Virtual Switching System (VSS) on the Catalyst 6500 March 2008
Lila Rousseaux Consulting Systems Engineer
[email protected] Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
CCIE #6899
Cisco Confidential
1
Agenda Introduction to VSS Virtual Switching Architecture Etherchannel Concepts Integrated Hardware Requirements Services Routers Conversion Process Operational Management High Availability Quality of Service © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
Current Network Challenges Enterprise Campus Traditional Enterprise Campus deployments have been designed in such a way that allows for scalability, differentiated services and high availability. However they also face many challenges, some of which are listed in the below diagram…
L3 Core
© 2007 Cisco Systems, Inc. All rights reserved.
Extensive routing topology, Routing reconvergence
L2/L3 Distribution
FHRP, STP, Asymmetric routing, Policy Management
Access
Single active uplink per VLAN (PVST), L2 reconvergence
Cisco Confidential
3
Current Network Challenges Data Center Traditional Data Center designs are requiring ever increasing Layer 2 adjacencies between Server nodes due to prevalence of Virtualization technology. However, they are pushing the limits of Layer 2 networks, placing more burden on loop-detection protocols such as Spanning Tree… FHRP, HSRP, VRRP Spanning Tree Policy Management
L2/L3 Core
Single active uplink per VLAN (PVST), L2 reconvergence, excessive BPDUs
L2 Distribution
Dual-Homed Servers to single switch, Single active uplink per VLAN (PVST), L2 reconvergence
L2 Access
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
4
Virtual Switching System Introduction Virtual Switching System is a new technology break through for the Catalyst 6500 family…
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
5
Virtual Switching System Enterprise Campus A Virtual Switch-enabled Enterprise Campus network takes on multiple benefits including simplified management & administration, facilitating greater high availability, while maintaining a flexible and scalable architecture…
L3 Core
L2/L3 Distribution
Access
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Reduced routing neighbors, Minimal L3 reconvergence
No FHRPs No Looped topology Policy Management
Multiple active uplinks per VLAN, No STP convergence 6
Virtual Switching System Data Center A Virtual Switch-enabled Data Center allows for maximum scalability so bandwidth can be added when required, but still providing a larger Layer 2 hierarchical architecture free of reliance on Spanning Tree… Single router node, Fast L2 convergence, Scalable architecture
L2/L3 Core
Dual Active Uplinks, Fast L2 convergence, minimized L2 Control Plane, Scalable
L2 Distribution
Dual-Homed Servers, Single active uplink per VLAN (PVST), Fast L2 convergence
L2 Access
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
Virtual Switching System What is a VSS?
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
8
Virtual Switching System Control Plane While the Data Planes in both switches are active, only one switch has an active control plane - hence there is only one management point from which to manage the Virtual Switching System…
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
9
Virtual Switching System Data Plane The Data Planes in both switches are active - hence each has a full copy of the forwarding tables and Security/QOS policies in hardware such that each can make a fully informed local forwarding decision…
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
10
Virtual Switching System Virtual Switch Link The Virtual Switch Link is a special link joining each physical switch together - it extends the out of band channel allowing the active control plane to manage the hardware in the second chassis…
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
Virtual Switching System Multi Chassis Etherchannel Virtual Switching System introduces new connectivity options such as Multichassis EtherChannel…
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
Virtual Switching System Inter Chassis NSF/SSO
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
Agenda Introduction to VSS Virtual Switching Architecture Etherchannel Concepts Integrated Hardware Requirements Services Routers Conversion Process Operational Management High Availability Quality of Service © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
Virtual Switch Architecture Virtual Switch Link The Virtual Switch Link is a special link joining each physical switch together - it extends the out of band channel allowing the active control plane to manage the hardware in the second chassis…
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
Virtual Switch Architecture VSL Initialization Before the Virtual Switch domain can become active, the Virtual Switch Link (VSL) must be brought online to determine Active and Standby roles. The initialization process essentially consists of 3 steps: 1
Link Link Bringup Bringup to to determine determine which which ports ports form form the the VSL VSL
2
Link Link Management Management Protocol Protocol (LMP) (LMP) used used to to track track and and reject reject Unidirectional Unidirectional Links, Links, Exchange Exchange Chassis Chassis ID ID and and other other information information between between the the 22 switches switches
LMP LMP RRP RRP
3
LMP LMP RRP RRP
Role Role Resolution Resolution Protocol Protocol (RRP) (RRP) used used to to determine determine compatible compatible Hardware Hardware and and Software Software versions versions to to form form the the VSL VSL as as well well as as determine determine which which switch switch becomes becomes Active Active and and Hot Hot Standby Standby from from aa control control plane plane perspective perspective
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
16
Virtual Switch Architecture Link Bringup Each member of the Virtual Switch domain must determine which links are candidate for VSL very early on in the bootup cycle. The Switch Processor (SP) pre-parses the configuration to determine which links are configured for VSL… Pre-Parse Pre-Parse Config Config Switch Switch 11
Pre-Parse Pre-Parse Config Config Switch Switch 22
The SP will then bring up the line card/s where the VSL is configured, download the required configuration and initiate Link Management Protocol (LMP) © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
Virtual Switch Architecture Link Management Protocol (LMP) LMP runs on each individual link that is part of the VSL, and is used to program information such as member details, forwarding indices, as well as perform the following checks: 1 Verify neighbor is Bi-Directional 2 Ensure the member is connected to another Virtual Switch 3 Transmit and receive keepalives to maintain health of the member and the VSL
LMP LMP
LMP LMP
LMP LMP
LMP LMP
After successful LMP negotiation, a Peer Group (PG) is formed which is a collection of all VSL members that connects to the same VS. For each PG, a Peer Group Control Link (PGCL) is elected to carry further control information… © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
18
Virtual Switch Architecture Role Resolution Protocol (RRP) RRP is used to negotiate the role (active or standby) for each chassis:
1 Determine whether hardware and software versions allow a Virtual Switch to form 2 Determine which chassis will become Active and Hot Standby from a control plane perspective RRP RRP
RRP RRP
RRP RRP
RRP RRP VSL
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
19
Virtual Switch Architecture VSL Configuration Consistency Check After the roles have been resolved through RRP, a Configuration Consistency Check is performed across the VSL switches to ensure proper VSL operation. The following items are checked for consistency: Switch Switch Virtual Virtual Domain Domain ID ID Switch Switch Virtual Virtual Node Node Type Type Switch Switch Priority Priority Switch Switch Preempt Preempt VSL VSL Port Port Channel Channel Link Link ID ID VSL VSL Port Port state, state, interfaces… interfaces… Power Power Redundancy Redundancy mode mode Power Power Enable Enable on on VSL VSL cards cards
Note Note that that ifif configurations configurations do do not not match, match, the the standby standby switch switch will will revert revert to to RPR RPR mode, mode, disabling disabling all all non-VSL non-VSL interfaces… interfaces… © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
20
Virtual Switch Architecture VSLP Ping A new Ping mechanism has been implemented in VSS mode to allow the user to objectively verify the health of the VSL itself. This is implemented as a VSLP Ping… VSL VSLP VSLP
VSLP VSLP
VSLP VSLP
VSLP VSLP
Switch 1
Switch 2
The VSLP Ping operates on a per-physical interface basis and parameters such as COUNT, DESTINATION, SIZE, TIMEOUT may also be specified… vss#ping vss#ping vslp vslp output output interface interface tenGigabitEthernet tenGigabitEthernet 1/5/4 1/5/4 Type Type escape escape sequence sequence to to abort. abort. Sending 5, 100-byte VSLP Sending 5, 100-byte VSLP ping ping to to peer-sup peer-sup via via output output port port 1/5/4, 1/5/4, timeout timeout is is 22 seconds: seconds: !!!!! !!!!! Success Success rate rate is is 100 100 percent percent (5/5), (5/5), round-trip round-trip min/avg/max min/avg/max == 12/12/16 12/12/16 ms ms vss# vss#
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
21
Virtual Switch Architecture Forwarding Operation In Virtual Switch Mode, while only one Control plane is active, both Data Planes (Switch Fabric’s) are active, and as such, each can actively participate in the forwarding of data … Switch 1 - Control Plane Active
Switch 2 - Control Plane Hot Standby
Virtual Switch Domain
Switch 1 - Data Plane Active
Switch 2 - Data Plane Active
Virtual Switch Domain © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
22
Virtual Switch Architecture Virtual Switch Domain A Virtual Switch Domain ID is allocated during the conversion process and represents the logical grouping the 2 physical chassis within a VSS. It is possible to have multiple VS Domains throughout the network…
VS Domain 10
VS Domain 20
VS Domain 30
The The configurable configurable values values for for the the domain domain ID ID are are 1-255. 1-255. ItIt is is always always recommended recommended to to use use aa unique unique VS VS Domain Domain ID ID for for each each VS VS Domain Domain throughout throughout the the network… network… © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
23
Virtual Switch Architecture Router MAC Address In a standalone Catalyst 6500 system, the router MAC address is derived from the Chassis MAC EEPROM and is unique to each Chassis. In a Virtual Switch System, since there is only a single routing entity now, there is also only ONE single router MAC address…
Router Router MAC MAC == 000f.f8aa.9c00 000f.f8aa.9c00 The MAC address allocated to the Virtual Switch System is derived from the MAC EEPROM of the Active Virtual Switch upon initial system bring up. Regardless of either switch being brought down or up, the same MAC address will be retained such that neighboring network nodes and hosts do not need to re-ARP for a new address. © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
24
Agenda Introduction to VSS Virtual Switching Architecture Etherchannel Concepts Integrated Hardware Requirements Services Routers Conversion Process Operational Management High Availability Quality of Service © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
25
Etherchannel Concepts An Etherchannel combines multiple physical links into a single logical link. Ideal for load sharing or link redundancy – can be used by both layer 2 and Layer 3 subsystems…
Physical View Multiple ports are defined as being part of an Etherchannel group
Logical View Subsystems running on the switch only see one logical link An An Etherchannel Etherchannel can can be be defined defined on on Ethernet, Ethernet, Fast Fast Ethernet, Ethernet, Gigabit Gigabit Ethernet Ethernet or or 10 10 Gigabit Gigabit Ethernet Ethernet Ports Ports © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
26
Etherchannel Concepts Traffic Distribution and Hashing The distribution of traffic across the members of the Etherchannel done through different hash schemes. With the PFC3C running 12.2(33)SXH software, there are 13 possible different hash schemes to choose from:
Selection of the hash scheme of choice is largely dependent on the traffic mix through the EtherChannel The hash scheme may only be selected on a global basis. © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
27
Etherchannel Concepts Multichassis EtherChannel (MEC) Prior to VS, Etherchannels were restricted to reside within the same physical switch. In a Virtual Switch environment, Etherchannels can now also be extended across the 2 physical chassis… As a result, MECs allows for new network designs to be implemented where true layer 2 Multipathing can be implemented without the reliance on protocols such as Spanning Tree. Virtual Switch
Virtual Switch
Both Both LACP LACP and and PAGP PAGP Etherchannel Etherchannel protocols protocols and and Manual Manual ON ON modes modes are are supported… supported…
Regular Etherchannel on single chassis © 2007 Cisco Systems, Inc. All rights reserved.
Multichassis EtherChannel across 2 VSLenabled Chassis 28
Cisco Confidential
Etherchannel Concepts Multichassis EtherChannel Support for Etherchannel management is performed by the Control plane on the Active Switch in the Virtual Switch Domain…
Standby Control Plane
Active Control Plane
•• MEC MEC links links on on both both the the switches switches in in the the VS VS domain domain are are managed managed by by PAgP PAgP or or LACP LACP running running on on the the Active Active Switch Switch via via internal internal control control messages. messages. •• PAgP PAgP or or LACP LACP packets packets destined destined to to aa MEC MEC link link on on the the standby standby core core will will be be sent sent across across VSL VSL
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
29
Etherchannel Concepts Etherchannel Hash for MEC Deciding on which link of a Multi-chassis Etherchannel to use in a Virtual Switch is skewed in favor towards local links in the bundle - this is done to avoid overloading the Virtual Switch Link (VSL) with unnecessary traffic loads…
Blue Traffic destined for the Server will result in Link A1 in the MEC link bundle being chosen as the destination path…
Switch 1
Switch 2
Link A1
Orange Traffic destined for the Server will result in Link B2 in the MEC link bundle being chosen as the destination path…
Link B2
Server © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
30
Etherchannel Concepts Etherchannel Hash for MEC The Result Bundle Hash (RBH) values are reprogrammed for each core to reflect only the local links that are in the Etherchannel bundle… Switch 1
Virtual Switch
Switch 2
Access-SW A 1 2 3 4
RBH RBH (No (No MEC) MEC) 88 Link Link Bundle Bundle Example Example Bit Link Link 11 Bit 77 Bit Link Link 22 Bit 66 Bit Link Link 33 Bit 55 Bit Link Link 44 Bit 44 Bit Link Link 55 Bit 33 Bit Link Link 66 Bit 22 Bit Link Link 77 Bit 11 Bit Link Link 88 Bit 00 © 2007 Cisco Systems, Inc. All rights reserved.
RBH RBH (for (for MEC) MEC) 88 Link Link Bundle Bundle Example Example Bit Link Link 11 Bit 77 Bit Link Link 11 Bit 66 Bit Link Link 22 Bit 55 Bit Link Link 22 Bit 44 Bit Link Link 33 Bit 33 Bit Link Link 33 Bit 22 Bit Link Link 44 Bit 11 Bit Link Link 44 Bit 00 Cisco Confidential
5 6 7 8
MEC
Access-SW B 31
Etherchannel Concepts Etherchannel Hash Distribution Enhancement The existing hash distribution algorithm requires 100% of flows to be temporarily dropped such that duplicate frames are not sent into the network for the duration of time it takes to reprogram the port ASICs with the new member information… RBH RBH (for (for MEC) MEC) 22 Link Link Bundle Bundle Example Example Link Link Link 22 Link 11
RBH RBH (for (for MEC) MEC) 33 Link Link Bundle Bundle Example Example Link Link Link Link 11 Link 22 Link 33
Flow Flow 11 Flow Flow 33 Flow Flow 55 Flow Flow 77
Flow Flow 11 Flow Flow 44 Flow Flow 77
Flow Flow 22 Flow Flow 44 Flow Flow 66 Flow Flow 88
Flow Flow 22 Flow Flow 55 Flow Flow 88
Flow Flow 33 Flow Flow 66
A new hash distribution algorithm has been introduced with the 12.2(33)SXH release which allows for members of a port channel to be added or removed without the requirement for all traffic on the existing members to be temporarily dropped… © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
32
Etherchannel Concepts Etherchannel Hash Distribution Enhancement Now, when ports are added or removed from an EtherChannel, the load result does not need to be reset on existing member ports, resulting in better recovery times of traffic. Hence it does not affect 100% of the traffic in an Etherchannel. Example below: only Flow 7 and 8 are affected by the addition of an extra link to the Channel RBH RBH (for (for MEC) MEC) 22 Link Bundle Link Bundle Example Example Link Link Link 11 Link 22
RBH RBH (for (for MEC) MEC) 33 Link Bundle Link Bundle Example Example Link Link Link Link 11 Link 22 Link 33
Flow Flow 11 Flow Flow 33 Flow Flow 55 Flow Flow 77
Flow Flow 11 Flow Flow 33 Flow Flow 55
Flow Flow 22 Flow Flow 44 Flow Flow 66 Flow Flow 88
Flow Flow 22 Flow Flow 44 Flow Flow 66
Flow Flow 77 Flow Flow 88
vss#conf vss#conf tt Enter Enter configuration configuration commands, commands, one one per per line. line. End End with with CNTL/Z. CNTL/Z. vss(config)#port-channel vss(config)#port-channel hash-distribution hash-distribution adaptive adaptive vss(config)# vss(config)# ^Z ^Z vss# vss#
Although this new load-distribution algorithm requires configuration for regular EtherChannel and Multi-Chassis EtherChannel (MEC) interfaces, it will be the default load-distribution algorithm used on the VSLs 33
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Etherchannel Concepts Determination of Hash Result A command can be invoked to allow users to determine which physical link a given flow of traffic will leverage within a port channel group. The user will need to provide inputs to the command and the hashing algorithm will compute the physical link that will be selected for the traffic mix and algorithm.
vss#sh vss#sh 120 120 ip ip
etherchannel etherchannel load-balance load-balance hash-result hash-result interface interface port-channel port-channel 192.168.220.10 192.168.220.10 192.168.10.10 192.168.10.10
Computed Computed RBH: RBH: 0x4 0x4 Would Would select select Gi1/2/1 Gi1/2/1 of of Po120 Po120
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
34
Virtual Switching System Deployment Considerations VSS will incorporate some deployment considerations as best practice…
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
35
Agenda Introduction to VSS Virtual Switching Architecture Etherchannel Concepts Integrated Hardware Requirements Services Routers Conversion Process Operational Management High Availability Quality of Service © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
36
Virtual Switching System VSL Hardware Considerations The Virtual Switch Link requires special hardware as noted below…
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
37
Virtual Switching System Other Hardware Considerations
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
38
Virtual Switching System Software Considerations Along with the hardware considerations, Virtual Switching System also has some software considerations…
12.2(33)SXH1 is the first version that supports VSS
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
39
Hardware Requirements Distributed Forwarding Cards Distributed Forwarding Cards (DFCs) improve the performance of the Catalyst 6500 by offloading the lookup processing from the PFC to the ingress linecard. Only DFC3C or DFC3CXL is supported in a Virtual Switch domain. If DFCs are not used on CEF720 modules, a Centralized Forwarding Card (CFC) must be installed in its place…
Note Note that that ifif aa lower lower revision revision DFC DFC (3A, (3A, 3B 3B or or 3BXL) 3BXL) is is used used in in aa VSL VSL domain, domain, the the system system will will fall fall to to aa lowest lowest common common denominator denominator mode mode which which will will not not allow allow support support for for VSL… VSL…
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
40
Catalyst 6500 Supervisors PFC3A vs. PFC3B vs. PFC3C Sup/Feature
PFC3A
Supervisor
Sup720
SW
12.2(17)SXB
FIB TCAM Adjacency Table NetFlow Table MAC Table IPv6 FIB Entries Native MPLS EoMPLS ACE Counters ACL Labels VSL
256K 1M 128K (64K) 64K (32K) 128K No No No 512 No
PFC3B Sup720 / Sup32 12.2(17)SXB / 12.2(18)SXF 256K 1M 128K (115K) 64K (32K) 128K Yes Yes Yes 4K No
PFC3B-XL Sup720 12.2(17d)SXB1 1M 1M 256K (230K)
64K (32K) 500K Yes Yes Yes 4K No
PFC3C
PFC3C-XL Sup720Sup720-10GbE 10GbE 12.2(33)SXH 12.2(33)SXH 12.2(33)SXH 256K 1M 1M 1M 128K (115K) 256K(230K) 96K(80K) 96(80K) 128K 500K Yes Yes Yes Yes Yes Yes 4K 4K Yes Yes
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet09186a0080159856_ps4835_Products_Data_Sheet.html http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9336/product_data_sheet0900aecd806ed759.html © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
41
Agenda Introduction to VSS Virtual Switching Architecture Etherchannel Concepts Integrated Hardware Requirements Services Routers Conversion Process Operational Management High Availability Quality of Service © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
42
Conversion Process Conversion to VSS The conversion process requires configuration of both switches that will form part of the Virtual Switch Domain and requires a reboot on the part of both switches during the conversion…
It is recommended to have the interfaces forming the VSL be connected prior to the conversion process as it will minimize the number of times the chassis will be reloaded. It is also recommended to begin the conversion process using a default configuration as the conversion process will remove any previous configuration that pre-exists on the standalone chassis. © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
43
Conversion Process Conversion to VSS For the purposes of this explanation - let’s assume the following setup is required…
Switch - 1
Switch - 2
T5/4
T5/4
VSL Link Bundle T5/5
T5/5
Port-Channel 1
Port-Channel 2
Switch Virtual Domain #10
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
44
Conversion Process Step 1: Configure Virtual Switch ID and Domain On the two switches, configure the same VS Domain number (in this case it is 10), but unique Switch IDs Switch - 1
Switch - 2
Router(config)#host VSS VSS(config)#switch virtual domain 10
Router(config)#host VSS VSS(config)#switch virtual domain 10
Domain ID 10 config will take effect only after the exec command 'switch convert mode virtual' is issued
Domain ID 10 config will take effect only after the exec command 'switch convert mode virtual' is issued
VSS(config-vs-domain)#switch 1 VSS(config-vs-domain)#exit
VSS(config-vs-domain)#switch 2 VSS(config-vs-domain)#exit
Note: The Domain ID is retained in the configuration, but the Switch ID is not – this is stored as a variable in ROMMON. To see this value:
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
45
Conversion Process Step 2: VSL Configuration – Configure the VSL Port Channel and member ports Choose unique Port Channel IDs for each chassis to form the VSL and configure them with the corresponding Switch ID Add the ports on each switch to the port channel that corresponds to the respective side of the VSL Switch - 1
Switch - 2
VSS(config)#interface port-channel 1 ! Associates Switch 1 as owner of port channel 1 VSS(config-if)#switch virtual link 1
VSS(config-if)#interface port-channel 2 ! Associates Switch 2 as owner of port channel 2 VSS(config-if)#switch virtual link 2
VSS(config-if)#interface range tenG 5/4 - 5 ! Adds this interface to channel group 1 VSS(config-if-range)#channel-group 1 mode on
VSS(config-if)#interface range tenG 5/4 - 5 ! Adds this interface to channel group 2 VSS(config-if-range)#channel-group 2 mode on
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
46
Conversion Process Step 3: Convert to Virtual Switch Mode Convert both switches to Virtual Switch mode using the following exec command: Switch - 1
Switch - 2
vss#switch convert mode virtual
vss#switch convert mode virtual
This command will convert all interface names to naming convention "interface-type switch-number/slot/port", save the running config to startup-config and reload the switch. Do you want to proceed? [yes/no]: yes Converting interface names Building configuration... [OK] Saving converted configuration to bootflash: ... Destination filename [startupconfig.converted_vs-20071031-150039]?
This command will convert all interface names to naming convention "interface-type switchnumber/slot/port", save the running config to startup-config and reload the switch. Do you want to proceed? [yes/no]: yes Converting interface names Building configuration... [OK] Saving converted configuration to bootflash: ... Destination filename [startupconfig.converted_vs-20071031-150018]? AT THIS POINT THE SWITCH WILL REBOOT
AT THIS POINT THE SWITCH WILL REBOOT © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
47
Conversion Process When the two switches are brought online, they will proceed with VSL initialization and bring up their respective VSL ports. The two switches communicate with each other and determine Active and Standby role. Switch - 1
SWITCH CONSOLE OUTPUT System detected Virtual Switch configuration... Interface TenGigabitEthernet 1/5/4 is member of PortChannel 1 Interface TenGigabitEthernet 1/5/5 is member of PortChannel 1 00:00:26: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch Initializing as Virtual Switch ACTIVE processor 00:01:19: %VSLP-5-RRP_ROLE_RESOLVED: Role resolved as ACTIVE by VSLP 00:01:19: %VSL-5-VSL_CNTRL_LINK: New VSL Control Link 5/4 © 2007 Cisco Systems, Inc. All rights reserved.
Switch - 2
SWITCH CONSOLE OUTPUT System detected Virtual Switch configuration... Interface TenGigabitEthernet 2/5/4 is member of PortChannel 2 Interface TenGigabitEthernet 2/5/5 is member of PortChannel 2 00:00:26: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch Initializing as Virtual Switch STANDBY processor 00:01:02: %VSLP-5-RRP_ROLE_RESOLVED: Role resolved as STANDBY by VSLP 00:01:02: %VSL-5-VSL_CNTRL_LINK: New VSL Control Link 5/4
Cisco Confidential
48
Conversion Process Step 4: Finalize Virtual Switch Configuration This command will get the VSL related commands from the Standby Switch and update the startup-configuration with the new merged configurations Note that only VSL-related configurations are merged with this step – all other configuration will be lost and requires manual intervention. This step is only applicable for a first-time conversion. Switch - 1 SWITCH CONSOLE OUTPUT vss-demo#switch accept mode virtual This command will populate the above VSL configuration from the standby switch into the running configuration. The startup configuration will also be updated with the new merged configuration if merging is successful. Do you want to proceed? [yes/no]: yes Merging the standby VSL configuration... Building configuration... 00:11:33: %PFINIT-SW1_SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. [OK]
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
49
Conversion Process Conversion to VSS Configuration for the conversion takes the following path… Switch - 1
Switch - 2 vss-sdby>en Standby console disabled vss-sdby>
vss#sh switch virtual Switch mode : Virtual switch domain number : Local switch number : Local switch operational role: Peer switch number : Peer switch operational role : vss-demo#
Virtual Switch 10 1 Virtual Switch Active 2 Virtual Switch Standby
Both switches are now converted with Switch 1 as the Master (Active) and Switch 2 as the Standby Switch 2 console is now disabled for normal console activity…
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
50
Conversion Process Boot-up Priority Normal operation is for first switch to boot to assume VS Active role - this behavior can be changed allowing a pre defined switch to assume Active role by specifying a priority (higher priority uses a higher number)…
VSS#sh VSS#sh switch switch virtual virtual role role Switch Switch
Switch Priority Session Switch Status Status Preempt Preempt Priority Role Role Session ID ID Number Oper(Conf) Oper(Conf) Local Remote Number Oper(Conf) Oper(Conf) Local Remote ----------------------------------------------------------------------------------------------------------------------------------LOCAL 11 UP FALSE(N) 110(110) 00 00 LOCAL UP FALSE(N) 110(110) ACTIVE ACTIVE REMOTE 22 UP FALSE(N) 100(100) 1391 REMOTE UP FALSE(N) 100(100) STANDBY STANDBY 9114 9114 1391
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
51
Switch Preemption Once the active and standby roles have been determined, they cannot be changed without manual intervention If we need to always prefer a particular physical switch to assume the Virtual Switch Active role, then we can leverage the Switch Preemption feature. Please Note: Use this feature with caution since preemption is not advisable in most designs. The SSO behavior requires that in order for switch 1 to become active switch 2 will have to reboot to come up in standby mode. So unlike HSRP preemption where we have reasons to pre-empt and we have very little impact to active traffic flows in the VSS case there is no reason to move the active role (and we do suffer from a full reboot of one of the two switches
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
52
Agenda Introduction to VSS Virtual Switching Architecture Etherchannel Concepts Integrated Hardware Requirements Services Routers Conversion Process Operational Management High Availability Quality of Service © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
53
Operational Management Virtual Switch CLI Multiple console interfaces exist within a Virtual Switch Domain, but only the active RP/SP consoles are enabled for command interaction…
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
54
Operational Management Reloading the VSS and reloading a member The command “reload” will reload entire Virtual Switch System (both chassis)
To reload each chassis individually we need to specify the Switch ID
vss#reload vss#reload Warning: Warning: This This command command will will reload reload the the entire entire Virtual Virtual Switching System (Active and Standby Switch). Switching System (Active and Standby Switch). Proceed Proceed with with reload? reload? [confirm] [confirm] 1d04h: 1d04h: %SYS-5-RELOAD: %SYS-5-RELOAD: Reload Reload requested requested by by console. console. Reload Reload Reason: Reason: Reload Reload Command. Command. *** *** *** *** ----- SHUTDOWN SHUTDOWN NOW NOW ----*** *** 1d04h: 1d04h: %SYS-SP-5-RELOAD: %SYS-SP-5-RELOAD: Reload Reload requested requested System System Bootstrap, Bootstrap, Version Version 8.5(1) 8.5(1) Copyright Copyright (c) (c) 1994-2006 1994-2006 by by cisco cisco Systems, Systems, Inc. Inc. Cat6k-Sup720/SP Cat6k-Sup720/SP processor processor with with 1048576 1048576 Kbytes Kbytes of of main main memory memory © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
vss#redundancy vss#redundancy reload reload shelf shelf ?? shelf id shelf id vss#redundancy vss#redundancy reload reload shelf shelf 22 Reload the entire remote Reload the entire remote shelf[confirm] shelf[confirm] Preparing to reload remote Preparing to reload remote shelf shelf vss# vss# 55
Operational Management Setting the System-wide PFC Mode • Only PFC/DFC 3C/CXL are supported in a VSS. • It is possible to mix modules in a 3C and 3CXL system: the system will take the lowest common denominator as the system-wide PFC mode. • In a VSL environment is basically the mode negotiation happens even before the modules are brought up • A new CLI has been implemented to allow the user to pre-configure the system mode to prevent modules from not powering up…
vs-vsl#conf vs-vsl#conf tt Enter Enter configuration configuration commands, commands, one one per per line. line. End End with with CNTL/Z. CNTL/Z. vs-vsl(config)#platform vs-vsl(config)#platform hardware hardware vsl vsl pfc pfc mode mode pfc3c pfc3c vs-vsl(config)#^Z vs-vsl(config)#^Z vs-vsl# vs-vsl#
© 2007 Cisco Systems, Inc. All rights reserved.
vs-vsl#sh vs-vsl#sh platform platform hardware hardware pfc pfc mode mode PFC PFC operating operating mode mode :: PFC3C PFC3C Configured Configured PFC PFC operating operating mode mode :: PFC3C PFC3C vs-vsl# vs-vsl#
Cisco Confidential
56
Operational Management SNMP Support for VSS The SNMP process for a VSS necessitates support for “Put’s” and “Get’s” across 2 physical chassis, changes to existing MIB’s and support for a new MIB… SNMP Server
SNMP Put’s
SNMP SNMP Modified Modified MIB’s MIB’s
SNMP SNMP New New MIB’s MIB’s
SNMP Get’s
Switch 1 - Active
Switch 2 - Standby
SNMP Process Active
SNMP Process Inactive
Virtual Switch Domain
CISCO-VIRTUAL-SWITCH-MIB has been defined to support SNMP access to the Virtual Switch Configuration - the following MIB variables are accessible to an SNMP manager… © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
57
Operational Management Slot/Port Numbering After conversion, port definitions for switches within the Virtual Switch Domain inherit the Chassis ID as part of their naming convention… PORT PORT NUMBERING: NUMBERING: Chassis-ID WILL ALWAYS be either a “1” or a “2”
Router#show Router#show ip ip interface interface brief brief Interface IP-Address Interface IP-Address Vlan1 unassigned Vlan1 unassigned Port-channel1 unassigned Port-channel1 unassigned Te1/1/1 10.1.1.1 Te1/1/1 10.1.1.1 Te1/1/2 192.168.1.2 Te1/1/2 192.168.1.2 Te1/1/3 unassigned Te1/1/3 unassigned Te1/1/4 unassigned Te1/1/4 unassigned GigabitEthernet1/2/1 10.10.10.1 GigabitEthernet1/2/1 10.10.10.1 GigabitEthernet1/2/2 10.10.11.1 GigabitEthernet1/2/2 10.10.11.1
OK? OK? YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES YES
Method Method NVRAM NVRAM NVRAM NVRAM unset unset unset unset unset unset unset unset unset unset unset unset
Status Status up up up up up up up up up up up up up up up up
Protocol Protocol up up up up up up up up up up up up up up up up
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
58
Operational Management File System Naming After the conversion to a Virtual Switch, some of the File System naming conventions have changed to accommodate the new setup - an example of the new setup is shown below… SWSLOTFILESYSTEM SWSLOTFILESYSTEM e.g. OLD: disk0: NEW: sw1-slot5-disk0:
AN EXAMPLE
e.g. OLD: slavedisk0: NEW: sw2-slot5-disk0:
Virtual Switch Domain
Active Supervisor - Slot 5
© 2007 Cisco Systems, Inc. All rights reserved.
Switch 1
Hot Standby Supervisor - Slot 5
Cisco Confidential
Switch 2
59
Operational Management File System Naming The Filesystems in a VSS environment are completely managed from the Active Switch’s console. All filesystem activities take place at single centralized location… vs-vsl#dir vs-vsl#dir sw1-slot5-sup-bootdisk: sw1-slot5-sup-bootdisk: Directory Directory of of sup-bootdisk:/ sup-bootdisk:/ 11 -rwx -rwx 22 -rwx -rwx
33554496 33554496 Jan Jan 10 10 2007 2007 14:53:16 14:53:16 150198412 Feb 7 2007 150198412 Feb 7 2007 17:28:56 17:28:56
+00:00 +00:00 sea_log.dat sea_log.dat +00:00 +00:00 s72033-adventerprisek9_wan_dbg-vz.0124_all s72033-adventerprisek9_wan_dbg-vz.0124_all
vs-vsl#dir vs-vsl#dir sw2-slot5-sup-bootdisk: sw2-slot5-sup-bootdisk: Directory Directory of of slavesup-bootdisk:/ slavesup-bootdisk:/ 11 -rwx -rwx 22 -rwx -rwx
33554464 33554464 150678668 150678668
© 2007 Cisco Systems, Inc. All rights reserved.
Feb Feb Feb Feb
99 99
2007 2007 2007 2007
16:39:02 16:39:02 16:45:14 16:45:14
+00:00 +00:00 sea_log.dat sea_log.dat +00:00 +00:00 s72033-adventerprisek9_wan_dbg-vz.cef s72033-adventerprisek9_wan_dbg-vz.cef
Cisco Confidential
60
Operational Management File System Naming Some filenames have remained the same - others have changed - some examples of file system names in a Virtual Switch include the following…
PREVIOUS PREVIOUS
VIRTUAL VIRTUAL SWITCH SWITCH
disk0: disk0: slavedisk0: slavedisk0:
swslotdisk0: swslotdisk0: swslotdisk0: swslotdisk0:
bootflash: bootflash: slavebootflash: slavebootflash:
swslotbootflash: swslotbootflash: swslotbootflash: swslotbootflash:
sup-bootdisk: sup-bootdisk: slavesup-bootdisk: slavesup-bootdisk:
swslotsup-bootdisk: swslotsup-bootdisk: swslotsup-bootdisk: swslotsup-bootdisk:
nvram: nvram: slavenvram: slavenvram:
swslotnvram: swslotnvram: swslotnvram: swslotnvram:
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
61
Operational Management Netflow In a Virtual Switch, with both Data Planes active, Netflow data collection is performed on each Supervisor’s PFC - while Netflow export is only performed by the Control Plane on the VS Active … Switch 1 Supervisor
Virtual Switch Domain
Switch 2 Supervisor
VSL VS State : Standby Control Plane: Standby Data Plane: Active Netflow Collection: Active Netflow Export: In-Active
VS State : Active Control Plane: Active Data Plane: Active Netflow Collection: Active Netflow Export: Active
Netflow operation in a Virtual Switch is similar to the way in which Netflow operates in a single chassis with Distributed Forwarding Card’s (DFC) present… © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
62
Operational Management Netflow Export The Virtual Switch Link will be used as the transit path to allow the standby Sup to forward Netflow data to the active Supervisor for Netflow export - the VS Link should be dimensioned to accommodate the expected Netflow export load… Netflow Collector
Switch 1 Supervisor
Netflow Data
Virtual Switch Domain Netflow Export
Switch 2 Supervisor
Netflow Data
VSL
VS State : Active Netflow Collection: Active Netflow Export: Active © 2007 Cisco Systems, Inc. All rights reserved.
VS State : Standby Netflow Collection: Active Netflow Export: In-Active Cisco Confidential
63
IOS Image Upgrade Full image upgrade process using Fast Software Upgrade (FSU): similar to that of two supervisor engines within a standalone chassis today
SW1-Slot5
SW2-Slot5
Switch 1
Switch 2
NAME NAME
CONTROL CONTROL PLANE PLANE
FABRIC FABRIC STATE STATE
REDUNDANCY REDUNDANCY
SW1-SLOT5 SW1-SLOT5
Active Active
Active Active
--
SW2-SLOT5 SW2-SLOT5
Hot Hot Standby Standby
Active Active
SSO SSO
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
65
IOS Image Upgrade 1 Manually copy the new image or filesystem onto the appropriate flash device of each supervisor. No impact to forwarding.
SW1-Slot5
SW2-Slot5
Switch 1
Switch 2
NAME NAME
CONTROL CONTROL PLANE PLANE
FABRIC FABRIC STATE STATE
REDUNDANCY REDUNDANCY
SW1-SLOT5 SW1-SLOT5
Active Active
Active Active
--
SW2-SLOT5 SW2-SLOT5
Hot Hot Standby Standby
Active Active
SSO SSO
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
66
IOS Image Upgrade 1 Commands to copy the new image to the flash file system of both supervisors (Active and Hot Standby)
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
67
IOS Image Upgrade 2 Modify boot variables to point to the new image or filesystem and reload Switch 2. Switch 2 should reset and boot into the new image in RPR mode. System bandwidth falls to 50%
SW1-Slot5
SW2-Slot5
Switch 1
Switch 2
NAME NAME
CONTROL CONTROL PLANE PLANE
FABRIC FABRIC STATE STATE
REDUNDANCY REDUNDANCY
SW1-SLOT5 SW1-SLOT5
Active Active
Active Active
--
SW2-SLOT5 SW2-SLOT5
Cold Cold
Standby Standby
RPR RPR
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
68
IOS Image Upgrade 2.1 Modify the boot variable on Switch 1 (Active VS) to point to the new image or file system and save the configuration – this will synchronize the boot variable to Switch 2 (Standby VS) as well.
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
69
IOS Image Upgrade 2.2 Schedule a change window and when possible, reload Switch 2 (Standby VS).
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
70
IOS Image Upgrade 2.3 After successful boot up of the Switch 2 (Standby VS), verify the peer relationship between Supervisors are in RPR state (Cold Standby).
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
71
IOS Image Upgrade 3 Switch over Active supervisor to Switch 2 when desired. System capacity will drop to 0% temporarily and return to 50% once SW2-Slot5 completely boots up and becomes active. SW1-Slot5 will continue to boot up…
SW1-Slot5
SW2-Slot5
Switch 1
Switch 2
NAME NAME
CONTROL CONTROL PLANE PLANE
FABRIC FABRIC STATE STATE
REDUNDANCY REDUNDANCY
SW1-SLOT5 SW1-SLOT5
Cold Cold
Standby Standby
RPR RPR
SW2-SLOT5 SW2-SLOT5
Active Active
Active Active
--
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
72
IOS Image Upgrade 3.1 When possible, perform a supervisor or chassis switchover such that Switch 2 (previous Standby VS) now assumes the Active role whilst Switch 1 (previous Active VS) is reloaded. At this time, a total VSS outage will be expected as Switch 2 transitions from an RPR Cold Standby state to the Active state.
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
73
IOS Image Upgrade 3.2 Once Switch 2 is completely online, it will re-peer with its neighbors and form any applicable relationships and traffic will be forwarded through the VSS again at 50% capacity while Switch 1 continues to boot up with the new image or filesystem.
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
74
IOS Image Upgrade 4 After Switch 1 comes online again, it will return to SSO mode as it will now be running the new version of software and traffic will return to 100% capacity…
SW1-Slot5
SW2-Slot5
Switch 1
Switch 2
NAME NAME
CONTROL CONTROL PLANE PLANE
FABRIC FABRIC STATE STATE
REDUNDANCY REDUNDANCY
SW1-SLOT5 SW1-SLOT5
Hot Hot Standby Standby
Active Active
SSO SSO
SW2-SLOT5 SW2-SLOT5
Active Active
Active Active
--
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
75
IOS Image Upgrade 4 After Switch 1 is completely brought back online and all interfaces are active, it will enter into NSF/SSO state with Switch 2.
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
76
IOS Image Upgrade The following graph illustrates the aggregate traffic for the VSL system during the full image upgrade:
1 1] Copy new image in both switches
2.1
2.2 2.2] Reboot SW2
2.1] Change bootvar in both switches © 2007 Cisco Systems, Inc. All rights reserved.
2.3
3.1
3.2
3.1] Switchover from SW1 to SW2
2.3] SW2 comes back in RPR Cisco Confidential
4 4] SW1 is completely rebooted and comes back in SSO mode
3.2] SW2 comes back from the Cold Standby mode 77
Agenda Introduction to VSS Virtual Switching Architecture Etherchannel Concepts Integrated Hardware Requirements Services Routers Conversion Process Operational Management High Availability Quality of Service © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
78
High Availability Redundancy Schemes The default redundancy mechanism between the 2 VSS chassis and their associated supervisors is NSF/SSO, allowing state information and configuration to be synchronized. Only in NSF/SSO mode does the Standby supervisor PFC, Switch Fabric, modules and their associated DFCs become active… Switch 2 12.2(33)SXH1 NSF/SSO
Switch 1 12.2(33)SXH1 Active VSL
Should a mismatch of information occur between the Active and Standby Chassis, the Standby Chassis will revert to RPR mode, where all the modules will be powered down (except for the VSL ports)
Switch 2 12.2(33)SXH2 RPR
Switch 1 12.2(33)SXH1 Active VSL © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
79
High Availability Dual-Active Detection In a Virtual Switch Domain, one switch is elected as Active and the other is elected as Standby during bootup by VSLP. Since the VSL is always configured as a Port Channel, the possibility of the entire VSL bundle going down is remote, however it is a possibility… Switch 1 Supervisor
Virtual Switch Domain
Switch 2 Supervisor
VSL
VS State : Standby Control Plane: Standby Data Plane: Active
VS State : Active Control Plane: Active Data Plane: Active
ItIt is is always always recommended recommended to to deploy deploy the the VSL VSL with with 22 or or more more links links and and distribute distribute those those interfaces interfaces across across multiple multiple modules modules to to ensure ensure the the greatest greatest redundancy redundancy
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
80
High Availability Dual-Active Detection If the entire VSL bundle should happen to go down, the Virtual Switch Domain will enter a Dual Active scenario where both switches transition to Active state and share the same network configuration (IP addresses, MAC address, Router IDs, etc…) potentially causing communication problems through the network… Switch 1 Supervisor
Virtual Switch Domain
Switch 2 Supervisor
VSL VS State : Active Control Plane: Active Data Plane: Active
VS State : Active Control Plane: Active Data Plane: Active
2 mechanisms have been implemented in the initial release to detect and recover from a Dual Active scenario: Enhanced Port Aggregation Protocol (PAgP+): uses MEC links to communicate 1 between the two chassis 2
Dual-Active Detection over IP-BFD: uses a backup Ethernet connection.
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
81
High Availability Dual-Active Detection - Enhanced PAgP PAgP+ adds new TLV (switch ID of the active switch) to remote devices connected via EtherChanneled to the Virtual Switch Domain. During normal operation the Virtual Switches will send the ID of the Active VS to the PAgP neighbor, and it will respond with the same Active ID… Switch 1
Active: Switch 1
Switch 2
Switch 1
Active: Switch 1
Active: Switch 1
Switch 2
Active: Switch 2
Should the VSL go down, the Standby switch will transition immediately to Active state and start sending PAgP message with the new Active switch ID © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
82
High Availability Dual-Active Detection - Enhanced PAgP The Enhnaced PAgP-capable neighbor will send the new Active Switch ID to all ports of the port channel that it received the new Active Switch ID on This includes the the previous-active Virtual switch (Switch 1) …
Switch 2
Switch 1
Active: Switch 2
© 2007 Cisco Systems, Inc. All rights reserved.
Active: Switch 2
Cisco Confidential
83
High Availability Dual-Active Detection - Enhanced PAgP When Switch 1 receives PAgP messages with Active Switch = 2, it will know that a Dual-Active scenario has occurred Recovery Mode: Switch 1 will then bring down all non-VSL interfaces (except interfaces configured to be excluded from shutdown)
Dual-Active!! Dual-Active!! Switch 1
Active: Switch 2
© 2007 Cisco Systems, Inc. All rights reserved.
Switch 2
Switch 1
Active: Switch 2
Switch 2
Active: Switch 2
Cisco Confidential
84
High Availability Dual-Active Detection - Enhanced PAgP vs-vsl#conf vs-vsl#conf tt Enter Enter configuration configuration commands, commands, one one per per line. line. End End with with CNTL/Z. CNTL/Z. vs-vsl(config)#switch vs-vsl(config)#switch virtual virtual domain domain 10 10 vs-vsl(config-vs-domain)#dual-active detection vs-vsl(config-vs-domain)#dual-active detection pagp pagp vs-vsl(config-vs-domain)#dual-active vs-vsl(config-vs-domain)#dual-active trust trust channel-group channel-group 20 20 vs-vsl# vs-vsl#
Dual-Active Detection capabilities require that the neighboring device be Dual-Active Detection Aware. This can be verified with the following command… vs-vsl#sh vs-vsl#sh switch switch virtual virtual dual-active dual-active pagp pagp Channel Channel group group 20 20 dual-active dual-active detect detect capability capability Dual-Active Dual-Active version: version: 1.1 1.1 Dual-Active configured: Dual-Active configured: Yes Yes Dual-Active Partner Dual-Active Partner Port Detect Port Detect Capable Capable Name Name Gi1/8/1 Yes vs-access-1 Gi1/8/1 Yes vs-access-1 Gi2/8/1 Yes vs-access-1 Gi2/8/1 Yes vs-access-1
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
w/nbrs w/nbrs
Partner Partner Port Port Gi5/1 Gi5/1 Gi5/2 Gi5/2
Partner Partner Version Version 1.1 1.1 1.1 1.1 86
High Availability Dual-Active Detection - IP-BFD This method uses a dedicated L3 direct link heartbeat mechanism between the Virtual Switches. IP-BFD (Bi-Directional Forwarding Detection) is used to assist the fast detection of a failed VSL VSL
IP-BFD Heartbeat Link
Switch 1
Switch 2
VSL BFD BFD
Switch 1
BFD BFD
IP-BFD Heartbeat Link
Switch 2
IfIf the the VSL VSL goes goes down, down, both both chassis chassis create create BFD BFD neighbors, neighbors, and and try try to to establish establish adjacency. adjacency. IfIf the the original original active active chassis chassis receives receives an an adjacency adjacency message, message, itit realizes realizes that that this this is is dual-active dual-active scenario scenario © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
87
High Availability Dual-Active Detection - IP-BFD Two directly-connected interfaces must be configured as BFD message links… The IP-BFD Heartbeat link may exist on any interface but must have an IP address assigned to it on a different network vss(config)#interface vss(config)#interface gigabitethernet gigabitethernet 1/5/1 1/5/1 vss(config-if)#no switchport vss(config-if)#no switchport vss(config-if)#ip vss(config-if)#ip address address 200.230.230.231 200.230.230.231 255.255.255.0 255.255.255.0 vss(config-if)#bfd vss(config-if)#bfd interval interval 100 100 min_rx min_rx 100 100 multiplier multiplier 50 50 vss(config-if)#interface gigabitethernet 2/5/1 vss(config-if)#interface gigabitethernet 2/5/1 vss(config-if)#no vss(config-if)#no switchport switchport vss(config-if)#ip address vss(config-if)#ip address 201.230.230.231 201.230.230.231 255.255.255.0 255.255.255.0 vss(config-if)#bfd vss(config-if)#bfd interval interval 100 100 min_rx min_rx 100 100 multiplier multiplier 50 50 vss(config)#switch vss(config)#switch virtual virtual domain domain 100 100 vss(config-vs-domain)#dual-active detection vss(config-vs-domain)#dual-active detection bfd bfd vss(config-vs-domain)#dual-active vss(config-vs-domain)#dual-active pair pair interface interface gg 1/5/1 1/5/1 interface interface gg 2/5/1 2/5/1 bfd bfd adding adding aa static static route route 200.230.230.0 200.230.230.0 255.255.255.0 255.255.255.0 Gi2/5/1 Gi2/5/1 for for this this dual-active dual-active pair pair adding adding aa static static route route 201.230.230.0 201.230.230.0 255.255.255.0 255.255.255.0 Gi1/5/1 Gi1/5/1 for for this this dual-active dual-active pair pair
Static routes are automatically added for the remote addresses and will only be installed in the RIB should a Dual-Active scenario occur. As a result of this, no packets will be forwarded between the switches via the heartbeat interfaces until the VSL is brought down If the Virtual Switch Standby has taken over as active, a BFD “adjacency up” event will be generated, indicating a Dual-Active situation has occurred. © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
88
High Availability Dual-Active Detection - Exclude Interfaces Upon detection of a Dual Active scenario, all interfaces on the previous-Active switch will be brought down so as not to disrupt the functioning of the remainder of the network. The exception interfaces include VSL members as well as pre-determined interfaces which may be used for management purposes…
vs-vsl#conf vs-vsl#conf tt Enter Enter configuration configuration commands, commands, one one per per line. line. vs-vsl(config)#switch virtual domain 100 vs-vsl(config)#switch virtual domain 100 vs-vsl(config-vs-domain)#dual-active vs-vsl(config-vs-domain)#dual-active exclude exclude vs-vsl(config-vs-domain)#dual-active vs-vsl(config-vs-domain)#dual-active exclude exclude vs-vsl(config-vs-domain)# vs-vsl(config-vs-domain)# ^Z ^Z vs-vsl# vs-vsl#
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
End End with with CNTL/Z. CNTL/Z. interface interface Gig Gig 1/5/1 1/5/1 interface interface Gig Gig 2/5/1 2/5/1
89
High Availability Dual-Active Recovery The network administrator is notified of the Dual-Active situation through the CLI, syslog,etc Upon the restoration of one or more VSL interfaces, VSLP will detect this and will proceed to reload Switch 1 so that it may be able to re-negotiate Active/Standby role after bootup… Switch 1
Switch 2
VSL VSL Up! Up! Reload… Reload…
Switch 1
VSLP VSLP
VSLP VSLP
Switch 2
After role has been resolved and SSO Hot Standby mode is possible, interfaces will be brought up and traffic will resume back to 100% capacity… © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
90
Agenda Introduction to VSS Virtual Switching Architecture Etherchannel Concepts Integrated Hardware Requirements Services Routers Conversion Process Operational Management High Availability Quality of Service © 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
91
Quality of Service Classification & Policing Classification and Policing functions are handled by PFC QoS, and is executed by either the PFC on the Active and Hot Standby Supervisor, or the ingress linecard DFC. There are 2 important caveats which must be understood 1 Policies must either be applied on L3 interfaces (SVIs or Physical interfaces), or Port Channels. Policies on L2 interfaces are not supported in this release. policy-map policy-map CLASSIFY CLASSIFY class class-default class class-default set set ip ip dscp dscp 40 40 interface interface GigabitEthernet GigabitEthernet 2/3/48 2/3/48 switchport switchport service-policy service-policy input input CLASSIFY CLASSIFY
policy-map policy-map CLASSIFY CLASSIFY class class class-default class-default set set ip ip dscp dscp 40 40 interface interface PortChannel PortChannel 10 10 switchport switchport service-policy service-policy input input CLASSIFY CLASSIFY
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
92
Quality of Service - Classification & Policing 2 Aggregate policers that are applied on SVIs or Port Channels that have interfaces distributed across multiple forwarding engines are subject to Distributed Policing caveats… policy-map policy-map POLICE POLICE class class class-default class-default police police average average 10000000 10000000
Interface Interface GigabitEthernet GigabitEthernet 1/2/10 1/2/10 channel-group 20 mode desireable channel-group 20 mode desireable Interface Interface GigabitEthernet GigabitEthernet 2/2/10 2/2/10 channel-group channel-group 20 20 mode mode desireable desireable interface interface PortChannel PortChannel 20 20 service-policy service-policy input input POLICE POLICE
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
93
Quality of Service QoS on the VSL The VSL itself has QoS provisioned by default and in the FCS release of the software, it is not configurable. A few important aspects relating to VSL QoS are as follows: 1 VSLP and other Control frames are always marked as Priority packets and are always queued and classified as such 2 VSL is always configured as “Trust CoS” and hence ingress queuing is enabled 3 Service Policies are not supported on the VSL 4 CoS Maps, Thresholds and Queues are not configurable on the VSL VSL HTTP HTTP
FTP FTP
Switch 1
© 2007 Cisco Systems, Inc. All rights reserved.
VSLP VSLP
Switch 2
Cisco Confidential
94
Virtual Switching System Summary
Allows two physical Catalyst 6500’s to operate as a single logical Catalyst 6500 switch VSS reduces number of routing nodes and routing protocol overhead Multi-Chassis Etherchannel provides new benefits for STP elimination and improved resiliency Dual Active Recovery mechanisms for VSL failure VSS simplifies network complexity and management overhead by 50 percent, thus increasing operational efficiency and lowering operating expenses (OpEx).
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
95
Want more? VSS Solution Overview http://www.cisco.com/en/US/partner/prod/collateral/switches/ps5718/ps9336/product_soluti on_overview0900aecd806fa5d0.html
Whitepaper: Cisco Catalyst 6500 Series Virtual Switching System (VSS) 1440 http://www.cisco.com/en/US/partner/prod/collateral/switches/ps5718/ps9336/prod_white_p aper0900aecd806ee2ed.html
Virtual Switching System (VSS) Q&A http://www.cisco.com/en/US/partner/prod/collateral/switches/ps5718/ps9336/prod_qas0900 aecd806ed74b.html
For a list of other Cisco products that support enhanced PAgP, refer to Release Notes for Cisco IOS Release 12.2(33)SXH and Later Releases. Partner Education Connection http://www.partnerelearning.com
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
96
Q and A
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
97
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
98
