Migration Use Cases for Catalyst 6500 Supervisor 2T BRKDCT-2309
Faraz Siddiqui, Network Consulting Engineer
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Objectives for BRKDCT-2309
3
BRKARC-3465 Cisco Catalyst 6500 Switch Architecture
TECCRS-2065 Cisco Catalyst 6500 Technical Deep Dive
BRKCRS-3143 Troubleshooting Cisco Catalyst 6500 Series Switches
BRKCRS-2468 Cisco Catalyst Virtual Switching System (VSS)
Understand the
architectural
building blocks of
Supervisor 2T,
hardware and
software
dependencies
Identifying Migration
use cases of
Supervisor 2T and
step by step
migration
walkthrough (what is
happening during
each step)
Provide best
practices,
configuration and
reference material
for Migration process
and VSS technology
More sessions on Catalyst 6500
4
Plan
Execute
Verify
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
VSS Sup720
For Your Reference
Blue: Layer 3 Ethernet link
Red: Layer 2 Ethernet link
Supervisor 2T
VSS Sup 2T
Dual Supervisor 720 Dual Supervisor 2T
5
Presentation Legend
Single Supervisor 720
Acronyms Used
VSS Virtual Switching System
Sup Supervisor
2T 2 Terabit Switching
HSRP Hot Standby Redundancy Protocol
STP Spanning Tree Protocol
VSL Virtual Switch Link
MEC Multi Chassis Etherchannel
VLAN Virtual LAN
L2/L3 Layer 2 and Layer 3
ECMP Equal Cost multi-path
CFC Centralized Forwarding Card
DFC Distributed Forwarding Card
PFC Policy Feature Card
MSFC Multi-layer Switch Feature Card
X-Bar Cross Bar Switch Fabric
Access Switch
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Agenda
6
Migration Use cases description of Standalone, HA and VSS , test traffic profile
Migration Walk Through approach, migration Steps, STP and HSRP interaction, traffic re-routing
Supervisor 2T Architecture Overview architecture building blocks, hardware and software requirements
Current Network Challenges network design with spanning Tree, User downtime, VSS Solution
Results Summary and Best Practices convergence summary, verification of Sup2T, VSS verification
Current Network Challenges
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Traditional | With Spanning Tree
Business Continuity Challenges: STP Loops and Slow Routing Convergence
The Challenge
Complex network
design
Typical Deployment Scenario
Single active uplink per VLAN
50% bandwidth utilization only
Spanning Tree loops
First Hop Routing Protocol
Convergence
Productivity Loss User Downtime (seconds)
Complex
Config to
Manage
Access Switch or ToR or Blades
10GE
Access Switch or ToR or Blades
SiSiSiSi
VLAN
10 VLAN
15
VLAN
10 VLAN
15
Switch 1 Switch 2
HSRP Active 10
HSRP Standby 15
HSRP Active 15
HSRP Standby 10 X
X
Routing
Reconvergence
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Business Continuity Enhanced Availability and Simplified Network Design with VSS
VSS | Physical View
10GE
Access Switch or ToR or Blades
LACP LACP or PagP
Server
SiSi SiSi
VSS | Logical View
Server Access Switch or ToR or Blades
LACP or PagP LACP
The Solution
4 Tbps Virtual
Switching System
Simplified Network
Design
Spanning Tree and First
Hop Redundancy
Protocols Eliminated
Minimized Traffic
Disruption
Subsec Stateful and
Graceful Recovery (SSO
/ NSF)
Double Bandwidth
Utilization
With Active-Active Multi-
Chasis Etherchannel (LACP
/ PagP)
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Agenda
10
Migration Use cases description of Standalone, HA and VSS , test traffic profile
Migration Walk Through approach, migration Steps, STP and HSRP interaction, traffic re-routing
Supervisor 2T Architecture Overview architecture building blocks, hardware and software requirements
Current Network Challenges network design with spanning Tree, User downtime, VSS Solution
Results Summary and Best Practices convergence summary, verification of Sup2T, VSS verification
Catalyst 6500 Supervisor 2T
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Supervisor 2T Architecture Overview
12
Deployment at Core & Distribution layers
2Tbps switching capacity (4Tbps with VSS)
Line-rate encryption (MACSec)
New hardware and software features
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
New MSFC5 with single Dual-Core CPU &
single IOS image
New 26 Channel 2T Switch Fabric which
provides 80Gbps per slot
New PFC4 featuring improved performance &
scalability, along with new & enhanced hardware
features
New Connectivity
Management
Processor (CMP)
New USB based
console support
Cisco TrustSec (CTS)
on ALL Uplink ports
10G Uplinks
Supervisor 2T At @ Glance
13
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Supervisor 2T Block Diagram
14
Fabric Connector Shared Bus Connector
Crossbar
Switch Fabric
26 x 40G Fabric
Channels
Fabric Intf 1
Fabric Intf 0
Port ASIC 0 Port ASIC 1
SFP-2 SFP-3 SFP-1 X2-1 X2-2
Bus Replication ASIC
1GE FDX
MGMT Port
USB Port
Compact Flash
Serial Port
Local-Bus
Fabric
Replication ASIC MSFC5
DRAM
Bootdisk
Connectivity MGMT
processor
PFC4
Layer 2 forwarding Engine
Layer 3/4 forwarding Engine
Front
Panel
CTS ASIC CTS ASIC
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Policy Feature Card 4 Introduction
15
PFC4 - Default PFC (EARL8) FIB & Netflow at 256K entries PFC4XL - Upgrades FIB & Netflow Table to 1M entries
PFC4
Increased MAC Table (128K) L2 Bridge Domains (16K) L3 Logical Interfaces (128K) Increased Forwarding (60Mpps) Increased Throughput (80Gbps)
Scalability Native (H)VPLS MPLS Aggregate Labels (16K) Multi-point EoMPLS L2oGRE VRF-based NAT & FnF
Virtualization
IPv6 Tunneling in FIB Unicast RPF for IPv6 IPv6 Multicast in FIB 512K Multicast Routes IGMPv3 / MLDv2 Snooping
IP Routing Cisco TrustSec & SGACLs Increased ACL TCAM (256K) Increased ACL Labels (16K) Per-Port / Per-VLAN QoS Distributed Policers (512)
QoS & Security
Flexible Netflow (FnF) Egress Netflow L2 (per VLAN) Netflow TCP Flags Per-Protocol Counters
Monitoring
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Classification ACL Table #1
Netflow Hash Table
Adjacency Table
FIB TCAM
Adjacency Statistics
128K MAC Table
Netflow Data Table
LIF Map Table
Netflow Statistics
RPF Map Table
Classification ACL Table #2
LIF Table
LIF Statistics
Exception Table
Bus Backplane
Contains location of flow in Netflow Table
Contains several key packet fields for flow
Collection of NF statistics for each active flow
Contains CEF IPv4, IPv6 prefixes & MPLS entries
Contains Layer 2 rewrite information & pointers
Contains the Egress ACL entries (128K)
Contains the Ingress ACL entries (128K)
Contains table of exception cases & action to take
Collection of ADJ statistics for each active flow
Table of Src-Port info for Multicast & uRPF
Contains Logical Interface Mapping info
Contains the actual LIF Database entries
ACE Counters
Contains LIF Usage statistics
128K CAM containing L2 MAC address table
Collection of ACL hit statistics & other info
Layer 3 / 4 Forwarding
Engine
Layer 2 Forwarding Engine
Fabric Replication ASIC
Policy Feature Card 4 Earl 8 Overview
16
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Policy Feature Card 4 EARL8 Processing
17
Ingress ACL Ingress QoS L3 Lookup Ingress
NetFlow Headers
From L2 Engine
Egress ACL Egress
NetFlow Egress QoS
IFE Process
OFE Process
Headers To L2 Engine
Rewrite Result
Generation
The forwarding engine ASIC has 2 processing pipelines @ 60Mpps:
1. Input Forwarding Engine (IFE)
2. Output Forwarding Engine (OFE)
As each packet header enters the L3 Forwarding ASIC, the IFE pipeline will perform L3 Lookup and Ingress Security, QoS & Netflow processing
The header is merged with IFE results and then passed to the OFE pipeline, which will perform Egress Security, QoS & Netflow processing, to generate final result.
*also applies to each DFC4
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Multilayer Switch Feature Card 5 Introduction
18
Single Dual Core processor
Combines the functionalities of the Switch Processor (SP) & the Route Processor (RP)
Single Bootdisk filesystem
Enhanced CPU Performance
2GB or 4GB DDR3 DRAM
Connectivity Management Processor (CMP)
On-Board Failure Logging (OBFL)
Mini Protocol Analyzer (MPA)
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Multilayer Switch Feature Card 5 Block Diagram
19
Control Plane CPU 1.5 GHz
Core 0 Core 1
Inband Channel 1GE FDX
To Base-Board
OBFL Flash 4 MB
Network Management
port
USB 2.0 Host
Compact Flash
Serial Port
Ethernet Out of Band
Channel 100 Mbps HDX
Rommon 4 MB
I/O ASIC
256 MB Memory
CMP CPU 266 MHz
Rommon 32 MB
MUX Bootdisk
Front Panel
2 x 2 GB DDR2 Memory
NVRAM 4MB
10/100/100 Auto-MDI
Type A Type B
OBFL Flash 4 MB
Rommon 4 MB
I/O ASIC
NVRAM 4MB
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Multilayer Switch Feature Card 5 "Lights Out" Management with CMP
The Connectivity Management Processor (CMP) supports new capabilities that will aid Network Administrators in managing the system:
RP Image Recovery
- TFTP boot of the system
RP File Transfer
- Image copy via TFTP
Remote RP Reset
- Hard or Soft reset
RP Console Logging
USB Support
- Booting via Approved USB flash
- USB serial console access
Removes the need for a separate Telnet Server for console access
Has unique GOLD tests
20
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Multilayer Switch Feature Card 5 Accessing the CMP
Sup2T#
Sup2T#M
Sup2T#M
Sup2T#
Sup2T-cmp login: root
Password:
Cisco CMP Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2009-2011, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software may be covered under the GNU Public
License or the GNU Lesser General Public License. A copy of
each such license is available at
http://www.gnu.org/licenses/gpl.html and
http://www.gnu.org/licenses/lgpl.html
Sup2T-cmp#
Ctrl-C, Shift-M, Ctrl-C, Shift-M, Ctrl-C, Shift-M Enter root as default login
Enter default as default password
CMP suffix added to the prompt
When the system comes online, RP initially owns the console.
Use the following key sequence to switch between two consoles:
(Ctrl-C, Shift-M) three times to switch to CMP console
(Ctrl-R, Shift-M) three times to switch to RP console
21
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
2T Switch Fabric Introduction
Integrated 2Tbps Switch Fabric
26 Channels to support the 6513-E
Dual Queues (Hi/Lo) per fabric channel
Redundant channel to Standby for faster traffic convergence, during SSO switchover...
Provides backplane interconnects
Fabric traces are distributed across each slot
Each Fabric trace can operate at either 20Gb/sec or 40Gb/sec
Mixing 6700 & 6900 (20G & 40G) modules does not affect speeds of other modules
22
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
2T Switch Fabric High Availability
If using VS-S720-10G or VS-SUP2T-10G with a redundant Standby Supervisor, then two (2) fabric channels are connected "back to back":
Standby Supervisor uplink connection to Active Supervisor
Active Supervisor bus connection to Standby Supervisor
The Standby Supervisor is in DFC Mode, with its Bus connection disabled
With Sup2T the redundant Standby Supervisor enables its redundant channels for WS-6908-10GE and WS-6904-40GE modules, for "hitless" failover...
Active
Supervisor
Standby
Supervisor
Line Card
Slot 1
Line Card
Slot 13
23
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Feature Sup720 Sup720-10G Sup2T
Number of Channels 18 20* 26
Aggregate Bandwidth 720 Gbps 720 Gbps 2 Tbps
Channel Speeds (bps) 8G / 20G 8G / 20G 20G / 40G
Fabric Redundancy Yes Yes Yes
SSO Fabric Hot Synch No Yes* Yes
Redundant Channels No No Yes
Fabric Priority (QoS) Single Fabric Hi / Lo
Priority
Single Fabric Hi / Lo
Priority
Hi Priority Fabric
Lo Priority Fabric
Clear Block Support Yes Yes Yes
Switching Modes (DBUS Header Size)
Bus, Truncated,
Compact
Bus, Truncated,
Compact Truncated, Compact
Requires E-Series No No* Yes
NOTE: Compact switching mode provides optimal Fabric performance...
720 vs 2T Fabric Hardware Data-Plane
24
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Supported 6700 Series w/ CFC
WS-F6K-DFC4-E 6716-10G Fiber
WS-F6K-DFC4-A 6704-10G w/ DFC3
WS-F6K-DFC4-A 6700 Series 1G w/ DFC3
WS-F6K-DFC4-E 6716-10T Copper
6908-10G 6708-10G Fiber
Supported Legacy Services Modules
Supported 6100 Series
Upgrading the Install Base to Sup2T
25
Sup720 Sup2T
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Distributed Forwarding
26
DFC Interoperability with PFC
PFC3A PFC3B PFC3BXL PFC3C PFC3CXL PFC4 PFC4XL
DFC3A Compatible Operate as
PFC3A Operate as
PFC3A Operate as
PFC3A Operate as
PFC3A X X
DFC3B Operate as
DFC3A Compatible
Operate as PFC3B
Operate as PFC3B
Operate as PFC3B
X X
DFC3BXL Operate as
DFC3A Operate as
DFC3B Compatible
Operate as PFC3B & DFC3B
Operate as PFC3BXL
X X
DFC3C Operate as
DFC3A Operate as
DFC3B
Operate as PFC3B & DFC3B
Compatible Operate as
PFC3C X X
DFC3CXL Operate as
DFC3A Operate as
DFC3B Operate as DFC3BXL
Operate as DFC3C
Compatible X X
DFC4 X X X X X Compatible Operates as
PFC4
DFC4XL X X X X X Operates as
DFC4 Compatible
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Catalyst 6500 E Series Chassis
27
Enhanced (E) Series chassis offer: higher bandwidth higher power capacity, better signal integrity to support Supervisor 2T
3, 4, 6, 9 & 13-slot versions
Classic Data Bus traces/connectors
Crossbar Fabric traces/connectors
Redundant Power supplies
Enhanced Fan for system cooling
6509-V-E chassis offers redundant fan trays & air filtration
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
SWITCH FABRIC
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
The 720Gbps Switch Fabric has 18 channels which are distributed across the available
slots (6503 , 6504 , 6506 & 6509 each get 2 (dual) fabric channels, per slot) but what
about the 6513 & 6513-E? How do we split 18 channels across 13 slots?
Slots 1 - 8 each get a single fabric channel
Slots 9 - 13 each get dual fabric channels
8 x 1 = 8
5 x 2 = 10
8 + 10 = 18 Total fabric channels
Sup720 + 6513 / 6513-E Fabric-Channel Assignment
Sup720 Fabric + 6513/6513-E
28
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
The 2Tbps Switch Fabric has 26 channels which are distributed across the available
slots (6503-E , 6504-E , 6506-E , 6509-E & 6509-V-E already get 2 (dual) fabric channels,
per slot) but what about the 6513-E ?
1
3 2
4 5
7 6
8 9
11 10
12 13
14
16 15
17 18
20 19
21 22
24 23
25 26
SWITCH FABRIC
13 x 2 = 26
Sup2T + 6513-E Fabric-Channel Assignment
Slots 1 - 13 each get dual fabric channels
NOTE: This is now possible due to the additional
fabric channel traces (physical connectors & wires)
on both the Supervisor2T -AND- 6513-E
Hence, Supervisor 2T + 6513 (non-E) chassis
combination will NOT be supported...
Sup2T Fabric + 6513/6513-E
29
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Sup720 vs. Sup2T- Switching L2 (IPv4 / IPv6) Scaling
30
Feature Sup720 Sup2T
MAC Address Table 3A/B: 64K
3C: 96K 128K
CAM Hash Table Single Bank Dual Bank
L2 Bridge Domains 4K (VLAN) 16K (BD)
Adjacency Entries 1M 1M
MST Virtual Ports 100K 120K
R/PVST Virtual Ports 12K 16K
DAI, DHCP Snooping & SourceGuard
Entries 8K 12K
Policy-Based Forwarding (PBF) 32K 64K
EFP (Ethernet Flow Point) N/A 32K
EVC (Ethernet Virtual Connection) N/A 4K
L2oGRE Tunnels N/A 1K
* Available in future IOS software releases
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Sup720 vs. Sup2T- Routing IPv4 Route Scaling
31
Feature Sup720 Sup2T
FIB TCAM (non XL)
FIB TCAM (XL)
256K Entries
1M Entries
256K Entries
1M Entries
TCAM Entry Size 144 bits 288 bits
BGP Prefixes / Peers 750K / 1K 1M / 2K
OSPF Prefixes / Peers 20K / 50 30K / 75
EIGRP Prefixes / Peers 20K / 50 30K / 75
RIPv2 Prefixes / Peers 10K / 10 50K / 50
ARP Entries 30K 100K
FHRP Instances 500 1K
NAT / PAT Entries 256K (Ingress Only) 512K Ingress / 512K Egress
Policy Routing (PBR) Entries 2K 4K
IP GRE Tunnels 1K 5K
ECMP Load Sharing 16 paths 16 paths
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Agenda
32
Migration Use cases description of Standalone, HA and VSS , test traffic profile
Migration Walk Through approach, migration Steps, STP and HSRP interaction, traffic re-routing
Supervisor 2T Architecture Overview architecture building blocks, hardware and software requirements
Current Network Challenges network design with spanning Tree, User downtime, VSS Solution
Results Summary and Best Practices convergence summary, verification of Sup2T, VSS verification
Supervisor 2T Migration Use Cases
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Migration Use cases
34
Migrate single/dual Sup720 in the pair of Catalyst 6500 series non-E chassis with legacy hardware to single Sup2T in pair of E-chassis with supported
linecards
Typical deployment in campus and datacenter Core layer
Single/Dual
Supervisor
Migrate single Sup720 in pair of Catalyst 6500 series non-E chassis with legacy hardware to single Sup2T in pair of E-chassis with supported linecards
Convert the standalone Sup2T to VSS mode Typical deployment in campus Core/Distribution and datacenter Distribution
layer
Standalone
to VSS
Migrate Sup720 deployed as VSS in pair of Catalyst 6500 series non-E chassis with legacy hardware to Sup2T in VSS mode with supported linecards
Typical deployment in campus Core/Distribution and datacenter Distribution layer
VSS to VSS
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Single Supervisor
35
Topology and traffic details
Single Sup720 deployed in pair of Non-E chassis at distribution layer
Vlans are divided in group of Red and Green
Dist-1 is configured as HSRP Primary/STP root for Red vlans
Dist-2 is configured as HSRP Primary/STP root for Green vlans
Spirent traffic generator is used to inject 5000 mac addresses, 100 VLANs, 5000 simulated transmit
nodes (Layer 2), 50 SVIs at each core, 50 HSRP
groups, 5000 ARP entries (Layer 3)
Port Channel is connected between Catalyst pair at Layer2/Layer 3 boundary
Layer 3 termination at distribution layer
End-hosts are connected to access switch
Dist-1 Dist-2
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Dual Supervisors
36
Topology and traffic details
Dual Sup720s deployed in pair of Non-E chassis at distribution layer (HA or SSO mode)
Vlans are divided in group of Red and Green
Dist-1 is configured as HSRP Primary/STP root for Red vlans
Dist-2 is configured as HSRP Primary/STP root for Green vlans
Spirent traffic generator is used to inject 5000 mac addresses, 100 VLANs, 5000 simulated transmit
nodes (Layer 2), 50 SVIs at each core, 50 HSRP
groups, 5000 ARP entries (Layer 3)
Port Channel is connected between Catalyst pair at Layer2/Layer 3 boundary
Layer 3 termination at distribution layer
End-hosts are connected to access switch
Dist-1 Dist-2
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Virtual Switch System
37
Topology and traffic details
Sup 720 deployed in pair of Non-E chassis at distribution layer
Vlans are divided in group of Red and Green
Dist-1 and Dist-2 acting as one logical switch (STP root) and vlans are load balanced across both links
of MEC
Access switch is connected to VSS through MEC
VSL port channel is connected between Catalyst pair at Layer2/Layer 3 boundary
Spirent traffic generator is used to inject 5000 mac addresses, 100 VLANs, 5000 simulated transmit
nodes (Layer 2), 50 SVIs at each core, 50 HSRP
groups, 5000 ARP entries (Layer 3)
Layer 3 termination at distribution layer
End-hosts are connected to access switch
Dist-1 Dist-2
VSS Introduction
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Current Network Challenges Enterprise Campus
Traditional Campus Multi-Layer Design
Access
L2/L3
Distribution
L3 Core
FHRP, STP,
Asymmetric routing,
Policy Management
Extensive routing
topology, Routing
reconvergence
Single active uplink
per VLAN (PVST), L2
reconvergence
39
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Current Network Challenges Data Center
Traditional Data Center Multi-layer design
L2/L3 Core
L2 Access
Dual-Homed Servers to
single switch, Single
active uplink per VLAN
(PVST), L2
reconvergence
Single active uplink per
VLAN (PVST), L2
reconvergence, excessive
BPDUs
FHRP, HSRP, VRRP
Spanning Tree
Policy Management
L2/L3
Distribution
40
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Simplifies operational Manageability via Single point of Management, Non-loop design, minimize reliance on STP, eliminate FHRP etc
Scales system capacity with Active-Active Multi-Chassis Etherchannel (802.3ad/PagP), no blocking links due to Spanning Tree
Minimizes traffic disruption from switch or uplink failure with Deterministic subsecond Stateful and Graceful Recovery (SSO/NSF)
Catalyst 6500 Virtual Switching System Overview
41
Access Switch or ToR or Blades
Server
10GE
Traditional
SiSi SiSi
VSS (Physical View)
SiSi
Server
10GE
Access Switch or ToR or Blades
802.3ad
802.3ad or
PagP
SiSiSiSi
Server Access Switch or ToR or Blades
VSS (Logical View)
802.3ad or
PagP 802.3ad
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Virtual Switching System Enterprise Campus
VSS Distribution Design
Access
L2/L3
Distribution
L3 Core
No FHRPs
No Looped topology
Policy Management
Reduced routing
neighbors, Minimal
L3 reconvergence
Multiple active
uplinks per VLAN, No
STP convergence
42
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Virtual Switching System Data Center
VSS Data Center Design
L2/L3 Core
L2
Distribution
L2 Access
Dual-Homed
Servers, Single
active uplink per
VLAN (PVST), Fast
L2 convergence
Dual Active Uplinks,
Fast L2 convergence,
minimized L2 Control
Plane, Scalable
Single router node,
Fast L2 convergence,
Scalable architecture
43
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Virtual Switching System Architectural Concepts
Virtual Switch Domain
Virtual Switch Link
Active Standby Hot Control Plane
Switch 1 Switch 2 Data Plane
44
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Virtual Switching System Architecture Virtual Switch Link (VSL)
45
The Virtual Switch Link joins the two physical switch together - it
provides the mechanism to keep both the chassis in sync
Virtual Switch Active
Virtual Switch Standby
Virtual Switch Link
VS Header L2 Hdr L3 Hdr Data CRC
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Virtual Switching System Architecture Initialization
The initialization process consists of 3 main steps:
Role Resolution Protocol (RRP) used to determine compatible Hardware and
Software versions to form the VSL as well as determine which switch becomes
Active and Hot Standby from a control plane perspective
LMP RRP
Link Management Protocol (LMP) used to track and reject Unidirectional Links,
Exchange Chassis ID and other information between the 2 switches
Link Bringup to determine which ports form the VSL 1
2
3
LMP RRP
46
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Virtual Switching System Architecture VSLP Ping
A new ping mechanism has been implemented in VSS mode to allow
the user to objectively verify the health of the VSL itself. This is
implemented as a VSLP Ping
VSL
Switch1 Switch2
VSLP Ping
vss#ping vslp output interface tenGigabitEthernet 1/5/4
Type escape sequence to abort.
Sending 5, 100-byte VSLP ping to peer-sup via output port 1/5/4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 ms
The VSLP Ping operates on a per-physical interface basis and parameters such as COUNT,
DESTINATION, SIZE, TIMEOUT may also be specified
VSLP Ping
VSLP Ping VSLP Ping
47
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Virtual Switching System Architecture VSL Configuration Consistency Check
After the roles have been resolved through RRP, a Configuration Consistency Check is performed across the
VSL switches to ensure proper VSL operation. The following items are checked for consistency:
Switch Virtual Domain ID
Switch Virtual Switch ID
Switch Priority
Switch Preempt
VSL Port Channel Link ID
VSL Port state, interfaces
Power Redundancy mode
Power Enable on VSL cards
Note that if configurations do not match, the Hot-Standby Supervisor will revert to RPR
mode, disabling all non-VSL interfaces
Virtual Switch
48
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Virtual Switching System Unified Control Plane
49
One active supervisor in each chassis with inter-chassis Stateful Switchover (SSO)
Active supervisor manages the control plane functions such as protocols (routing, EtherChannel, SNMP, telnet, etc.) and hardware control (Online Insertion Removal, port management)
Active/Standby supervisors run in synchronized mode (boot-env, running-configuration, protocol state, and line cards status gets synchronized)
Active Supervisor
SF RP PFC
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
Standby HOT Supervisor
SF RP PFC
VSL
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
SSO
Synchronization
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Virtual Switching System Dual Active Scenario
VSL is the heart of the VSS functionality
Protecting VSL link bundle is the best practice design
Use one port from Supervisor and other from line cards to form a VSL bundle
Use diverse fiber path for each VSL links
Manage traffic forwarded over VSL link by avoiding single homed devices
In case of loss of all members of the VSL bundle, the standby supervisor will go active, creating dual active condition
Dual active leads to
Two independent routers with same control plane information e.g. IP address, router ID etc.
Error disabling of access-layer due to two STP BPDU sent with different source MAC
50
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Virtual Switching System Dual Active Forwarding Planes
51
Both forwarding planes are active
Standby supervisor and all linecards including DFCs are actively forwarding
VSS# show switch virtual redundancy My Switch Id = 1 Peer Switch Id = 2 Switch 1 Slot 5 Processor Information : ---------------------------------------------- Current Software state = ACTIVE Fabric State = ACTIVE Control Plane State = ACTIVE Switch 2 Slot 5 Processor Information : ---------------------------------------------- Current Software state = STANDBY HOT (switchover
target) Fabric State = ACTIVE Control Plane State = STANDBY
Data Plane Active
Data Plane Active
SiSiSiSi
Switch1 Switch2
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Virtual Switching System Architecture Multichassis EtherChannel (MEC)
Etherchannels can now be extended across the two physical chassis
Regular Etherchannel on single
chassis
Multichassis EtherChannel across 2
VSS-enabled chassis
VSS
Both LACP and PAGP Etherchannel
protocols and Manual ON modes are
supported
Standalone
52
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Virtual Switching System Architecture EtherChannel Hash for MEC
Link 1 Link 2
Etherchannel hashing algorithms are modified in VSS to always favor
locally attached interfaces
Blue Traffic destined
for the Server will
result in Link 1 in the
MEC link bundle being
chosen as the
destination path
Orange Traffic
destined for the Server
will result in Link 2 in
the MEC link bundle
being chosen as the
destination path
53
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Etherchannel Concepts Etherchannel Hash Distribution
The default hashing algorithm will redistribute all the Result Bit Hash values across
the available ports when there is a change. This affects all traffic traversing the
Etherchannel
RBH (for MEC)
2 Link Bundle Example Link 1 Link 2
Flow 1 Flow 2 Flow 3 Flow 4 Flow 5 Flow 6 Flow 7 Flow 8
RBH (for MEC)
3 Link Bundle Example
Flow 1 Flow 2 Flow 4 Flow 5 Flow 7 Flow 8
Flow 3 Flow 6
Link 1 Link 2 Link 3
Links 1,2 Links 3,4 Links 1,2,3 Links 4,5,6
54
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Etherchannel Concepts Etherchannel Hash Distribution Adaptive
Adaptive Hash Distribution Enhancement allows for the addition or removal of links
in a bundle without affecting all of the traffic in an Etherchannel. Note in the below
example, only Flow 7 and 8 are affected by the addition of an extra link to the
Channel RBH (for MEC)
2 Link Bundle Example
RBH (for MEC)
3 Link Bundle Example
Flow 1 Flow 2 Flow 3 Flow 4 Flow 5 Flow 6
Flow 7 Flow 8
Link 1 Link 2
Flow 1 Flow 2 Flow 3 Flow 4 Flow 5 Flow 6 Flow 7 Flow 8
Link 1 Link 2 Link 3
vss#conf t
Enter configuration commands, one per line. End with CNTL/Z.
vss(config)#port-channel hash-distribution adaptive
vss(config)# ^Z
vss#
55
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Virtual Switching System Architecture VSL Initialization
Initialization 1 Initialization 1
Pre-Parse Config 2 Pre-Parse Config 2
Bring up VSL Linecards and
VSL Ports
3 Bring up VSL Linecards and
VSL Ports 3
Run VSLP 4 Run VSLP 4
Run RRP 5 Run RRP 5
Inter-chassis SSO 6 Inter-chassis SSO 6
Continue System Bootup 7 Continue System Bootup 7
56
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Virtual Switching System Resilient VSL Configuration
Protecting VSL bundle is of the highest priority.
VSL bundle is a special purpose EtherChannel however all the best practices of designing and configuring of any general EtherChannel applies to VSL bundle
Redundancy of VSL is important to avoid dual ACTIVE condition and instability of VSS
Diversify VSL bundle on two separate hardware just like any resilient EtherChannel design
VSL link hardware selection also affect the QOS configuration on the rest of the ports on supervisors.
57
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
VSL Design Link Diversification (Dual-Sup Design Option #1)
58
Minimum of two links provides protection from port and SFP failures
Separate linecard provides protection from certain interface failures on a single Supervisor
Diverse physical paths protect from physical layer outages
Requires a VSL-capable linecard
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
VSS Active
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
VSS Standby
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
Ten 1/5/4 Ten 2/5/4
Ten 1/1/1 Ten 2/1/1
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
VSL Design Link Diversification (Dual-Sup Design Option #2)
Minimum of two links provides protection from port and SFP failures
Diverse physical paths protect from physical layer outages
No additional VSL-capable linecards are required (Minimal Cost)
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
VSS Active
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
VSS Standby
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
CFC or DFC Linecard
Ten 1/5/4 Ten 2/5/4
Ten 1/5/5 Ten 2/5/5
59
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Agenda
60
Migration Use cases description of Standalone, HA and VSS , test traffic profile
Migration Walk Through approach, migration Steps, STP and HSRP interaction, traffic re-routing
Supervisor 2T Architecture Overview architecture building blocks, hardware and software requirements
Current Network Challenges network design with spanning Tree, User downtime, VSS Solution
Results Summary and Best Practices convergence summary, verification of Sup2T, VSS verification
61
Plan
Execute
Verify
Supervisor 2T Migration Walk through
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Migration Tips
63
SiSi
10GE
Access Switch or ToR or Blades
SiSiSiSi
Distribution switches MUST BE Spanning-tree ROOT
Plan the migration with identified backup strategy
Make sure to save the configs at each step to disk0: or bootflash:
Use console connection during Migration process (if possible), telnet or ssh connections can be lost .
It is a best practice to move the HSRP(Layer 3) first to redundant switch followed by spanning tree root for optimal results and convergence
Download the Sup2T supported image in advance to external compact flash before migration
Use root guard at the edge ports to protect external switch introducing superior BPDUs, e.g. temporary connectivity
Use Spanning tree portfast on all the access ports connected to servers and hosts
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Software Recommendation
64
Platform IOS version
Minimum Recommended
Supervisor 720 12.2 (SXI3) 12.2(SXJ)
Supervisor 2T 12.2 (SY) 15.1(SY1)
15.1 train is the long lived release
Catalyst 6500 with Sup 720 Minimum Recommended Cisco IOS Release http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/release/notes/ol_14271.html
Catalyst 6500 with Sup 2T Recommended Cisco IOS Release http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/15.1SY/release_notes.html
VSS cannot be formed between Sup 720 running 12.2 SX and Sup 2T running 12.2(SY) or 15.0 (SY)
For Your Reference
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Case 1 : Single/Dual Supervisor 720 Migration
65
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
STP & HSRP Active
Traditionally, traffic is load-balanced among distribution switches using vlan load-
sharing and HSRP configuration
Case 1: Standalone Supervisor Migration Current Network
66
Access
Distribution
L3 Core
STP & HSRP Active
Red Vlan Green Vlan Dist-1 Dist-2
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Verifying STP and HSTP states on Dist-1 Switch
67
Dist-1#sh spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 8192
Address 0017.df3f.e80a
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay
15 sec
Bridge ID Priority 8192
Address 0017.df3f.e80a
Hello Time 2 sec Max Age 20 sec Forward Delay
15 sec
Aging Time 480
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- --------
Gi8/2 Desg FWD 4 128.898 P2p Peer(STP)
Po1 Desg FWD 1 128.1665 P2p
Dist-1#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 120 P Active local 10.100.100.2 10.100.100.3
Vl20 20 110 P Standby 20.100.100.2 local 20.100.100.3
Case 1 : Pre Migration Checks
Dist-1#sh spanning-tree vlan 20
VLAN0020
Spanning tree enabled protocol rstp
Root ID Priority 8192
Address 0019.3004.3814
Cost 1
Port 1665 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay
15 sec
Bridge ID Priority 28672
Address 0017.df3f.e814
Hello Time 2 sec Max Age 20 sec Forward Delay
15 sec
Aging Time 480
Interface Role Sts Cost Prio.Nbr Type
------------------ ---- --- --------- --------
Gi8/2 Desg FWD 4 128.898 P2p Peer(STP)
Po1 Root FWD 1 128.1665 P2p
How to read Dist-1 is root bridge for vlan 10 and
secondary root for vlan 20
Dist-1 is HSRP active for group 10
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Green vlans traversing
through the Dist-2 will
be affected due to HSRP
change for 4 secs,
largely depends on the
HSRP timers
STP & HSRP
Active
Red Vlan
Green Vlan
Dist-1 Dist-2
Case 1: Migration of Dist-2 Switch Step-1 Shift the HSRP Primary to Dist-1
68
Make Dist-1 switch HSRP primary for Green vlans
Neighboring devices will detect this change and switch all traffic to Dist-1 switch
Dist-2(config)#int vlan 20 Dist-2(config-if)#standby 20 priority 100
*Apr 20 02:00:15.047: %HSRP-5-STATECHANGE: Vlan20 Grp 20 state Active -> Speak
*Apr 20 02:00:26.515: %HSRP-5-STATECHANGE: Vlan20 Grp 20 state Speak -> Standby
Dist-2#sh standby brief
P indicates configured to preempt.
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 100 P Standby 10.100.100.1 local 10.100.100.3
Vl20 20 100 P Standby 20.100.100.1 local 20.100.100.3
Dist-1#
*Apr 20 02:01:19.559: %HSRP-5-STATECHANGE:Vlan20 Grp 20 state Standby -> Active
Dist-1#sh standby brief
P indicates configured to preempt.
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 120 P Active local 10.100.100.2 10.100.100.3
Vl20 20 110 P Active local 20.100.100.2 20.100.100.3
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Red vlans traversing
through the Dist-2 will
be affected, due to STP
root change, for 30 secs,
largely depends on the
STP mode
STP & HSRP
Active
Red Vlan
Green Vlan
Dist-1 Dist-2
Case 1: Migration of Dist-2 Switch Step-2 Move Spanning root primary to Dist-1
69
Make Dist-1 switch STP root for Green vlans
Neighboring devices will detect this change and switch all traffic to Dist-1 switch
Shutdown Dist-2 physical interfaces to completely remove Dist-2 switch from the network
Dist-1(config)#spanning-tree vlan 20 root primary
Dist-1(config)#end
Dist-1#sh spanning-tree vlan 20
VLAN0020
Spanning tree enabled protocol rstp
Root ID Priority 8192
Address 0017.df3f.e814
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8192
Address 0017.df3f.e814
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 480
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ----------------
Gi8/2 Desg FWD 4 128.898 P2p Peer(STP)
Po1 Desg FWD 1 128.1665 P2p
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Case 1 : New Supervisor 2T insertion Step-3 Insertion of Sup 2T and configuration
Remove Sup720 and all incompatible linecards from the chassis
Replace non-E with E-series chassis and insert Supervisor 2T
Boot Sup2T compatible image from rommon, copy the saved configuration from compact flash to running
Validate the configs for Sup2T
Dist-2 with Sup2T will bootup as HSRP/STP secondary for all vlans as configured
The traffic will still be flowing through the Dist-1
Access
Distribution
L3 Core
STP & HSRP
Active
Red Vlan Green Vlan
Dist-1 Dist-2
STP & HSRP
Secondary
rommon>boot disk0:s2txx_new_sup2t_image
Boot the new Supervisor 2T image from compact disk in
rommon prompt,copied from cisco.com
-------- -------
Dist-2#copy disk0:saved_config system:running_config
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Access
Distribution
L3 Core
STP & HSRP
Active
Red Vlan
Green Vlan
Dist-1 Dist-2
STP & HSRP
Secondary
Case 1: Migration of Dist-2 Switch Step-4 Un-shut the interfaces on Sup2T
71
After config validation un-shut Dist-2 physical interfaces and port-channel between two peers
Dist-2 will become HSRP/STP secondary
There will be no impact on the traffic flowing through Dist-1 till this step
Dist-2(configs)#int range gi2/48,gi2/3 4, int po 1
Dist-2(configs-if-range)#no shut
Dist-2#show interfaces gi2/48 To Access Switch
GigabitEthernet2/48 is up, line protocol is up (connected)
Hardware is C6k 1000Mb 802.3, address is 001f.6cf6.528f (bia
001f.6cf6.528f)
- Omit Output -
Dist-2#show interfaces Po 1 To Primary HSRP Switch
Port-channel1 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 588d.09e6.81ab (bia
588d.09e6.81ab)
- Omit Output -
Dist-2#show interfaces gi2/4 To Core Block
GigabitEthernet2/4 is up, line protocol is up
(connected)
Hardware is C6k 1000Mb 802.3, address is
001f.6cf6.527c (bia 001f.6cf6.527c)
- Omit Output -
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Verifying STP and HSTP states on Dist-2 Switch after migration
72
Dist-2#sh spanning-tree vlan 20
VLAN0020
Spanning tree enabled protocol rstp
Root ID Priority 8192
Address 0017.df3f.e814
Cost 1
Port 1665 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8192
Address 0019.3004.3814
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 480
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- --------
Gi8/2 Desg FWD 4 128.898 P2p Peer(STP)
Po1 Root FWD 1 128.1665 P2p
Dist-2#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 100 P Standby 10.100.100.1 local 10.100.100.3
Vl20 20 100 P Standby 20.100.100.1 local 20.100.100.3
Case 1 : Post Migration Checks
Dist-2#sh spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 8192
Address 0017.df3f.e80a
Cost 1
Port 1665 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28672
Address 0019.3004.380a
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 480
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- --------
Gi8/2 Desg FWD 4 128.898 P2p Peer(STP)
Po1 Root FWD 1 128.1665 P2p
How to read Dist-2 is now secondary root bridge
for vlan 10 and vlan 20
Dist-2 is HSRP standby for group 10 and 20 after migration
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Case 1 : Verification Supervisor 2T Verification
73
Dist-2#show version
Cisco IOS Software, s2t54 Software (s2t54-
IPBASEK9-M), Version 15.1(1)SY, RELEASE SOFTWARE
(fc5)
Technical Support:
http://www.cisco.com/techsupport
Copyright I 1986-2011 by Cisco Systems, Inc.
Compiled Tue 27-Sep-11 02:02 by prod_rel_team
ROM: System Bootstrap, Version 12.2(50r)SYS2,
RELEASE SOFTWARE (fc1)
Dist-2uptime is 51 minutes
Uptime for this control processor is 51 minutes
System returned to ROM by power on
System image file is "bootdisk:s2t54-ipbasek9-
mz.SPA.151-1.SY.bin"
Last reload reason: power-on
- Omit Output -
Cisco WS-C6509-E (M8572) processor (revision)
with 1769472K/262144K bytes of memory.
Processor board ID SMG0929N81U
CPU: MPC8572_E, Version: 2.1, (0x80E80021)
CORE: E500, Version: 3.0, (0x80210030)
CPU:1500MHz, CCB:600MHz, DDR:600MHz
L1: D-cache 32 kB enabled
I-cache 32 kB enabled
Last reset from power-on
Dist-2# show module
Mod Ports Card Type Model Serial No.
--- ----- --------------------------------------
1 8 DCEF2T 8 port 10GE WS-X6908-10G SAL16095SXR
2 48 CEF720 48 port 10/100/1000mb Ethe WS-X6748-GE-TX SAL1208GW5C
5 5 Supervisor Engine 2T 10GE w/CTS (Acti VS-SUP2T-10G SAL16020SSN
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------
1 442b.0311.5588 to 442b.0311.56cf 1.1 12.2(50r)SYL 15.1(1)SY Ok
2 001f.6cf6.5260 to 001f.6cf6.52f2 2.7 12.2(14r)S5 15.1(1)SY Ok
5 588d.098a.b517 to 588d.098a.b654 1.2 12.2(50r)SYS 15.0(1)SY Ok
Mod Sub-Module Model Serial Hw Status
---- --------------------------- ------------------ -----------
1 Distributed Forwarding Card WS-F6K-DFC4-E SAL16095R3F 1.2 Ok
2 Centralized Forwarding Card WS-F6700-CFC SAL1207GEH3 4.0 Ok
5 Policy Feature Card 4 VS-F6K-PFC4 SAL16010C7B 1.1 Ok
5 CPU Daughterboard VS-F6K-MSFC5 SAL16020TKS 1.3 Ok
Mod Online Diag Status
---- -------------------
1 Pass
2 Pass
5 Pass
Verify the Sup2T insertion
and software version using
show module and show version
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
- a brief 4 sec traffic drop was seen for Green vlans during HSRP convergence
- during Spanning tree root primary change, 30 sec traffic disruption was seen
for Green vlans due to STP re-calculations
Case 1 : Secondary Switch Migration Convergence result during Dist-2 Upgrade
74
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Red and Green vlans
traversing through the
Dist-1 will experience a
brief outage due to
HSRP change for 4 secs,
largely depends on the
HSRP timers
Case 1: Migration of Dist-1 Switch Step-5 Shift the HSRP Primary to Dist-2
75
Configure Dist-1 switch as HSRP secondary for all the vlans, Dist-2 will become HSRP primary
Neighboring devices will detect and switch all traffic to Dist-2 switch
Dist1(config)#int vlan 20
Dist-1(config-if)#standby 20 priority 90
*Apr 20 02:00:15.047: %HSRP-5-STATECHANGE: Vlan20 Grp 20 state Active -> Speak
*Apr 20 02:00:26.515: %HSRP-5-STATECHANGE: Vlan20 Grp 20 state Speak -> Standby
Dist1(config)#int vlan 10
Dist-1(config-if)#standby 10 priority 90
*Apr 20 02:00:20.047: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Active -> Speak
*Apr 20 02:00:35.515: %HSRP-5-STATECHANGE: Vlan10 Grp 10 state Speak -> Standby
Dist-1#sh standby brief
P indicates configured to preempt.
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 90 P Standby 10.100.100.1 local 10.100.100.3
Vl20 20 90 P Standby 20.100.100.1 local 20.100.100.3
Dist-2#
*Apr 20 02:01:19.559: %HSRP-5-STATECHANGE:Vlan20 Grp 20 state Standby -> Active
*Apr 20 02:01:19.559: %HSRP-5-STATECHANGE:Vlan20 Grp 10 state Standby -> Active
Dist-2#sh standby brief
P indicates configured to preempt.
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 100 P Active local 10.100.100.2 10.100.100.3
Vl20 20 100 P Active local 20.100.100.2 20.100.100.3
Access
Distribution
L3 Core
STP & HSRP
Active
Red Vlan
Green Vlan
Dist-
1 Dist-2
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Vlans traversing through
the Dist-1 will be
affected, due to STP root
change, for 30 secs,
largely depends on the
STP mode
Case 1: Migration of Dist-1 Switch Step-6 Move Spanning root primary to Dist-2
76
Adjust the priorities to make Dist-2 STP root primary and Dist-1 STP root secondary for all vlans
Neighboring devices will detect and switch traffic to Dist-2 switch
Shutdown Dist-1 physical interfaces to completely remove Dist-1 switch from the network
Dist-2(config)#spanning-tree vlan 10,20 priority 4096
Dist-2(config)#end
Dist-2#sh spanning-tree vlan 20
VLAN0020
Spanning tree enabled protocol rstp
Root ID Priority 4096
Address 0017.df3f.e814
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 4095
Address 0017.df3f.e814
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 480
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ----------------
Gi8/2 Desg FWD 4 128.898 P2p Peer(STP)
Po1 Desg FWD 1 128.1665 P2p
Access
Distribution
L3 Core
STP & HSRP
Active
Red Vlan
Green Vlan
Dist-
1 Dist-2
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Case 1 : New Supervisor 2T insertion Step-7 Insertion of Sup 2T and configuration
Repeat the steps from step 3 step 5 to upgrade Sup2T in Dist-1 switch
Verify that Supervisor 2T come up with supported software image
Verify that Red vlan traffic is taking Dist-1 path and Green vlan traffic is taking Dist-2 path
Verify all the L3-routing is converged
All the unsupported linecards will remain in power denied state
Both the chassis in distribution pair have now been migrated to new generation Supervisor 2T
Same steps has to be followed for Dual Supervisors 720 in HA mode
Red vlans traversing through the Dist-2
will be affected, due to STP root change
and HSRP convergence, for 34 secs
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
- a brief 4 sec traffic drop was seen for all vlans during HSRP convergence
- during Spanning tree root primary change, 30 sec traffic disruption was seen
for all vlans due to STP re-calculations
Case 1 : Secondary Switch Migration Convergence result during Dist-1 Upgrade
78
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Case 1 : Final State Design
79
Access
Distribution
L3 Core
STP & HSRP Active
Red Vlan Green Vlan Dist-1 Dist-2 STP & HSRP Active
Case 2 : Standalone to Virtual Switch System (VSS) Migration with Sup720
80
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
VSS Migration Tips
81
VSS domain switch MUST BE spanning-tree ROOT
Make sure to save the configs at each step to disk0: or bootflash:
Use console connection during Migration process
It is a best practice to move the HSRP(Layer 3) first to redundant switch followed by spanning tree root for optimal results and convergence
Remove HSRP configs and assigns the same virtual IP addresses to vlan SVIs.
Download the Sup2T supported image in advance to external compact flash before migration
Use root guard at the edge ports to protect external switch introducing superior BPDUs, e.g. temporary connectivity
Use Spanning tree portfast on all the access ports connected to servers and hosts
Do not use loop guard as it will disable the entire MEC channel on fault detection
VSS (Physical View)
SiSi
Server
10GE
Access Switch or ToR or Blades
802.3ad
802.3ad or
PagP
SiSiSiSi
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Access
Distribution
L3 Core
STP & HSRP Active
Red Vlan
STP & HSRP Active
Green Vlan Dist-1 Dist-2
Traditionally, traffic is load-balanced among distribution switches using vlan load-
sharing and HSRP configuration
Case 2: Standalone Supervisor Migration in VSS Current Network
82
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Migration Steps between Distribution and
Access-layer
1. Modify FHRP Configuration
2. Configure Multichassis Ethrechannel
3. Move L2 Trunk configuration to MEC
interfaces
4. Move Policies to MEC if needed
5. Keep Spanning-Tree Enabled
Migration Steps between Distribution and
core
1. Configure MEC
2. Remove Routing Statements which
are not needed.
Access
L2/L3
Distribution
L3 Core
Multi Step Process
Case 3: Standalone to VSS Migration Migration to VSS
83
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Verifying STP and HSTP states on Dist-1 Switch
84
Dist-1#sh spanning-tree vlan 10
VLAN0010
Spanning tree enabled protocol rstp
Root ID Priority 8192
Address 0017.df3f.e80a
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay
15 sec
Bridge ID Priority 8192
Address 0017.df3f.e80a
Hello Time 2 sec Max Age 20 sec Forward Delay
15 sec
Aging Time 480
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- --------
Gi8/2 Desg FWD 4 128.898 P2p Peer(STP)
Po1 Desg FWD 1 128.1665 P2p
Dist-1#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 120 P Active local 10.100.100.2 10.100.100.3
Vl20 20 110 P Standby 20.100.100.2 local 20.100.100.3
Case 2 : Pre Migration Checks
Dist-1#sh spanning-tree vlan 20
VLAN0020
Spanning tree enabled protocol rstp
Root ID Priority 8192
Address 0019.3004.3814
Cost 1
Port 1665 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay
15 sec
Bridge ID Priority 28672
Address 0017.df3f.e814
Hello Time 2 sec Max Age 20 sec Forward Delay
15 sec
Aging Time 480
Interface Role Sts Cost Prio.Nbr Type
------------------ ---- --- --------- --------
Gi8/2 Desg FWD 4 128.898 P2p Peer(STP)
Po1 Root FWD 1 128.1665 P2p
How to read Dist-1 is root bridge for vlan 10 and
secondary root for vlan 20
Dist-1 is HSRP active for group 10
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Green vlans traversing
through the Dist-2 will
be affected due to HSRP
change for 4 secs,
largely depends on the
HSRP timers
STP & HSRP
Active
Red Vlan
Green Vlan
Dist-1 Dist-2
Case 2: Migration of Dist-2 Switch Step-1 Shift the HSRP Primary to Dist-1
85
Make Dist-1 switch HSRP primary for Green vlans
Neighboring devices will detect this change and switch all traffic to Dist-1 switch
Dist-2(config)#int vlan 20 Dist-2(config-if)#standby 20 priority 100
*Apr 20 02:00:15.047: %HSRP-5-STATECHANGE: Vlan20 Grp 20 state Active -> Speak
*Apr 20 02:00:26.515: %HSRP-5-STATECHANGE: Vlan20 Grp 20 state Speak -> Standby
Dist-2#sh standby brief
P indicates configured to preempt.
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 100 P Standby 10.100.100.1 local 10.100.100.3
Vl20 20 100 P Standby 20.100.100.1 local 20.100.100.3
Dist-1#
*Apr 20 02:01:19.559: %HSRP-5-STATECHANGE:Vlan20 Grp 20 state Standby -> Active
Dist-1#sh standby brief
P indicates configured to preempt.
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 120 P Active local 10.100.100.2 10.100.100.3
Vl20 20 110 P Active local 20.100.100.2 20.100.100.3
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Red vlans traversing
through the Dist-2 will
be affected, due to STP
root change, for 30 secs,
largely depends on the
STP mode
STP & HSRP
Active
Red Vlan
Green Vlan
Dist-1 Dist-2
Case 2: Migration of Dist-2 Switch Step-2 Move Spanning root primary to Dist-1
86
Make Dist-1 switch STP root for Green vlans
Neighboring devices will detect this change and switch all traffic to Dist-1 switch
Shutdown Dist-2 physical interfaces to completely remove Dist-2 switch from the network
Dist-1(config)#spanning-tree vlan 20 root primary
Dist-1(config)#end
Dist-1#sh spanning-tree vlan 20
VLAN0020
Spanning tree enabled protocol rstp
Root ID Priority 8192
Address 0017.df3f.e814
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 8192
Address 0017.df3f.e814
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 480
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- ----------------
Gi8/2 Desg FWD 4 128.898 P2p Peer(STP)
Po1 Desg FWD 1 128.1665 P2p
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Case 2 : New Supervisor 2T insertion Step-3 Insertion of Sup 2T and configuration
Remove Sup720 and all incompatible linecards from the chassis
Replace non-E with E-series chassis and insert Supervisor 2T
Boot Sup2T compatible image from rommon, copy the saved configuration from compact flash to running
Validate the configs for Sup2T
Dist-2 with Sup2T will bootup as HSRP/STP secondary for all vlans as configured
The traffic will still be flowing through the Dist-1
Access
Distribution
L3 Core
STP & HSRP
Active
Red Vlan Green Vlan
Dist-1 Dist-2
STP & HSRP
Secondary
rommon>boot disk0:s2txx_new_sup2t_image
Boot the new Supervisor 2T image from compact disk in
rommon prompt,copied from cisco.com
-------- -------
Dist-2#copy disk0:saved_config system:running_config
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Case 2 : Verification Supervisor 2T Verification
88
Dist-2#show version
Cisco IOS Software, s2t54 Software (s2t54-
IPBASEK9-M), Version 15.1(1)SY, RELEASE SOFTWARE
(fc5)
Technical Support:
http://www.cisco.com/techsupport
Copyright I 1986-2011 by Cisco Systems, Inc.
Compiled Tue 27-Sep-11 02:02 by prod_rel_team
ROM: System Bootstrap, Version 12.2(50r)SYS2,
RELEASE SOFTWARE (fc1)
Dist-2uptime is 51 minutes
Uptime for this control processor is 51 minutes
System returned to ROM by power on
System image file is "bootdisk:s2t54-ipbasek9-
mz.SPA.151-1.SY.bin"
Last reload reason: power-on
- Omit Output -
Cisco WS-C6509-E (M8572) processor (revision)
with 1769472K/262144K bytes of memory.
Processor board ID SMG0929N81U
CPU: MPC8572_E, Version: 2.1, (0x80E80021)
CORE: E500, Version: 3.0, (0x80210030)
CPU:1500MHz, CCB:600MHz, DDR:600MHz
L1: D-cache 32 kB enabled
I-cache 32 kB enabled
Last reset from power-on
Dist-2# show module
Mod Ports Card Type Model Serial No.
--- ----- --------------------------------------
1 8 DCEF2T 8 port 10GE WS-X6908-10G SAL16095SXR
2 48 CEF720 48 port 10/100/1000mb Ethe WS-X6748-GE-TX SAL1208GW5C
5 5 Supervisor Engine 2T 10GE w/CTS (Acti VS-SUP2T-10G SAL16020SSN
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------
1 442b.0311.5588 to 442b.0311.56cf 1.1 12.2(50r)SYL 15.1(1)SY Ok
2 001f.6cf6.5260 to 001f.6cf6.52f2 2.7 12.2(14r)S5 15.1(1)SY Ok
5 588d.098a.b517 to 588d.098a.b654 1.2 12.2(50r)SYS 15.0(1)SY Ok
Mod Sub-Module Model Serial Hw Status
---- --------------------------- ------------------ -----------
1 Distributed Forwarding Card WS-F6K-DFC4-E SAL16095R3F 1.2 Ok
2 Centralized Forwarding Card WS-F6700-CFC SAL1207GEH3 4.0 Ok
5 Policy Feature Card 4 VS-F6K-PFC4 SAL16010C7B 1.1 Ok
5 CPU Daughterboard VS-F6K-MSFC5 SAL16020TKS 1.3 Ok
Mod Online Diag Status
---- -------------------
1 Pass
2 Pass
5 Pass
Verify the Sup2T insertion
and software version using
show module and show version
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
- a brief 4 sec traffic drop was seen for Green vlans during HSRP convergence
- during Spanning tree root primary change, 30 sec traffic disruption was seen
for Green vlans due to STP re-calculations
Case 2 : Secondary Switch Migration Convergence result during Dist-2 Upgrade
89
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Dist - 1 Dist - 2
VSL Link Bundle
T5/4
T5/5
T5/4
T5/5
Port-Channel 1 Port-Channel 2
Switch Virtual Domain #100
Convert Sup2T in Dist-2 to run in VSS mode
Supervisor uplink interfaces are utilized to form a VSL link
Case 2 - Conversion to VSS
90
Step- 4 Configuration for the conversion takes the following path
Dist- 2 Dist-2(config)#switch virtual domain 100 Domain ID 100 config will take effect only
after the exec command 'switch convert mode virtual' is issued
Dist-2(config-vs-domain)#switch 1
Dist-2(config-vs-domain)#mac-address use-virtual
Dist-2(config)#udld enable
Dist-2(config)#spanning-tree mode rapid-pvst
Dist-2(config)#spanning-tree vlan 2-999 priority 24576
Dist-2(config-red)#int po 1
Dist-2(config-if)#switch virtual link 1
WARNING: Interface Port-channel1 placed in restricted config
mode. All extraneous configs removed!
WARNING: Interface TenGigabitEthernet5/4 placed in restricted
config mode. All extraneous configs removed!
WARNING: Interface TenGigabitEthernet5/5 placed in restricted
config mode. All extraneous configs removed!
Dist-2(config)#int range tenGigabitEthernet 5/4 5
Dist-2(config-if-range)#shutdown
Dist-2(config-if-range)#channel-group 1 mode on
Dist-2# show switch virtual
Switch Mode : Standalone
Not in Virtual Switch mode due to:
Domain ID is configured but invalid SWITCH_NUMBER 0 setting.
This implies an incomplete or failed Virtual Switch
conversion process.
Configure Switch Virtual Domain
Case 2 - Conversion to VSS
91
Configure Switch id
Configure virtual mac address
Enable udld
Configure spanning tree for all vlans
Configure VSL port-channel
Assign the Sup2T uplinks to VSL port-channel
Verify that the switch is still working in standalone mode
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Dist - 2
Dist-2#switch convert mode virtual
This command will convert all interface names
to naming convention "interface-type switch-number/slot/port,
save the running config to startup-config and
reload the switch.
NOTE: Make sure to configure one or more dual-active detection methods
once the conversion is complete and the switches have come up in VSS mode.
Do you want to proceed? [yes/no]:
Converting interface names
Building configuration
[OK]
Saving converted configuration to bootdisk:
Destination filename [startup-config.converted_vs-20130420-021633]?
AT THIS POINT THE SWITCH WILL REBOOT
SWITCH CONSOLE OUTPUT After reload *Apr 20 04:59:53.999: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch
*Apr 20 05:00:04.843: %VSL_BRINGUP-6-MODULE_UP: VSL module in slot 5 switch 2 brought up
*Apr 20 05:02:06.363: %VSLP-5-RRP_PEER_TIMEOUT: VSLP peer timer expired without detecting peer. Resolving role as
Active
*Apr 20 05:02:06.415: %VSLP-2-VSL_DOWN: VSL links down and not ready for any traffic
*Apr 20 05:03:59.795: %DIAG-SW2-6-DIAG_OK: Switch 2 Module 1: Passed Online Diagnostics
*Apr 20 05:03:59.987: %SATVS_IBC-SW2-5-VSL_DOWN_SCP_DROP: VSL inactive - dropping cached SCP packet:
(SA/DA:0x0/0x4, SSAP/DSAP:0x0/0x1, OP/SEQ:0x1030/0x8, SIG/INFO:0x1/0x21, eSA:0000.0100.0000)
Case 2 - Conversion to VSS Step- 5 Convert the mode to virtual
92
The most important
command
Switch will reload after
proceeding with this
command
How to read the output
Switch will bootup as ACTIVE with VSL link in shutdown
state
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
VSS Switch - 1 VSS# sh switch virtual role
Switch Switch Status Preempt Priority Role Session ID
Number Oper(Conf) Oper(Conf) Local Remote
------------------------------------------------------------------
LOCAL 1 DOWN FALSE(N ) 110(110) ACTIVE 0 0
In dual-active recovery mode: No
Dist-2 is now
converted to
Sup 2T VSS in
Active role
Case 2 - Conversion to VSS
93
How to read the output
Checking the local switch
Configured switch id is 1
VSL status is down
No Pre-empt configuration
Configured and Operational priority is 110, derived during bootup
Since there is no other peer, the switch boots up as ACTIVE switch
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
1. Pre-configure MEC (Multi Chassis Ether Channel) using Switch-1 local interfaces, Switch-2 will
be Dist-1 once it is converted, interfaces can be added to MECs after its conversion to VSS at later steps
2. Move HSRP Virtual IP address to Vlan interfaces
3. Remove HSRP config, (active and standby chassis will be using active chassis burnt-in mac-
address and Vlan ip address . HSRP is no longer required )
4. Turn On NSF-SSO (Non-Stop forwarding) feature for routing protocol
5. VSS simplifies the routing configuration
6. Modify STP configuration such that VSS switch-1 be the root for all vlans
Pre-configuration steps can also be performed after converting Dist-2 to VSS as
well. Pre-configuration helps to reduces amount of packet loss during migration.
Case 2 - Conversion to VSS Step- 6 Pre-configure VSS Switch-1
94
Now that Dist-2 is successfully converted and It is operating in VSS mode, perform
below steps to pre configure VSS Switch-1 (Dist-2)
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Gig1/1/1
Gig1/1/2
Gig1/1/3
Gig1/1
Gig1/2
Gig1/3
TGig2/1 TGig1/1/21 TGig2/2 TGig1/2/2
Access
Distribution
L3 Core
STP & HSRP
Active
Red Vlan
Green Vlan
Dist-1 Dist-2
Case 2 - Conversion to VSS Pre-configure VSS Switch-1
VSS
95
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Case 2 Configuration Migration Step- 6 Configuration Migration: Pre-Configure MEC
96
VSS Active
Configure MEC
Move Interface
configuration to MEC
VSS Active
interface TenGigabitEthernet1/2/1
ip address 192.168.4.2 255.255.255.0
interface GigabitEthernet1/1/2
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20
VSS(config-if)#int po10
VSS(config-if)#switchport
VSS(config-if)#switchport trunk encap dot1q
VSS(config-if)#switchport trunk allowed vlan 10,20
VSS(config-if)no shut
VSS(config-if)#int gig 1/1/2
VSS(config-if)#switchport
VSS(config-if)# channel-group 10 mode desirable
Traditional config
Choose a unique port channel (MEC) id for each of the neighbor device
that is dual homed to VSS
VSS(config)#int gig 1/1/1
VSS(config-if)#no ip add
VSS(config-if)#int po20
VSS(config-if)#ip add 192.168.4.2 255.255.255.0
VSS(config-if)no shut
VSS(config-if)#int gig 1/1/1
VSS(config-if)#channel-group 20
mode desirable
MEC to Core
MEC to Access
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Case 2 Configuration Migration Step- 6 Configure port channel in VSS neighbor device
97
Core
Configure Layer-3
port channel
Core(config-if)#int gig 1/1
Core(config-if)#no ip address
Core(config-if)#int po20
Core(config-if)# ip address 192.168.4.2
255.255.255.0
Core(config-if)#no shut
Core(config-if)#int gig 1/1
Core(config-if)#channel-group 20 mode
desirable
VSS neighbor device interfaces will be down at this moment , port channel
can be configured without interfering traffic flowing through Dist-1
Access(config)#int po10
Access(config)#switchport
Access(config)# switchport trunk encapsulation
dot1q
Access(config)#switchport mode trunk
Access(config)#no shut
Access(config)#int range gig 1/1
Access(config-if#channel-group 10 mode
desirable
Access Configure Layer-2
port channel
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
interface Vlan10
ip address 10.1.1.2 255.255.255.0
standby 10 ip 10.1.1.1
standby 10 priority 110
!
interface Vlan20
ip address 20.1.1.2 255.255.255.0
standby 20 ip 20.1.1.1
standby 20 priority 110
VSS Active
VSS(config)#interface Vlan10
VSS(config-if)# no standby 10 ip 10.1.1.1
VSS(config-if)# no standby 10 pri 110
VSS(config-if)#ip address 10.1.1.1
255.255.255.0
VSS(config)#interface Vlan20
VSS(config-if)# no standby 20 ip 20.1.1.1
VSS(config-if)# no standby 20 pri 110
VSS(config-if)# ip address 20.1.1.1
255.255.255.0
VSS Active
Traditional config
Remove HSRP Standby config
Move HSRP Standby IP Address to
the Vlan interfaces
End devices are still pointing their arp entries to HSRP mac-address, till the entry times
out or re-arp would update their cache. Temporarily connectivity may be lost during this
time.
Case 2 Configuration Migration Step- 6 Configuration Migration : Remove Gateway Protocol
98
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Case 2 Configuration Migration Step- 6 Configuration Migration : Update Routing Protocol config
99
VSS#sh run | beg ospf router ospf 10
log-adjacency-changes
network 10.1.1.0 0.0.0.255 area 0
network 20.1.1.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 0
network 192.168.5.0 0.0.0.255 area 0
VSS(config)#router ospf 10
VSS(config-router)# nsf
VSS(config-router)# no network 192.168.5.0
0.0.0.255 area 0
VSS Active
Enable NSF/SSO and Remove Routing statements that are no longer needed with VSS
Core
Previous L3 interfaces are merged
as MEC, hence some routing
statement are not needed..
Core#sh run | beg ospf
router ospf 1
log-adjacency-changes
network 192.168.4.0 0.0.0.255 area 0
network 192.168.5.0 0.0.0.255 area 0
Demo-Core(config)#router ospf 1
Demo-Core(config-router)# nsf
Demo-Core(config-router)#no network
192.168.5.0 0.0.0.255 area 0
Previous L3 interfaces are merged
as MEC, hence some routing
statement are not needed..
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Case 2 Sup 2T Migration in VSS mode Step 7 : Verify VSS Switch-1 connectivity
VSS Switch-1 is configured to forward
traffic while we disconnect Dist-1 and
migrate to VSS mode
Verify VSS Switch-1 Configuration and
connectivity
1. Enable VSS switch-1 interfaces
2. Very L2 connectivity to access
switches
3. Verify L3 connectivity to core switches
4. After VSS switch-1 connectivity
verification , shutdown Dist-1
interfaces to switch traffic over to VSS.
5. 50 secs, traffic loss is expected during
this step when all flows move from
Dist-1 to VSS-Switch-1
Gig1/1/1 Gig1/1/2
Gig1/1/3
Gig1/1
Gig1/2
Gig1/3
TGig2/1 TGig1/1/21 TGig2/2 TGig1/2/2
Access
Distribution
L3 Core
STP & HSRP
Active
Red Vlan Green Vlan
Dist-1 Dist-2
VSS
100
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Dist - 1 Dist - 2
VSL Link Bundle
T5/4
T5/5
T5/4
T5/5
Port-Channel 1 Port-Channel 2
Switch Virtual Domain #100
Convert Sup2T in Dist-1 to run in VSS mode
Supervisor uplink interfaces are utilized to form a VSL link
Case 2 - Conversion to VSS
101
Repeat the same set of Steps from 1 7
Dist- 1 Dist-1(config)#switch virtual domain 100 Domain ID 100 config will take effect only
after the exec command 'switch convert mode virtual' is issued
Dist-1(config-vs-domain)#switch 2
Dist-1(config-vs-domain)#mac-address use-virtual
Dist-1(config)#udld enable
Dist-1(config-red)#int po 1
Dist-1(config-if)#switch virtual link 1
WARNING: Interface Port-channel1 placed in restricted config
mode. All extraneous configs removed!
WARNING: Interface TenGigabitEthernet5/4 placed in restricted
config mode. All extraneous configs removed!
WARNING: Interface TenGigabitEthernet5/5 placed in restricted
config mode. All extraneous configs removed!
Dist-1(config)#int range tenGigabitEthernet 5/4 5
Dist-1(config-if-range)#shutdown
Dist-1(config-if-range)#channel-group 1 mode on
Dist-1# show switch virtual
Switch Mode : Standalone
Not in Virtual Switch mode due to:
Domain ID is configured but invalid SWITCH_NUMBER 0 setting.
This implies an incomplete or failed Virtual Switch
conversion process.
Configure Switch Virtual Domain
Case 2 - Conversion to VSS
102
Configure Switch id
Configure virtual mac address
Enable udld
Configure VSL port-channel
Assign the Sup2T uplinks to VSL port-channel
Verify that the switch is still working in standalone mode
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Case 2 Sup 2T Migration in VSS mode Step- 8 Sup 2T VSS Migration Completion
103
Do a no shut on VSL link between Switch1-VSS (Dist-2) and Switch-2 VSS (Dist-1), Switch2-VSS switch will
reload and resume the STANDBY role
Dist-1(config)#interface po 2
Dist-1(config-if)#no shut
*Apr 20 05:22:26.587: %VSLP-SW2-5-RRP_MSG: Use 'redundancy reload shelf'
to bring this switch to its preferred STANDBY role
*Apr 20 05:22:26.587: %DUAL_ACTIVE-SW2-1-RECOVERY: Dual-active condition
detected: Starting recovery-mode, all non-VSL and non-excluded
interfaces have been shut down
Dist-1(recovery-mode)#redundancy reload shelf
System configuration has been modified. Save? [yes/no]: yes
Building configuration
[OK]
Reload this shelf [confirm]
Preparing to reload this shelf
*Apr 20 05:23:42.083: %RF-SW2-5-RF_RELOAD: Shelf reload. Reason: Admin
reload CLI
*Apr 20 05:23:42.083: %VSLP-SW2-3-VSLP_LMP_FAIL_REASON: Te2/5/4:
Disabled by Admin self reload
*Apr 20 05:23:42.083: %VSLP-SW2-3-VSLP_LMP_FAIL_REASON: Te2/5/5:
Disabled by Admin self reload
*Apr 20 05:23:42.087: %VSLP-SW2-2-VSL_DOWN: All VSL links went down
while switch is in ACTIVE role
after the Dist-1 comes back up, do a no shut on MEC port
channels to load balance the
traffic over to remaining
channel members
no shut on VSL port channel 1 and port channel 2 on both
VSS switches
Both VSS switches will detect this change using VSL control
messages
Switch-1 is already working in VSS as ACTIVE switch, use
redundancy reload shelf
command to bring the Dist-1
in preferred STANDBY state
2013 Cisco and/or its affiliates. All rights reserved. BRKDCT-2309 Cisco Public
Case 2 Sup 2T Migration Completion in VSS mode
104
Supervisor 2T Migration is completed in VSS mode , at this point both switches are active
and traffic will be load-balanced on all MEC member interfaces
Access
Distribution
L3 Core
VSS
2013 Cisco and/or its affiliates. All rights reserved.
Top Related