISSU CommitVersion
Standby LC
LC
LC Active LC Switch-2
= Old Version = New VersionCisco Public
Switch-1
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
88
Virtual Switching System (VSS) QuadSup & eFSUPreparation Steps 1. Before ISSU software upgrade, VSS all sups will be running old software image. Make sure all 4 sups have a new image copied to their local flash memory. ISSU loadversion Standby chassis (active and standby sups) reloads and comes up with new image ISSU runversion Standby takes over as active and old active switch (active and standby sups) reloads and comes up as standby with old image. ISSU acceptversion If network is stable issue ISSU acceptversion which stops the rollback timer, otherwise ISSU process will aborted intermediately.VSS Standby Cold
Switch-1
Switch-2
2.
SO R
Execute Upgrade
3.
Hot-standby Active RPR Warm
Si
STANDBY COLD Hot--standby Active RPR Warm
R
VSL
Si
4.
VSS Standby HOT 100 % 50%
5.
ISSU commitversion Once the image is tested and ready to be rolled out .. ISSU commit version will reload the standby switch (active and standby sups) to boot up with new software version= Old Version = New VersionR SO
= Reset
Available Bandwidth1Cisco Public
SW2
SW1
SW1
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
= Switchover
2
3
4
5
Duration
89
VSS & EFSU Important PointsDual-homed connectivity is required for minimal traffic disruptionSingle-homed devices will experience an outage when the attached chassis reloads
Software images files must be ISSU compatible (these are not VSS specific requirements)Must be the same image types, meaning Native to Native or Modular to Modular For Modular images, both images must use the same installation method, therefore installed mode or binary mode EFSU support begins in the SXI train
The software feature sets must be the same between the two software image files
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
90
Agenda Topics
Deployment Considerations and Best Practices
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
91
Virtual Switching SystemDeployment ConsiderationsDual-attach connected devices whenever possibleEtherchannel and L3 ECMP hash algorithms have been modified so that local links will always have preference over remote links Minimal traffic expected to cross VSL link in dual-homed scenario
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
92
VSL Bandwidth Sizing & ConsiderationsSi Si
The VSL is an Etherchannel VSL bandwidth should be greater than or equal to the largest bandwidth connection to a single attached device (downlink)can include up to eight links
Si
Si
Consider the bandwidth for any Service Modules and SPAN sessions Distribute the VSL interfaces across multiple modules for added resiliency Include at least one VSL interface from the Supervisor module for faster VSL bring-up during reloads
Consider the bandwidth on a per VSS chassis basis
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
93
VSS High AvailabilityEIGRPSwitch(config)#router eigrp 100 Switch(config-router#nsf Router# sh ip protocol *** IP Routing is NSF aware *** Routing Protocol is "eigrp 100 100" EIGRP NSF-aware route hold timer is 240s EIGRP NSF enabled
NSF Configuration and MonitoringOSPFSwitch(config)#router ospf 100 Switch(config-router#nsf Router# sh ip ospf Routing Process "ospf 100" with ID 10.120.250.4 Start time: 00:01:37.484, Time elapsed: 3w2d Supports Link-local Signaling (LLS) Non-Stop Forwarding enabled, last NSF restart 3w2d ago (took 31 secs)
Recommendation: Non-Stop Forwarding is required for sub-sec supervisor switchover convergence with L3 Routing Protocols
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
94
Operational ManagementShould there be a requirement to reload the entire Virtual Switching System (both chassis), the command reload can be used to accomplish this task
Reloading the VSS
Virtual Switch
vss#reload
Warning: This command will reload the entire Virtual Switching System (Active and Standby Switch). Proceed with reload? [confirm]
1d04h: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command. *** *** --- SHUTDOWN NOW --*** 1d04h: %SYS-SP-5-RELOAD: Reload requested System Bootstrap, Version 8.5(1) Copyright (c) 1994-2006 by cisco Systems, Inc. Cat6k-Sup720/SP processor with 1048576 Kbytes of main memory Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
95
Operational ManagementReloading a Member of the VSSNEW command has been introduced to reload a SINGLE VSS member switchSwitch1 Switch2
VSL
Activevss# redundancy reload ? peer shelf
Hot Standbyvss# redundancy force-switchover This will reload the active unit and Force switchover to standby [confirm]
NEW
vss# redundancy reload shelf 2 Reload the entire remote shelf[confirm] Preparing to reload remote shelf vss#Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved.
vss#Cisco Public
96
VSS High AvailabilityOOB-Mac-SynchronizationIt is used for synchronizing mac-address tables across forwarding engines. If WS-6708-10G is present in the VSS system, mac-synchronization is turned on automatically. If not it has to be enabled manually. Dist-VSS#(config)# mac-address-table synchronize % Current activity time is [160] seconds % Recommended aging time for all vlans is at least three times the activity intervalDist-VSS# sh mac-address-table synchronize statistics MAC Entry Out-of-band Synchronization Feature Statistics: --------------------------------------------------------Switch [1] Module [4] ----------------------Module Status: Statistics collected from Switch/Module : 1/4 Number of L2 asics in this module : 1 Global Status: Status of feature enabled on the switch Default activity time Configured current activity time : on : 160
Recommendation: Enable Out-Of-Band Mac-Synchronization.
: 480
If this feature is not enabled, mac-address-table across different forwarding engines could go out-of-sync and may cause unicast flooding.Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
97
Dual-Active DetectionRecommendations:Use MEC with ePAgP or MEC with VSLP Fast Hello for faster VSL link loss convergence results.
Multiple Mechanisms and Recommendations
Si
Si
ePAgP
Enable BOTH ePAgP and direct heart-beat link based VSLP Fast Hello methods (if possible )
Redundant VSL Fiber
Enable ePAgP to core (if accesslayer is not ePAgP capable
VSLP Fast-Hello or BFD ePAgP
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
98
VSS Deployment Best PracticesDOConfigure Switch accept-mode virtual Use unique VSS domain-id within the same network
Save backup configuration file in both active & hot-standby bootdisk: Use a minimum of one Supervisor uplink for the VSL, this provides for faster VSL bring up. Enable out-of-band MAC sync mac-address-table synchronize
Dual-home connected devices whenever possible, use L2 or L3 Multi-Chassis Etherchannel, L3 ECMP Use ePAgP and VSLP Fast Hello Dual Active Protocol. Enable NSF under routing protocolsPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
99
VSS Deployment Best Practices ContDO NOT . Tune default VSLP timers unless recommended by cisco Use preemption Issue shutdown for VSL failure, it creates config mismatch. Disconnect cables to create a realistic failure scenario
Change VSL hashing algorithm in production. It requires a shut/no shut on PO. Shutting down VSL will cause traffic disruption and dualactive scenario.
Write-erase to reset the VSS configuration. Write-erase will erase startup-configuration and rommon variables. VSS bring-up process requires switch-id to be present in rommon variable to boot in VSS mode. Use erase-nvram instead.
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
100
Agenda Topics
Summary
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
101
Benefit 1: Simplifies Network DesignsBuild redundant topology without First Hop Redundancy Protocols No Spanning Tree blocking ports
Single control plane and management interface
Reduces the number of L3 routing protocol peers
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
102
Benefit 2: Scales System CapacityGroups resources together and activates all available bandwidth across redundant Cisco Catalyst 6500 switches
Enables standardsbased link aggregation for server NIC teaming, maximizing server bandwidthPresentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
103
Benefit 3: Boost Network AvailabilityInter-chassis Stateful Failover enables real time applications to continue without disruption
Etherchannel based link resiliency provides sub-second recovery Simplifies network designs reducing human error in network operationsPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
104
Recommended Literature
www.cisco.com/go/vss
www.cisco.com/go/supportVSS Troubleshooting Best Practices Migration from Standalone to VSS VSS Design Guides Whats New BulletinCisco Public
RMA Procedure VSS FAQ VSS White PaperPresentation_ID
Service Module Integration 2010 Cisco and/or its affiliates. All rights reserved.
105
Agenda Topics
Operational Management
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
107
Operational Management
CiscoWorks LAN Management Solution SupportCiscoWorks LMS 3.0.1 supports VSS in the RME and CiscoView tool. CiscoView is designed to show the view of both Active and Hot Standby chassis side by side within one page.Each chassis is identified by a Each chassis is identified by a label indicating whether it is label indicating whether it is Active or Standby Active or Standby
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
108
Operational ManagementMultiple console interfaces exist within a Virtual Switch Domain, but only the active switch console is enabled for command interaction
Virtual Switching System CLI
Virtual Switch Active
Switch1
Switch2
Virtual Switch Hot Standby
SWITCH CONSOLE OUTPUT vss#
---------------------- ----------------------------Mod Ports Card Type Model --- ----- -------------------------------------- -----------------1 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE 5 5 Supervisor Engine 720 10GE (Hot) WS-S720-10G 7 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX 8 24 CEF720 24 port 1000mb SFP WS-X6724-SFP vss#
show module switch 1 Switch Number: 1 Role:
Virtual Switch ActiveSerial No. ----------SAD074303JX SAD1047078P SAL0943435M SAL09158Y0L
---------------------- ----------------------------Mod Ports Card Type Model --- ----- -------------------------------------- -----------------1 8 CEF720 8 port 10GE with DFC WS-X6708-10GE 5 5 Supervisor Engine 720 10GE (Active) WS-S720-10G 7 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX 8 24 CEF720 24 port 1000mb SFP WS-X6724-SFP Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
sh module switch 2 Switch Number: 2
Role:
Virtual Switch StandbySerial No. ----------SAL1101D5EP SAD104306WW SAL09391NZM SAL09158ZZT
109
Operational Management
Single Point of Management: Slot/Port NumberingAfter conversion, port definitions for switches within the Virtual Switch Domain inherit the Chassis ID as part of their naming convention PORT NUMBERING: PORT NUMBERING:
Chassis-ID WILL ALWAYS be either a 1 or a 2VSS#show ip interface brief VSS#show ip interface brief Interface IP-Address Interface IP-Address Vlan1 unassigned Vlan1 unassigned Port-channel1 unassigned Port-channel1 unassigned Te1/1/1 10.1.1.1 Te1/1/1 10.1.1.1 Te1/1/2 192.168.1.2 Te1/1/2 192.168.1.2 Te1/1/3 unassigned Te1/1/3 unassigned Te1/1/4 unassigned Te1/1/4 unassigned GigabitEthernet1/2/1 10.10.10.1 GigabitEthernet1/2/1 10.10.10.1 GigabitEthernet1/2/2 10.10.11.1 GigabitEthernet1/2/2 10.10.11.1 GigabitEthernet2/1/1 unassigned GigabitEthernet2/1/1 unassigned GigabitEthernet2/1/2 unassigned GigabitEthernet2/1/2 unassigned GigabitEthernet2/1/3 unassigned GigabitEthernet2/1/3 unassigned Te2/1/4 unassigned Te2/1/4 unassigned Te2/1/5 unassigned Te2/1/5 unassigned Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved.
OK? OK? YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES
Method Method NVRAM NVRAM NVRAM NVRAM unset unset unset unset unset unset unset unset unset unset unset unset unset unset TFTP TFTP TFTP TFTP TFTP TFTP TFTP TFTPCisco Public
Status Status up up up up up up up up up up up up up up up up up up up up up up up up up up
Protocol Protocol up up up up up up up up up up up up up up up up up up up up up up up up up up110
Operational ManagementFile System NamingAfter the conversion to a Virtual Switching System, some of the File System naming conventions have changed to accommodate the new setup - an example of the new setup is shown belowe.g. OLD: disk0: NEW: sw1-slot5-disk0:
SWSLOTFILESYSTEM SWSLOTFILESYSTEM
Virtual Switch Domain
e.g. OLD: slavedisk0: NEW: sw2-slot5-disk0:
Active Supervisor - Slot 5
Switch1
Hot Standby Supervisor - Slot 5
Switch2
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
111
Operational ManagementFile System NamingSome filenames have remained the same - others have changed some examples of file system names in a Virtual Switching System include the followingVirtual Switch
Standalone with Dual sup Standalone with Dual supdisk0: disk0: slavedisk0: slavedisk0: bootflash: bootflash: slavebootflash: slavebootflash: sup-bootdisk: sup-bootdisk: slavesup-bootdisk: slavesup-bootdisk: nvram: nvram: const_nvram: const_nvram:Presentation_ID
Virtual Switching System Virtual Switching Systemswslotdisk0: swslotdisk0: swslotdisk0: swslotdisk0: swslotbootflash: swslotbootflash: swslotbootflash: swslotbootflash: swslotsup-bootdisk: swslotsup-bootdisk: swslotsup-bootdisk: swslotsup-bootdisk: swslotnvram: swslotnvram: swslotconst_nvram: swslotconst_nvram:Cisco Public
2010 Cisco and/or its affiliates. All rights reserved.
112
Operational ManagementSNMP Support for VSSThe SNMP process for a VSS necessitates support for Puts and Gets across 2 physical chassis, changes to existing MIBs and support for a new MIBSNMP Server
SNMP Puts SNMP Modified SNMP Modified MIBs MIBs Switch 1 - Active
SNMP Gets Switch 2 Hot Standby
SNMP New SNMP NewMIBs MIBs
Virtual Switch Domain 2010 Cisco and/or its affiliates. All rights reserved.
SNMP Process Active
SNMP Process Inactive
Presentation_ID
Cisco Public
113
Operational Management
New Virtual Switching System MIBCISCO-VIRTUAL-SWITCH-MIB has been defined to support SNMP access to the Virtual Switching System Configuration - the following MIB variables are accessible to an SNMP managercvsGlobalObjects - Domain #, Switch #, Switch Mode cvsCoreSwitchConfig - Switch Priority and Preempt
CISCO-VIRTUAL-SWITCH-MIB CISCO-VIRTUAL-SWITCH-MIB
cvsChassisTable - Chassis Role and Uptime cvsVSLConnectionTable - VSL Port Count, Operational State cvsVSLStatsTable - Total Packets, Total Error Packets cvsVSLPortStatsTable - TX/RX Good, Bad, Bi-dir and Uni-dir Packets
This MIB will be the main vehicle though which Network Management stations access information relevant to the operation of the Virtual Switching SystemPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
114
Operational ManagementNetflow ExportWS-X6708-10GE-3C/3CXL and WS-X6716-10GE-3C/3CXL WS-X6708-10GE-3C/3CXL and WS-X6716-10GE-3C/3CXL has capability to perform direct export from the line card itself has capability to perform direct export from the line card itself Netflow Collector Netflow ExportVSS State : Active Netflow Collection: Active Netflow Export: Active VSS State : Hot Standby Netflow Collection: Active Netflow Export: In-Active
Netflow Data
VSL WS-X6708-10GE-3C/XLNetflow Data Netflow Collection: Active Netflow Export: ActivePresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
Netflow Data
WS-X6748-GE-TX-3C/XLNetflow Data Netflow Collection: Active Netflow Export: In-Active115
Operational ManagementSPANIn a Virtual Switching System, the number of SPAN sessions is limited to what the VSS Active Supervisor can provide. SPAN capacity on the VSS Hot Standby is not factored into available SPAN sessionsSwitch 1 Supervisor Virtual Switch Domain Switch 2 Supervisor
VSL
VSS State : Active SPAN Management: Active Replication: Active
VSS State : Hot Standby SPAN Management: In-Active Replication: Active
Virtual Switching System is supported in 12(33)SXH1 which introduces the following SPAN capabilities per Virtual Switching System Domain TX SPAN Sessions 14 RX/Both SPAN Sessions 2 Total SPAN Sessions 16
Virtual Switch DomainPresentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
116
Operational Management
Setting the System-wide PFC ModeA NEW CLI has been implemented to allow the user to pre-configure the system PFC mode. Any DFC module that does not match the system PFC mode will not be powered up. This configuration will ensure a system runs in PFC3CXL mode and is not accidentally reverted to PFC3C mode
vss#conf t Enter configuration commands, one per line. End with CNTL/Z. vss(config)#platform hardware vsl pfc mode pfc3c vss(config)#^Z vss# vsssh platform hardware pfc mode PFC operating mode : PFC3C Configured PFC operating mode : PFC3C vss#Presentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
117
Agenda Topics
Quality of Service
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
118
Quality of Service
Classification and PolicingBoth Classification and Policing functions are handled by PFC QoS, and is executed by either the PFC on the Active and Hot Standby Supervisor, or the ingress linecard DFC. There are 2 important caveats which must be understood whilst implementing these functions1
Policies can either be applied on L3 interfaces (SVIs or Physical interfaces), or Port Channels, or L2 interfaces*policy-map CLASSIFY class class-default set ip dscp 40 interface GigabitEthernet 2/3/48 switchport service-policy input CLASSIFY policy-map CLASSIFY class class-default set ip dscp 40 interface PortChannel 10 switchport service-policy input CLASSIFY
* Qos policies on L2 interfaces are supported beginning in 12.2(33)SXIPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
119
Quality of Service2
Classification and PolicingAggregate policers that are applied on SVIs or Port Channels that have interfaces distributed across multiple forwarding engines are subject to Distributed Policing caveats
policy-map POLICE policy-map POLICE class class-default class class-default police average 10000000 police average 10000000 Interface GigabitEthernet 1/2/10 Interface GigabitEthernet 1/2/10 channel-group 20 mode desireable channel-group 20 mode desireable Interface GigabitEthernet 2/2/10 Interface GigabitEthernet 2/2/10 channel-group 20 mode desireable channel-group 20 mode desireable interface PortChannel interface PortChannel service-policy input service-policy input 20 20 POLICE POLICE
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
120
Quality of ServiceQoS on the VSLA few important aspects relating to VSL QoS are as follows: 1 VSLP and other Control frames are always marked as Priority packets and are 2 VSL is always configured as Trust CoS and hence ingress queuing isenabled 3 Service Policies are not supported on the VSL always queued and classified as such
4 CoS Maps, Thresholds and Queues on the VSL are not configurableVSLHTTP HTTP FTP FTP VSLP VSLP
Switch1
Switch2
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
121
Agenda Topics
VSS & Service Module Integration
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
122
VSS Hardware RequirementsService Module SupportModuleACE10/ACE 20-6500-K9 WS-SVC-FWSM-1-K9 WS-SVC-IDSM2-K9 WS-SVC-NAM-1 WS-SVC-NAM-2
DescriptionApplication Control Engine (ACE) Firewall Services Module (FWSM) Intrusion Detection System Services Module (IDSM-2) Network Analysis Module (NAM1) Network Analysis Module (NAM2)
VSS Minimum Software12.2(33)SXI 12.2(33)SXI 12.2(33)SXI 12.2(33)SXH1 12.2(33)SXI
Service Module Minimum SoftwareA2(1.2) 4.0(4) 6.0(2)E1 3.6(1a) 3.2.171.6
WS-SVC-WISM-1-K9Application Control Engine (ACE)
Wireless Services Module (WiSM)Firewall Services Module (FWSM)
Wireless Services Module (WiSM)
ACE10/ACE 20-6500-K9Network Analysis Module (NAM 1&2)
WS-SVC-FWM-1-K9
WS-SVC-WISM-1-K9 Intrusion Detection System Services Module (IDSM-2)
Presentation_ID
WS-SVC-NAM-1 WS-SVC-NAM-2
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
WS-SVC-IDSM2-K9
123
VSS Service Module IntegrationFour standalone Service Modules are supported per VSS chassis (eight total service modules for the VSS)Service Module redirected traffic, state sync, and failover traffic.
VSL bandwidth considerationsVSL will carry traffic destined to the Service Modules under normal conditions. Design an appropriate number of links for the VSL
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
124
FWSM & ACE Redundancy ModesFWSM & ACE Module HA Modes: Active-Standby per module, One of the service modules in a VSS system will be Active and another one will be standby.
Active-Standby Per Module
(VSS Active) Control Plane Active Data Plane Active Service Module1 Active Service Module2 StandbyPresentation_ID
Switch-1
Virtual Switch Domain
(VSS Standby) Control Plane Hot Standby Data Plane Active Service Module1 Standby Service Module2 Active
Switch-2
VSL
Failover/State sync Vlan
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
125
FWSM and ACE Redundancy ModelsFWSM & ACE Module HA Modes: Active-Active per context , both Service Modules are active and act as a back up for each other per context
Active-Active Per Context
(VSS Active) Control Plane Active Data Plane ActiveContext 1
Switch-1
Virtual Switch Domain
(VSS Standby) Control Plane Hot Standby Data Plane ActiveContext 1
Switch-2
VSL
Failover/State sync Vlan
Service moduleContext 3
Context 2
Service moduleContext 3
Context 2
Context A
Context B
Service module activeContext CPresentation_ID 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
Context A
Service module activeContext C
Context B
126
Hardware RequirementsService Modules Integration
Virtual Switch Domain
Packet Flow: Based upon the neighbor devices ether-channel loadbalancing configuration, it is expected to have traffic transmitted across all interfaces of MEC
Switch1 (VSS Active) Supervisor Active Data Plane Active Service Module Active VSL
Switch2 (VSS Standby) Supervisor Hot Standby Data Plane Active Service Module Standby
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
127
Hardware RequirementsService Modules Integration
Virtual Switch Domain
Packet Flow: ingress traffic will be redirected to the Active Service module of a context Therefore it is expected to have services traffic traversing VSL link.
Switch1 (VSS Active) Supervisor Active Data Plane Active Service Module Active VSL
Switch2 (VSS Standby) Supervisor Hot Standby Data Plane Active Service Module Standby
Recommendation: Size the VSL link based on expected services bandwidth requirement.
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
128
Hardware RequirementsService Modules Integration
Virtual Switch Domain
Packet Flow: ingress traffic will be redirected to the Active Service module of a context Therefore it is expected to have services traffic traversing VSL link.
Switch1 (VSS Active) Supervisor Active Data Plane Active Service Module Active VSL
Switch2 (VSS Standby) Supervisor Hot Standby Data Plane Active Service Module Standby
Recommendation: Size the VSL link based on expected services bandwidth requirement.
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
129
Hardware RequirementsService Modules IntegrationRecommendation: Service module stateful failover traffic should be considered for VSL capacity planning
Switch1 (VSS Active)
Virtual Switch Domain
Switch2 (VSS Standby)
Control Plane Active Data Plane Active FWSM Service module
VSL
Control Plane Hot Standby Data Plane Active FWSM Service module
FWSM Fail FWSM State
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
1-2Gbps
Cisco Public
130
VSS Service Module Integration IDSM2 Service Module High Availability
IDSM2 does not support Active-Standby however more than one IDSM2 are supported in the same chassis of a Virtual Switching System. Traffic Load-balancing and failover among multiple IDSM2s can be achieved using an Etherchannel configuration.Switch-1 Virtual Switch Domain Switch-2
(VSS Active)
(VSS Standby)
Control Plane Active Data Plane Active IDSM Active IDSM Active
VSL
Control Plane Hot Standby Data Plane Active Line Card Active
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
131
Similar to IDSM support available in Standalone Cat6500 system, Promiscuous, In-Line and On-A-Stick modes of operations are supported with VSS as well. If more than one IDSM is installed in a VSS system, etherchannel configuration can be leveraged to load-balance traffic across IDSMsSwitch-1(VSS Active)
VSS Service Module Integration IDSM2 Modes of Operation
Virtual Switch Domain Switch-2
(VSS Standby)
Control Plane Active Data Plane Active Data port IDSM Active Data port IDSM Active
VSL
Control Plane Hot Standby Data Plane Active
Line Card Active
Presentation_ID
Traffic is load-balanced across IDSMs can be achieved by configuring Data ports of two or more IDSMs are part of a porthannel 2010 Cisco and/or its affiliates. All rights reserved. Cisco Public
132
VSS Service Module Integration IDSM2 Integration: Packet Flow1
With Configuration of Multi Chassis EtherChannel traffic will be load-balanced across all uplink interfaces
Virtual Switch Domain Switch-1(VSS Active)
Switch-2
(VSS Standby)
Supervisor Active Data Plane Active IDSM Active Line Card
VSL
Supervisor Hot Standby
Data Plane Active Line Card Line Card
v
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
133
2
VSS Service Module Integration IDSM2 Integration: Packet Flow
Traffic that needs special attention is copied to IDSM in hardware using Catalyst features such as SPAN ad VLAN capture
Virtual Switch DomainSwitch-1 (VSS Active) Switch-2 (VSS Standby)
Supervisor Active Data Plane Active IDSM Active Line Card
VSL
Supervisor Hot Standby Data Plane Active Line Card Line Card
v
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
134
3
VSS Service Module Integration IDSM2 Integration: Packet Flow
Traffic is processed by the IDSM and decision is made to either forward or drop the packets or generate TCN RST to break the connection .
Virtual Switch DomainSwitch-1 (VSS Active) Switch-2 (VSS Standby)
Supervisor Active Data Plane Active IDSM Active Line Card
VSL
Supervisor Hot Standby Data Plane Active Line Card Line Card
v
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
135
VSS Service Module Integration WiSM Integration
WiSM in VSS works same as in standalone , for redundancy purpose it is recommended to place a WiSM in each chassis .
Virtual Switch DomainSwitch-1 (VSS Active) Switch-2 (VSS Standby)
Supervisor Active Data Plane Active WiSM Active Line Card
VSL
Supervisor Hot Standby Data Plane Active WiSM Standby Line Card
v
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
136
VSS Service Module Integration WiSM Integration
Similar to packet flow of other service modules described in the previous slides, traffic that is arrived on switch-2 will traverse the VSL link
Virtual Switch DomainSwitch-1 (VSS Active) Switch-2 (VSS Standby)
Supervisor Active Data Plane Active WiSM Active Line Card
VSL
Supervisor Hot Standby Data Plane Active WiSM Standby Line Card
v
Presentation_ID
2010 Cisco and/or its affiliates. All rights reserved.
Cisco Public
1