Académique Documents
Professionnel Documents
Culture Documents
System (VSS)
on the Catalyst 6500
March 2008
Lila Rousseaux
Consulting Systems Engineer
lroussea@cisco.com CCIE #6899
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Agenda
Introduction to VSS
Etherchannel Concepts
Integrated
Hardware Requirements
Services Routers
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
Current Network Challenges
Enterprise Campus
Traditional Enterprise Campus deployments have been designed in such a way that allows for
scalability, differentiated services and high availability. However they also face many
challenges, some of which are listed in the below diagram…
Extensive routing
topology, Routing
L3 Core reconvergence
FHRP, STP,
L2/L3 Asymmetric routing,
Distribution Policy Management
Dual-Homed Servers to
single switch, Single
active uplink per VLAN
(PVST), L2
reconvergence L2 Access
Reduced routing
neighbors, Minimal
L3 Core L3 reconvergence
No FHRPs
L2/L3 No Looped topology
Distribution Policy Management
Multiple active
uplinks per VLAN, No
Access STP convergence
Dual-Homed Servers,
Single active uplink per
VLAN (PVST), Fast L2
convergence L2 Access
Etherchannel Concepts
Integrated
Hardware Requirements
Services Routers
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
Virtual Switch Architecture
Virtual Switch Link
The Virtual Switch Link is a special link joining each physical switch together - it extends the out
of band channel allowing the active control plane to manage the hardware in the second
chassis…
1 Link
Link Bringup
Bringup to
to determine
determine which
which ports
ports form
form the
the VSL
VSL
2 Link
Link Management
Management Protocol
Protocol (LMP)
(LMP) used
used toto track
track and
and reject
reject Unidirectional
Unidirectional Links,
Links, Exchange
Exchange Chassis
Chassis
ID
ID and
and other
other information
information between
between the
the 22 switches
switches
LMP
LMP LMP
LMP
RRP
RRP RRP
RRP
3 Role
Role Resolution
Resolution Protocol
Protocol (RRP)
(RRP) used
used to
to determine
determine compatible
compatible Hardware
Hardware and
and Software
Software versions
versions to
to
form
form the
the VSL
VSL as
as well
well as
as determine
determine which
which switch
switch becomes
becomes Active
Active and
and Hot
Hot Standby
Standby from
from aa control
control
plane
plane perspective
perspective
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
Virtual Switch Architecture
Link Bringup
Each member of the Virtual Switch domain must determine which links are candidate for VSL
very early on in the bootup cycle. The Switch Processor (SP) pre-parses the configuration to
determine which links are configured for VSL…
Pre-Parse
Pre-Parse Config
Config Pre-Parse
Pre-Parse Config
Config
Switch
Switch 11 Switch
Switch 22
The SP will then bring up the line card/s where the VSL is configured, download the required
configuration and initiate Link Management Protocol (LMP)
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
Virtual Switch Architecture
Link Management Protocol (LMP)
LMP runs on each individual link that is part of the VSL, and is used to program information
such as member details, forwarding indices, as well as perform the following checks:
LMP
LMP LMP
LMP
LMP
LMP LMP
LMP
After successful LMP negotiation, a Peer Group (PG) is formed which is a collection of all VSL
members that connects to the same VS. For each PG, a Peer Group Control Link (PGCL) is
elected to carry further control information…
RRP is used to negotiate the role (active or standby) for each chassis:
1 Determine whether hardware and software versions allow a Virtual Switch to form
2 Determine which chassis will become Active and Hot Standby from a control plane
perspective
RRP
RRP RRP
RRP
RRP
RRP RRP
RRP
VSL
Switch
Switch Virtual
Virtual Domain
Domain ID
ID
Switch
Switch Virtual
Virtual Node
Node Type
Type
Switch
Switch Priority
Priority
Switch
Switch Preempt
Preempt
VSL
VSL Port
Port Channel
Channel Link
Link ID
ID
VSL
VSL Port
Port state,
state, interfaces…
interfaces…
Power
Power Redundancy
Redundancy mode
mode
Power
Power Enable
Enable on
on VSL
VSL cards
cards
Note
Note that
that ifif configurations
configurations do
do not
not match,
match, the
the standby
standby switch
switch will
will revert
revert to
to RPR
RPR mode,
mode,
disabling
disabling all
all non-VSL
non-VSL interfaces…
interfaces…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 20
Virtual Switch Architecture
VSLP Ping
A new Ping mechanism has been implemented in VSS mode to allow the user to objectively
verify the health of the VSL itself. This is implemented as a VSLP Ping…
VSL
VSLP
VSLP VSLP
VSLP
VSLP
VSLP VSLP
VSLP
Switch 1 Switch 2
The VSLP Ping operates on a per-physical interface basis and parameters such as COUNT,
DESTINATION, SIZE, TIMEOUT may also be specified…
vss#ping
vss#ping vslp
vslp output
output interface
interface tenGigabitEthernet
tenGigabitEthernet 1/5/4
1/5/4
Type
Type escape
escape sequence
sequence to
to abort.
abort.
Sending
Sending 5, 100-byte VSLP ping
5, 100-byte VSLP ping to
to peer-sup
peer-sup via
via output
output port
port 1/5/4,
1/5/4, timeout
timeout is
is 22 seconds:
seconds:
!!!!!
!!!!!
Success
Success rate
rate is
is 100
100 percent
percent (5/5),
(5/5), round-trip
round-trip min/avg/max
min/avg/max == 12/12/16
12/12/16 ms
ms
vss#
vss#
VS Domain 10
VS Domain 20 VS Domain 30
The
The configurable
configurable values
values for
for the
the domain
domain ID
ID are
are 1-255.
1-255. ItIt is
is always
always recommended
recommended to
to use
use aa unique
unique
VS
VS Domain
Domain ID
ID for
for each
each VS
VS Domain
Domain throughout
throughout the
the network…
network…
Router
Router MAC
MAC == 000f.f8aa.9c00
000f.f8aa.9c00
The MAC address allocated to the Virtual Switch System is derived from the MAC EEPROM of
the Active Virtual Switch upon initial system bring up. Regardless of either switch being
brought down or up, the same MAC address will be retained such that neighboring network
nodes and hosts do not need to re-ARP for a new address.
Etherchannel Concepts
Integrated
Hardware Requirements
Services Routers
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
Etherchannel Concepts
An Etherchannel combines multiple physical links into a single logical link. Ideal for load
sharing or link redundancy – can be used by both layer 2 and Layer 3 subsystems…
Physical View
Multiple ports are
defined as being
part of an
Etherchannel
group
Logical View
Subsystems running
on the switch only
see one logical link
An
An Etherchannel
Etherchannel can
can be
be defined
defined on
on Ethernet,
Ethernet, Fast
Fast Ethernet,
Ethernet, Gigabit
Gigabit Ethernet
Ethernet or
or 10
10 Gigabit
Gigabit
Ethernet
Ethernet Ports
Ports
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 26
Etherchannel Concepts
Traffic Distribution and Hashing
The distribution of traffic across the members of the Etherchannel done through
different hash schemes.
With the PFC3C running 12.2(33)SXH software, there are 13 possible different hash
schemes to choose from:
Selection of the hash scheme of choice is largely dependent on the traffic mix
through the EtherChannel
The hash scheme may only be selected on a global basis.
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 27
Etherchannel Concepts
Multichassis EtherChannel (MEC)
Prior to VS, Etherchannels were restricted to reside within the same physical switch.
In a Virtual Switch environment, Etherchannels can now also be extended across the 2
physical chassis…
As a result, MECs allows for new network designs to be implemented where true layer 2 Multi-
pathing can be implemented without the reliance on protocols such as Spanning Tree.
Virtual Switch Virtual Switch
Both
Both LACP
LACP and
and PAGP
PAGP Etherchannel
Etherchannel
protocols
protocols and
and Manual
Manual ON
ON modes
modes are
are
supported…
supported…
Standby Active
Control Control
Plane Plane
•• MEC
MEC links
links on
on both
both the
the switches
switches inin the
the VS
VS
domain
domain areare managed
managed by by PAgP
PAgP or or LACP
LACP
running
running onon the
the Active
Active Switch
Switch via
via internal
internal
control
control messages.
messages.
•• PAgP
PAgP or or LACP
LACP packets
packets destined
destined toto aa MEC
MEC
link
link on
on the
the standby
standby core
core will
will be
be sent
sent
across
across VSL
VSL
Link A1 Link B2
Server
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30
Etherchannel Concepts
Etherchannel Hash for MEC
The Result Bundle Hash (RBH) values are reprogrammed for each core to reflect only the local
links that are in the Etherchannel bundle…
Switch 1 Virtual Switch Switch 2
Access-SW
A
1 2 3 4 5 6 7 8
RBH
RBH (No
(No MEC)
MEC) RBH
RBH (for
(for MEC)
MEC) MEC
88 Link
Link Bundle
Bundle Example
Example 88 Link
Link Bundle
Bundle Example
Example
Bit
Bit 77 Link
Link 11 Bit
Bit 77 Link
Link 11
Bit
Bit 66 Link
Link 22 Bit
Bit 66 Link
Link 11
Bit
Bit 55 Link
Link 33 Bit
Bit 55 Link
Link 22
Bit
Bit 44 Link
Link 44 Bit
Bit 44 Link
Link 22
Bit
Bit 33 Link
Link 55 Bit
Bit 33 Link
Link 33
Bit
Bit 22 Link
Link 66 Bit
Bit 22 Link
Link 33
Bit
Bit 11 Link
Link 77 Bit
Bit 11 Link
Link 44
Access-SW
Bit
Bit 00 Link
Link 88 Bit
Bit 00 Link
Link 44 B
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 31
Etherchannel Concepts
Etherchannel Hash Distribution Enhancement
The existing hash distribution algorithm requires 100% of flows to be temporarily dropped
such that duplicate frames are not sent into the network for the duration of time it takes to
reprogram the port ASICs with the new member information…
RBH
RBH (for
(for MEC)
MEC) RBH
RBH (for
(for MEC)
MEC)
22 Link
Link Bundle
Bundle Example
Example 33 Link
Link Bundle
Bundle Example
Example
Link
Link 11 Link
Link 22 Link
Link 11 Link
Link 22 Link
Link 33
Flow
Flow 11 Flow
Flow 22 Flow
Flow 11 Flow
Flow 22 Flow
Flow 33
Flow
Flow 33 Flow
Flow 44 Flow
Flow 44 Flow
Flow 55 Flow
Flow 66
Flow
Flow 55 Flow
Flow 66 Flow
Flow 77 Flow
Flow 88
Flow
Flow 77 Flow
Flow 88
A new hash distribution algorithm has been introduced with the 12.2(33)SXH release which
allows for members of a port channel to be added or removed without the requirement for all
traffic on the existing members to be temporarily dropped…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 32
Etherchannel Concepts
Etherchannel Hash Distribution Enhancement
Now, when ports are added or removed from an EtherChannel, the load result does not need to
be reset on existing member ports, resulting in better recovery times of traffic.
Hence it does not affect 100% of the traffic in an Etherchannel.
Example below: only Flow 7 and 8 are affected by the addition of an extra link to the Channel
RBH
RBH (for
(for MEC)
MEC) RBH
RBH (for
(for MEC)
MEC)
22 Link
Link Bundle Example
Bundle Example 33 Link
Link Bundle Example
Bundle Example
Link
Link 11 Link
Link 22 Link
Link 11 Link
Link 22 Link
Link 33
Flow
Flow 11 Flow
Flow 22 Flow
Flow 11 Flow
Flow 22 Flow
Flow 77
Flow
Flow 33 Flow
Flow 44 Flow
Flow 33 Flow
Flow 44 Flow
Flow 88
Flow
Flow 55 Flow
Flow 66 Flow
Flow 55 Flow
Flow 66
Flow
Flow 77 Flow
Flow 88
vss#conf
vss#conf tt
Enter
Enter configuration
configuration commands,
commands, one
one per
per line.
line. End
End with
with CNTL/Z.
CNTL/Z.
vss(config)#port-channel
vss(config)#port-channel hash-distribution
hash-distribution adaptive
adaptive
vss(config)#
vss(config)# ^Z
^Z
vss#
vss#
Although this new load-distribution algorithm requires configuration for regular EtherChannel
and Multi-Chassis EtherChannel (MEC) interfaces, it will be the default load-distribution
algorithm used on the VSLs 33
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Etherchannel Concepts
Determination of Hash Result
A command can be invoked to allow users to determine which physical link a given flow of
traffic will leverage within a port channel group.
The user will need to provide inputs to the command and the hashing algorithm will compute
the physical link that will be selected for the traffic mix and algorithm.
vss#sh
vss#sh etherchannel
etherchannel load-balance
load-balance hash-result
hash-result interface
interface port-channel
port-channel
120
120 ip
ip 192.168.220.10
192.168.220.10 192.168.10.10
192.168.10.10
Computed
Computed RBH:
RBH: 0x4
0x4
Would
Would select
select Gi1/2/1
Gi1/2/1 of
of Po120
Po120
Etherchannel Concepts
Integrated
Hardware Requirements
Services Routers
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 36
Virtual Switching System
VSL Hardware Considerations
The Virtual Switch Link requires special hardware as noted below…
Note
Note that
that ifif aa lower
lower revision
revision DFC
DFC (3A,
(3A, 3B
3B
or
or 3BXL)
3BXL) is is used
used in in aa VSL
VSL domain,
domain, the
the
system
system willwill fall
fall to
to aa lowest
lowest common
common
denominator
denominator mode mode which
which will
will not
not allow
allow
support
support for for VSL…
VSL…
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet09186a0080159856_ps4835_Products_Data_Sheet.html
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9336/product_data_sheet0900aecd806ed759.html
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 41
Agenda
Introduction to VSS
Etherchannel Concepts
Integrated
Hardware Requirements
Services Routers
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 42
Conversion Process
Conversion to VSS
The conversion process requires configuration of both switches that will form part of the
Virtual Switch Domain and requires a reboot on the part of both switches during the
conversion…
It is recommended to have the interfaces forming the VSL be connected prior to the
conversion process as it will minimize the number of times the chassis will be reloaded.
It is also recommended to begin the conversion process using a default configuration as
the conversion process will remove any previous configuration that pre-exists on the
standalone chassis.
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 43
Conversion Process
Conversion to VSS
For the purposes of this explanation - let’s assume the following setup is required…
Switch - 1 Switch - 2
T5/4 T5/4
Port-Channel 1 Port-Channel 2
Domain ID 10 config will take effect only Domain ID 10 config will take effect only
after the exec command 'switch convert mode after the exec command 'switch convert mode
virtual' is issued virtual' is issued
VSS(config-vs-domain)#switch 1 VSS(config-vs-domain)#switch 2
VSS(config-vs-domain)#exit VSS(config-vs-domain)#exit
Note: The Domain ID is retained in the configuration, but the Switch ID is not – this is stored as a
variable in ROMMON. To see this value:
Switch - 1 Switch - 2
Switch - 1 Switch - 2
This command will convert all interface This command will convert all interface names
names to naming convention "interface-type to naming convention "interface-type switch-
switch-number/slot/port", save the running number/slot/port", save the running config to
config to startup-config and reload the startup-config and reload the switch.
switch. Do you want to proceed? [yes/no]: yes
Do you want to proceed? [yes/no]: yes Converting interface names
Converting interface names Building configuration...
Building configuration... [OK]
[OK] Saving converted configuration to bootflash:
Saving converted configuration to bootflash: ...
... Destination filename [startup-
Destination filename [startup- config.converted_vs-20071031-150018]?
config.converted_vs-20071031-150039]?
AT THIS POINT THE SWITCH WILL REBOOT
AT THIS POINT THE SWITCH WILL REBOOT
This command will get the VSL related commands from the Standby Switch and update the
startup-configuration with the new merged configurations
Note that only VSL-related configurations are merged with this step – all other configuration
will be lost and requires manual intervention.
This step is only applicable for a first-time conversion.
Switch - 1
SWITCH CONSOLE OUTPUT
<…snip…>
vss-demo#switch accept mode virtual
This command will populate the above VSL configuration from the standby switch into the
running configuration.
The startup configuration will also be updated with the new merged configuration if merging
is successful.
Do you want to proceed? [yes/no]: yes
Merging the standby VSL configuration...
Building configuration...
Switch - 1 Switch - 2
vss-sdby>en
Standby console disabled
vss-sdby>
VSS#sh
VSS#sh switch
switch virtual
virtual role
role
Switch
Switch Switch
Switch Status
Status Preempt
Preempt Priority
Priority Role
Role Session
Session IDID
Number
Number Oper(Conf) Oper(Conf)
Oper(Conf) Oper(Conf) Local Remote
Local Remote
------------------------------------------------------------------
------------------------------------------------------------------
LOCAL
LOCAL 11 UP
UP FALSE(N)
FALSE(N) 110(110)
110(110) ACTIVE
ACTIVE 00 00
REMOTE
REMOTE 22 UP
UP FALSE(N)
FALSE(N) 100(100)
100(100) STANDBY
STANDBY 9114
9114 1391
1391
Etherchannel Concepts
Integrated
Hardware Requirements
Services Routers
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 53
Operational Management
Virtual Switch CLI
Multiple console interfaces exist within a Virtual Switch Domain, but only the active RP/SP
consoles are enabled for command interaction…
vss#reload
vss#reload
Warning:
Warning: This
This command
command will
will reload
reload the
the entire
entire Virtual
Virtual
Switching System (Active and Standby Switch).
Switching System (Active and Standby Switch).
Proceed
Proceed with
with reload?
reload? [confirm]
[confirm]
vss#redundancy
vss#redundancy reload
reload shelf
shelf ??
1d04h:
1d04h: %SYS-5-RELOAD:
%SYS-5-RELOAD: Reload
Reload requested
requested by
by console.
console. Reload
Reload <1-2> shelf id
<1-2> shelf id
Reason:
Reason: Reload
Reload Command.
Command.
<cr>
<cr>
***
***
***
*** ---
--- SHUTDOWN
SHUTDOWN NOW
NOW ---
--- vss#redundancy
vss#redundancy reload
reload shelf
shelf 22
***
*** Reload
Reload the entire remote shelf[confirm]
the entire remote shelf[confirm]
Preparing
Preparing to reload remote shelf
to reload remote shelf
1d04h:
1d04h: %SYS-SP-5-RELOAD:
%SYS-SP-5-RELOAD: Reload
Reload requested
requested
System
System Bootstrap,
Bootstrap, Version
Version 8.5(1)
8.5(1)
Copyright
Copyright (c)
(c) 1994-2006
1994-2006 by
by cisco
cisco Systems,
Systems, Inc.
Inc. vss#
vss#
Cat6k-Sup720/SP
Cat6k-Sup720/SP processor
processor with
with 1048576
1048576 Kbytes
Kbytes of
of main
main memory
memory
<…snip…>
<…snip…>
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 55
Operational Management
Setting the System-wide PFC Mode
• Only PFC/DFC 3C/CXL are supported in a VSS.
• It is possible to mix modules in a 3C and 3CXL system: the system will take the lowest
common denominator as the system-wide PFC mode.
• In a VSL environment is basically the mode negotiation happens even before the modules
are brought up
• A new CLI has been implemented to allow the user to pre-configure the system mode to
prevent modules from not powering up…
vs-vsl#conf
vs-vsl#conf tt
Enter
Enter configuration
configuration commands,
commands, one
one per
per line.
line. End
End with
with CNTL/Z.
CNTL/Z.
vs-vsl(config)#platform
vs-vsl(config)#platform hardware
hardware vsl
vsl pfc
pfc mode
mode pfc3c
pfc3c
vs-vsl(config)#^Z
vs-vsl(config)#^Z
vs-vsl#
vs-vsl#
vs-vsl#sh
vs-vsl#sh platform
platform hardware
hardware pfc
pfc mode
mode
PFC
PFC operating
operating mode
mode :: PFC3C
PFC3C
Configured
Configured PFC
PFC operating
operating mode
mode :: PFC3C
PFC3C
vs-vsl#
vs-vsl#
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 56
Operational Management
SNMP Support for VSS
The SNMP process for a VSS necessitates support for “Put’s” and “Get’s” across 2 physical
chassis, changes to existing MIB’s and support for a new MIB…
SNMP Server
SNMP
SNMP New
New MIB’s
MIB’s SNMP Process Active SNMP Process Inactive
Virtual Switch Domain
CISCO-VIRTUAL-SWITCH-MIB has been defined to support SNMP access to the Virtual Switch
Configuration - the following MIB variables are accessible to an SNMP manager…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 57
Operational Management
Slot/Port Numbering
After conversion, port definitions for switches within the Virtual Switch Domain inherit the
Chassis ID as part of their naming convention…
PORT
PORT NUMBERING:
NUMBERING: <CHASSIS-ID><SLOT-NUMBER><PORT-NUMBER>
<CHASSIS-ID><SLOT-NUMBER><PORT-NUMBER>
Router#show
Router#show ip
ip interface
interface brief
brief
Interface
Interface IP-Address
IP-Address OK?
OK? Method
Method Status
Status Protocol
Protocol
Vlan1
Vlan1 unassigned
unassigned YES
YES NVRAM
NVRAM up
up up
up
Port-channel1
Port-channel1 unassigned
unassigned YES
YES NVRAM
NVRAM up
up up
up
Te1/1/1
Te1/1/1 10.1.1.1
10.1.1.1 YES
YES unset
unset up
up up
up
Te1/1/2
Te1/1/2 192.168.1.2
192.168.1.2 YES
YES unset
unset up
up up
up
Te1/1/3
Te1/1/3 unassigned
unassigned YES
YES unset
unset up
up up
up
Te1/1/4
Te1/1/4 unassigned
unassigned YES
YES unset
unset up
up up
up
GigabitEthernet1/2/1
GigabitEthernet1/2/1 10.10.10.1
10.10.10.1 YES
YES unset
unset up
up up
up
GigabitEthernet1/2/2
GigabitEthernet1/2/2 10.10.11.1
10.10.11.1 YES
YES unset
unset up
up up
up
<snip>
<snip>
SW<NUMBER>SLOT<NUMBER>FILESYSTEM
SW<NUMBER>SLOT<NUMBER>FILESYSTEM
e.g. e.g.
OLD: disk0: OLD: slavedisk0:
NEW: sw1-slot5-disk0: AN EXAMPLE
NEW: sw2-slot5-disk0:
Virtual Switch Domain
vs-vsl#dir
vs-vsl#dir sw1-slot5-sup-bootdisk:
sw1-slot5-sup-bootdisk:
Directory
Directory of
of sup-bootdisk:/
sup-bootdisk:/
11 -rwx
-rwx 33554496
33554496 Jan
Jan 10
10 2007
2007 14:53:16
14:53:16 +00:00
+00:00 sea_log.dat
sea_log.dat
22 -rwx
-rwx 150198412
150198412 Feb
Feb 7 2007 17:28:56
7 2007 17:28:56 +00:00
+00:00 s72033-adventerprisek9_wan_dbg-vz.0124_all
s72033-adventerprisek9_wan_dbg-vz.0124_all
vs-vsl#dir
vs-vsl#dir sw2-slot5-sup-bootdisk:
sw2-slot5-sup-bootdisk:
Directory
Directory of
of slavesup-bootdisk:/
slavesup-bootdisk:/
11 -rwx
-rwx 33554464
33554464 Feb
Feb 99 2007
2007 16:39:02
16:39:02 +00:00
+00:00 sea_log.dat
sea_log.dat
22 -rwx
-rwx 150678668
150678668 Feb
Feb 99 2007
2007 16:45:14
16:45:14 +00:00
+00:00 s72033-adventerprisek9_wan_dbg-vz.cef
s72033-adventerprisek9_wan_dbg-vz.cef
PREVIOUS
PREVIOUS VIRTUAL
VIRTUAL SWITCH
SWITCH
disk0:
disk0: sw<number_1>slot<number>disk0:
sw<number_1>slot<number>disk0:
slavedisk0:
slavedisk0: sw<number_2>slot<number>disk0:
sw<number_2>slot<number>disk0:
bootflash:
bootflash: sw<number_1>slot<number>bootflash:
sw<number_1>slot<number>bootflash:
slavebootflash:
slavebootflash: sw<number_2>slot<number>bootflash:
sw<number_2>slot<number>bootflash:
sup-bootdisk:
sup-bootdisk: sw<number_1>slot<number>sup-bootdisk:
sw<number_1>slot<number>sup-bootdisk:
slavesup-bootdisk:
slavesup-bootdisk: sw<number_2>slot<number>sup-bootdisk:
sw<number_2>slot<number>sup-bootdisk:
nvram:
nvram: sw<number_1>slot<number>nvram:
sw<number_1>slot<number>nvram:
slavenvram:
slavenvram: sw<number_2>slot<number>nvram:
sw<number_2>slot<number>nvram:
In a Virtual Switch, with both Data Planes active, Netflow data collection is performed on each
Supervisor’s PFC - while Netflow export is only performed by the Control Plane on the VS
Active …
VSL
Netflow operation in a Virtual Switch is similar to the way in which Netflow operates in a single
chassis with Distributed Forwarding Card’s (DFC) present…
Netflow Collector
Netflow
Netflow Export
Netflow
Data Data
VSL
SW1-Slot5 SW2-Slot5
Switch 1 Switch 2
NAME
NAME CONTROL
CONTROL PLANE
PLANE FABRIC
FABRIC STATE
STATE REDUNDANCY
REDUNDANCY
SW1-SLOT5
SW1-SLOT5 Active
Active Active
Active --
SW2-SLOT5
SW2-SLOT5 Hot
Hot Standby
Standby Active
Active SSO
SSO
SW1-Slot5 SW2-Slot5
Switch 1 Switch 2
NAME
NAME CONTROL
CONTROL PLANE
PLANE FABRIC
FABRIC STATE
STATE REDUNDANCY
REDUNDANCY
SW1-SLOT5
SW1-SLOT5 Active
Active Active
Active --
SW2-SLOT5
SW2-SLOT5 Hot
Hot Standby
Standby Active
Active SSO
SSO
SW1-Slot5 SW2-Slot5
Switch 1 Switch 2
NAME
NAME CONTROL
CONTROL PLANE
PLANE FABRIC
FABRIC STATE
STATE REDUNDANCY
REDUNDANCY
SW1-SLOT5
SW1-SLOT5 Active
Active Active
Active --
SW2-SLOT5
SW2-SLOT5 Cold
Cold Standby
Standby RPR
RPR
<snip>
<snip>
SW1-Slot5 SW2-Slot5
Switch 1 Switch 2
NAME
NAME CONTROL
CONTROL PLANE
PLANE FABRIC
FABRIC STATE
STATE REDUNDANCY
REDUNDANCY
SW1-SLOT5
SW1-SLOT5 Cold
Cold Standby
Standby RPR
RPR
SW2-SLOT5
SW2-SLOT5 Active
Active Active
Active --
SW1-Slot5 SW2-Slot5
Switch 1 Switch 2
NAME
NAME CONTROL
CONTROL PLANE
PLANE FABRIC
FABRIC STATE
STATE REDUNDANCY
REDUNDANCY
SW1-SLOT5
SW1-SLOT5 Hot
Hot Standby
Standby Active
Active SSO
SSO
SW2-SLOT5
SW2-SLOT5 Active
Active Active
Active --
<snip>
<snip>
1] Copy new image 2.2] Reboot SW2 3.1] Switchover 4] SW1 is completely rebooted
in both switches from SW1 to SW2 and comes back in SSO mode
2.1] Change bootvar in 2.3] SW2 comes 3.2] SW2 comes back from
both switches back in RPR the Cold Standby mode
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 77
Agenda
Introduction to VSS
Etherchannel Concepts
Integrated
Hardware Requirements
Services Routers
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 78
High Availability
Redundancy Schemes
The default redundancy mechanism between the 2 VSS chassis and their associated supervisors is
NSF/SSO, allowing state information and configuration to be synchronized.
Only in NSF/SSO mode does the Standby supervisor PFC, Switch Fabric, modules and their associated
DFCs become active…
Switch 1 Switch 2
12.2(33)SXH1 12.2(33)SXH1
Active NSF/SSO
VSL
Should a mismatch of information occur between the Active and Standby Chassis, the Standby Chassis will
revert to RPR mode, where all the modules will be powered down (except for the VSL ports)
Switch 1 Switch 2
12.2(33)SXH1 12.2(33)SXH2
Active RPR
VSL
VSL
ItIt is
is always
always recommended
recommended toto deploy
deploy the
the VSL
VSL with
with 22 or
or more
more links
links and
and distribute
distribute those
those
interfaces
interfaces across
across multiple
multiple modules
modules to
to ensure
ensure thethe greatest
greatest redundancy
redundancy
VSL
2 mechanisms have been implemented in the initial release to detect and recover from a Dual
Active scenario:
Enhanced Port Aggregation Protocol (PAgP+): uses MEC links to communicate
1
between the two chassis
Should the VSL go down, the Standby switch will transition immediately to Active state and
start sending PAgP message with the new Active switch ID
The Enhnaced PAgP-capable neighbor will send the new Active Switch ID to all ports of the
port channel that it received the new Active Switch ID on
This includes the the previous-active Virtual switch (Switch 1) …
Switch 1 Switch 2
When Switch 1 receives PAgP messages with Active Switch = 2, it will know that a Dual-Active
scenario has occurred
Recovery Mode: Switch 1 will then bring down all non-VSL interfaces (except interfaces
configured to be excluded from shutdown)
Dual-Active!!
Dual-Active!!
Switch 1 Switch 2 Switch 1 Switch 2
vs-vsl#conf
vs-vsl#conf tt
Enter
Enter configuration
configuration commands,
commands, one
one per
per line.
line. End
End with
with CNTL/Z.
CNTL/Z.
vs-vsl(config)#switch
vs-vsl(config)#switch virtual
virtual domain
domain 10
10
vs-vsl(config-vs-domain)#dual-active
vs-vsl(config-vs-domain)#dual-active detection pagp
detection pagp
vs-vsl(config-vs-domain)#dual-active
vs-vsl(config-vs-domain)#dual-active trust
trust channel-group
channel-group 20
20
vs-vsl#
vs-vsl#
Dual-Active Detection capabilities require that the neighboring device be Dual-Active Detection
Aware. This can be verified with the following command…
vs-vsl#sh
vs-vsl#sh switch
switch virtual
virtual dual-active
dual-active pagp
pagp
Channel
Channel group
group 20
20 dual-active
dual-active detect
detect capability
capability w/nbrs
w/nbrs
Dual-Active
Dual-Active version:
version: 1.1
1.1
Dual-Active
Dual-Active configured: Yes
configured: Yes
Dual-Active
Dual-Active Partner
Partner Partner
Partner Partner
Partner
Port
Port Detect
Detect Capable
Capable Name
Name Port
Port Version
Version
Gi1/8/1
Gi1/8/1 Yes
Yes vs-access-1
vs-access-1 Gi5/1
Gi5/1 1.1
1.1
Gi2/8/1
Gi2/8/1 Yes
Yes vs-access-1
vs-access-1 Gi5/2
Gi5/2 1.1
1.1
VSL
VSL
BFD
BFD BFD
BFD
IfIf the
the VSL
VSL goes
goes down,
down, both
both chassis
chassis create
create BFD
BFD neighbors,
neighbors, and
and trytry to
to establish
establish adjacency.
adjacency.
IfIf the
the original
original active
active chassis
chassis receives
receives an
an adjacency
adjacency message,
message, itit realizes
realizes that
that this
this is
is dual-active
dual-active
scenario
scenario
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 87
High Availability
Dual-Active Detection - IP-BFD
Two directly-connected interfaces must be configured as BFD message links…
The IP-BFD Heartbeat link may exist on any interface but must have an IP address assigned to
it on a different network
vss(config)#interface
vss(config)#interface gigabitethernet
gigabitethernet 1/5/1
1/5/1
vss(config-if)#no switchport
vss(config-if)#no switchport
vss(config-if)#ip
vss(config-if)#ip address
address 200.230.230.231
200.230.230.231 255.255.255.0
255.255.255.0
vss(config-if)#bfd
vss(config-if)#bfd interval
interval 100
100 min_rx
min_rx 100
100 multiplier
multiplier 50
50
vss(config-if)#interface gigabitethernet 2/5/1
vss(config-if)#interface gigabitethernet 2/5/1
vss(config-if)#no
vss(config-if)#no switchport
switchport
vss(config-if)#ip
vss(config-if)#ip address 201.230.230.231
address 201.230.230.231 255.255.255.0
255.255.255.0
vss(config-if)#bfd
vss(config-if)#bfd interval
interval 100
100 min_rx
min_rx 100
100 multiplier
multiplier 50
50
vss(config)#switch
vss(config)#switch virtual
virtual domain
domain 100
100
vss(config-vs-domain)#dual-active
vss(config-vs-domain)#dual-active detection bfd
detection bfd
vss(config-vs-domain)#dual-active
vss(config-vs-domain)#dual-active pair
pair interface
interface gg 1/5/1
1/5/1 interface
interface gg 2/5/1
2/5/1 bfd
bfd
adding
adding aa static
static route
route 200.230.230.0
200.230.230.0 255.255.255.0
255.255.255.0 Gi2/5/1
Gi2/5/1 for
for this
this dual-active
dual-active pair
pair
adding
adding aa static
static route
route 201.230.230.0
201.230.230.0 255.255.255.0
255.255.255.0 Gi1/5/1
Gi1/5/1 for
for this
this dual-active
dual-active pair
pair
Static routes are automatically added for the remote addresses and will only be installed in the RIB should
a Dual-Active scenario occur.
As a result of this, no packets will be forwarded between the switches via the heartbeat interfaces until the
VSL is brought down
If the Virtual Switch Standby has taken over as active, a BFD “adjacency up” event will be generated,
indicating a Dual-Active situation has occurred.
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 88
High Availability
Dual-Active Detection - Exclude Interfaces
Upon detection of a Dual Active scenario, all interfaces on the previous-Active switch will be
brought down so as not to disrupt the functioning of the remainder of the network.
The exception interfaces include VSL members as well as pre-determined interfaces which may
be used for management purposes…
vs-vsl#conf
vs-vsl#conf tt
Enter
Enter configuration
configuration commands,
commands, one
one per
per line.
line. End
End with
with CNTL/Z.
CNTL/Z.
vs-vsl(config)#switch virtual domain 100
vs-vsl(config)#switch virtual domain 100
vs-vsl(config-vs-domain)#dual-active
vs-vsl(config-vs-domain)#dual-active exclude
exclude interface
interface Gig
Gig 1/5/1
1/5/1
vs-vsl(config-vs-domain)#dual-active
vs-vsl(config-vs-domain)#dual-active exclude
exclude interface
interface Gig
Gig 2/5/1
2/5/1
vs-vsl(config-vs-domain)#
vs-vsl(config-vs-domain)# ^Z
^Z
vs-vsl#
vs-vsl#
Switch 1 Switch 2
VSL
VSL Up!
Up! Reload…
Reload…
Switch 1 Switch 2
VSLP
VSLP VSLP
VSLP
After role has been resolved and SSO Hot Standby mode is possible, interfaces will be brought
up and traffic will resume back to 100% capacity…
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 90
Agenda
Introduction to VSS
Etherchannel Concepts
Integrated
Hardware Requirements
Services Routers
Conversion Process
Operational Management
High Availability
Quality of Service
© 2007 Cisco Systems, Inc. All rights reserved. Cisco Confidential 91
Quality of Service
Classification & Policing
Classification and Policing functions are handled by PFC QoS, and is executed by either the
PFC on the Active and Hot Standby Supervisor, or the ingress linecard DFC.
There are 2 important caveats which must be understood
1 Policies must either be applied on L3 interfaces (SVIs or Physical interfaces), or Port
Channels. Policies on L2 interfaces are not supported in this release.
policy-map
policy-map CLASSIFY
CLASSIFY
class class-default
class class-default
set
set ip
ip dscp
dscp 40
40
interface
interface GigabitEthernet
GigabitEthernet 2/3/48
2/3/48
switchport
switchport
service-policy
service-policy input
input CLASSIFY
CLASSIFY
policy-map
policy-map CLASSIFY
CLASSIFY
class
class class-default
class-default
set
set ip
ip dscp
dscp 40
40
interface
interface PortChannel
PortChannel 10
10
switchport
switchport
service-policy
service-policy input
input CLASSIFY
CLASSIFY
Interface
Interface GigabitEthernet
GigabitEthernet 1/2/10
1/2/10
channel-group 20 mode desireable
channel-group 20 mode desireable
Interface
Interface GigabitEthernet
GigabitEthernet 2/2/10
2/2/10
channel-group
channel-group 20
20 mode
mode desireable
desireable
interface
interface PortChannel
PortChannel 20
20
service-policy
service-policy input
input POLICE
POLICE
1 VSLP and other Control frames are always marked as Priority packets and are
always queued and classified as such
2 VSL is always configured as “Trust CoS” and hence ingress queuing is enabled
4 CoS Maps, Thresholds and Queues are not configurable on the VSL
VSL
HTTP
HTTP FTP
FTP VSLP
VSLP
Switch 1 Switch 2