Upload
shubham-tiwari
View
458
Download
2
Embed Size (px)
Citation preview
© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID 1
Virtual Switching System (VSS) on the Catalyst 6500
March 2008
Lila RousseauxConsulting Systems [email protected]
CCIE #6899
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
Virtual Switching Architecture
Etherchannel Concepts
Integrated Services Routers
Introduction to VSS
Agenda
Hardware Requirements
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
Current Network ChallengesEnterprise Campus
Traditional Enterprise Campus deployments have been designed in such a way that allows for scalability, differentiated services and high availability. However they also face many challenges, some of which are listed in the below diagram…
Access
L2/L3 Distribution
L3 Core
FHRP, STP, Asymmetric routing,Policy Management
Extensive routing topology, Routing reconvergence
Single active uplink per VLAN (PVST), L2 reconvergence
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
Current Network ChallengesData Center
Traditional Data Center designs are requiring ever increasing Layer 2 adjacencies between Server nodes due to prevalence of Virtualization technology. However, they are pushing the limits of Layer 2 networks, placing more burden on loop-detection protocols such as Spanning Tree…
L2/L3 Core
L2 Distribution
L2 Access
Dual-Homed Servers to single switch, Single active uplink per VLAN (PVST), L2 reconvergence
Single active uplink per VLAN (PVST), L2 reconvergence, excessive BPDUs
FHRP, HSRP, VRRPSpanning TreePolicy Management
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
Virtual Switching SystemIntroduction
Virtual Switching System is a new technology break through for the Catalyst 6500 family…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
Virtual Switching SystemEnterprise Campus
A Virtual Switch-enabled Enterprise Campus network takes on multiple benefits including simplified management & administration, facilitating greater high availability, while maintaining a flexible and scalable architecture…
Access
L2/L3 Distribution
L3 Core
No FHRPsNo Looped topologyPolicy Management
Reduced routing neighbors, Minimal L3 reconvergence
Multiple active uplinks per VLAN, No STP convergence
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
Virtual Switching SystemData Center
A Virtual Switch-enabled Data Center allows for maximum scalability so bandwidth can be added when required, but still providing a larger Layer 2 hierarchical architecture free of reliance on Spanning Tree…
L2/L3 Core
L2 Distribution
L2 Access
Dual-Homed Servers, Single active uplink per VLAN (PVST), Fast L2 convergence
Dual Active Uplinks, Fast L2 convergence, minimized L2 Control Plane, Scalable
Single router node, Fast L2 convergence, Scalable architecture
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
Virtual Switching SystemWhat is a VSS?
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
Virtual Switching SystemControl Plane
While the Data Planes in both switches are active, only one switch has an active control plane - hence there is only one management point from which to manage the Virtual Switching System…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
Virtual Switching SystemData Plane
The Data Planes in both switches are active - hence each has a full copy of the forwarding tables and Security/QOS policies in hardware such that each can make a fully informed local forwarding decision…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
Virtual Switching SystemVirtual Switch Link
The Virtual Switch Link is a special link joining each physical switch together - it extends the out of band channel allowing the active control plane to manage the hardware in the second chassis…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
Virtual Switching SystemMulti Chassis Etherchannel
Virtual Switching System introduces new connectivity options such as Multichassis EtherChannel…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
Virtual Switching SystemInter Chassis NSF/SSO
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
Virtual Switching Architecture
Etherchannel Concepts
Integrated Services Routers
Introduction to VSS
Agenda
Hardware Requirements
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
Virtual Switch ArchitectureVirtual Switch Link
The Virtual Switch Link is a special link joining each physical switch together - it extends the out of band channel allowing the active control plane to manage the hardware in the second chassis…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
Virtual Switch ArchitectureVSL Initialization
Before the Virtual Switch domain can become active, the Virtual Switch Link (VSL) must be brought online to determine Active and Standby roles. The initialization process essentially consists of 3 steps:
Role Resolution Protocol (RRP) used to determine compatible Hardware and Software versions to form the VSL as well as determine which switch becomes Active and Hot Standby from a control plane perspective
Role Resolution Protocol (RRP) used to determine compatible Hardware and Software versions to form the VSL as well as determine which switch becomes Active and Hot Standby from a control plane perspective
LMPLMP LMPLMPRRPRRPRRPRRP
Link Management Protocol (LMP) used to track and reject Unidirectional Links, Exchange ChassisID and other information between the 2 switches Link Management Protocol (LMP) used to track and reject Unidirectional Links, Exchange ChassisID and other information between the 2 switches
Link Bringup to determine which ports form the VSLLink Bringup to determine which ports form the VSL1
2
3
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
Virtual Switch ArchitectureLink Bringup
Pre-Parse ConfigSwitch 1
Pre-Parse ConfigSwitch 1
Pre-Parse ConfigSwitch 2
Pre-Parse ConfigSwitch 2
Each member of the Virtual Switch domain must determine which links are candidate for VSL very early on in the bootup cycle. The Switch Processor (SP) pre-parses the configuration to determine which links are configured for VSL…
The SP will then bring up the line card/s where the VSL is configured, download the required configuration and initiate Link Management Protocol (LMP)
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
Virtual Switch ArchitectureLink Management Protocol (LMP)
LMP runs on each individual link that is part of the VSL, and is used to program information such as member details, forwarding indices, as well as perform the following checks:
LMPLMP LMPLMP
LMPLMP LMPLMP
Verify neighbor is Bi-DirectionalEnsure the member is connected to another Virtual SwitchTransmit and receive keepalives to maintain health of the member and the VSL
123
After successful LMP negotiation, a Peer Group (PG) is formed which is a collection of all VSL members that connects to the same VS. For each PG, a Peer Group Control Link (PGCL) is elected to carry further control information…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
Virtual Switch ArchitectureRole Resolution Protocol (RRP)
RRP is used to negotiate the role (active or standby) for each chassis:
Determine whether hardware and software versions allow a Virtual Switch to formDetermine which chassis will become Active and Hot Standby from a control plane perspective
12
RRPRRP RRPRRP
RRPRRP RRPRRPVSL
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
Virtual Switch ArchitectureVSL Configuration Consistency Check
After the roles have been resolved through RRP, a Configuration Consistency Check is performed across the VSL switches to ensure proper VSL operation. The following items are checked for consistency:
Switch Virtual Domain IDSwitch Virtual Domain ID
Switch Virtual Node TypeSwitch Virtual Node Type
Switch PrioritySwitch Priority
Switch PreemptSwitch Preempt
VSL Port Channel Link IDVSL Port Channel Link ID
VSL Port state, interfaces…VSL Port state, interfaces…
Power Redundancy modePower Redundancy mode
Power Enable on VSL cardsPower Enable on VSL cards
Note that if configurations do not match, the standby switch will revert to RPR mode, disabling all non-VSL interfaces…
Note that if configurations do not match, the standby switch will revert to RPR mode, disabling all non-VSL interfaces…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
Virtual Switch ArchitectureVSLP Ping
A new Ping mechanism has been implemented in VSS mode to allow the user to objectively verify the health of the VSL itself. This is implemented as a VSLP Ping…
VSL
Switch 1 Switch 2VSLPVSLP VSLPVSLP
VSLPVSLP VSLPVSLP
vss#ping vslp output interface tenGigabitEthernet 1/5/4
Type escape sequence to abort.Sending 5, 100-byte VSLP ping to peer-sup via output port 1/5/4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 msvss#
vss#ping vslp output interface tenGigabitEthernet 1/5/4
Type escape sequence to abort.Sending 5, 100-byte VSLP ping to peer-sup via output port 1/5/4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 msvss#
The VSLP Ping operates on a per-physical interface basis and parameters such as COUNT, DESTINATION, SIZE, TIMEOUT may also be specified…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
Virtual Switch ArchitectureForwarding Operation
In Virtual Switch Mode, while only one Control plane is active, both Data Planes (Switch Fabric’s) are active, and as such, each can actively participate in the forwarding of data …
Virtual Switch Domain
Switch 1 - Control Plane Active Switch 2 - Control Plane Hot Standby
Virtual Switch Domain
Switch 1 - Data Plane Active Switch 2 - Data Plane Active
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
Virtual Switch ArchitectureVirtual Switch Domain
A Virtual Switch Domain ID is allocated during the conversion process and represents the logical grouping the 2 physical chassis within a VSS. It is possible to have multiple VS Domains throughout the network…
The configurable values for the domain ID are 1-255. It is always recommended to use a unique VS Domain ID for each VS Domain throughout the network…The configurable values for the domain ID are 1-255. It is always recommended to use a unique VS Domain ID for each VS Domain throughout the network…
VS Domain 10
VS Domain 20 VS Domain 30
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
Virtual Switch ArchitectureRouter MAC Address
In a standalone Catalyst 6500 system, the router MAC address is derived from the Chassis MAC EEPROM and is unique to each Chassis. In a Virtual Switch System, since there is only a single routing entity now, there is also only ONE single router MAC address…
Router MAC = 000f.f8aa.9c00Router MAC = 000f.f8aa.9c00
The MAC address allocated to the Virtual Switch System is derived from the MAC EEPROM of the Active Virtual Switch upon initial system bring up. Regardless of either switch being brought down or up, the same MAC address will be retained such that neighboring network nodes and hosts do not need to re-ARP for a new address.
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
Virtual Switching Architecture
Etherchannel Concepts
Integrated Services Routers
Introduction to VSS
Agenda
Hardware Requirements
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
Etherchannel ConceptsAn Etherchannel combines multiple physical links into a single logical link. Ideal for load sharing or link redundancy – can be used by both layer 2 and Layer 3 subsystems…
Physical ViewMultiple ports are defined as being
part of an Etherchannel
group
Logical ViewSubsystems running
on the switch only see one logical link
An Etherchannel can be defined on Ethernet, Fast Ethernet, Gigabit Ethernet or 10 Gigabit Ethernet Ports
An Etherchannel can be defined on Ethernet, Fast Ethernet, Gigabit Ethernet or 10 Gigabit Ethernet Ports
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
The distribution of traffic across the members of the Etherchannel done through different hash schemes. With the PFC3C running 12.2(33)SXH software, there are 13 possible different hash schemes to choose from:
Etherchannel ConceptsTraffic Distribution and Hashing
Selection of the hash scheme of choice is largely dependent on the traffic mix through the EtherChannelThe hash scheme may only be selected on a global basis.
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
Etherchannel ConceptsMultichassis EtherChannel (MEC)
Prior to VS, Etherchannels were restricted to reside within the same physical switch. In a Virtual Switch environment, Etherchannels can now also be extended across the 2 physical chassis…As a result, MECs allows for new network designs to be implemented where true layer 2 Multi-pathing can be implemented without the reliance on protocols such as Spanning Tree.
Regular Etherchannel on single chassis Multichassis EtherChannel across 2 VSL-enabled Chassis
Virtual Switch Virtual Switch
Both LACP and PAGP Etherchannel protocols and Manual ON modes are
supported…
Both LACP and PAGP Etherchannel protocols and Manual ON modes are
supported…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
Etherchannel ConceptsMultichassis EtherChannel
Support for Etherchannel management is performed by the Control plane on the Active Switch in the Virtual Switch Domain…
Standby Control Plane
Active Control Plane
• MEC links on both the switches in the VS domain are managed by PAgP or LACP running on the Active Switch via internal control messages.
• PAgP or LACP packets destined to a MEC link on the standby core will be sent across VSL
• MEC links on both the switches in the VS domain are managed by PAgP or LACP running on the Active Switch via internal control messages.
• PAgP or LACP packets destined to a MEC link on the standby core will be sent across VSL
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
Etherchannel ConceptsEtherchannel Hash for MEC
Deciding on which link of a Multi-chassis Etherchannel to use in a Virtual Switch is skewed in favor towards local links in the bundle - this is done to avoid overloading the Virtual Switch Link (VSL) with unnecessary traffic loads…
Link A1 Link B2
Blue Traffic destined for the Server will result in Link A1 in the MEC link bundle being chosen as the destination path…
Orange Traffic destined for the Server will result in Link B2 in the MEC link bundle being chosen as the destination path…
Server
Switch 1 Switch 2
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
Etherchannel ConceptsEtherchannel Hash for MEC
The Result Bundle Hash (RBH) values are reprogrammed for each core to reflect only the local links that are in the Etherchannel bundle…
Virtual SwitchSwitch 1 Switch 2
RBH (No MEC)8 Link Bundle Example
RBH (No MEC)8 Link Bundle Example
RBH (for MEC)8 Link Bundle Example
RBH (for MEC)8 Link Bundle Example
Bit 7Bit 7 Link 1Link 1Bit 6Bit 6 Link 2Link 2Bit 5Bit 5 Link 3Link 3Bit 4Bit 4 Link 4Link 4Bit 3Bit 3 Link 5Link 5Bit 2Bit 2 Link 6Link 6Bit 1Bit 1 Link 7Link 7Bit 0Bit 0 Link 8Link 8
Bit 7Bit 7 Link 1Link 1Bit 6Bit 6 Link 1Link 1Bit 5Bit 5 Link 2Link 2Bit 4Bit 4 Link 2Link 2Bit 3Bit 3 Link 3Link 3Bit 2Bit 2 Link 3Link 3Bit 1Bit 1 Link 4Link 4Bit 0Bit 0 Link 4Link 4
1 2 3 4 5 6 7 8
MEC
Access-SWA
Access-SWB
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
Etherchannel ConceptsEtherchannel Hash Distribution Enhancement
A new hash distribution algorithm has been introduced with the 12.2(33)SXH release which allows for members of a port channel to be added or removed without the requirement for all traffic on the existing members to be temporarily dropped…
RBH (for MEC)2 Link Bundle Example
RBH (for MEC)2 Link Bundle Example
RBH (for MEC)3 Link Bundle Example
RBH (for MEC)3 Link Bundle Example
Flow 1Flow 1 Flow 2Flow 2Flow 4Flow 4 Flow 5Flow 5Flow 7Flow 7 Flow 8Flow 8
Flow 3Flow 3Flow 6Flow 6
The existing hash distribution algorithm requires 100% of flows to be temporarily dropped such that duplicate frames are not sent into the network for the duration of time it takes to reprogram the port ASICs with the new member information…
Link 1Link 1 Link 2Link 2
Flow 1Flow 1 Flow 2Flow 2Flow 3Flow 3 Flow 4Flow 4Flow 5Flow 5 Flow 6Flow 6Flow 7Flow 7 Flow 8Flow 8
Link 1Link 1 Link 2Link 2 Link 3Link 3
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 33
Etherchannel ConceptsEtherchannel Hash Distribution Enhancement
Now, when ports are added or removed from an EtherChannel, the load result does not need to be reset on existing member ports, resulting in better recovery times of traffic.Hence it does not affect 100% of the traffic in an Etherchannel. Example below: only Flow 7 and 8 are affected by the addition of an extra link to the Channel
RBH (for MEC)2 Link Bundle Example
RBH (for MEC)2 Link Bundle Example
RBH (for MEC)3 Link Bundle Example
RBH (for MEC)3 Link Bundle Example
Flow 1Flow 1 Flow 2Flow 2Flow 3Flow 3 Flow 4Flow 4Flow 5Flow 5 Flow 6Flow 6
Flow 7Flow 7Flow 8Flow 8
Link 1Link 1 Link 2Link 2
Flow 1Flow 1 Flow 2Flow 2Flow 3Flow 3 Flow 4Flow 4Flow 5Flow 5 Flow 6Flow 6Flow 7Flow 7 Flow 8Flow 8
Link 1Link 1 Link 2Link 2 Link 3Link 3
vss#conf tEnter configuration commands, one per line. End with CNTL/Z.vss(config)#port-channel hash-distribution adaptivevss(config)# ^Zvss#
vss#conf tEnter configuration commands, one per line. End with CNTL/Z.vss(config)#port-channel hash-distribution adaptivevss(config)# ^Zvss#
Although this new load-distribution algorithm requires configuration for regular EtherChanneland Multi-Chassis EtherChannel (MEC) interfaces, it will be the default load-distribution algorithm used on the VSLs
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 34
Etherchannel ConceptsDetermination of Hash Result
vss#sh etherchannel load-balance hash-result interface port-channel 120 ip 192.168.220.10 192.168.10.10
Computed RBH: 0x4Would select Gi1/2/1 of Po120
vss#sh etherchannel load-balance hash-result interface port-channel 120 ip 192.168.220.10 192.168.10.10
Computed RBH: 0x4Would select Gi1/2/1 of Po120
A command can be invoked to allow users to determine which physical link a given flow of traffic will leverage within a port channel group. The user will need to provide inputs to the command and the hashing algorithm will compute the physical link that will be selected for the traffic mix and algorithm.
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 35
Virtual Switching SystemDeployment Considerations
VSS will incorporate some deployment considerations as best practice…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36
Virtual Switching Architecture
Etherchannel Concepts
Integrated Services Routers
Introduction to VSS
Agenda
Hardware Requirements
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 37
Virtual Switching SystemVSL Hardware Considerations
The Virtual Switch Link requires special hardware as noted below…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 38
Virtual Switching SystemOther Hardware Considerations
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 39
Virtual Switching SystemSoftware Considerations
Along with the hardware considerations, Virtual Switching System also has some software considerations…
12.2(33)SXH1 is the first version that supports VSS
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 40
Hardware RequirementsDistributed Forwarding Cards
Distributed Forwarding Cards (DFCs) improve the performance of the Catalyst 6500 by offloading thelookup processing from the PFC to the ingress linecard. Only DFC3C or DFC3CXL is supported in a Virtual Switch domain. If DFCs are not used on CEF720 modules, a Centralized Forwarding Card (CFC) must be installed in its place…
Note that if a lower revision DFC (3A, 3B or 3BXL) is used in a VSL domain, the system will fall to a lowest common
denominator mode which will not allow support for VSL…
Note that if a lower revision DFC (3A, 3B or 3BXL) is used in a VSL domain, the system will fall to a lowest common
denominator mode which will not allow support for VSL…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41
Catalyst 6500 SupervisorsPFC3A vs. PFC3B vs. PFC3C
No4KYesYesYes
500K64K (32K)
256K (230K)1M1M
12.2(17d)SXB1
Sup720PFC3B-XL
Yes4KYesYesYes
128K96K(80K)
128K (115K)1M
256K12.2(33)SXH
Sup720-10GbEPFC3C
Yes4KYesYesYes
500K96(80K)
256K(230K)1M1M
12.2(33)SXH 12.2(33)SXH
Sup720-10GbE
PFC3C-XL
12.2(17)SXB / 12.2(18)SXF12.2(17)SXBSW
Sup720 / Sup32Sup720Supervisor
No512NoNoNo
128K64K (32K)
128K (64K)1M
256K
PFC3A
NoVSL4KYesYesYes
128K64K (32K)
128K (115K)1M
256K
PFC3B
ACL LabelsACE CountersEoMPLSNative MPLSIPv6 FIB EntriesMAC TableNetFlow TableAdjacency TableFIB TCAM
Sup/Feature
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet09186a0080159856_ps4835_Products_Data_Sheet.htmlhttp://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9336/product_data_sheet0900aecd806ed759.html
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42
Virtual Switching Architecture
Etherchannel Concepts
Integrated Services Routers
Introduction to VSS
Agenda
Hardware Requirements
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43
Conversion ProcessConversion to VSS
The conversion process requires configuration of both switches that will form part of the Virtual Switch Domain and requires a reboot on the part of both switches during the conversion…
It is recommended to have the interfaces forming the VSL be connected prior to the conversion process as it will minimize the number of times the chassis will be reloaded. It is also recommended to begin the conversion process using a default configuration as the conversion process will remove any previous configuration that pre-exists on the standalone chassis.
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 44
Conversion ProcessConversion to VSS
For the purposes of this explanation - let’s assume the following setup is required…
Switch - 1 Switch - 2
VSL Link Bundle T5/4
T5/5
T5/4
T5/5
Port-Channel 1 Port-Channel 2
Switch Virtual Domain #10
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 45
Conversion ProcessStep 1: Configure Virtual Switch ID and Domain
On the two switches, configure the same VS Domain number (in this case it is 10), but unique Switch IDs
Switch - 1 Switch - 2
Router(config)#host VSSVSS(config)#switch virtual domain 10
Domain ID 10 config will take effect onlyafter the exec command 'switch convert mode virtual' is issued
VSS(config-vs-domain)#switch 1VSS(config-vs-domain)#exit
Router(config)#host VSSVSS(config)#switch virtual domain 10
Domain ID 10 config will take effect onlyafter the exec command 'switch convert mode virtual' is issued
VSS(config-vs-domain)#switch 2VSS(config-vs-domain)#exit
Note: The Domain ID is retained in the configuration, but the Switch ID is not – this is stored as a variable in ROMMON. To see this value:
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 46
Conversion ProcessStep 2: VSL Configuration – Configure the VSL Port Channel and member portsChoose unique Port Channel IDs for each chassis to form the VSL and configure them with the corresponding Switch IDAdd the ports on each switch to the port channel that corresponds to the respective side of the VSL
Switch - 1 Switch - 2
VSS(config)#interface port-channel 1! Associates Switch 1 as owner of port channel 1VSS(config-if)#switch virtual link 1
VSS(config-if)#interface range tenG 5/4 - 5! Adds this interface to channel group 1VSS(config-if-range)#channel-group 1 mode on
VSS(config-if)#interface port-channel 2! Associates Switch 2 as owner of port channel 2VSS(config-if)#switch virtual link 2
VSS(config-if)#interface range tenG 5/4 - 5! Adds this interface to channel group 2VSS(config-if-range)#channel-group 2 mode on
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 47
Conversion ProcessStep 3: Convert to Virtual Switch Mode
Convert both switches to Virtual Switch mode using the following exec command:
Switch - 1 Switch - 2
vss#switch convert mode virtual
This command will convert all interface names to naming convention "interface-type switch-number/slot/port", save the running config to startup-config and reload the switch.Do you want to proceed? [yes/no]: yesConverting interface namesBuilding configuration...[OK]Saving converted configuration to bootflash: ...Destination filename [startup-config.converted_vs-20071031-150039]?
AT THIS POINT THE SWITCH WILL REBOOT
vss#switch convert mode virtual
This command will convert all interface namesto naming convention "interface-type switch-number/slot/port", save the running config to startup-config and reload the switch.Do you want to proceed? [yes/no]: yesConverting interface namesBuilding configuration...[OK]Saving converted configuration to bootflash: ...Destination filename [startup-config.converted_vs-20071031-150018]?
AT THIS POINT THE SWITCH WILL REBOOT
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 48
Conversion ProcessWhen the two switches are brought online, they will proceed with VSL initialization and bring up their respective VSL ports. The two switches communicate with each other and determine Active and Standby role.
Switch - 1 Switch - 2
SWITCH CONSOLE OUTPUT
<…snip…>System detected Virtual Switch configuration...Interface TenGigabitEthernet 1/5/4 is member
of PortChannel 1 Interface TenGigabitEthernet 1/5/5 is member
of PortChannel 1
<…snip…>00:00:26: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switchInitializing as Virtual Switch ACTIVE processor
<…snip…>00:01:19: %VSLP-5-RRP_ROLE_RESOLVED: Role resolved as ACTIVE by VSLP00:01:19: %VSL-5-VSL_CNTRL_LINK: New VSL Control Link 5/4
SWITCH CONSOLE OUTPUT
<…snip…>System detected Virtual Switch configuration...Interface TenGigabitEthernet 2/5/4 is member
of PortChannel 2 Interface TenGigabitEthernet 2/5/5 is member
of PortChannel 2
<…snip…>00:00:26: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switchInitializing as Virtual Switch STANDBY processor
<…snip…>00:01:02: %VSLP-5-RRP_ROLE_RESOLVED: Role resolved as STANDBY by VSLP00:01:02: %VSL-5-VSL_CNTRL_LINK: New VSL Control Link 5/4
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 49
Conversion ProcessStep 4: Finalize Virtual Switch Configuration
This command will get the VSL related commands from the Standby Switch and update the startup-configuration with the new merged configurationsNote that only VSL-related configurations are merged with this step – all other configuration will be lost and requires manual intervention.This step is only applicable for a first-time conversion.
Switch - 1SWITCH CONSOLE OUTPUT
<…snip…>vss-demo#switch accept mode virtual
This command will populate the above VSL configuration from the standby switch into the running configuration.The startup configuration will also be updated with the new merged configuration if merging is successful.Do you want to proceed? [yes/no]: yesMerging the standby VSL configuration...
Building configuration...
00:11:33: %PFINIT-SW1_SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. [OK]
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 50
Conversion ProcessConversion to VSS
Configuration for the conversion takes the following path…
Switch - 1 Switch - 2
vss#sh switch virtualSwitch mode : Virtual SwitchVirtual switch domain number : 10Local switch number : 1Local switch operational role: Virtual Switch ActivePeer switch number : 2Peer switch operational role : Virtual Switch Standbyvss-demo#
vss-sdby>enStandby console disabled
vss-sdby>
Both switches are now converted with Switch 1 as the Master (Active) and Switch 2 as the Standby
Switch 2 console is now disabled for normal console activity…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 51
Conversion ProcessBoot-up Priority
Normal operation is for first switch to boot to assume VS Active role - this behavior can be changed allowing a pre defined switch to assume Active role by specifying a priority (higher priority uses a higher number)…
VSS#sh switch virtual role
Switch Switch Status Preempt Priority Role Session IDNumber Oper(Conf) Oper(Conf) Local Remote
------------------------------------------------------------------LOCAL 1 UP FALSE(N) 110(110) ACTIVE 0 0 REMOTE 2 UP FALSE(N) 100(100) STANDBY 9114 1391
VSS#sh switch virtual role
Switch Switch Status Preempt Priority Role Session IDNumber Oper(Conf) Oper(Conf) Local Remote
------------------------------------------------------------------LOCAL 1 UP FALSE(N) 110(110) ACTIVE 0 0 REMOTE 2 UP FALSE(N) 100(100) STANDBY 9114 1391
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 52
Switch PreemptionOnce the active and standby roles have been determined, they cannot be changed without manual interventionIf we need to always prefer a particular physical switch to assume the Virtual Switch Active role, then we can leverage the Switch Preemption feature.Please Note: Use this feature with caution since preemption is not advisable in most designs. The SSO behavior requires that in order for switch 1 to become active switch 2 will have to reboot to come up in standby mode. So unlike HSRP pre-emption where we have reasons to pre-empt and we have very little impact to active traffic flows in the VSS case there is no reason to move the active role (and we do suffer from a full reboot of one of the two switches
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 53
Virtual Switching Architecture
Etherchannel Concepts
Integrated Services Routers
Introduction to VSS
Agenda
Hardware Requirements
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 54
Operational ManagementVirtual Switch CLI
Multiple console interfaces exist within a Virtual Switch Domain, but only the active RP/SP consoles are enabled for command interaction…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 55
Operational ManagementReloading the VSS and reloading a member
The command “reload” will reload entire Virtual Switch System (both chassis)To reload each chassis individually we need to specify the Switch ID
vss#reloadWarning: This command will reload the entire Virtual Switching System (Active and Standby Switch).Proceed with reload? [confirm]
1d04h: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
****** --- SHUTDOWN NOW ---***
1d04h: %SYS-SP-5-RELOAD: Reload requestedSystem Bootstrap, Version 8.5(1)Copyright (c) 1994-2006 by cisco Systems, Inc.Cat6k-Sup720/SP processor with 1048576 Kbytes of main memory<…snip…>
vss#reloadWarning: This command will reload the entire Virtual Switching System (Active and Standby Switch).Proceed with reload? [confirm]
1d04h: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
****** --- SHUTDOWN NOW ---***
1d04h: %SYS-SP-5-RELOAD: Reload requestedSystem Bootstrap, Version 8.5(1)Copyright (c) 1994-2006 by cisco Systems, Inc.Cat6k-Sup720/SP processor with 1048576 Kbytes of main memory<…snip…>
vss#redundancy reload shelf ?<1-2> shelf id<cr>
vss#redundancy reload shelf 2Reload the entire remote shelf[confirm]Preparing to reload remote shelf
vss#
vss#redundancy reload shelf ?<1-2> shelf id<cr>
vss#redundancy reload shelf 2Reload the entire remote shelf[confirm]Preparing to reload remote shelf
vss#
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 56
Operational ManagementSetting the System-wide PFC Mode
• Only PFC/DFC 3C/CXL are supported in a VSS. • It is possible to mix modules in a 3C and 3CXL system: the system will take the lowest
common denominator as the system-wide PFC mode. • In a VSL environment is basically the mode negotiation happens even before the modules
are brought up• A new CLI has been implemented to allow the user to pre-configure the system mode to
prevent modules from not powering up…
vs-vsl#conf tEnter configuration commands, one per line. End with CNTL/Z.vs-vsl(config)#platform hardware vsl pfc mode pfc3cvs-vsl(config)#^Zvs-vsl#
vs-vsl#conf tEnter configuration commands, one per line. End with CNTL/Z.vs-vsl(config)#platform hardware vsl pfc mode pfc3cvs-vsl(config)#^Zvs-vsl#
vs-vsl#sh platform hardware pfc modePFC operating mode : PFC3CConfigured PFC operating mode : PFC3Cvs-vsl#
vs-vsl#sh platform hardware pfc modePFC operating mode : PFC3CConfigured PFC operating mode : PFC3Cvs-vsl#
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 57
Operational Management SNMP Support for VSS
The SNMP process for a VSS necessitates support for “Put’s” and “Get’s” across 2 physical chassis, changes to existing MIB’s and support for a new MIB…
Virtual Switch Domain
Switch 1 - Active Switch 2 - Standby
SNMP Process Active SNMP Process Inactive
SNMP Server
SNMP Get’sSNMP Put’s
SNMP Modified MIB’s
SNMP Modified MIB’s
SNMP New MIB’sSNMP New MIB’s
CISCO-VIRTUAL-SWITCH-MIB has been defined to support SNMP access to the Virtual Switch Configuration - the following MIB variables are accessible to an SNMP manager…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 58
Operational ManagementSlot/Port Numbering
After conversion, port definitions for switches within the Virtual Switch Domain inherit the Chassis ID as part of their naming convention…
Router#show ip interface briefInterface IP-Address OK? Method Status ProtocolVlan1 unassigned YES NVRAM up up Port-channel1 unassigned YES NVRAM up up Te1/1/1 10.1.1.1 YES unset up up Te1/1/2 192.168.1.2 YES unset up up Te1/1/3 unassigned YES unset up up Te1/1/4 unassigned YES unset up up GigabitEthernet1/2/1 10.10.10.1 YES unset up up GigabitEthernet1/2/2 10.10.11.1 YES unset up up <snip>
Router#show ip interface briefInterface IP-Address OK? Method Status ProtocolVlan1 unassigned YES NVRAM up up Port-channel1 unassigned YES NVRAM up up Te1/1/1 10.1.1.1 YES unset up up Te1/1/2 192.168.1.2 YES unset up up Te1/1/3 unassigned YES unset up up Te1/1/4 unassigned YES unset up up GigabitEthernet1/2/1 10.10.10.1 YES unset up up GigabitEthernet1/2/2 10.10.11.1 YES unset up up <snip>
PORT NUMBERING: <CHASSIS-ID><SLOT-NUMBER><PORT-NUMBER>PORT NUMBERING: <CHASSIS-ID><SLOT-NUMBER><PORT-NUMBER>
Chassis-ID WILL ALWAYS be either a “1” or a “2”
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 59
After the conversion to a Virtual Switch, some of the File System naming conventions have changed to accommodate the new setup - an example of the new setup is shown below…
Active Supervisor - Slot 5 Hot Standby Supervisor - Slot 5
Virtual Switch Domain
e.g.OLD: disk0:NEW: sw1-slot5-disk0:
Switch 1 Switch 2
e.g.OLD: slavedisk0:NEW: sw2-slot5-disk0:
SW<NUMBER>SLOT<NUMBER>FILESYSTEMSW<NUMBER>SLOT<NUMBER>FILESYSTEM
AN EXAMPLE
Operational ManagementFile System Naming
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 60
The Filesystems in a VSS environment are completely managed from the Active Switch’s console. All filesystem activities take place at single centralized location…
vs-vsl#dir sw1-slot5-sup-bootdisk:Directory of sup-bootdisk:/
1 -rwx 33554496 Jan 10 2007 14:53:16 +00:00 sea_log.dat2 -rwx 150198412 Feb 7 2007 17:28:56 +00:00 s72033-adventerprisek9_wan_dbg-vz.0124_all
vs-vsl#dir sw1-slot5-sup-bootdisk:Directory of sup-bootdisk:/
1 -rwx 33554496 Jan 10 2007 14:53:16 +00:00 sea_log.dat2 -rwx 150198412 Feb 7 2007 17:28:56 +00:00 s72033-adventerprisek9_wan_dbg-vz.0124_all
vs-vsl#dir sw2-slot5-sup-bootdisk:Directory of slavesup-bootdisk:/
1 -rwx 33554464 Feb 9 2007 16:39:02 +00:00 sea_log.dat2 -rwx 150678668 Feb 9 2007 16:45:14 +00:00 s72033-adventerprisek9_wan_dbg-vz.cef
vs-vsl#dir sw2-slot5-sup-bootdisk:Directory of slavesup-bootdisk:/
1 -rwx 33554464 Feb 9 2007 16:39:02 +00:00 sea_log.dat2 -rwx 150678668 Feb 9 2007 16:45:14 +00:00 s72033-adventerprisek9_wan_dbg-vz.cef
Operational ManagementFile System Naming
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 61
Some filenames have remained the same - others have changed - some examples of file system names in a Virtual Switch include the following…
VIRTUAL SWITCHVIRTUAL SWITCH
sw<number_1>slot<number>disk0:sw<number_1>slot<number>disk0:
PREVIOUSPREVIOUS
disk0:disk0:
sw<number_1>slot<number>bootflash:sw<number_1>slot<number>bootflash:bootflash:bootflash:
sw<number_1>slot<number>sup-bootdisk:sw<number_1>slot<number>sup-bootdisk:sup-bootdisk:sup-bootdisk:
sw<number_1>slot<number>nvram:sw<number_1>slot<number>nvram:nvram:nvram:
sw<number_2>slot<number>disk0:sw<number_2>slot<number>disk0:slavedisk0:slavedisk0:
sw<number_2>slot<number>bootflash:sw<number_2>slot<number>bootflash:slavebootflash:slavebootflash:
sw<number_2>slot<number>sup-bootdisk:sw<number_2>slot<number>sup-bootdisk:slavesup-bootdisk:slavesup-bootdisk:
sw<number_2>slot<number>nvram:sw<number_2>slot<number>nvram:slavenvram:slavenvram:
Operational ManagementFile System Naming
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 62
Operational ManagementNetflow
In a Virtual Switch, with both Data Planes active, Netflow data collection is performed on each Supervisor’s PFC - while Netflow export is only performed by the Control Plane on the VS Active …
Virtual Switch Domain
VS State : ActiveControl Plane: ActiveData Plane: ActiveNetflow Collection: ActiveNetflow Export: Active
VS State : StandbyControl Plane: StandbyData Plane: ActiveNetflow Collection: ActiveNetflow Export: In-Active
VSL
Netflow operation in a Virtual Switch is similar to the way in which Netflow operates in a single chassis with Distributed Forwarding Card’s (DFC) present…
Switch 1 Supervisor Switch 2 Supervisor
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 63
Operational ManagementNetflow Export
The Virtual Switch Link will be used as the transit path to allow the standby Sup to forward Netflow data to the active Supervisor for Netflow export - the VS Link should be dimensioned to accommodate the expected Netflow export load…
Virtual Switch Domain
VS State : ActiveNetflow Collection: ActiveNetflow Export: Active
VS State : StandbyNetflow Collection: ActiveNetflow Export: In-Active
VSL
NetflowData
NetflowData
NetflowExport
Netflow Collector
Switch 1 Supervisor Switch 2 Supervisor
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 65
IOS Image Upgrade
SW1-Slot5 SW2-Slot5
Switch 1 Switch 2
Full image upgrade process using Fast Software Upgrade (FSU): similar to that of two supervisor engines within a standalone chassis today
NAMENAME CONTROL PLANECONTROL PLANE FABRIC STATEFABRIC STATE
SW1-SLOT5SW1-SLOT5 ActiveActive ActiveActive
SW2-SLOT5SW2-SLOT5 Hot StandbyHot Standby ActiveActive
REDUNDANCYREDUNDANCY
--
SSOSSO
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 66
IOS Image UpgradeManually copy the new image or filesystem onto the appropriate flash device of each supervisor. No impact to forwarding. 1
SW1-Slot5 SW2-Slot5
Switch 1 Switch 2
NAMENAME CONTROL PLANECONTROL PLANE FABRIC STATEFABRIC STATE
SW1-SLOT5SW1-SLOT5 ActiveActive ActiveActive
SW2-SLOT5SW2-SLOT5 Hot StandbyHot Standby ActiveActive
REDUNDANCYREDUNDANCY
--
SSOSSO
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 67
IOS Image Upgrade
1 Commands to copy the new image to the flash file system of both supervisors (Active and Hot Standby)
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 68
IOS Image UpgradeModify boot variables to point to the new image or filesystem and reload Switch 2. Switch 2 should reset and boot into the new image in RPR mode. System bandwidth falls to 50%2
SW1-Slot5 SW2-Slot5
Switch 1 Switch 2
NAMENAME CONTROL PLANECONTROL PLANE FABRIC STATEFABRIC STATE
SW1-SLOT5SW1-SLOT5 ActiveActive ActiveActive
SW2-SLOT5SW2-SLOT5 ColdCold StandbyStandby
REDUNDANCYREDUNDANCY
--
RPRRPR
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 69
IOS Image UpgradeModify the boot variable on Switch 1 (Active VS) to point to the new image or file system and save the configuration – this will synchronize the boot variable to Switch 2 (Standby VS) as well.
2.1
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 70
IOS Image UpgradeSchedule a change window and when possible, reload Switch 2 (Standby VS). 2.2
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 71
<snip>
<snip>
IOS Image UpgradeAfter successful boot up of the Switch 2 (Standby VS), verify the peer relationship between Supervisors are in RPR state (Cold Standby).
2.3
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 72
IOS Image UpgradeSwitch over Active supervisor to Switch 2 when desired. System capacity will drop to 0% temporarily and return to 50% once SW2-Slot5 completely boots up and becomes active. SW1-Slot5 will continue to boot up…
3
SW1-Slot5 SW2-Slot5
Switch 1 Switch 2
NAMENAME CONTROL PLANECONTROL PLANE FABRIC STATEFABRIC STATE
SW1-SLOT5SW1-SLOT5 ColdCold StandbyStandby
SW2-SLOT5SW2-SLOT5 ActiveActive ActiveActive
REDUNDANCYREDUNDANCY
RPRRPR
--
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 73
IOS Image UpgradeWhen possible, perform a supervisor or chassis switchover such that Switch 2 (previous Standby VS) now assumes the Active role whilst Switch 1 (previous Active VS) is reloaded. At this time, a total VSS outage will be expected as Switch 2 transitions from an RPR Cold Standby state to the Active state.
3.1
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 74
IOS Image UpgradeOnce Switch 2 is completely online, it will re-peer with its neighbors and form any applicable relationships and traffic will be forwarded through the VSS again at 50% capacity while Switch 1 continues to boot up with the new image or filesystem.
3.2
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 75
IOS Image UpgradeAfter Switch 1 comes online again, it will return to SSO mode as it will now be running the new version of software and traffic will return to 100% capacity…
4
SW1-Slot5 SW2-Slot5
Switch 1 Switch 2
NAMENAME CONTROL PLANECONTROL PLANE FABRIC STATEFABRIC STATE
SW1-SLOT5SW1-SLOT5 Hot StandbyHot Standby ActiveActive
SW2-SLOT5SW2-SLOT5 ActiveActive ActiveActive
REDUNDANCYREDUNDANCY
SSOSSO
--
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 76
IOS Image UpgradeAfter Switch 1 is completely brought back online and all interfaces are active, it will enter intoNSF/SSO state with Switch 2.
4
<snip>
<snip>
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 77
IOS Image UpgradeThe following graph illustrates the aggregate traffic for the VSL system during the full image upgrade:
1 43.23.12.32.22.1
1] Copy new image in both switches
2.1] Change bootvar in both switches
2.2] Reboot SW2
2.3] SW2 comes back in RPR
3.1] Switchover from SW1 to SW2
3.2] SW2 comes back from the Cold Standby mode
4] SW1 is completely rebooted and comes back in SSO mode
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 78
Virtual Switching Architecture
Etherchannel Concepts
Integrated Services Routers
Introduction to VSS
Agenda
Hardware Requirements
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 79
High AvailabilityRedundancy Schemes
The default redundancy mechanism between the 2 VSS chassis and their associated supervisors is NSF/SSO, allowing state information and configuration to be synchronized. Only in NSF/SSO mode does the Standby supervisor PFC, Switch Fabric, modules and their associated DFCs become active…
VSL
Should a mismatch of information occur between the Active and Standby Chassis, the Standby Chassis will revert to RPR mode, where all the modules will be powered down (except for the VSL ports)
Switch 112.2(33)SXH1Active
Switch 212.2(33)SXH1NSF/SSO
VSL
Switch 112.2(33)SXH1Active
Switch 212.2(33)SXH2RPR
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 80
High AvailabilityDual-Active Detection
In a Virtual Switch Domain, one switch is elected as Active and the other is elected as Standby during bootup by VSLP. Since the VSL is always configured as a Port Channel, the possibility of the entire VSL bundle going down is remote, however it is a possibility…
Virtual Switch Domain
VS State : ActiveControl Plane: ActiveData Plane: Active
VS State : StandbyControl Plane: StandbyData Plane: Active
VSL
Switch 1 Supervisor Switch 2 Supervisor
It is always recommended to deploy the VSL with 2 or more links and distribute those interfaces across multiple modules to ensure the greatest redundancy
It is always recommended to deploy the VSL with 2 or more links and distribute those interfaces across multiple modules to ensure the greatest redundancy
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 81
High AvailabilityDual-Active Detection
If the entire VSL bundle should happen to go down, the Virtual Switch Domain will enter a Dual Active scenario where both switches transition to Active state and share the same network configuration (IP addresses, MAC address, Router IDs, etc…) potentially causing communication problems through the network…
Virtual Switch Domain
VS State : ActiveControl Plane: ActiveData Plane: Active
VS State : ActiveControl Plane: ActiveData Plane: Active
VSL
Switch 1 Supervisor Switch 2 Supervisor
2 mechanisms have been implemented in the initial release to detect and recover from a Dual Active scenario:
Enhanced Port Aggregation Protocol (PAgP+): uses MEC links to communicate between the two chassis
Dual-Active Detection over IP-BFD: uses a backup Ethernet connection.
1
2
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 82
High AvailabilityDual-Active Detection - Enhanced PAgP
PAgP+ adds new TLV (switch ID of the active switch) to remote devices connected via EtherChanneled to the Virtual Switch Domain. During normal operation the Virtual Switches will send the ID of the Active VS to the PAgPneighbor, and it will respond with the same Active ID…
Switch 1 Switch 2
Active: Switch 1 Active: Switch 1
Switch 1 Switch 2
Active: Switch 1 Active: Switch 2
Should the VSL go down, the Standby switch will transition immediately to Active state and start sending PAgP message with the new Active switch ID
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 83
High AvailabilityDual-Active Detection - Enhanced PAgP
The Enhnaced PAgP-capable neighbor will send the new Active Switch ID to all ports of the port channel that it received the new Active Switch ID onThis includes the the previous-active Virtual switch (Switch 1) …
Switch 1 Switch 2
Active: Switch 2 Active: Switch 2
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 84
High AvailabilityDual-Active Detection - Enhanced PAgP
Switch 1 Switch 2
Active: Switch 2 Active: Switch 2
Switch 1 Switch 2
Active: Switch 2
When Switch 1 receives PAgP messages with Active Switch = 2, it will know that a Dual-Active scenario has occurred Recovery Mode: Switch 1 will then bring down all non-VSL interfaces (except interfaces configured to be excluded from shutdown)
Dual-Active!!Dual-Active!!
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 86
vs-vsl#sh switch virtual dual-active pagp
Channel group 20 dual-active detect capability w/nbrsDual-Active version: 1.1Dual-Active configured: Yes
Dual-Active Partner Partner PartnerPort Detect Capable Name Port VersionGi1/8/1 Yes vs-access-1 Gi5/1 1.1Gi2/8/1 Yes vs-access-1 Gi5/2 1.1
vs-vsl#sh switch virtual dual-active pagp
Channel group 20 dual-active detect capability w/nbrsDual-Active version: 1.1Dual-Active configured: Yes
Dual-Active Partner Partner PartnerPort Detect Capable Name Port VersionGi1/8/1 Yes vs-access-1 Gi5/1 1.1Gi2/8/1 Yes vs-access-1 Gi5/2 1.1
High AvailabilityDual-Active Detection - Enhanced PAgP
vs-vsl#conf tEnter configuration commands, one per line. End with CNTL/Z.vs-vsl(config)#switch virtual domain 10vs-vsl(config-vs-domain)#dual-active detection pagpvs-vsl(config-vs-domain)#dual-active trust channel-group 20vs-vsl#
vs-vsl#conf tEnter configuration commands, one per line. End with CNTL/Z.vs-vsl(config)#switch virtual domain 10vs-vsl(config-vs-domain)#dual-active detection pagpvs-vsl(config-vs-domain)#dual-active trust channel-group 20vs-vsl#
Dual-Active Detection capabilities require that the neighboring device be Dual-Active Detection Aware. This can be verified with the following command…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 87
High AvailabilityDual-Active Detection - IP-BFD
This method uses a dedicated L3 direct link heartbeat mechanism between the Virtual Switches. IP-BFD (Bi-Directional Forwarding Detection) is used to assist the fast detection of a failed VSL
If the VSL goes down, both chassis create BFD neighbors, and try to establish adjacency.If the original active chassis receives an adjacency message, it realizes that this is dual-active
scenario
If the VSL goes down, both chassis create BFD neighbors, and try to establish adjacency.If the original active chassis receives an adjacency message, it realizes that this is dual-active
scenario
VSL
IP-BFD Heartbeat LinkSwitch 1 Switch 2
VSL
IP-BFD Heartbeat LinkSwitch 1 Switch 2
BFDBFD BFDBFD
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 88
High AvailabilityDual-Active Detection - IP-BFD
vss(config)#interface gigabitethernet 1/5/1vss(config-if)#no switchportvss(config-if)#ip address 200.230.230.231 255.255.255.0vss(config-if)#bfd interval 100 min_rx 100 multiplier 50vss(config-if)#interface gigabitethernet 2/5/1vss(config-if)#no switchportvss(config-if)#ip address 201.230.230.231 255.255.255.0vss(config-if)#bfd interval 100 min_rx 100 multiplier 50vss(config)#switch virtual domain 100vss(config-vs-domain)#dual-active detection bfdvss(config-vs-domain)#dual-active pair interface g 1/5/1 interface g 2/5/1 bfd
adding a static route 200.230.230.0 255.255.255.0 Gi2/5/1 for this dual-active pairadding a static route 201.230.230.0 255.255.255.0 Gi1/5/1 for this dual-active pair
vss(config)#interface gigabitethernet 1/5/1vss(config-if)#no switchportvss(config-if)#ip address 200.230.230.231 255.255.255.0vss(config-if)#bfd interval 100 min_rx 100 multiplier 50vss(config-if)#interface gigabitethernet 2/5/1vss(config-if)#no switchportvss(config-if)#ip address 201.230.230.231 255.255.255.0vss(config-if)#bfd interval 100 min_rx 100 multiplier 50vss(config)#switch virtual domain 100vss(config-vs-domain)#dual-active detection bfdvss(config-vs-domain)#dual-active pair interface g 1/5/1 interface g 2/5/1 bfd
adding a static route 200.230.230.0 255.255.255.0 Gi2/5/1 for this dual-active pairadding a static route 201.230.230.0 255.255.255.0 Gi1/5/1 for this dual-active pair
Two directly-connected interfaces must be configured as BFD message links…The IP-BFD Heartbeat link may exist on any interface but must have an IP address assigned to it on a different network
Static routes are automatically added for the remote addresses and will only be installed in the RIB should a Dual-Active scenario occur. As a result of this, no packets will be forwarded between the switches via the heartbeat interfaces until the VSL is brought downIf the Virtual Switch Standby has taken over as active, a BFD “adjacency up” event will be generated, indicating a Dual-Active situation has occurred.
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 89
High AvailabilityDual-Active Detection - Exclude Interfaces
Upon detection of a Dual Active scenario, all interfaces on the previous-Active switch will be brought down so as not to disrupt the functioning of the remainder of the network.
The exception interfaces include VSL members as well as pre-determined interfaces which may be used for management purposes…
vs-vsl#conf tEnter configuration commands, one per line. End with CNTL/Z.vs-vsl(config)#switch virtual domain 100vs-vsl(config-vs-domain)#dual-active exclude interface Gig 1/5/1vs-vsl(config-vs-domain)#dual-active exclude interface Gig 2/5/1vs-vsl(config-vs-domain)# ^Zvs-vsl#
vs-vsl#conf tEnter configuration commands, one per line. End with CNTL/Z.vs-vsl(config)#switch virtual domain 100vs-vsl(config-vs-domain)#dual-active exclude interface Gig 1/5/1vs-vsl(config-vs-domain)#dual-active exclude interface Gig 2/5/1vs-vsl(config-vs-domain)# ^Zvs-vsl#
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 90
High AvailabilityDual-Active Recovery
The network administrator is notified of the Dual-Active situation through the CLI, syslog,etcUpon the restoration of one or more VSL interfaces, VSLP will detect this and will proceed to reload Switch 1 so that it may be able to re-negotiate Active/Standby role after bootup…
After role has been resolved and SSO Hot Standby mode is possible, interfaces will be brought up and traffic will resume back to 100% capacity…
VSL Up! Reload…VSL Up! Reload…
Switch 1 Switch 2
Switch 1 Switch 2VSLPVSLP VSLPVSLP
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 91
Virtual Switching Architecture
Etherchannel Concepts
Integrated Services Routers
Introduction to VSS
Agenda
Hardware Requirements
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 92
Quality of ServiceClassification & Policing
Classification and Policing functions are handled by PFC QoS, and is executed by either the PFC on the Active and Hot Standby Supervisor, or the ingress linecard DFC. There are 2 important caveats which must be understood
Policies must either be applied on L3 interfaces (SVIs or Physical interfaces), or Port Channels. Policies on L2 interfaces are not supported in this release.
1
policy-map CLASSIFYclass class-defaultset ip dscp 40
interface GigabitEthernet 2/3/48switchportservice-policy input CLASSIFY
policy-map CLASSIFYclass class-defaultset ip dscp 40
interface GigabitEthernet 2/3/48switchportservice-policy input CLASSIFY
policy-map CLASSIFYclass class-defaultset ip dscp 40
interface PortChannel 10switchportservice-policy input CLASSIFY
policy-map CLASSIFYclass class-defaultset ip dscp 40
interface PortChannel 10switchportservice-policy input CLASSIFY
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 93
policy-map POLICEclass class-defaultpolice average 10000000
Interface GigabitEthernet 1/2/10channel-group 20 mode desireable
Interface GigabitEthernet 2/2/10channel-group 20 mode desireable
interface PortChannel 20service-policy input POLICE
policy-map POLICEclass class-defaultpolice average 10000000
Interface GigabitEthernet 1/2/10channel-group 20 mode desireable
Interface GigabitEthernet 2/2/10channel-group 20 mode desireable
interface PortChannel 20service-policy input POLICE
Quality of Service - Classification & PolicingAggregate policers that are applied on SVIs or Port Channels that have interfaces distributed across multiple forwarding engines are subject to Distributed Policing caveats…
2
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 94
Quality of ServiceQoS on the VSL
The VSL itself has QoS provisioned by default and in the FCS release of the software, it is not configurable. A few important aspects relating to VSL QoS are as follows:
VSLP and other Control frames are always marked as Priority packets and are always queued and classified as such
1
VSL is always configured as “Trust CoS” and hence ingress queuing is enabled2
Service Policies are not supported on the VSL3
VSL
Switch 1 Switch 2
VSLPVSLPFTPFTPHTTPHTTP
CoS Maps, Thresholds and Queues are not configurable on the VSL4
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 95
Allows two physical Catalyst 6500’s to operate as a single logical Catalyst 6500 switchVSS reduces number of routing nodes and routing protocol overheadMulti-Chassis Etherchannel provides new benefits for STP elimination and improved resiliencyDual Active Recovery mechanisms for VSL failure VSS simplifies network complexity and management overhead by 50 percent, thus increasing operational efficiency and lowering operating expenses (OpEx).
Virtual Switching SystemSummary
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 96
Want more?
VSS Solution Overviewhttp://www.cisco.com/en/US/partner/prod/collateral/switches/ps5718/ps9336/product_solution_overview0900aecd806fa5d0.html
Whitepaper: Cisco Catalyst 6500 Series Virtual Switching System (VSS) 1440http://www.cisco.com/en/US/partner/prod/collateral/switches/ps5718/ps9336/prod_white_paper0900aecd806ee2ed.html
Virtual Switching System (VSS) Q&A http://www.cisco.com/en/US/partner/prod/collateral/switches/ps5718/ps9336/prod_qas0900aecd806ed74b.html
For a list of other Cisco products that support enhanced PAgP, refer to Release Notes for Cisco IOS Release 12.2(33)SXH and Later Releases.Partner Education Connection
http://www.partnerelearning.com
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 97
Q and A
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 98