6500 part 7
DESCRIPTION
VSSTRANSCRIPT
PowerPoint Presentation
INTRODUCTION
VSS INTRODUCTIONAgenda TopicsAgenda TopicsVSS IntroductionArchitectureHardware and Software RequirementsMigration to VSSHigh AvailabilityQuad-Sup Uplink ForwardingSoftware UpgradesService Module IntegrationDeployment Considerations & Best PracticesSummaryAPPENDIXDeploying VSS with Server VirtualizationQuality of ServiceOperational Management
VSS Hardware RequirementsVSL Capable InterfacesModuleDescriptionVSL-Ports(capable)StatusVS-S720-10G-3C/XLSupervisor 2ShippingWS-X6708-10G-3C/XL10 GE Linecard8ShippingWS-X6716-10G-3C/XL 10 GE Linecard4 (Performance mode)Shipping16-port 10GBASE-T10 GE Copper Linecard162Q CY 2010 (target)Supervisor 2TSupervisor21H CY 2011 (target)NEW 8-port 10GE Linecard10 GE Linecard8 1HCY 2011 (target)NEW 4-port 40GE/16-port 10GEDual Speed 40/10 GE4 or 16 (all ports)2H CY 2011(target)
Current Network ChallengesEnterprise CampusTraditional Enterprise Campus deployments have been designed in such a way that allows for scalability, differentiated services and high availability. However they also face many challenges, some of which are listed in the below diagram AccessL2/L3 DistributionL3 CoreFHRP, STP, Asymmetric routing,Policy ManagementExtensive routing topology, Routing reconvergenceSingle active uplink per VLAN (PVST), L2 reconvergence
Current Network ChallengesData CenterTraditional Data Center designs are increasingly requiring Layer 2 adjacencies between Server nodes due to the use of Server Virtualization technology. However, these designs are pushing the limits of Layer 2 networks, placing more burden on loop-detection protocols such as Spanning Tree L2/L3 CoreL2 DistributionL2 AccessDual-Homed Servers to single switch, Single active uplink per VLAN (PVST), L2 reconvergenceSingle active uplink per VLAN (PVST), L2 reconvergence, excessive BPDUsFHRP, HSRP, VRRPSpanning TreePolicy Management
VSS (Physical View)
Access Switch orToR or BladesServer ServerServer10GE10GEAccess Switch orToR or BladesAccess Switch orToR or Blades802.3adToday (Today)VSS (Logical View)802.3adorPagP802.3adorPagP802.3adSimplifies operational Manageability via Single point of Management, Elimination of STP, FHRP etcDoubles bandwidth utilization with Active-Active Multi-Chassis Etherchannel (802.3ad/PagP) Reduce LatencyMinimizes traffic disruption from switch or uplink failure with Deterministic subsecond Stateful and Graceful Recovery (SSO/NSF)Catalyst 6500 Virtual Switching SystemOverview
Virtual Switching System Enterprise CampusA Virtual Switching System-enabled Enterprise Campus network takes on multiple benefits including simplified management & administration, facilitating greater high availability, while maintaining a flexible and scalable architecture
AccessL2/L3 DistributionL3 CoreNo FHRPsNo Looped topologyPolicy ManagementReduced routing neighbors, Minimal L3 reconvergenceMultiple active uplinks per VLAN, No STP convergence
Virtual Switching System Data CenterA Virtual Switching System-enabled Data Center allows for maximum scalability so bandwidth can be added when required, but still providing a larger Layer 2 hierarchical architecture free of reliance on Spanning Tree
L2/L3 CoreL2 DistributionL2 AccessDual-Homed Servers, Single active uplink per VLAN (PVST), Fast L2 convergenceDual Active Uplinks, Fast L2 convergence, minimized L2 Control Plane, ScalableSingle router node, Fast L2 convergence, Scalable architecture
ARCHITECTURE
VSS ARCHITECTUREAgenda TopicsVSS ArchitectureConcepts
Virtual Switch DomainVirtual Switch LinkSpecial 10GE link bundle joining two Catalyst 6500s allowingthem to operate as a single logical deviceActive Control PlaneActive Data PlaneHot Standby Control PlaneActive Data PlaneVirtual Switch PrimaryVirtual Switch SecondaryCatalyst 6500 that operates as the Hot Standby Control Plane for the VSSDefines two Catalyst 6500s that are participatingtogether as a Virtual Switching SystemCatalyst 6500 that operates as the Active Control Plane for the VSSVSS ArchitectureVirtual Switch Link (VSL)The Virtual Switch Link joins the two physical switch together - it provides the mechanism to keep both the chassis in sync A Virtual Switch Link bundle can consist of upto 8 x 10GE links
All traffic traversing the VSL link is encapsulated with a 32 byte Virtual Switch Header containing ingress and egress switchport indexes, class of service (COS), VLAN number, other important information from the layer 2 and layer 3 header
Control plane uses the VSL for CPU to CPU communications while the data plane uses the VSL to extend the internal chassis fabric to the remote chassis Virtual Switch ActiveVirtual Switch StandbyVirtual Switch LinkVS HeaderL2 HdrL3 HdrData CRC
VSS ArchitectureVSLP PingA new ping mechanism has been implemented in VSS mode to allow the user to objectively verify the health of the VSL itself. This is implemented as a VSLP PingVSLSwitch1Switch2VSLP Pingvss#ping vslp output interface tenGigabitEthernet 1/5/4
Type escape sequence to abort.Sending 5, 100-byte VSLP ping to peer-sup via output port 1/5/4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 msThe VSLP Ping operates on a per-physical interface basis and parameters such as COUNT, DESTINATION, SIZE, TIMEOUT may also be specified
VSLP PingVSLP PingVSLP PingVSS ArchitectureVSL Configuration Consistency CheckAfter the roles have been resolved through RRP, a Configuration Consistency Check is performed across the VSL switches to ensure proper VSL operation. The following items are checked for consistency:Switch Virtual Domain IDSwitch Virtual Switch IDSwitch PrioritySwitch PreemptVSL Port Channel Link IDVSL Port state, interfacesPower Redundancy modePower Enable on VSL cardsNote that if configurations do not match, the Hot-Standby Supervisor will revert to RPR mode, disabling all non-VSL interfacesVirtual Switch
VSS ArchitectureUnified Control PlaneOne supervisor in each chassis with inter-chassis Stateful Switchover (SSO) method in with one supervisor is ACTIVE and other in HOT_STANDBY mode Active/Standby supervisors run in synchronized mode (boot-env, running-configuration, protocol state, and line cards status gets synchronized)Active supervisor manages the control plane functions such as protocols (routing, EtherChannel, SNMP, telnet, etc.) and hardware control (Online Insertion Removal, port management)Active SupervisorSFRPPFCCFC or DFC Line CardsCFC or DFC Line CardsCFC or DFC Line CardsCFC or DFC Line CardsCFC or DFC Line CardsStandby HOT SupervisorSFRPPFCVSLCFC or DFC Line CardsCFC or DFC Line CardsCFC or DFC Line CardsCFC or DFC Line CardsCFC or DFC Line CardsCFC or DFC Line CardsCFC or DFC Line CardsSSO SynchronizationVSS ArchitectureDual Active Forwarding PlanesBoth forwarding planes are activeStandby supervisor and all linecards including DFCs are actively forwarding
VSS# show switch virtual redundancy My Switch Id = 1 Peer Switch Id = 2
Switch 1 Slot 5 Processor Information :----------------------------------------------- Current Software state = ACTIVE
Fabric State = ACTIVE Control Plane State = ACTIVE
Switch 2 Slot 5 Processor Information :----------------------------------------------- Current Software state = STANDBY HOT (switchover target) Fabric State = ACTIVE Control Plane State = STANDBYData PlaneActiveData Plane Active
Switch1Switch2VSS ArchitectureVirtual Switch DomainA Virtual Switch Domain ID is allocated during the conversion process and represents the logical grouping the 2 physical chassis within a VSS. It is possible to have multiple VS Domains throughout the networkUse a UNIQUE VSS Domain-ID for each VSS Domain throughout the network.Various protocols use Domain-IDs to uniquely identify each pair.VSS Domain 10
VSS Domain 30
VSS Domain 20
VSS ArchitectureRouter MAC Address AssignmentIn a Virtual Switching System, there is only one router MAC address to represent both physical chassis as a single logical device.Router MAC = burnt-in or virtual mac-addressBy default, the MAC address allocated to the Virtual Switching System is taken from the first Active Switch burnt-in MAC-address, which is negotiated at system initialization. Regardless of either switch being brought down or up in the future, the same MAC address will be retained such that neighboring network nodes and hosts do not need to re-learn a new address.
Recommendation is to use the virtual mac-address option. This eliminates the possibility of a duplicate MAC address in case the original Supervisor is ever reused within the same network.VSS ArchitectureVirtual Router MAC Address AssignmentInstead of using default chassis mac-address assignment, from 12.2(33)SXH2 onwards virtual mac-address can be specified as shown belowVSS(config-vs-domain)#switch virtual domain 10VSS(config-vs-domain)#mac-address use-virtual Configured Router mac address is different from operational value. Change will take effect after config is saved and the entire Virtual Switching System (Active and Standby) is reloaded.The use-Virtual MAC address is assigned from a reserved pool of MAC addresses appended with the VSS domain id. The reserved pool is 0008.e3ff.fc00 to 0008.e3ff.ffff. VSS#show interface vlan 1Vlan1 is up, line protocol is up Hardware is EtherSVI, address is 0008.e3ff.fc0a (bia 0008.e3ff.fc0a)VSS ArchitectureMultichassis EtherChannel (MEC)Prior to the Virtual Switching System, EtherChannels were restricted to reside within the same physical switch. In a Virtual Switching environment, the two physical switches form a single logical network entity - therefore EtherChannels can now be extended across the two physical chassisRegular Etherchannel on single chassisMultichassis EtherChannel across 2 VSS-enabled chassisVSSBoth LACP and PAGP Etherchannel protocols and Manual ON modes are supported
Standalone
Etherchannel ConceptsEtherchannel Hash DistributionThe default hashing algorithm will redistribute all the Result Bit Hash values across the available ports when there is a change. This affects all traffic traversing the EtherchannelRBH (for MEC)2 Link Bundle ExampleLink 1Link 2Flow 1Flow 2Flow 3Flow 4Flow 5Flow 6Flow 7Flow 8RBH (for MEC)3 Link Bundle ExampleFlow 1Flow 2Flow 4Flow 5Flow 7Flow 8Flow 3Flow 6Link 1Link 2Link 3
Links 1,2Links 3,4
Links 1,2,3Links 4,5,6RBH (for MEC)2 Link Bundle ExampleEtherchannel ConceptsEtherchannel Hash Distribution AdaptiveAdaptive Hash Distribution Enhancement allows for the addition or removal of links in a bundle without affecting all of the traffic in an Etherchannel. Note in the below example, only Flow 7 and 8 are affected by the addition of an extra link to the ChannelRBH (for MEC)3 Link Bundle ExampleFlow 1Flow 2Flow 3Flow 4Flow 5Flow 6Flow 7Flow 8Link 1Link 2Flow 1Flow 2Flow 3Flow 4Flow 5Flow 6Flow 7Flow 8Link 1Link 2Link 3vss#conf tEnter configuration commands, one per line. End with CNTL/Z.vss(config)#port-channel hash-distribution adaptivevss(config)# ^Zvss#Available in 12.2(33)SXHVSS ArchitectureMEC Load-Balance SchemesVSS(config)#port-channel load-balance ? dst-ip Dst IP Addr dst-mac Dst Mac Addr dst-mixed-ip-port Dst IP Addr and TCP/UDP Port dst-port Dst TCP/UDP Port mpls Load Balancing for MPLS packets src-dst-ip Src XOR Dst IP Addr src-dst-mac Src XOR Dst Mac Addr src-dst-mixed-ip-port Src XOR Dst IP Addr and TCP/UDP Port src-dst-port Src XOR Dst TCP/UDP Port src-ip Src IP Addr src-mac Src Mac Addr src-mixed-ip-port Src IP Addr and TCP/UDP Port src-port Src TCP/UDP Port
2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_IDVSS ArchitectureEtherChannel Hashvss#show etherchannel load-balance hash-result interface port-channel 120 switch 1 ip 192.168.220.10 192.168.10.10 Computed RBH: 0x4Would select Gi1/2/1 of Po120A command can be invoked to assist in determining which link in the bundle will be used - it can use various hash inputs to yield an 8-bucket RBH value that will correspond to one of the port channel members
Note: specify switch when using hash result command, if not VSS assumes switch while commuting hash results from the hardware. HARDWARE AND SOFTWARE
HARDWARE AND SOFTWARE REQUIREMENTSAgenda TopicsVSS Hardware RequirementsSupervisor ModulesVSS capable SupervisorsSup720-10GESup2T (1H CY2011)New forwarding engine ASICsInterface indices and mappings allowing traffic forwarding across two chassisMAC address learning across two chassisVSL-capable 10GE uplinksVSS is not supported on Sup720 or legacy Supervisor modules
VS-S720-10G-3C/XL
Supervisor 2T1H CY2011VSS Hardware RequirementsVSS Supported Ethernet ModulesVSS does not support Ethernet WAN interfaces provided on the SPA Carrier ModulesModuleDescripitonStatus WS-X6704-10G-3C/XL10GE LinecardShippingWS-X6708-10G-3C/XL10GE LinecardShippingWS-X6716-10G-3C/XL 10GE LinecardShippingWS-X6724-SFP1000BASE-X LinecardShippingWS-X6748-SFP1000BASE-X LinecardShippingWS-X6748-GE-TX10/100/1000 BASE-TX LinecardShipping16-port 10GBASE-T10 GE Copper Linecard2Q CY 2010 (target)NEW 8-port 10GE Linecard10 GE Linecard1H CY 2011 (target)NEW 4-port 40GE/16-port 10GEDual Speed 40/10 GE2H CY 2011 (target)VSS Hardware RequirementsService Module SupportModuleDescriptionVSS Minimum SoftwareService Module Minimum SoftwareACE10/ACE 20-6500-K9Application Control Engine (ACE)12.2(33)SXIA2(1.2)WS-SVC-FWSM-1-K9Firewall Services Module (FWSM)12.2(33)SXI4.0(4)WS-SVC-IDSM2-K9Intrusion Detection System Services Module (IDSM-2)12.2(33)SXI6.0(2)E1WS-SVC-NAM-1WS-SVC-NAM-2Network Analysis Module (NAM1)Network Analysis Module (NAM2)12.2(33)SXH13.6(1a)WS-SVC-WISM-1-K9Wireless Services Module (WiSM)12.2(33)SXI3.2.171.6
WS-SVC-FWM-1-K9Firewall Services Module (FWSM)
Application Control Engine (ACE)ACE10/ACE 20-6500-K9
WS-SVC-NAM-1 WS-SVC-NAM-2Network Analysis Module (NAM 1&2)
WS-SVC-WISM-1-K9Wireless Services Module (WiSM)
WS-SVC-IDSM2-K9Intrusion Detection System Services Module (IDSM-2)VSS Hardware RequirementsPFC and DFC ModulesLinecard TypeSup720-10GNon-VSS Mode System wide PFC ModeSup720-10G VSS ModeSystem wide PFC ModeSup2T Non-VSS ModeSystem Wide PFC ModeSup2TVSS ModeSystem Wide PFC ModeDFC4Not SupportedNot SuppprtedPFC4PFC4DFC3CPFC3CPFC3CNot SupportedNot SupportedDFC3BPFC3B*Not SupportedNot SupportedNot SupportedDFC3APFC3A*Not SupportedNot SupportedNot SupportedDFC2Not SupportedNot SupportedNot SupportedNot SupportedCFCPFC3CPFC3CSupportedNot SupportedClassicPFC3CNot supportedNot SupportedNot Supported* Non-VSS mode, inserting DFC3A or DFC3B will be powered down until a reload, Up on reload systems runs in lowest common denominator DFC mode.Supported with 12.2(33)SXI1 (CCO 03/31/09) Please refer to the SXI1 product bulletin for more informationhttp://www.cisco.com/en/US/products/ps9336/prod_bulletins_list.html Before12.2(33)SXI1VSS 1440 Mode Not SupportedIOS IP Base(available with bundles only)After12.2(33)SXI1IOS IP Servicesand AboveVSS 1440 Mode SupportedVSS 1440 ModeSupportedVSS 1440 ModeSupportedNewSoftware RequirementsVSS Packaging