Cisco Catalyst Virtual Switching System (VSS)palo/Rozne/cisco-expo-2009... · 2010. 1. 11. · FHRP...
Transcript of Cisco Catalyst Virtual Switching System (VSS)palo/Rozne/cisco-expo-2009... · 2010. 1. 11. · FHRP...
© 2009 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialISR G2 TDM © 2009 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Tomáš Kelemen
[email protected] Systems Engineer
CCIE #24395
Cisco Catalyst Virtual Switching System (VSS)
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 2
Agenda
Introduction
Architecture
Hardware Requirements
High Availability
Summary
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 3
Agenda
Introduction
Architecture
Hardware Requirements
High Availability
Summary
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 4
Current Network ChallengesEnterprise Campus
Traditional Enterprise Campus deployments have been designed in
such a way that allows for scalability, differentiated services and
high availability. However they also face many challenges, some of
which are listed in the below diagram…
Access
L2/L3
Distribution
L3 Core
FHRP, STP,
Asymmetric routing,
Policy Management
Extensive routing
topology, Routing
reconvergence
Single active uplink
per VLAN (PVST), L2
reconvergence
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 5
Current Network ChallengesData Center
Traditional Data Center designs are requiring ever increasing Layer 2
adjacencies between Server nodes due to prevalence of Virtualization
technology. However, they are pushing the limits of Layer 2 networks, placing
more burden on loop-detection protocols such as Spanning Tree…
L2/L3 Core
L2
Distribution
L2 Access
Dual-Homed Servers to
single switch, Single
active uplink per VLAN
(PVST), L2
reconvergence
Single active uplink per
VLAN (PVST), L2
reconvergence,
excessive BPDUs
FHRP, HSRP, VRRP
Spanning Tree
Policy Management
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 6
VSS (Physical View)
SiSi SiSi SiSi SiSi
Access Switch orToR or Blades
ServerServer Server
10GE 10GE
Access Switch orToR or Blades
Access Switch orToR or Blades
802.3ad
Today (Today) VSS (Logical View)
802.3ador
PagP
802.3ador
PagP 802.3ad
Simplifies operational Manageability via Single point of Management, Elimination of STP,
FHRP etc
Doubles bandwidth utilization with Active-Active Multi-Chassis Etherchannel
(802.3ad/PagP) Reduce Latency
Minimizes traffic disruption from switch or uplink failure with Deterministic subsecond
Stateful and Graceful Recovery (SSO/NSF)
Catalyst 6500 Virtual Switching System 1440Overview
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 7
Introduction to Virtual Switching SystemConcepts
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 8
Virtual Switching System Enterprise Campus
A Virtual Switching System-enabled Enterprise Campus network
takes on multiple benefits including simplified management &
administration, facilitating greater high availability, while maintaining
a flexible and scalable architecture…
Access
L2/L3
Distribution
L3 Core
No FHRPs
No Looped topology
Policy Management
Reduced routing
neighbors, Minimal
L3 reconvergence
Multiple active
uplinks per VLAN, No
STP convergence
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 9
Virtual Switching System Data Center
A Virtual Switching System-enabled Data Center allows for maximum
scalability so bandwidth can be added when required, but still providing a
larger Layer 2 hierarchical architecture free of reliance on Spanning Tree…
L2/L3 Core
L2
Distribution
L2 Access
Dual-Homed
Servers, Single
active uplink per
VLAN (PVST), Fast
L2 convergence
Dual Active Uplinks,
Fast L2 convergence,
minimized L2 Control
Plane, Scalable
Single router node,
Fast L2 convergence,
Scalable architecture
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 10
Agenda
Introduction
Architecture
Hardware Requirements
High Availability
Summary
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 11
Virtual Switching System ArchitectureVirtual Switch Link
The Virtual Switch Link joins the two physical switch together - it
provides the mechanism to keep both the chassis in sync
A Virtual Switch Link bundle can consist of up
to 8 x 10GE links
All traffic traversing the VSL link is encapsulatedwith 32 byte “Virtual Switch Header” containingingress and egress switchport indexes, class ofservice (COS), VLAN number, other importantinformation from the layer 2 and layer 3 header
Control plane uses VSL CPUto CPU communications whilethe data plane uses VSL toextend the internal chassisfabric to the remote chassis
Virtual Switch Active
Virtual Switch Standby
Virtual Switch Link
VS Header L2 Hdr L3 Hdr Data CRC
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 12
Virtual Switching System ArchitectureVSL Initialization
Before the Virtual Switching System domain can become active, the Virtual
Switch Link (VSL) must be brought online to determine Active and Standby
roles. The initialization process essentially consists of 3 steps:
Role Resolution Protocol (RRP) used to determine compatible Hardware and
Software versions to form the VSL as well as determine which switch becomes
Active and Hot Standby from a control plane perspective
LMP
RRP
Link Management Protocol (LMP) used to track and reject Unidirectional Links,
Exchange Chassis ID and other information between the 2 switches
Link Bringup to determine which ports form the VSL1
2
3
LMP
RRP
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 13
Virtual Switching System ArchitectureVSL Configuration Consistency Check
After the roles have been resolved through RRP, a Configuration Consistency
Check is performed across the VSL switches to ensure proper VSL operation.
The following items are checked for consistency:
Switch Virtual Domain ID
Switch Virtual Switch ID
Switch Priority
Switch Preempt
VSL Port Channel Link ID
VSL Port state, interfaces…
Power Redundancy mode
Power Enable on VSL cards
Note that if configurations do not match, the Hot-Standby Supervisor will
revert to RPR mode, disabling all non-VSL interfaces…
Virtual Switch
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 14
Virtual Switching System ArchitectureVSLP Ping
A new ping mechanism has been implemented in VSS mode to allow
the user to objectively verify the health of the VSL itself. This is
implemented as a VSLP Ping
VSL
Switch1 Switch2
VSLP Ping
vss#ping vslp output interface tenGigabitEthernet 1/5/4
Type escape sequence to abort.
Sending 5, 100-byte VSLP ping to peer-sup via output port 1/5/4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 ms
The VSLP Ping operates on a per-physical interface basis and parameters such as COUNT,
DESTINATION, SIZE, TIMEOUT may also be specified…
VSLP Ping
VSLP PingVSLP Ping
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 15
Virtual Switching SystemUnified Control Plane
One supervisor in each chassis with inter-chassis Stateful Switchover (SSO) method in with one supervisor is ACTIVE and other in HOT_STANDBY mode
Active/standby supervisors run in synchronized mode (boot-env, running-configuration, protocol state, and line cards status gets synchronized)
ACTIVE supervisor manages the control plane functions such as protocols (routing, EtherChannel, SNMP, telnet, etc.) and hardware control (OIR, port management)
Active Supervisor
SF RP PFC
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
Standby HOT Supervisor
SF RP PFC
VSLCFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards
Synchronization
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 16
Virtual Switching SystemDual Active Forwarding Planes
DUAL active forwarding planes & SINGLE control plane
Standby supervisor and all linecards including DFC’s are actively forwarding
VSS#show switch virtual redundancy
My Switch Id = 1
Peer Switch Id = 2<snip>
Switch 1 Slot 5 Processor Information :
-----------------------------------------------
Current Software state = ACTIVE
<snip>
Fabric State = ACTIVE
Control Plane State = ACTIVE
Switch 2 Slot 5 Processor Information :
-----------------------------------------------
Current Software state = STANDBY HOT (switchover target)
<snip>
Fabric State = ACTIVE
Control Plane State = STANDBY
Data PlaneActive
Data Plane Active
SiSiSiSi
Switch1 Switch2
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 17
Virtual Switching System ArchitectureVirtual Switch Domain
A Virtual Switch Domain ID is allocated during the conversion process and
represents the logical grouping the 2 physical chassis within a VSS. It is
possible to have multiple VS Domains throughout the network…
Use a UNIQUE VSS Domain-ID for each VSS Domain throughout the network.
Various protocols use Domain-IDs to uniquely identify each pair.
VSS Domain 10
VSS Domain 30VSS Domain 20
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 18
Virtual Switching System ArchitectureRouter MAC Address Assignment
In a Virtual Switching System, there is only ONE router MAC address
to represent both physical chassis as one logical device.
Router MAC = burnt-in or virtual mac-address
By default, the MAC address allocated to the Virtual Switching System is Active Switch burnt-in
MAC-address, which is negotiated at system initialization. Regardless of either switch being
brought down or up, the same MAC address will be retained such that neighboring network
nodes and hosts do NOT need to re-learn a new address.
virtual mac-address is recommended configuration for VSS environment
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 19
Virtual Switching System ArchitectureVirtual Router MAC Address Assignment
Instead of using default chassis mac-address assignment, from 12.2(33)SXH2 onwards virtual mac-address can be specified as shown below
VSS(config-vs-domain)#switch virtual domain 10
VSS(config-vs-domain)#mac-address use-virtual
Configured Router mac address is different from operational value. Change
will take effect after config is saved and the entire Virtual Switching
System (Active and Standby) is reloaded.
The router MAC address is assigned from a reserved pool (0008.e3ff.fc00 to 0008.e3ff.ffff) of VSS domain-based addresses
VSS#show interface vlan 1
Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is 0008.e3ff.fc0a (bia 0008.e3ff.fc0a)
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 20
Virtual Switching System ArchitectureMultichassis EtherChannel (MEC)
Prior to Virtual Switching System, Etherchannels were restricted to reside
within the same physical switch. In a Virtual Switching environment, the 2
physical switches form a single logical network entity - therefore
Etherchannels can now also be extended across the 2 physical chassis…
Regular Etherchannel on single
chassis
Multichassis EtherChannel across 2
VSS-enabled chassis
VSS
Both LACP and PAGP Etherchannel
protocols and Manual ON modes are
supported…
Standalone
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 21
Virtual Switching System ArchitectureEtherChannel Hash for MEC
Deciding on which link of a Multi-chassis Etherchannel to use in a
Virtual Switch is skewed in favor towards local links in the bundle -
this is done to avoid overloading the Virtual Switch Link (VSL) with
unnecessary traffic loads…
Link 1 Link 2
Blue Traffic destined
for the Server will
result in Link 1 in the
MEC link bundle being
chosen as the
destination path…
Orange Traffic
destined for the Server
will result in Link 2 in
the MEC link bundle
being chosen as the
destination path…
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 22© 2006 Cisco Systems, Inc. All rights reserved. Cisco ConfidentialPresentation_ID
EtherChannel ConceptsEtherChannel Hash
vss#show etherchannel load-balance hash-result interface port-
channel 120 switch 1 ip 192.168.220.10 192.168.10.10
Computed RBH: 0x4
Would select Gi1/2/1 of Po120
A command can be invoked to assist in determining which link in the bundle
will be used - it can use various hash inputs to yield an 8-bucket RBH value
that will correspond to one of the port channel members…
Note: specify switch <id> when using hash result command, if not VSS assumes switch <1> while commuting hash results from the hardware.
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 23
Agenda
Introduction
Architecture
Hardware Requirements
High Availability
Summary
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 24
In order to enable the Virtual Switching System feature and
configure the Virtual Switch Links (VSL) between 2 Catalyst 6500
chassis, the new Catalyst 6500 Virtual Switching Supervisor 720 is
required to be used. It is the only Supervisor that will support VSS
as it supports both the new PFC3C/XL forwarding engine…
The PFC3C/XL contains new
hardware to support the
extra LTL indices and
mappings required to
forward traffic across
multiple physical chassis,
lookup enhancements as
well as MAC address table
handling enhancements…
VS-S720-10G-3C/XL
12.2(33)SXH1 or later
VSS RequirementsHardware
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 25
Hardware RequirementsVSL-Capable Interfaces
The VSL requires new port ASICs that exist only on the 10
GigabitEthernet interfaces on the following modules:
These interfaces are based off
the new port ASIC, allowing for
frames across the VSL to be
encapsulated / de-encapsulated
with the VSH…
WS-X6708-10G-3C/XL
VS-S720-10G-3C/XL
WS-X6716-10G-3C/XL *
* Support for VSL from 12.2(33)SXI onwards
Note: These interfaces may also be used as
standard network interfaces
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 26
Hardware RequirementsSupported LAN Modules
Only WS-X67xx-series LAN modules are supported in a VSS
LAN Modules
12.2(33)SXH1
WS-X6708-10G-3C/XL
WS-X6704-10G-3C/XL
WS-X6748-GE-TX
WS-X6716-10G-3C/XL
WS-X6724-SFPWS-X6748-SFP
Support in 12.2(33)SXI
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 27
Service
Modules
12.2(33)SXI
Application Control Engine (ACE)
ACE10/ACE 20-6500-K9
WS-SVC-IDSM2-K9
Intrusion Detection System Services Module (IDSM-2)
WS-SVC-WISM-1-K9
Wireless Services Module (WiSM)
WS-SVC-FWM-1-K9
Firewall Services Module (FWSM)
WS-SVC-NAM-1WS-SVC-NAM-2
Network Analysis Module (NAM 1&2)
Support in 12.2(33)SXH1
Hardware RequirementsSupported Service Modules
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 28
Hardware RequirementsService Modules Integration
4 Standalone Service Modules are supported per VSS chassis.
VSL will carry service module redirected, state sync, and failover traffic.
Service Module Software version
WS-SVC-FWM-1-K9 4.0.4
ACE10/ACE 20-6500-K9 A2(1.2)
WS-SVC-WISM-1-K9 6.0(2)E1
WS-SVC-IDSM2-K9 3.2.171.6
VSL bandwidth must be engineered accordingly
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 29
Switch-1
(VSS Active)Switch-2
(VSS Standby)
Virtual Switch Domain
Data Plane Active
Control Plane Active
Service Module1 Active
Service Module2 Standby
Data Plane Active
Control Plane Hot Standby
Service Module1 Standby
Service Module2 Active
VSL
Failover/State sync Vlan
FWSM & ACE Module HA Modes: Active-Standby per module, One of the service modules in a VSS system will be Active and another one will be standby.
Hardware RequirementsService Modules Integration
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 30
Switch-1
(VSS Active)Switch-2
(VSS Standby)
Virtual Switch Domain
Data Plane Active
Control Plane Active
Service module
Service module active
Data Plane Active
Control Plane Hot Standby
Service module
Service module active
VSL
Failover/State sync Vlan
Context A Context B
Context C
Context A Context B
Context C
Context 1 Context 2
Context 3
Context 1 Context 2
Context 3
FWSM & ACE Module HA Modes: Active-Active per context , both Service Modules are active and act as a back up for each other per context
Hardware RequirementsService Modules Integration
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 31
Packet Flow: Based upon the neighbor device’s ether-channel load-
balancing configuration, it is expected to have traffic
transmitted across all interfaces of MEC
Switch1(VSS Active)
Switch2(VSS Standby)
VSL
Service Module Active Service Module Standby
Virtual Switch Domain
Data Plane Active
Supervisor Active
Data Plane Active
Supervisor Hot Standby
Hardware RequirementsService Modules Integration
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 32
Packet Flow: ingress traffic will be redirected to the Active Service module of a context Therefore it is expected to have services traffic traversing VSL link.
VSL
Service Module Active Service Module Standby
Virtual Switch Domain
Data Plane Active
Supervisor Active
Data Plane Active
Supervisor Hot Standby
Recommendation: Size the VSL link based on expected
services bandwidth requirement.
Switch1(VSS Active)
Switch2(VSS Standby)
Hardware RequirementsService Modules Integration
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 33
Virtual Switch Domain
Data Plane Active
Control Plane Active
FWSM Service module
Data Plane Active
Control Plane Hot Standby
FWSM Service module
VSL
1-2Gbps
Recommendation: Service module stateful failover traffic should be considered for VSL capacity planning
FWSM Fail
FWSM State
Switch2(VSS Standby)
Switch1(VSS Active)
Hardware RequirementsService Modules Integration
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 34
Supported with 12.2(33)SXI1 (CCO 03/31/09)
Please refer to the SXI1 product bulletin for more informationhttp://www.cisco.com/en/US/products/ps9336/prod_bulletins_list.html
Before
12.2(33)SXI1
VSS 1440 Mode Not Supported
IOS IP Base(available with bundles only)
After
12.2(33)SXI1
IOS IP Services
and Above
VSS 1440 Mode Supported
VSS 1440 Mode
Supported
VSS 1440 Mode
Supported
New
Software RequirementsVSS Packaging
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 35
Agenda
Introduction
Architecture
Hardware Requirements
High Availability
Summary
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 36
High AvailabilityRedundancy Schemes
Default redundancy mechanism between the two VSS chassis
and their associated supervisors is NSF/SSO
VSL
If a mismatch of information occur between the Active & Standby, the Standby will revert to RPR mode
Starting 12.2(33)SXI, minor mis-match in software will be still keep the switch in SSO mode
Switch1
12.2(33)SXH1
Switch2
12.2(33)SXH1
Switch1
12.2(33)SXH1
Switch2
12.2(33)SXH2
Switch1
12.2(33)SXISwitch2
12.2(33)SXI1
Active Standby
Active
Active
Standby
Standby
VSL
VSL
RPR
NSF/SSO
NSF/SSO
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 37
VSL
Switch1
12.2(33)SXH1
Active
Switch2
12.2(33)SXH1
Hot Standby
NSF feature with SSO minimizes the amount of traffic loss following supervisor switchover while continuing to forward traffic using hardware entries. In VSS
environment this feature is required to minimize traffic disruption in the event such as supervisor failure that causes supervisor switchover.
VSS#config t
VSS(config)#router ospf 1
VSS(config-router)#nsf
VSS#show ip ospf
Routing Process "ospf 10" with ID 192.168.2.1
Start time: 00:15:29.344, Time elapsed: 23:12:03.484
Supports only single TOS(TOS0) routes
External flood list length 0
Non-Stop Forwarding enabledIETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
NSF is supported by the BGP, EIGRP, OSPF & IS-IS
NSF/SSO
High AvailabilityNSF/SSO
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 38
Virtual Switch Hot Standby
Virtual Switch Active
Virtual Switching System
Virtual Switch Active
Switch Is down
Virtual Switch Active incurs a supervisor outage
1
2Standby Supervisor takes over as
Virtual switch Active
Virtual Switch Standby initiates graceful restart
Non Stop forwarding of packets will continue using hardware entries as Switch-2 assumes active role
NSF aware neighbors exchange updates with Virtual Switch Active
Switch1 Switch2
Switch2Switch1
Virtual Switching System
Virtual Switching SystemInter Chassis NSF/SSO
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 39
SiSi SiSi SiSi SiSi
High AvailabilityFailure of MEC member
Operational State Failure of Link A
A
Flow A Flow B
Convergence is determined by neighbor device
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 40
SiSi SiSi SiSi SiSi
Failure of Link B Failure of Link C & D
B
C
High AvailabilityFailure of MEC member
D
Convergence is determined by neighbor device
Convergence is determined by VSS device
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 41
High AvailabilityDual-Active Detection
In a Virtual Switching System Domain, one
switch is elected as Active and the other is
elected as Standby during boot up by VSLP.
Since the VSL is always configured as a Port
Channel, the possibility of the entire VSL
bundle going down is remote,
however it is a possibility…
It is always recommended to deploy the VSL with 2 or more links and distribute those
interfaces across multiple modules to ensure the greatest redundancy
Active Hot Standby
Switch1 Switch2
VSL
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 42
Active
Switch1 Switch2
VSL
High AvailabilityDual-Active Detection
If the entire VSL bundle should happen to go down, the Virtual Switching
System Domain will enter a Dual Active scenario where both switches
transition to Active state and share the same network configuration (IP
addresses, MAC address, Router IDs, etc…) potentially causing
communication problems through the network…
3 Step Process
Dual-Active detection using the detection method enabled in the system.
1
Dual-Active recovery, when VSL recovers , the switch that has all it’s interfaces brought down in the previous step will reload to boot in a preferred standby state
Further network disruption is avoided by disabling previous VSS active switch interfaces
connected to neighboring devices .2
3 Active
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 43
Enhanced PAgP
Hot StandbyActive
Switch 1 Switch 2
IP-BFD
Switch 1
VSLP VSLP BFD BFD
Switch 2
Hot StandbyActive
Switch 1 Switch 2
Hot StandbyActive
VSLP Fast Hello
NEW12.2(33)SXI
Requires ePagP capable
neighbor : 3750: 12.2(46)SE
4500: 12.2(44)SE
6500: 12.2(33)SXH1
Direct L2 Connection
Requires 12.2(33)SXI
Direct L3 Connection
Requires 12.2(33)SXH1
Sub-second convergence Sub-second convergence Seconds of convergence*
High AvailabilityDual-Active Protocols
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 44
High AvailabilityDual-Active: Detection and Recovery
Upon the restoration of one or more VSL interfaces, VSLP will detect this and will proceed to reload Switch 1 so that it will be
able to bootup in preferred Hot Standby role after bootup…
After role has been resolved and SSO Hot Standby mode is possible, interfaces will be brought up
and traffic will resume back to 100% capacity…
Dual Active Detection
Switch 1 Switch 2
Switch-1 will reload and boot up in Hot
standby role
Hot Standby
VSL
ActiveActive
Switch 1 Switch 2
VSL
Active
Dual Active Recovery
Switch-1 will shutdown all active
interfaces *
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 45
%DUAL_ACTIVE-SW1_SP-1-DETECTION: Dual-active condition detected:
all non-VSL and non-excluded interfaces have been shut down
VSS#show switch virtual dual-active summary
Pagp dual-active detection enabled: Yes
Bfd dual-active detection enabled: Yes
No interfaces excluded from shutdown in recovery
mode
In dual-active recovery mode: Yes
Triggered by: Pagp detection
Triggered on interface: Gi1/2/3
Switch 1 Switch 2
VSL
Dual-Active
Active Active
High AvailabilityDual-Active Recovery: Verification
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 46
High AvailabilityDual-Active Detection – Exclude Interfaces
Upon detection of a Dual Active scenario, all interfaces on the
previous-Active switch will be brought down so as not to disrupt
the functioning of the remainder of the network. The exception
interfaces include VSL members as well as pre-determined interfaces
which may be used for management purposes…
vs-vsl#conf t
Enter configuration commands, one per line. End with CNTL/Z.
vs-vsl(config)#switch virtual domain 100
vs-vsl(config-vs-domain)#dual-active exclude interface Gig 1/5/1
vs-vsl(config-vs-domain)#dual-active exclude interface Gig 2/5/1
vs-vsl(config-vs-domain)# ^Z
vs-vsl#
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 47
Agenda
Introduction
Architecture
Hardware Requirements
High Availability
Summary
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 48
Benefit 1: Enables Virtualization
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 49
Benefit 2: Empowers Collaboration
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 50
Benefit 3: Improves Operations
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 51
Recommended Literature
www.cisco.com/go/vss
VSS Troubleshooting
Migration from Standalone to VSS
RMA Procedure
VSS FAQ
VSS White Paper
What’s New BulletinService Module Integration
VSS Design Guides
Best Practices
www.cisco.com/go/support
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 52
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicPresentation_ID 53
Data Center Interconnect (DCI) via VSS
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 54
Point-to-Point Dark Fiber Transport
• 6500 VSS with Integrated DWDM optics
Leverage VSS/MEC for:
Loop Prevention
VLAN Load Balancing
Redundancy
Scalability
Site A Site B
DC Interconnect
WAN
Dark Fiber
DC Interconnect LAN ExtensionVSS Dark Fiber – 2 DC’s
BRKRST-2033 Deploying a Virtualized Campus Network Infrastructure
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 55
Site A
Site D
Site B
Site C* DWDM X2 availability 12.2(33)SXI
DC Interconnect LAN ExtensionVSS Over Dark Fiber – Multiple DC’s
Assumes dark fiber between sites
Distance limitations are given by DWDM
Number of sites can be 2 or more
Add 2 switches in main data centers
Switches use separate lambda to interconnect
These switches will form a VSS
VSL is 10Gbps
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 56
A B
Site A
Site D
Site B
Site C
DC Interconnect LAN Extension
From a layer 2 perspective this is a star topology
Etherchannel is used to provide load balancing
Use 8 Lambda
© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicBRKRST-3468 57
L2
L2
MPLS
• MPLS feature parity between VSS and standalone systems
• Leverage MPLS LDP, IGP and MP-BGP graceful-restart to offer
sub-second network recovery during VSS member failure
• MPLS deployment with VSS brings advantages both for L2
VPNs and L3 VPNs deployment scenarios:
L3 VPNs – MPLS VPN
• Operational simplification
• 50% reduction in number of PE devices (VRF definition, MP-iBGP configuration, …)
• No additional configuration required to provide load-balancing for VPN traffic
L2 VPNs – EoMPLS (P2P). VPLS (multpoint)
• Operational simplification
• Simpler PW redundancy solution with doubled forwarding capacity
* MPLS with VSS is only supported in 12.2(33)SXI2
PE
P
PE
L3L2
L2
DC Interconnect LAN ExtensionVSS with MPLS