Cisco Catalyst Virtual Switching System

Transcription

1

2 Cisco Catalyst Virtual Switching System Roland Salinas Technical Marketing Engineer

3 Key Objectives Understand the key benefits of a VSS network design Understand the VSS architecture and how a VSS behaves differently than a standalone system Understand VSS deployment best practices 3

4 Housekeeping We value your feedback- don't forget to complete your online session evaluations after each session & complete the Overall Conference Evaluation which will be available online Visit the World of Solutions Please remember this is a 'non-smoking' venue! Please switch off your mobile phones Please make use of the recycling bins provided Please remember to wear your badge at all times 4

5 Presentation Legend Key Points Reference Material Standalone Multilayer Switch Virtual Switching System Layer 2 Link Layer 3 Link 5

6 Agenda Why VSS? VSS Architecture VSS Conversion Process VSS Architecture (Reference Only) VSS Hardware and Software Requirements (Reference Only) VSS High Availability Dual Active Scenarios VSS Redundant Supervisors VSL Bandwidth Considerations VSS Distribution/Aggregation Design Options VSS Core Design Options Software Upgrades Summary and Best Practice Recommendations 6

7 Why VSS?

8 Current Network Challenges Traditional Enterprise Campus Multi-layer Design L3 Core Extensive routing topology, Routing reconvergence L2/L3 Distribution FHRP, STP, Asymmetric routing, Policy Management Access Single active uplink per VLAN (PVST), L2 reconvergence 8

9 Current Network Challenges Traditional Data Center Multi-layer Design FHRP, HSRP, VRRP Spanning Tree Policy Management Single active uplink per VLAN (PVST), L2 reconvergence, excessive BPDUs Dual-Homed Servers to single switch, Single active uplink per VLAN (PVST), L2 reconvergence L2/L3 Core L2/L3 Distribution L2 Access 9

10 Virtual Switching System Traditional Design VSS Design 10

11 Virtual Switching System VSS Enterprise Campus Reduced routing neighbors, Minimal L3 reconvergence No FHRPs No Looped topology Policy Management Multiple active uplinks per VLAN, No STP convergence 11

12 VSS Simplifies the Configuration (Distribution Example) Standalone Switch 1 (Coordinated Configuration) Si Standalone Switch 2 (Coordinated Configuration) Si VSS (One simplified configuration) Spanning Tree Configuration! Enable 802.1d per VLAN spanning tree enhancements. spanning-tree mode pvst spanning-tree loopguard default no spanning-tree optimize bpdu transmission spanning-tree extend system-id spanning-tree uplinkfast spanning-tree backbonefast spanning-tree vlan 2,4,6,8,10 priority 24576!! Enable 802.1d per VLAN spanning tree enhancements. spanning-tree mode pvst spanning-tree loopguard default no spanning-tree optimize bpdu transmission spanning-tree extend system-id spanning-tree uplinkfast spanning-tree backbonefast spanning-tree vlan 3,5,7,9,11 priority 24576!! Enable 802.1d per VLAN spanning tree enhancements spanning-tree mode rapid-pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id spanning-tree vlan 2-11 priority L3 SVI Configuration (sample for 1 VLAN)! Define the Layer 3 SVI for each voice and data VLAN interface Vlan4 description Data VLAN ip address no ip redirects no ip unreachables! Reduce PIM query interval to 250 msec ip pim query-interval 250 msec ip pim sparse-mode load-interval 30! Define HSRP default gateway with 250/800 msec hello/hold standby 1 ip standby 1 timers msec 250 msec 800! Set preempt delay large enough to allow network to stabilize before HSRP! switches back on power on or link recovery standby 1 preempt delay minimum 180! Enable HSRP authentication standby 1 authentication cisco123! Define the Layer 3 SVI for each voice and data VLAN interface Vlan4 description Data VLAN ip address no ip redirects no ip unreachables! Reduce PIM query interval to 250 msec ip pim query-interval 250 msec ip pim sparse-mode load-interval 30! Define HSRP default gateway with 250/800 msec hello/hold standby 1 ip standby 1 timers msec 250 msec 800! Set preempt delay large enough to allow network to stabilize before HSRP! switches back on power on or link recovery standby 1 preempt delay minimum 180! Enable HSRP authentication standby 1 authentication cisco123! Define the Layer 3 SVI for each voice and data VLAN interface Vlan4 description Data VLAN ip address no ip redirects no ip unreachables ip pim sparse-mode load-interval 30 12

13 VSS Simplifies the Configuration (Distribution Example) Standalone Switch 1 (Coordinated Configuration) Si Standalone Switch 2 (Coordinated Configuration) Si VSS (One simplified configuration) Spanning Tree Configuration! Enable 802.1d per VLAN spanning tree enhancements. spanning-tree mode pvst spanning-tree loopguard default no spanning-tree optimize bpdu transmission spanning-tree extend system-id spanning-tree uplinkfast spanning-tree backbonefast spanning-tree vlan 2,4,6,8,10 priority 24576!! Enable 802.1d per VLAN spanning tree enhancements. spanning-tree mode pvst spanning-tree loopguard default no spanning-tree optimize bpdu transmission spanning-tree extend system-id spanning-tree uplinkfast spanning-tree backbonefast spanning-tree vlan 3,5,7,9,11 priority 24576!! Enable 802.1d per VLAN spanning tree enhancements spanning-tree mode rapid-pvst no spanning-tree optimize bpdu transmission spanning-tree extend system-id spanning-tree vlan 2-11 priority L3 SVI Configuration (sample for 1 VLAN)! Define the Layer 3 SVI for each voice and data VLAN interface Vlan4 description Data VLAN ip address no ip redirects no ip unreachables! Reduce PIM query interval to 250 msec ip pim query-interval 250 msec ip pim sparse-mode load-interval 30! Define HSRP default gateway with 250/800 msec hello/hold standby 1 ip standby 1 timers msec 250 msec 800! Set preempt delay large enough to allow network to stabilize before HSRP! switches back on power on or link recovery standby 1 preempt delay minimum 180! Enable HSRP authentication standby 1 authentication cisco123! Define the Layer 3 SVI for each voice and data VLAN interface Vlan4 description Data VLAN ip address no ip redirects no ip unreachables! Reduce PIM query interval to 250 msec ip pim query-interval 250 msec ip pim sparse-mode load-interval 30! Define HSRP default gateway with 250/800 msec hello/hold standby 1 ip standby 1 timers msec 250 msec 800! Set preempt delay large enough to allow network to stabilize before HSRP! switches back on power on or link recovery standby 1 preempt delay minimum 180! Enable HSRP authentication standby 1 authentication cisco123! Define the Layer 3 SVI for each voice and data VLAN interface Vlan4 description Data VLAN ip address no ip redirects no ip unreachables ip pim sparse-mode load-interval 30 13

14 Virtual Switching System Benefits Summary Traditional 10GE VSS (Physical View) 10GE VSS (Logical View) Si Si Si Si 802.3ad or PAgP 802.3ad 802.3ad or PAgP 802.3ad Simplifies operational Manageability via Single point of Management, Non-loop design, minimize reliance on STP, eliminate FHRP etc Scales system capacity with Active-Active Multi-Chassis Etherchannel (802.3ad/PAgP), no blocking links due to Spanning Tree Minimizes traffic disruption from switch or uplink failure with Deterministic subsecond Stateful and Access Switch or ToR or Blades Serv er Access Switch or ToR or Blades 14 Graceful Recovery (SSO/NSF) Serv er Access Switch or ToR or Blades Server

15 VSS Conversion Process

16 Conversion from Standalone to VSS Overview One-time Conversion Process Needed Si Si Si Si Start with two standalone systems Apply one-time VSS related conversion commands and reload Both systems are now a single VSS 16

17 VSS Conversion Process Example For the purposes of this explanation - let s assume the following setup is required Switch1 Switch2 T5/4 T5/5 Virtual Switch Link T5/4 T5/5 Port-Channel 1 Port-Channel 2 Switch Virtual Domain #100 17

18 Conversion to VSS One-time CLI Router(config)#host VSS VSS(config)#switch virtual domain 100 Switch1 Domain ID 10 config will take effect only after the exec command 'switch convert mode virtual' is issued 1 Router(config)#host VSS VSS(config)#switch virtual domain 100 Switch2 Domain ID 10 config will take effect only after the exec command 'switch convert mode virtual' is issued VSS(config-vs-domain)#switch 1 VSS(config-vs-domain)#exit VSS(config)#interface port-channel 1 VSS(config-if)#switch virtual link VSS(config-vs-domain)#switch 2 VSS(config-vs-domain)#exit VSS(config)#interface port-channel 2 VSS(config-if)#switch virtual link 2 VSS(config-if)#interface range teng 5/4-5 VSS(config-if-range)#channel-group 1 mode on VSS(config-if-range)#int port-channel 1 VSS(config-if)#no shutdown VSS(config-if)#end 4 VSS(config-if)#interface range teng 5/4-5 VSS(config-if-range)#channel-group 2 mode on VSS(config-if-range)#int port-channel 2 VSS(config-if)#no shutdown VSS(config-if)#end 18

19 Conversion to VSS Con t One-time CLI Switch1 Switch2 vss#switch convert mode virtual 5 vss#switch convert mode virtual This command will convert all interface names to naming convention "interface-type switchnumber/slot/port", save the running config to startup-config and reload the switch. Do you want to proceed? [yes/no]: yes Converting interface names Building configuration... [OK] Saving converted configuration to bootflash:... Destination filename [startupconfig.converted_vs ]? AT THIS POINT THE SWITCH WILL REBOOT This command will convert all interface names to naming convention "interface-type switchnumber/slot/port", save the running config to startup-config and reload the switch. Do you want to proceed? [yes/no]: yes Converting interface names Building configuration... [OK] Saving converted configuration to bootflash:... Destination filename [startupconfig.converted_vs ]? AT THIS POINT THE SWITCH WILL REBOOT 19

20 Conversion to VSS Con t One-Time CLI SWITCH CONSOLE OUTPUT Switch1 SWITCH CONSOLE OUTPUT Switch2 < snip > System detected Virtual Switch configuration... Interface TenGigabitEthernet 1/5/4 is member of PortChannel 1 Interface TenGigabitEthernet 1/5/5 is member of PortChannel 1 < snip > 00:00:26: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch Initializing as Virtual Switch ACTIVE processor < snip > 00:01:19: %VSLP-5-RRP_ROLE_RESOLVED: Role resolved as ACTIVE by VSLP 00:01:19: %VSL-5-VSL_CNTRL_LINK: New VSL Control Link 5/4 < snip > System detected Virtual Switch configuration... Interface TenGigabitEthernet 2/5/4 is member of PortChannel 2 Interface TenGigabitEthernet 2/5/5 is member of PortChannel 2 < snip > 00:00:26: %PFREDUN-6-ACTIVE: Initializing as ACTIVE processor for this switch Initializing as Virtual Switch STANDBY processor < snip > 00:01:02: %VSLP-5-RRP_ROLE_RESOLVED: Role resolved as STANDBY by VSLP 00:01:02: %VSL-5-VSL_CNTRL_LINK: New VSL Control Link 5/4 20

21 Conversion to VSS Con t Completed Switch1 vss# show switch virtual Switch mode : Virtual Switch Virtual switch domain number : 10 Local switch number : 1 Local switch operational role: Virtual Switch Active Peer switch number : 2 Peer switch operational role : Virtual Switch Standby vss# vss-sdby>enable Standby console disabled vss-sdby> Switch2 Both switches are now converted with Switch1 - VSS Active Switch2 - VSS Hot standby Switch 2 console is now disabled for normal console activity 21

22 VSS Control Plane Active / Standby Model VSL Switch 1 Console (Active) Switch 1 Switch 2 vss# vss# vss# vss# vss#show switch virtual Switch mode : Virtual Switch Virtual switch domain number : 10 Local switch number : 1 Local switch operational role: Virtual Switch Active Peer switch number : 2 Peer switch operational role : Virtual Switch Standby vss# Switch 2 Console (Standby Hot) vss-sdby> enable Standby console disabled vss-sdby> 22

23 VSS Data Plane Active Active VSS# show switch virtual redundancy My Switch Id = 1 Peer Switch Id = 2 <snip> Switch 1 Slot 5 Processor Information : Current Software state = ACTIVE <snip> Fabric State = ACTIVE Control Plane State = ACTIVE Switch 2 Slot 5 Processor Information : Current Software state = STANDBY HOT (switchover target) <snip> Fabric State = ACTIVE Control Plane State = STANDBY 23

24 VSS Architecture

25 VSS Architecture Concepts Active Virtual Switch Domain Control Plane (Cisco IOS Processes) Standby Hot Virtual Switch Link Switch 1 Switch 2 Active Data Plane (Traffic Forwarding) Active 25

26 Virtual Switching System Architecture Virtual Switch Link (VSL) Virtual Switch Link Control Link Switch 1 Data Links Switch 2 Port Channel 1 interface Port-channel1 no switchport no ip address switch virtual link 1 mls qos trust cos no mls qos channel-consistency! interface Port-channel2 no switchport no ip address switch virtual link 2 mls qos trust cos no mls qos channel-consistency Port Channel 2 26

27 Virtual Switch Link VSL Header Virtual Switch Link Control Link Data Links Switch 1 Port Channel 1 Port Channel 2 Switch 2 VS Header L2 Hdr L3 Hdr Data CRC All traffic traversing the VSL link is encapsulated with a 32 byte Virtual Switch Header containing ingress and egress switchport indexes, class of service (COS), VLAN number, other important information from the layer 2 and layer 3 header 27

28 Virtual Switch Link Initialization Virtual Switch Link 1 Switch 1 Port Channel 1 Port Channel 2 Pre-parse config file and bring up VSL interfaces Switch Link Management Protocol (LMP) used to track and reject Unidirectional Links, Exchange Chassis ID and other information between the 2 switches Role Resolution Protocol (RRP) used to determine compatible Hardware and Software versions to form the VSL as well as determine which switch becomes Active and Hot Standby from a control plane perspective 28

29 Virtual Switching System Architecture VSL Configuration Consistency Check After the roles have been resolved through Role Resolution Protocol, a Configuration Consistency Check is performed across the VSL switches to ensure proper VSL operation. The following items are checked for consistency: Virtual Switch Switch Virtual Domain ID Switch Virtual Switch ID Switch Priority Switch Preempt VSL Port Channel Link ID VSL Port state, interfaces Power Redundancy mode Power Enable on VSL cards Note that if configurations do not match, the Hot-Standby Supervisor will revert to Route Processor Redundancy mode, disabling all non-vsl interfaces 29

30 Virtual Switching System Architecture System Bootup Sequence 1 IOS Initialization IOS Initialization 2 Pre-Parse Config 2 Pre-Parse Config 3 Bring up VSL Linecards and 3 Bring up VSL Linecards and VSL Ports VSL Ports 4 Run VSLP 4 Run VSLP 5 Run RRP 5 Run RRP 6 Inter-chassis SSO 6 Inter-chassis SSO 7 Run Startup Config 7 Run in SSO mode 1 CFC or DFC Line Cards CFC or DFC Line Cards CFC or DFC Line Cards SF RP PFC Sup720-10GE ACTIVE CFC or DFC Line Cards CFC or DFC Line Cards CFC or DFC Line Cards VSL VSLP RRP 30 CFC or DFC Line Cards CFC or DFC Line Cards CFC or DFC Line Cards SF RP PFC Sup720-10GE Standby Hot CFC or DFC Line Cards CFC or DFC Line Cards CFC or DFC Line Cards

31 Catalyst 6500 Supervisor Uplink for VSL Reduces VSS Boot Time Applicable to both Sup720-10G and Sup2T Allows for the VSL ports to be brought online very early in the boot process 31

32 VSS Output show switch virtual 6500-VSS#show switch virtual? dual-active link redundancy role slot-map Virtual switch dual-active information Virtual switch link information vs pseudo-standby status Virtual switch role information virtual slot map table troubleshooting vs vsl troubleshooting output Troubleshooting provides a single command to gather all VSS related troubleshooting data, simplifies gathering data for TAC 32

33 VSS Output show switch virtual role CiscoLive-A# show switch virtual role RRP information for Instance Valid Flags Peer Preferred Reserved Count Peer Peer TRUE V Switch Switch Status Preempt Priority Role Local Remote Number Oper(Conf) Oper(Conf) SID SID LOCAL 2 UP FALSE(N ) 100(100) ACTIVE 0 0 REMOTE 1 UP FALSE(N ) 100(100) STANDBY Peer 0 represents the local switch Flags : V - Valid In dual-active recovery mode: No CiscoLive-A# 33

34 VSS Output show switch virtual role redundancy CiscoLive-A# show switch virtual role redundancy My Switch Id = 2 Peer Switch Id = 1 Last switchover reason = active unit removed Configured Redundancy Mode = sso Operating Redundancy Mode = sso Switch 2 Slot 8 Processor Information : Current Software state = ACTIVE Uptime in current state = 1 day, 1 hour, 39 minutes Image Version = Cisco IOS Software, s2t54 Software (s2t54-adventerprisek9_dbg-m), Version 12.2(49)SY131.71, INTERIM SOFTWARE Synced to CARSON_BASE_FOR_V122_50_SY_THROTTLE_121610_101313, Weekly Branch: v122_50_sy_throttle BOOT = bootdisk:s2t54-adventerprisek9_dbg-mz.ssa sy131.71_110421,1; CONFIG_FILE = BOOTLDR = Configuration register = 0x2102 Fabric State = ACTIVE Control Plane State = ACTIVE Switch 1 Slot 6 Processor Information : Current Software state = STANDBY HOT (switchover target) Uptime in current state = 1 day, 1 hour, 35 minutes Image Version = Cisco IOS Software, s2t54 Software (s2t54-adventerprisek9_dbg-m), Version 12.2(49)SY131.71, INTERIM SOFTWARE Synced to CARSON_BASE_FOR_V122_50_SY_THROTTLE_121610_101313, Weekly Branch: v122_50_sy_throttle BOOT = bootdisk:s2t54-adventerprisek9_dbg-mz.ssa sy131.71_110421,1; CONFIG_FILE = BOOTLDR = Configuration register = 0x2102 Fabric State = ACTIVE Control Plane State = STANDBY 34

35 Virtual Switching System Architecture Traffic Forwarding Enhancements For a VSS, Etherchannel and L3 ECMP forwarding will always favor locally attached interfaces Deterministic Traffic patterns Removes the need to send traffic over the VSL Multichassis Etherchannel (MEC) L3 Equal Cost Multi-Path Routing (ECMP) 35

36 Review - Etherchannel Traffic Load Balancing IPSA IPDA MAC L4 Ports 36

37 Virtual Switching System Architecture Multichassis EtherChannel (MEC) Traditional Etherchannel Multichassis Etherchannel (MEC) One logical link partner, but two physical chassis 37

38 Virtual Switching System Architecture EtherChannel Hash for MEC Etherchannel hashing algorithms are modified in VSS to always favor locally attached interfaces Logical Interface Physical Interface PO-1 T 1/1/1 PO-1 T2/1/1 Result Bundle Hash (RBH) Value 0,1,2,3,4,5,6,7 Logical Interface Physical Interface PO-1 T 1/1/1 PO-1 T2/1/1 Result Bundle Hash (RBH) Value 0,1,2,3,4,5,6,7 Blue Traffic flow will result in Link 1 in the MEC link bundle Link 1 Link 2 Orange Traffic flow will result in Link 2 in the MEC link bundle 38

39 Etherchannel Concepts Etherchannel Hash Distribution The default hashing algorithm will redistribute all the Result Bit Hash values across the available ports when there is a change. This affects all traffic traversing the Etherchannel RBH (for MEC) 2 Link Bundle Example Link 1 Link Links 1,2 Links 3,4 Links 1,2,3 Links 4,5,6 RBH (for MEC) 3 Link Bundle Example Link 1 Link 2 Link

40 Etherchannel Concepts Etherchannel Hash Distribution Adaptive Adaptive Hash Distribution Enhancement allows for the addition or removal of links in a bundle without affecting all of the traffic in an Etherchannel. Note in the below example, only Flow 7 and 8 are affected by the addition of an extra link to the Channel RBH (for MEC) 2 Link Bundle Example Link 1 Link 2 Flow 1 Flow 2 Flow 3 Flow 4 Flow 5 Flow 6 Flow 7 Flow 8 RBH (for MEC) 3 Link Bundle Example Link 1 Link 2 Link 3 Flow 1 Flow 2 Flow 3 Flow 4 Flow 5 Flow 6 Flow 7 Flow 8 vss# conf t Enter configuration commands, one per line. End with CNTL/Z. vss(config)#port-channel hash-distribution adaptive vss(config)# ^Z vss# Default for Catalyst 6500 VSS beginning in 12.2(33)SXH1, 40

41 How Etherchannel Works Show Commands VSS-Sup720# show etherchannel 1 port-channel Port-channels in the group: Port-channel: Po Age of the Port-channel = 2d:21h:10m:59s Logical slot/port = 46/1 Number of ports = 2 GC = 0x HotStandBy port = null Passive port list = Te1/6/4 Te1/6/5 Port state = Port-channel L3-Ag Ag-Inuse Protocol = - Fast-switchover = disabled Load share deferral = disabled Ports in the Port-channel: Index Load Port EC state No of bits Te1/6/4 On 4 1 6A Te1/6/5 On 4 Load values assigned to each port Time since last port bundled: 2d:21h:08m:34s Te1/6/5 Last applied Hash Distribution Algorithm: Adaptive Hash distribution method 41

42 EtherChannel Concepts EtherChannel Hash A command can be invoked to assist in determining which link in the bundle will be used - it can use various hash inputs to yield an 8-bucket RBH value that will correspond to one of the port channel members vss# show etherchannel load-balance hash-result interface port-channel 120 switch 1 ip Computed RBH: 0x4 Would select Gi1/2/1 of Po120 Note: specify switch <id> when using hash result command, if not VSS assumes switch <1> while commuting hash results from the hardware. 42

43 Virtual Switching System Architecture Sup2T Etherchannel Load-Balance Schemes VSS2T(config)# port-channel load-balance? dst-ip Dst IP Addr dst-mac Dst Mac Addr dst-mixed-ip-port Dst IP Addr and TCP/UDP Port dst-port Dst TCP/UDP Port mpls Load Balancing for MPLS packets src-dst-ip Src XOR Dst IP Addr src-dst-mac Src XOR Dst Mac Addr src-dst-mixed-ip-port Src XOR Dst IP Addr and TCP/UDP Port src-dst-port Src XOR Dst TCP/UDP Port src-ip Src IP Addr src-mac Src Mac Addr src-mixed-ip-port Src IP Addr and TCP/UDP Port src-port Src TCP/UDP Port vlan-dst-ip Vlan, Dst IP Addr vlan-dst-mixed-ip-port Vlan, Dst IP Addr and TCP/UDP Port vlan-src-dst-ip Vlan, Src XOR Dst IP Addr vlan-src-dst-mixed-ip-port Vlan, Src XOR Dst IP Addr and TCP/UDP Port vlan-src-ip Vlan, Src IP Addr vlan-src-mixed-ip-port Vlan, Src IP Addr and TCP/UDP Port 43

44 Virtual Switching System Architecture Sup720 Etherchannel Load-Balance Schemes VSS(config)# port-channel load-balance? dst-ip dst-mac Dst IP Addr Dst Mac Addr dst-mixed-ip-port Dst IP Addr and TCP/UDP Port dst-port mpls src-dst-ip src-dst-mac Dst TCP/UDP Port Load Balancing for MPLS packets Src XOR Dst IP Addr Src XOR Dst Mac Addr src-dst-mixed-ip-port Src XOR Dst IP Addr and TCP/UDP Port src-dst-port src-ip src-mac src-mixed-ip-port src-port Src XOR Dst TCP/UDP Port Src IP Addr Src Mac Addr Src IP Addr and TCP/UDP Port Src TCP/UDP Port 44

45 Virtual Switching System Architecture Catalyst 4500-E Sup7 and Catalyst 4500-X Etherchannel Load-Balance Schemes VSS_Active(config)#port-channel load-balance? dst-ip dst-mac Dst IP Addr Dst Mac Addr dst-port Dst TCP/UDP Port src-dst-ip src-dst-mac Src XOR Dst IP Addr Src XOR Dst Mac Addr src-dst-port Src XOR Dst TCP/UDP Port src-ip src-mac src-port Src IP Addr Src Mac Addr Src TCP/UDP Port 45

46 Catalyst 6500 VSS Enabled Campus Design Unicast ECMP Traffic Flows ECMP forwarding also favors locally attached interfaces Si Si Hardware FIB inserts entries for ECMP routes using locally attached links If all local links fail the FIB is programmed to forward across the VSL link T1/2/1 T1/2/2 cr vss#show ip route longer-prefixes D /17 [90/3328] via , 2d10h, TenGigabitEthernet2/2/1 [90/3328] via , 2d10h, TenGigabitEthernet1/2/1 [90/3328] via , 2d10h, TenGigabitEthernet2/2/2 [90/3328] via , 2d10h, TenGigabitEthernet1/2/2 cr vss#show mls cef switch 1 Four ECMP Entries Codes: decap - Decapsulation, + - Push Label Index Prefix Adjacency /17 Te1/2/2, 0012.da67.7e40 (Hash: 0001) Te1/2/1, 0018.b966.e988 (Hash: 0002) 46 Two FIB Entries

47 VSS Hardware and Software Requirements

48 VSS Is Supported on Catalyst 6500 and Catalyst 4500-E, and Catalyst 4500-X Catalyst 6500 Catalyst 4500-E Catalyst 4500-X Supervisors Sup2T, Sup720-10G Sup7-E, Sup7L-E Sup8 VSS support schedule for March CY 2014 N/A (Fixed) Mixed/Asymmetric Chassis Support Yes Yes, beginning with release 3.5.0E No, must pair using the same base model type, either 16-port or 32-port. Optional 8-port module is supported Software Trains Sup2T SY, 15.0SY, 15.1SY Sup720-10G SXH, 12.2SXI,12.2SXJ, 15.1SY 3.5.0E 3.4.0SG 15.1(2)SG Quad-Sup SSO Sup2T 15.1SY1 No, Future Release N/A 3.5.0E, 3.4.0SG Quad-Sup Uplink Forwarding Sup720-10G 12.2(33)SXI4 No, Future Release N/A 48

49 VSS Catalyst 6500 Hardware Requirements Supervisor Modules VSS capable Supervisors Supervisor Engine 2T Supervisor Engine GE VS-S2T-10G/XL VSL-capable 10GE uplinks New forwarding engine ASICs Interface indices and mappings allowing traffic forwarding across two chassis MAC address learning across two chassis VS-S720-10G-3C/XL VSS is not supported on Supervisor Engine 720 or other legacy Supervisor modules 49

50 VSS Hardware Requirements VSS Mode Supported Ethernet Modules with Supervisor Engine 2T* Module Part # Description and DFC Option VSL Capable WS-X G 10GE XEBPAK Fiber XENPAK Linecard with CFC No WS-X6724-SFP 1000BASE-X Fiber SFP Linecard with CFC No WS-X6748-SFP 1000BASE-X Fiber SFP Linecard with CFC No WS-X6748-GE-TX 10/100/1000 BASE-TX Linecard with CFC No WS-X G-2T/2TXL 16 Port 10GE X2 Fiber Linecard with DFC4/DFC4XL Yes ( 4 ports in performance mode) WS-X T-2T/2TXL 16 Port 10GE Copper Linecard with DFC4/DFC4/XL Yes ( 4 ports in performance mode) WS-X6824-SFP-2T/2TXL 24 Port Fiber 1GE Linecard with DFC4/DFC4XL No WS-X6848-SFP-2T/2TXL 48 Port Fiber 1GE Linecard with DFC4/DFC4XL No WS-X6848-TX-2T/2TXL 48 Port Copper 1GE Linecard with DFC4/DFC4XL No WS-X G-2T/2TXL 10 GE X2 Fiber Linecard with DFC4/DFC4XL Yes WS-X G-2T/2TXL 4-Port 40 Gigabit Ethernet Fiber Module with DFC4 Yes WS-X6148E-GE-45AT 48-Port 10/100/1000 Ethernet Module with EPoE Support No * Check the Release Notes to verify minimum software required 50

51 VSS Hardware Requirements VSS Mode Service Module Support with Supervisor Engine 2T Module Description VSS Minimum Software ACE30-MOD-K9 ACE20-MOD-K9 Application Control Engine (ACE) 15.0(1)SY A5(1.1) WS-SVC-FWSM-1-K9 Firewall Services Module (FWSM) 12.2(50)SY 4.0(4) WS-SVC-ASA-SM1-K9 ASA Services Module 15.0(1)SY 8.5(1.7) WS-SVC-IDSM2-K9 WS-SVC-NAM-1 WS-SVC-NAM-2 WS-SVC-NAM3-6G-K9 Intrusion Detection System Services Module (IDSM-2) Network Analysis Module (NAM1) Network Analysis Module (NAM2) Network Analysis Module (NAM3) Not Supported in VSS Mode 12.2(50)SY 15.0(1)SY1 Service Module Minimum Software Not supported in VSS mode 3.6(1a) WS-SVC-WISM-1-K9 Wireless Services Module (WiSM) 12.2(50)SY WS-SVC-WISM2-1-K9 WS-SVC-WISM2-3-K9 WS-SVC-WISM2-5-K9 Wireless Services Module 2 (WiSM2) 15.0(1)SY 7.0 MR1 ver

52 VSS Hardware Requirements VSS Mode Supported Ethernet Modules with Supervisor Engine G* Module Part # Description and DFC Option VSL Capable WS-X G 10GE XENPAK Fiber XENPAK Linecard with CFC No WS-X G 10GE X2 Fiber Linecard with DFC3C/DFC3CXL Yes WS-X6724-SFP 1000BASE-X Fiber SFP Linecard with CFC No WS-X6748-SFP 1000BASE-X Fiber SFP Linecard with CFC No WS-X6748-GE-TX 10/100/1000 BASE-TX Linecard with CFC No WS-X G-2T/2TXL 16 Port 10GE X2 Fiber Linecard with DFC3C/DFC3CXL Yes ( 4 ports in performance mode) WS-X T-2T/2TXL 16 Port 10GE Copper Linecard with DFC3C/DFC3C/XL Yes ( 4 ports in performance mode) WS-X6724-SFP-2T/2TXL 24 Port Fiber 1GE Linecard with DFC3C/DFC3CXL No WS-X6748-SFP-2T/2TXL 48 Port Fiber 1GE Linecard with DFC3C/DFC3CXL No WS-X6748-TX-2T/2TXL 48 Port Copper 1GE Linecard with DFC3C/DFC3CXL No * Check the Release Notes to verify minimum software required 52

53 VSS Hardware Requirements VSS Mode Service Module and SIP Module Support with Supervisor Engine G Module Description VSS Minimum Software Service Module Minimum Software ACE10/ACE K9 Application Control Engine (ACE) 12.2(50)SXI A2(1.2) WS-SVC-FWSM-1-K9 Firewall Services Module (FWSM) 12.2(33)SXI 4.0(4) WS-SVC-IDSM2-K9 WS-SVC-NAM-1 WS-SVC-NAM-2 WS-SVC-NAM3-6G-K9 Intrusion Detection System Services Module (IDSM-2) Network Analysis Module (NAM1) Network Analysis Module (NAM2) Network Analysis Module (NAM3) Not supported in VSS mode 12.2(33)SXH1 12.2(33)SXJ1 Not supported in VSS mode 3.6(1a) WS-SVC-WISM-1-K9 Wireless Services Module (WiSM) 12.2(33)SXI SIP-400 SPA Interface Processor (33)SXI4 N/A * Check the Release Notes to verify minimum software required

54 VSS Hardware Requirements System PFC Mode Matrix Linecard Type DFC4 Sup720-10G (Standalone) System wide PFC Mode Not Supported Sup720-10G (VSS) System wide PFC Mode Not Supported Sup2T (Standalone) System Wide PFC Mode PFC4 Sup2T (VSS) System Wide PFC Mode PFC4 DFC3C PFC3C PFC3C Not Supported Not Supported DFC3B PFC3B* Not Supported Not Supported Not Supported DFC3A PFC3A* Not Supported Not Supported Not Supported DFC2 Not Supported Not Supported Not Supported Not Supported CFC Classic PFC3C PFC3C PFC3C Not Supported PFC4 (6700-series) 6148 Series PFC4 (6700-series) WS-X6148E-GE-45AT (only) 54

55 VSS Hardware Requirements Catalyst 6500 VSL Capable Interfaces Module Description # VSL-Ports 10GE (capable) VS-S2T-10G/XL Supervisor Engine 2T 2 WS-X G-2T/2TXL 4-Port 40 Gigabit Ethernet Fiber Module with DFC4 4-40G / 16-10G WS-X G-2T/2TXL 10 GE Linecard 8 WS-X G-2T/2TXL 16 Port 10GE X2 Fiber Linecard with DFC4/DFC4XL Yes ( 4 ports in performance mode) WS-X T-2T/2TXL VS-S720-10G-3C/XL 16 Port 10GE Copper Supervisor Linecard Engine with GE DFC4/DFC4/XL Yes ( 4 ports 2 in performance mode) WS-X G-3C/XL 10 GE Linecard 8 WS-X G-3C/XL 16 Port 10GE X2 Fiber Linecard with DFC3C/DFC3CXL 4 (Performance mode) WS-X T-3C/XL 16 Port 10GE Copper Linecard with DFC3C/DFC3C/XL 4 (Performance mode) Virtual Switch Domain Virtual Switch Link (VSL) Switch 1 Switch 2 55

56 Catalyst 4500-E and Catalyst 4500-X VSS Support Catalyst 4500-E Series Catalyst 4500-X Series Software support begins with IOS XE 3.4.0SG All 10G and 1G ports supported as VSL ports (Etherchannel rules apply, all ports must be either 10G or all 1G) 56

57 Catalyst 4500E and 4500X VSS Support Matrix Hardware Chassis Supervisor Modules Catalyst 4500E 4503+E 4506+E 4507+E 4510R+E Catalyst 4500X WS-C4500X-32SFP+ WS-C4500X-F-32SFP+ WS-C4500X16SFP+ WS-C4500X-F-16SFP+ WS-C4500X-24X-IPB WS-C4500X-40X-ES WS-C4500X-24X-ES Sup7E Sup7LE WS-X4748-RJ45+V WS-X4712-SFP+E WS-X4748-UPOE+E WS-X4748-RJ45-E - C4KX-NM-8SFP+ WS-X4606-X2-E WS-X4648-RJ45V-E WS-X4648-RJ45V+E WS-X4648-RJ45-E WS-X4640-CSFP-E WS-X4624-SFP-E WS-X4612-SFP-E All supported 4500E series modules are VSL capable Legacy modules WS-45XX and WS-42XX are not supported 57

58 Catalyst 4500-E and Catalyst 4500-X VSS Software License Requirements Catalyst 4500-E Series Catalyst 4500-X Series Platform LAN Base IP Base Catalyst 4500E (Sup7E) Catalyst 4500E (Sup7L-E) Enterprise Services Lite N/A N/A Enterprise Services Catalyst 4500-X N/A N/A Catalyst 4500-X LE * Q1CY13 N/A N/A 58

59 VSS Feature Comparison: Cat4500E/X vs Cat6500 Capability Catalyst 6500 Catalyst 4500E/X Phase I 3.4xSG Catalyst 4500E/X Phase II 3.5.0E Quad-sup VSS SSO Yes No No Quad Sup Forwarding Uplinks Yes No Yes Switchport-based Multi-chassis EC Yes Yes Yes Routed Port Multi-chassis EC Yes No Yes Split Brain Detection method Fast Hello, EPAgP EPAgP Fast Hello, EPAgP Cross-chassis NSF/SSO Yes Yes Yes Cross-chassis ISSU Yes Yes Yes PoE LC support in VSS Yes Yes Yes Asymmetric chassis (VSS between different slot E-chassis or base model X-series) Yes No Yes Smart Install Director w/vss Yes No (Standalone only) Yes 59

60 Catalyst 4500 Series Feature Differences Between Standalone and VSS mode Features Standalone VSS UniDirectional Ethernet & UniDirectional Link Routing Yes No Connectivity Fault Management D8.1 Yes No Resilient Ethernet Protocol and associated features Yes No Flexlinks Yes No PVL,L2PT, Fast UDLD Yes No WCCP - needs SSO compliance Yes No Dot1q Tunnel (Legacy dot1q tunnel) Yes No Vlan Translation (1:1, 1:2-Selective QinQ) Yes No Mediatrace and Metadata needs SSO compliance Yes No MACsec on VSL ports Yes No EnergyWise Yes No 60

61 Always Verify Supported Hardware with Software Release Notes Before every deployment always read the Release Notes for the planned software release and check the Supported Hardware section to verify all components are supported. Catalyst 6800/6500/4500 modular platforms are designed for very long product lifecycles Investment Protection is a key design criteria Overtime older hardware support is not carried forward with the newest software releases in order to minimize complexity, optimize performance, increase feature velocity or all of the above New features are sometimes phased in with only the most relevant hardware support in the initial release 61

62 High Availability

63 VSS Node Failure Protection Relies on SSO and NSF Virtual Switching System 1 Virtual Switch Active incurs a supervisor outage Virtual Switch Active Virtual Switch Hot Standby Virtual Switch Active 2 Standby Supervisor takes over as Virtual switch Active Virtual Switch Standby initiates graceful restart Non Stop forwarding of packets will continue using hardware entries as Switch-2 assumes active role NSF aware neighbors exchange updates with Virtual Switch Active Si 63

64 High Availability NSF/SSO or Graceful Restart Configuration Non Stop Forwarding or Graceful Restart configuration is required to maintain forwarding along last known good paths Configuration is L3 routing protocol dependant VSS#config t VSS(config)#router ospf 1 VSS(config-router)#nsf Example : OSPF Configuration VSS#show ip ospf Routing Process "ospf 10" with ID Start time: 00:15:29.344, Time elapsed: 23:12: Supports only single TOS(TOS0) routes External flood list length 0 Non-Stop Forwarding enabled IETF NSF helper support enabled Cisco NSF helper support enabled Reference bandwidth unit is 100 mbps 64

65 VSS Link Failure Protection Failure of MEC member Upstream Traffic Convergence is determined by Access device link fail detection and Etherchannel convergence Si Si Etherchannel convergence - typically 200ms Typically only the flows on the failed link are effected 65

66 VSS Link Failure Protection Failure of MEC member Downstream Traffic Convergence is determined by VSS VSS Etherchannel convergence Typically Sub - 200ms Only the flows on the failed link are effected Si Si 66

67 Dual-Active Scenarios

68 Dual-Active What is Dual-Active Dual-Active control plane scenario must be avoided. Multiple methods available to detect Port and Channel recover from this remote possibility VSS Active VSL VSS Standby Active Port Channel 68

69 Dual- Active Scenario Three Phases to Restoration Active Active Recovery Active Standby Active Detection Enhanced PAgP Fast Hello Recovery Admin down ports Recover the VSL 69 Restoration VSL functional Reload recovery chassis Recommendation - Configure a minimum of two dual-active detection sessions (same or different methods)

70 Dual-Active Detection - Option 1 Enhanced PAgP Supported on Catalyst 6500, Catalyst 4500-E, Catalyst 4500-X Trusted Port Channel for Dual- Active Detection Port Channel VSS Active VSL VSS Standby Active %DUAL_ACTIVE-SW1_SP-1-DETECTION: Dual-active condition detected: all non- VSL and non-excluded interfaces have been shut down Port Channel 70

71 Enhanced PAgP How it Works Normal Operation Supported on Catalyst 6500, Catalyst 4500-E, Catalyst 4500-X VSS Switch 1 Active VSL Si Switch 2 Standby Trusted Port-Channel configuration for dual-active detection EPAgP Peer 71

72 Enhanced PAgP How it Works Dual-active detection Supported on Catalyst 6500, Catalyst 4500-E, Catalyst 4500-X VSS Switch 1 Active VSL Si Switch 2 Standby Active EPAgP Peer %DUAL_ACTIVE-SW1_SP-1-DETECTION: Dual-active condition detected: all non- VSL and non-excluded interfaces have been shut down 72

73 Dual-Active Scenario Enhanced PAgP Configuration and Monitoring Supported on Catalyst 6800, 6500, Catalyst 4500-E, Catalyst 4500-X switch virtual domain 100 dual-active detection pagp dual-active detection pagp trust channel-group 20 dual-active detection pagp trust channel-group 25 vss01 #show switch virtual dual-active pagp PAgP dual-active detection enabled: Yes PAgP dual-active version: 1.1 Channel group 20 dual-active detect capability w/nbrs Dual-Active trusted group: Yes Dual-Active Partner Partner Partner Port Detect Capable Name Port Version Te1/3/5 Yes SW101 Te1/0/1 1.1 Te2/3/5 Yes SW101 Te1/0/2 1.1 Channel group 25 dual-active detect capability w/nbrs Dual-Active trusted group: Yes Dual-Active Partner Partner Partner Port Detect Capable Name Port Version Te1/3/4 No SW103 Te5/1 N/A Te2/3/4 No SW103 Te6/1 N/A 73

74 Dual-Active Detection Option 2 Detection Method Fast Hello Supported on Catalyst 6800, 6500 Future Support on Catalyst 4500-E, Catalyst 4500-X %DUAL_ACTIVE-SW1_SP-1-DETECTION: Dual-active condition detected: all non- VSL and non-excluded Port interfaces Channel have been shut down VSLP Fast Hello VSS Active VSL VSS Standby Active Port Channel 74

75 Fast Hello How it Works Normal Operation Supported on Catalyst 6500 Future Support on Catalyst 4500-E, Catalyst 4500-X Dedicated Heartbeat Link for Fast Hello session VSS Switch 1 Active VSL Si Switch 2 Standby 75

76 Fast Hello How it Works - Dual-active Detection Supported on Catalyst 6500 Future Support on Catalyst 4500-E, Catalyst 4500-X Dedicated %DUAL_ACTIVE-SW1_SP-1-DETECTION: Heartbeat VSS Dual-active condition detected: all non- Link for Fast Hello VSL and non-excluded interfaces have been shut down session Switch 1 Active VSL Si Switch 2 Standby 76

77 Dual-Active Scenario Fast Hello Configuration and Operation switch virtual domain 100 dual-active detection fast-hello interface GigabitEthernet1/2/3 description to VSS-SW2 gi2/2/3 no switchport no ip address dual-active fast-hello! interface GigabitEthernet2/2/3 description to VSS-SW1 gi1/2/3 no switchport no ip address dual-active fast-hello vss-switch1#show switch virtual dual-active fasthello Fast-hello dual-active detection enabled: Yes Fast-hello dual-active interfaces: Port Local State Peer Port Remote State Gi1/2/3 Link up Gi2/2/3 Link up 77

78 Dual-Active Enabled by Default in 15.1(2)SY Fast Hello Configuration and Operation HQ-AGG-6807# show switch virtual dual-active summary Pagp dual-active detection enabled: Yes Fast-hello dual-active detection enabled: Yes FEX dual-active detection enabled: Yes No interfaces excluded from shutdown in recovery mode In dual-active recovery mode: No HQ-AGG-6807# 78

79 Dual-Active Recovery %DUAL_ACTIVE-SW1_SP-1-DETECTION: Dual-active condition detected: all non- VSL and non-excluded Port interfaces Channel have been shut down VSLP Fast Hello Recovery VSS Active Mode VSS Active Recovery Mode - Previously Active switch will administratively down all of it s interfaces and attempt to recover the VSL Port Channel 79

80 Dual-Active Restoration Port Channel VSLP Fast Hello Recovery VSS Standby Mode VSL VSS Active Chassis Reload Port Channel 80

81 High Availability Dual-Active Protocols Requires EPAgP capable neighbor : 3750: 12.2(46)SE 4500: 12.2(44)SE 6500: 12.2(33)SXH1 EPAgP Client Catalyst Systems Catalyst 2960 * Catalyst 3560X Catalyst 3750X * Catalyst 3850 ** Catalyst 4500E Catalyst 4500X Catalyst 6500E Catalyst 6800IA Enhanced PAgP Switch 1 Switch 2 Active Hot Standby Sub-second convergence * Cisco Catalyst 2960 FlexStack and 3750X StackWise-Plus cross-stack do not support EPAgP ** Cisco Catalyst 3850 StackWise-480 cross-stack supports EPAgP Catalyst 6800 Instant Access clients do support EPAgP Switch 1 Switch 2 Active VSLP Fast Hello VSLP VSLP Direct L2 Connection Requires 12.2(33)SXI Sub-second convergence Hot Standby 81

82 High Availability Dual-Active Detection Exclude Interfaces Upon detection of a Dual Active scenario, all interfaces on the previous-active switch will be brought down so as not to disrupt the functioning of the remainder of the network. The exclude interfaces include VSL port members as well as any pre-configured ports which may be used for management purposes vs-vsl#conf t Enter configuration commands, one per line. End with CNTL/Z. vs-vsl(config)#switch virtual domain 100 vs-vsl(config-vs-domain)#dual-active exclude interface Gig 1/5/1 vs-vsl(config-vs-domain)#dual-active exclude interface Gig 2/5/1 vs-vsl(config-vs-domain)# ^Z vs-vsl# 82

83 High Availability Dual Active: Recovery Mode Important! Do not make any configuration changes while in the Dual Active Recovery mode. If the config is changed the system will not automatically recover once the VSL becomes active again One must issue the write memory command and then reload the switch in recovery mode using the reload shelf command Switch 1 Switch 2 Recovery VSL Active 83

84 VSS Supervisor Engine Redundancy

85 Why Do We Need In-Chassis Supervisor Redundancy with VSS? Redundancy Maintain 100% forwarding capacity of the VSS after a Supervisor failure event Resiliency Automate recovery of a failed Supervisor Increase availability for single-attached devices Service Modules are single attached devices 85

86 Available Bandwidth VSS Single Sup Operation and Availability 100% 50% Si Time VSS Control Plane Active Data Plane Active Control Plane Standby Data Plane Active Si 86

87 VSS Single Sup Operation Sup Fail Example Available Bandwidth 100% 50% Si Time Control Plane Active Data Plane Active VSS Control Plane Standby Active Data Plane Active Si 87

88 Available Bandwidth VSS Single Sup Operation Sup Fail Manual Repair Example Lose 50 % Capacity until repaired Time 100% 50% Si Undeterministic recovery time Severe impact to any single attached devices Control Plane Standby Data Plane Active VSS Control Plane Standby Data Plane Active Control Plane Active Data Plane Active Si 88

89 Quad-Sup Uplink Forwarding Available only on Catalyst 6500 Sup720-10G

90 Available Bandwidth VSS Supervisor Redundancy Sup720-10G Quad-Sup Uplink Forwarding Sup720-10G Only Shipping since 12.2(33)SXI4 100% 50% Si Time Control Plane Active Data Plane Active Control Plane RPR-Warm Data Plane Active VSS Control Plane Standby Data Plane Active Control Plane RPR-Warm Data Plane Active Si 90

91 Available Bandwidth VSS Supervisor Redundancy Sup720-10G Quad-Sup Uplink Forwarding Sup Fail Sup720-10G Only Shipping since 12.2(33)SXI4 Automated recovery 100% Si Deterministic outage time (chassis reload) Time 50% Outage associated for any single-attached devices Reload Control Plane Active Data Plane Active Control Plane Standby Control Data Plane RPR-Warm Active Data Plane Active Control Plane Standby Active Data Plane Active Control Plane RPR-Warm Data Plane Active Reload time 5 15 minutes Si 91

92 VSS Quad-Sup SSO Catalyst 6500 Sup2T Only Beginning with Release 15.1(1)SY1

93 Available Bandwidth VSS Supervisor Redundancy Sup2T Quad-Sup SSO (VS4O) Sup2T Only 15.1.(1)SY1 or newer Automated Recovery 100% Si Sub-second convergence for single attached devices 50ms 200ms 50% SSO Redundancy Time Control Plane Active Data Plane Active Control Plane Standby Data (Chassis) Plane Active Data Plane Active Control Plane Active Control Plane Standby Data Plane Active Data Plane Active Control Plane Standby (Chassis) Data Plane Active Si 93

94 VSS Redundancy Modes and Terminology Sup2T Only 15.1.(1)SY1 or newer VSS Domain VSS Active In Chassis Active (ICA) Role Resolution Protocol VSS Standby In Chassis Active (ICA) V S L In Chassis Standby (ICS) VS Switch ID 1 VS Switch ID 2 In Chassis Standby (ICS) 94

95 VSS Quad-Sup SSO Redundancy Domains Sup2T Only 15.1.(1)SY1 or newer In Chassis Redundancy Domain VSS Active In Chassis Active (ICA) VSS Domain Default Redundancy Domain SSO In Chassis Redundancy Domain VSS Standby In Chassis Active (ICA) SSO SSO In Chassis Standby (ICS) VS Switch ID 1 VS Switch ID 2 In Chassis Standby (ICS) 95

96 VSS Quad-Sup SSO Redundancy Domains Sup2T Only 15.1.(1)SY1 or newer In Chassis Redundancy Domain VSS Domain Default Redundancy Domain In Chassis Redundancy Domain In Chassis Active (ICA) VSS Active (Active) SSO VSS Standby Hot (Switchover Target) In Chassis Active (ICA) SSO SSO In Chassis Standby (ICS) (Standby Hot Chassis) VS Switch ID 1 VS Switch ID 2 In Chassis Standby (ICS) (Standby Hot Chassis) 96

97 VSS Quad Sup SSO Switchovers (First Switchover Example) Sup2T Only 15.1.(1)SY1 or newer In Chassis Redundancy Domain VSS Domain Default Redundancy Domain In Chassis Redundancy Domain In Chassis Active (ICA) VSS Active (Active) SSO VSS Standby Active Hot (Switchover (Active) Target) In Chassis Active (ICA) VSS Standby SSO Hot (Switchover Target) In Chassis Active In Chassis (ICA) Standby (ICS) (Standby Hot Chassis) VS Switch ID 1 VS Switch ID 2 SSO In Chassis Standby (ICS) (Standby Hot Chassis) 97

98 VSS Quad Sup SSO Switchovers (Second Switchover Example) Sup2T Only 15.1.(1)SY1 or newer VSS Domain Default Redundancy Domain SSO VSS Active (Active) In Chassis Redundancy Domain VSS Standby Hot In Chassis Active (ICA) (Switchover Target) VSS Standby VSS Active Hot (Switchover (Active) Target) In Chassis Active (ICA) VS Switch ID 1 VS Switch ID 2 SSO In In Chassis Standby Active (ICS) (ICA) (Standby Hot Chassis) 98

99 VSS Quad-Sup Z Pattern Switchovers Sup2T Only 15.1.(1)SY1 or newer Switchover of the VSS Active is always across chassis Default redundancy domain is responsible for the VSS Active and Standby determination VSS VSS Hot ICS Active Standby VSS VSS Hot ICS Active Standby T1 T5 T3 T2 T4 VSS VSS Hot ICS Active Standby VSS VSS Hot ICS Active Standby T1 SW1 SW2 SW3 SW4 T2 T3 T4 T5 99

100 Available Bandwidth Available Bandwidth VSS Quad-Sup SSO Supervisor Fail Event - Dataplane Convergence Sup2T Only 15.1.(1)SY1 or newer 100% 100% 50ms 200ms 50% Si 50% Time Time SW1 North-South Traffic Convergence SW2 North-South Traffic Convergence SSO SW1 SW2 Outage on the affected switch is dependant upon Ingress-egress ports port relation local or across fabric Linecard fabric switchover capabilities Si 100

101 Line Card Dataplane Switchover Dependencies Local switched Linecard Architecture Sup2T Only 15.1.(1)SY1 or newer Si Si 101

102 Line Card Dataplane Switchover Dependencies (Cross-fabric) Sup2T Only 15.1.(1)SY1 or newer Traffic between interfaces (T2/1/1 <> T2/2/2) is affected by the Sup switchover event Active-to-Standby fabric convergence (Sup-slot5 > Sup slot6) Si T2/1/1 T2/2/1 WS-X G WS-X G WS-X6848-SFP WS-X6848-SFP Sup2T Sup2T SSO Actual convergence depends on the line card capabilities VSS Switch ID 2 Si 102

103 Line Card Data Plane Switchover Backplane Fabric Channels Affect on Cross Module Traffic Before Switchover Active Supervisor C6506 Slot 5 Slot 6 Standby Supervisor (ICS) Slot 1 Slot 2 Line card Line card 103

104 Line Card Data Plane Switchover Backplane Fabric Channels Affect on Cross Module Traffic Before Switchover Active Supervisor C6506 Slot 5 Slot 6 Standby Supervisor (ICS) After Switchover C6506 Slot 6 Active Supervisor Slot 1 Slot 2 Slot 1 Slot 2 Line card Line card Line card Line card 104

105 Catalyst 6500 Linecard Support hotsync Fabric and Fast-HW Notification Linecard Model# hotsync Standby Fabric 6900-series Yes Yes Sub-50ms Convergence 6800-series 10G Yes Yes 6700-series 10G Yes Yes G Yes No 6800-series 1G Yes No 6700-series 1G Yes No Classic N/A No Fast-HW Notification 105

106 Linecard Dataplane Switchover hotstandby Fabric Support WS-X G WS-X6748-TX WS-X6748-SFP Sup2T Sup2T VSS4Sup#show fabric status sw 1 slot channel speed module fabric hotstandby status status support G OK OK Y(hot) G OK OK Y(hot) G OK OK Y(hot) G OK OK Y(hot) G OK OK Y(hot) G OK OK N/A G OK OK N/A G OK OK N/A G OK OK N/A 106

107 Line Card Dataplane Switchover Dependencies (local switched) Traffic between interfaces (T2/1/1 <> T2/1/2) is NOT affected by the Sup switchover event Si T2/1/1 T2/1/2 WS-X G WS-X G WS-X6848-SFP WS-X6848-SFP Sup2T Sup2T SSO Traffic between all local ports on the line card experiences no frame loss Si VSS Switch ID 2 107

108 Line Card Data Plane Switchover Backplane Fabric Channels Affect on Local Traffic Before Switchover Active Supervisor C6506 Slot 5 Slot 6 Standby Supervisor (ICS) Slot 1 Slot 2 Line card Line card 108

109 Line Card Data Plane Switchover Backplane Fabric Channels Affect on Local Traffic Before Switchover Active Supervisor C6506 Slot 5 Slot 6 Standby Supervisor (ICS) After Switchover C6506 Slot 6 Active Supervisor Slot 1 Slot 2 Slot 1 Slot 2 Line card Line card Line card Line card 109

110 VSS Quad-Sup Viewing Redundancy Status vis CLI VSS4Sup#show switch virtual redundancy Switch 2 Slot 5 Processor My Switch Information Id = 1 : Peer Switch Id = 2 Current Last switchover Software reason state = STANDBY user forced HOT (switchover target) Configured Uptime in Redundancy current state Mode = 2 sso days, 18 hours, 14 minutes Operating Redundancy Image Version Mode = Cisco sso IOS Software, s2t54 Software (s2t54-advipservicesk9-m), Version 15.1(1)WIA111.90, EARLY DEPLOYMENT ENGINEERING WEEKLY BUILD, synced to V122_49_YST273_111_ Switch 1 Slot 5 Processor Information : Copyright (c) by Cisco Systems, Inc Compiled Current Tue 02-Oct-12 Software 14:34 state by integ ACTIVE Uptime in current state BOOT = bootdisk:s2t54-advipservicesk9-mz.ssa wia111.90,1; 2 days, 18 hours, 15 minutes Image CONFIG_FILE Version = Cisco IOS Software, s2t54 Software (s2t54-advipservicesk9-m), Version 15.1(1)WIA111.90, EARLY DEPLOYMENT ENGINEERING WEEKLY BUILD, synced BOOTLDR to V122_49_YST273_111_ = Copyright Configuration (c) register by Cisco = 0x2102 Systems, Inc. Compiled Tue 02-Oct-12 Fabric 14:34 State by = integ ACTIVE Control Plane State BOOT = STANDBY bootdisk:s2t54-advipservicesk9-mz.ssa wia111.90,1; CONFIG_FILE = Switch 2 Slot 6 Processor BOOTLDR Information = : Configuration register = 0x2102 Current Software Fabric state State = STANDBY ACTIVE HOT (CHASSIS) Uptime Control in current Plane state State = 2 ACTIVE days, 18 hours, 13 minutes Image Version = Cisco IOS Software, s2t54 Software (s2t54-advipservicesk9-m), Version 15.1(1)WIA111.90, EARLY DEPLOYMENT ENGINEERING WEEKLY Switch BUILD, 1 Slot synced 6 Processor to V122_49_YST273_111_ Information : Copyright (c) by Cisco Systems, Inc. Compiled Current Tue 02-Oct-12 Software 14:34 state by = integ STANDBY HOT (CHASSIS) Uptime in current state 2 days, 18 hours, 29 minutes BOOT = bootdisk:s2t54-advipservicesk9-mz.ssa wia111.90,1; Image Version Cisco IOS Software, s2t54 Software (s2t54-advipservicesk9-m), Version 15.1(1)WIA111.90, EARLY DEPLOYMENT ENGINEERING CONFIG_FILE = WEEKLY BUILD, synced to V122_49_YST273_111_ Copyright (c) BOOTLDR by Cisco = Systems, Inc. Compiled Configuration Tue 02-Oct-12 register 14:34 by = integ 0x2102 Fabric State BOOT = ACTIVE bootdisk:s2t54-advipservicesk9-mz.ssa wia111.90,1; Control Plane CONFIG_FILE State = STANDBY BOOTLDR = Configuration register = 0x2102 VSS4Sup# Fabric State = ACTIVE Control Plane State = STANDBY 110

111 VSS Quad-Sup File Systems Copying Image Before System Upgrade VSS4Sup#show switch virtual Switch mode : Virtual Switch Virtual switch domain number : 200 Local switch number : 2 Local switch operational role: Virtual Switch Active Peer switch number : 1 Peer switch operational role : Virtual Switch Standby VSS4Sup#copy ftp: bootdisk: Address or name of remote host []? Source filename []? s2t54-advipservicesk9-mz.ssa wia Destination filename [s2t54-advipservicesk9-mz.ssa wia111.90]? Accessing ftp:// /s2t54-advipservicesk9-mz.ssa wia Loading s2t54-advipservicesk9-mz.ssa wia111.90!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! VSS4Sup#$sk:s2t54-advipservicesk9-mz.SSA WIA ics-bootdisk: Destination filename [s2t54-advipservicesk9-mz.ssa wia111.90]? Copy in progress...ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc VSS4Sup#$sk:s2t54-advipservicesk9-mz.SSA WIA sw1-slot5-bootdisk: Destination filename [s2t54-advipservicesk9-mz.ssa wia111.90]? Copy in progress...ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc VSS4Sup#$dvipservicesk9-mz.SSA WIA sw1-slot6-slavebootdisk: Destination filename [s2t54-advipservicesk9-mz.ssa wia111.90]? Copy in progress...ccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc 111

112 Migrate from VSS to VS4O 112

113 Reference Paper for VS4O White Paper describes VS4O benefits, architecture and migration steps hes/ps5718/ps708/white_paper_c html 113

114 Migrate VSS to VS4O Key steps in migrating to VS4O Upgrade existing VSS to version 15.1(1)SY1 Establish a console connection for each supervisor module in the VSS Prepare the first ICS supervisor module to boot the same image version as the active VSS Insert the redundant supervisor module into the chassis (it does not matter which VSS chassis the redundant supervisor is inserted into first, the VSS active or VSS standby) Verify the newly inserted supervisor boots as the ICS Configure and connect the ICS supervisor ten gigabit uplink ports into the VSL (optional step, but recommended for configuration with an ICS in each chassis) 114

115 What if I need to upgrade the What if I my second supervisor module is running an older software version that does not support VS4O? 115

116 In Chassis Standby In-Chassis Redundant Supervisor Boot Behavior Scenarios Standby in VSS mode running VS4O capable image (15.1(1)SY1 or newer) Standby in Standalone mode running VS4O capable image (15.1(1)SY1 or newer) Standby booting with 15.1(1)SY or older image in a standalone default config Standby booting with 15.1(1)SY or older image in a VSS config ICS configured with config-register 0x2102 Active Supervisor in VSS Mode - Running Image supporting VS40. (15.1(1)SY1 or newer) boots as VS4O In-chassis SSO Standby Hot ICS detects ICA in VSS mode and automatically sets switch number then resets and boots as VS4O Inchassis SSO Standby Hot ICS will start to boot IOS and recognize it is in an unsupported ICS config and drop to rommon ICS will start to boot IOS and recognize it is in an unsupported ICS config and drop to rommon ICS boots to rommon In Chassis Active Active Supervisor in VSS mode - Running Image Not Supporting VS40. (15.1(1)SY or previous) ICS will boot to RPR-mode StandbyCold ICS boots and detects ICA in VSS mode, sets switch_number variable and reset to rommon, Boot ICS again to SY1 and ICS goes RPR-mode Standby Cold Standby attempts to boot as standalone ICS, will timeout waiting on active then reload : ICS will start to boot IOS and recognize it is in an unsupported ICS config and drop to rommon ICS boots to rommon 116

117 In Chassis Standby In-Chassis Redundant Supervisor Boot Behavior Scenarios Standby in VSS mode running VS4O capable image (15.1(1)SY1 or newer) Standby in Standalone mode running VS4O capable image (15.1(1)SY1 or newer) Standby booting with 15.1(1)SY or older image in a standalone default config Standby booting with 15.1(1)SY or older image in a VSS config ICS configured with config-register 0x2102 Active Supervisor in VSS Mode - Running Image supporting VS40. (15.1(1)SY1 or newer) boots as VS4O In-chassis SSO Standby Hot ICS detects ICA in VSS mode and automatically sets switch number then resets and boots as VS4O Inchassis SSO Standby Hot ICS will start to boot IOS and recognize it is in an unsupported ICS config and drop to rommon ICS will start to boot IOS and recognize it is in an unsupported ICS config and drop to rommon ICS boots to rommon In Chassis Active Active Supervisor in VSS mode - Running Image Not Supporting VS40. (15.1(1)SY or previous) ICS will boot to RPR-mode StandbyCold ICS boots and detects ICA in VSS mode, sets switch_number variable and reset to rommon, Boot ICS again to SY1 and ICS goes RPR-mode Standby Cold Standby attempts to boot as standalone ICS, will timeout waiting on active then reload : ICS will start to boot IOS and recognize it is in an unsupported ICS config and drop to rommon ICS boots to rommon 117

118 VSS Best Practice for Quad-Sup SSO Always use at least one uplink from each Supervisor as part of the VSL. Consider using all the Supervisor uplink ports in the VSL (4 per chassis) If using all 4 Supervisor uplinks (per chassis) swap the 5s or swap the 4s in order to maintain 20Gbps VSL even during a Supervisor fail event or reload event Connect uplink and downlink on local linecards if possible, this will minimize traffic disruption across Supervisor switchover event Must explicitly configure NSF (or NSR if supported) for routing protocol to provide minimum disruption to L3 routed interfaces Use DFC enabled linecards with 512MB of available memory in order to minimize linecard reload time during EFSU (warm-reload) Be sure to copy the system image file to all Supervisor module file systems in the same relative location 118

119 VSS Quad-Sup SSO Key Takeaways VSS Quad-Sup SSO provides Automated and sub-second recovery from a Sup fail event Sub-second recovery maintains 100% bandwidth for the VSS Maintains network availability for single attached devices New Staggered EFSU process reduces the outage time associated with linecard reloads Quad-Sup SSO is only supported on Sup2T, available in 15.1(1)SY1 Quad-Sup Uplink Forwarding is only supported on Sup720-10G 119

120 VSL Bandwidth Design Considerations 12 0

121 VSL Design Considerations VSL Link Diversification VSL Bandwidth Sizing VSL QoS Borderless Networks: Medium Enterprise Design Profile 121

122 VSL Design Link Diversification (Dual-Sup Design Option #1) CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard VSS Active CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard Ten 1/1/1 Ten 2/1/1 Ten 1/5/4 Ten 2/5/4 CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard VSS Standby CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard Minimum of two links provides protection from port and SFP failures Separate linecard provides protection from certain interface failures on a single Supervisor Diverse physical paths protect from physical layer outages Requires a VSL-capable linecard 122

123 VSL Design Link Diversification (Dual-Sup Design Option #2) CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard VSS Active CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard Ten 1/5/4 Ten 2/5/4 Ten 1/5/5 Ten 2/5/5 CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard VSS Standby CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard Minimum of two links provides protection from port and SFP failures Diverse physical paths protect from physical layer outages No additional VSL-capable linecards are required (Minimal Cost) 123

124 VSL Design Link Diversification (Quad-Sup Design Option #1) CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard VSS Active VSS ICS CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard Ten 1/5/4 Ten 2/5/4 Ten 1/5/5 Ten 2/5/5 Ten 1/6/5 Ten 2/6/5 Ten 1/6/4 Ten 2/6/4 CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard VSS Standby VSS ICS CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard Maintains 20Gbps VSL bandwidth in event of a Supervisor failure Maintains at least one locally attached VSL link to active Supervisor no matter which Supervisor becomes active Cost effective design that does not require additional VSL-capable linecard compared to design option #2 Support staggered mode upgrade with Sup2T VS4O ICS = In-Chassis Standby 124

125 VSL Design Link Diversification (Quad-Sup Design Option #2) CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard VSS Active VSS ICS CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard Ten 1/1/1 Ten 2/1/1 Ten 1/5/4 Ten 2/5/4 Ten 1/5/5 Ten 2/5/5 Ten 1/6/5 Ten 2/6/5 Ten 1/6/4 Ten 2/6/4 CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard VSS Standby VSS ICS CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard Maintains 30Gbps VSL bandwidth in the event of a Supervisor failure Maintains at least one locally attached VSL link to active Supervisor no matter which Supervisor becomes active Provides additional resiliency against multiple Supervisor failure events compared to design option #1 ICS= In Chassis Standby 125

126 Virtual Switch Link QoS Virtual Switch Link interfaces are restricted from QoS policy changes - Class of Service based queuing is automatically added to the VSL port channel interfaces on VS- Sup720-10G, this is not applicable on VS-Sup2T systems (mls qos trust cos) - Default CoS to Queue mapping is enforced - Interface Maximum Transmission Unit (MTU) size is automatically set to 9216 bytes Critical control traffic is automatically marked and receives priority queuing - Control traffic is set with CoS=5 BPDU=1 (marked in VSL header) interface Port-channel1 no switchport no ip address switch virtual link 1 mls qos trust cos no mls qos channel-consistency Sup720-10G Example Q3 Q2 Q1 Pri 126

127 Supervisor Uplink Port Queuing Options Supervisor uplink ports can be configured in either of two modes - Normal mode All 1GigE and 10GigE ports are available Shared queuing structure TX 1p3q4t, RX 2q4t - 10G-only mode Only the 10G ports are available for active use Additional queues and buffers are allocated for the 10G ports TX 1p7q4t, RX 8q4t interface Port-channel1 no switchport no ip address switch virtual link 1 mls qos trust cos no mls qos channel-consistency Adjust Etherchannel queuing requirements as needed - no mls qos channel-consistency removes the requirement that all ports in an etherchannel bundle have the same queuing structure 127

128 In-Service Software Upgrades with VSS

129 VSS Software Upgrades Using the In Service Software Upgrade (ISSU) Infrastructure Streamlined Process to Perform Software Upgrades/Downgrades ISSU Loadversion ISSU Acceptversion (Optional) ISSU Runversion ISSU Commitversion 129

130 Upgrade Process Overview with VSS Full Image Upgrade Process LC Active LC LC Standby LC ISSU LoadVersion LC Active LC LC Standby LC Switch-1 Switch-2 Switch-1 Switch-2 ISSU RunVersion LC Standby LC LC Active LC ISSU CommitVersion LC Standby LC LC Active LC Switch-1 Switch-2 = Old Version Switch-1 Switch-2 = New Version 130

131 Execute Upgrade Preparation Steps VSS Software Upgrade on Catalyst 6500 Enhanced Fast Software Upgrade (EFSU) 1. Before ISSU software upgrade, VSS Switch-1 and Switch-2 will be running the old software image. 2. Install the new image to the same location on the file systems of both Supervisors 3. Make sure the boot register is configured for auto boot 0x ISSU Loadversion = Old Version = New Version Switch-1 VSS Active WS-X G Si STANDBY COLD VSS Standby Hot WS-X G VSL Switch-2 Si R R = Reload 100% SO = Switchover 50% SW

132 Execute Upgrade Preparation Steps VSS Software Upgrade on Catalyst 6500 Enhanced Fast Software Upgrade (EFSU) 1. Before ISSU software upgrade, VSS Switch-1 and Switch-2 will be running the old software image. 2. Install the new image to the same location on the file systems of both Supervisors 3. Make sure the boot register is configured for auto boot 0x2102 R Switch-1 SO Switch-2 1. ISSU Loadversion = Old Version = New Version VSS VSS Active Standby Hot WS-X G Si STANDBY COLD VSS VSS Active Standby Hot WS-X G VSL Si 2. ISSU Runversion 3. ISSU Acceptversion (Optional) R = Reload 100% VSS Standby HOT SO = Switchover 50% SW2 SW

133 Execute Upgrade Preparation Steps VSS Software Upgrade on Catalyst 6500 Enhanced Fast Software Upgrade (EFSU) 1. Before ISSU software upgrade, VSS Switch-1 and Switch-2 will be running the old software image. 2. Install the new image to the same location on the file systems of both Supervisors 3. Make sure the boot register is configured for auto boot 0x ISSU Loadversion = Old Version = New Version R Switch-1 VSS Standby Hot Si WS-X G STANDBY COLD VSS Active WS-X G VSL Switch-2 Si 2. ISSU Runversion 3. ISSU Acceptversion R = Reload 100% VSS Standby HOT 4. ISSU Commitversion SO = Switchover 50% SW2 SW1 SW

134 VSS Software Upgrade on Catalyst 6500 Full Image Upgrade Bandwidth Availability Graph The following graphs illustrate the aggregate bandwidth available to the VSS Fast Software Upgrade bandwidth availability Enhanced Fast Software Upgrade bandwidth availability 10 0% 100 % 5 0 % 50 % SW2 SW1/SW2 SW1 At step 3 during RPR switchover, bandwidth will be dropped to 0% for 1-2 minutes 1 2 SW2 3 SW1 4 SW1 5 With EFSU, a minimum of 50% bandwidth is available throughout the software upgrade process 134

135 ISSU CLI Examples Initializing Standby With New Software After entering the issu loadversion command, the standby chassis will reload to boot the new software image... issu loadversion active-switch-id/slot active-image-new standby-switch-id/slot standby-image-new VSS# issu loadversion sup-bootdisk:new_image VSS# show issu state Slot = 22 RP State = Active ISSU State = Load Version Boot Variable = bootdisk:old_image,12 Slot = 40 RP State = Standby ISSU State = Load Version Boot Variable = bootdisk:new_image,12;sup-bootdisk:old_image,12 135

136 ISSU CLI Examples Switchover to Standby to Run New Software After entering the issu runversion command the Active Supervisor will reload thus causing the Standby to go Active Switch# issu runversion standby-switch-id / slot [standby-image-new] VSS# issu runversion This command will reload the Active unit. Proceed? [confirm] VSS# show issu state Slot = 40 RP State = Active ISSU State = Run Version Boot Variable = New_image,12;bootdisk:Old_image,12 Slot = 22 RP State = Standby ISSU State = Run Version Boot Variable = bootdisk:old_image,12 136

137 ISSU CLI Examples Rollback Timer Rollback timers gets activated as soon as issu runversion command is issued. It provides a window of time to verify the new software functionality. Users issues issu acceptversion to proceed with new software image or issu abortversion to go back to previous version. VSS# show issu rollback-timer Rollback Process State = In progress Configured Rollback Time = 45:00 Automatic Rollback Time = 42:02 VSS(config)# issu set rollback-timer? WORD Rollback timer in hh:mm:ss or <seconds> format Rollback timer can be set between zero seconds and two hours. Setting the rollback to zero effectively disables the timer 137

138 ISSU CLI Examples Accept New Software Version Enter the issu acceptversion command to stop the rollback timer. This allows a trail period where the system can be tested with the new software image. Switch# issu acceptversion active-switch-id / slot [active-image-new] VSS# issu acceptversion % Rollback timer stopped. Please issue the commitversion command. VSS# show issu state Slot = 40 RP State = Active ISSU State = Run Version Boot Variable = bootdisk:new_image,12;bootdisk:old_image,12 Slot = 22 RP State = Standby ISSU State = Run Version Boot Variable = bootdisk:old_image,12 Important: Only features that are common to both software versions will be enabled during the ISSU Run Version stage 138

139 ISSU CLI Examples Reset Old Active to Load New Software Enter the issu commitversion command to commit the new software image, the standby supervisor will reload to boot new software image Switch# issu commitversion standby-switch-id / slot-number [standbyimage-new] VSS# issu commitversion 10:54:37: %PFINIT-SP-5-CONFIG_SYNC: Sync'ing the startup configuration to the standby Router. [OK] 00:32:35: %SYS-SW1_SPSTBY-5-RELOAD: Reload requested - From Active Switch (Reload peer unit). VSS# show issu state Slot = 40 RP State = Active ISSU State = Init Boot Variable = bootdisk:new_image12; Old_image,12 Slot = 22 RP State = Standby ISSU State = Init Boot Variable = bootdisk:new_image,12; Old_image,12 139

140 EFSU for VSS Quad-Sup SSO New Staggered upgrade mode will upgrade one Supervisor module at a time Effective outage for an individual chassis is minimized because the supervisor modules do not reload with the linecards Staggered mode reloads the Supervisor modules separately from the linecards Linecards will reload on a per chassis basis during the process (similar to EFSU on Sup720) however the Staggered mode is the system default for Sup2T Optional Tandem mode will upgrade both Supervisors modules per chassis, same as operation with VS-Sup720-10G Must use at least one Supervisor uplink port from each Supervisor module Needed to maintain VSL during linecard reloads Recommend using all four Sup uplinks for the VSL 140

141 VSL Design Link Diversification (Quad-Sup Design Option #1) CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard VSS Active VSS ICS CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard Ten 1/5/4 Ten 2/5/4 Ten 1/5/5 Ten 2/5/5 Ten 1/6/5 Ten 2/6/5 Ten 1/6/4 Ten 2/6/4 CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard VSS Standby VSS ICS CFC or DFC Linecard CFC or DFC Linecard CFC or DFC Linecard Maintains 20Gbps VSL bandwidth in event of a Supervisor failure Maintains at least one locally attached VSL link to active Supervisor no matter which Supervisor becomes active Cost effective design that does not require additional VSL-capable linecard compared to design option #2 ICS = In-Chassis Standby 141

142 Staggered Mode Requires a VSL Connection Between All Supervisor Modules VSS01# *Apr 18 05:11:32.897: SW1: Cannot proceed with staggered ISSU upgrade as VSL connection requirement is not met. Please issue Config cli no issu upgrade staggered to disable staggered upgrade 142

143 VSL Status and Detail VSS01#show switch virtual link detail VSL Status : UP VSL Uptime : 21 hours, 45 minutes VSL SCP Ping : Pass VSL ICC Ping : Pass VSL Control Link : Te1/2/4 VSL Encryption : Configured Mode - Off, Operational Mode - Off LMP summary Link info: Configured: 4 Operational: 4 Peer Peer Peer Peer Timer(s)running Interface Flag State Flag MAC Switch Interface (Time remaining) Te1/1/4 vfsp operational vfsp f1c Te2/1/4 T4(152ms) T5(59.95s) Te1/1/5 vfsp operational vfsp f1c Te2/2/5 T4(152ms) T5(59.95s) Te1/2/4 vfsp operational vfsp f1c Te2/2/4 T4(152ms) T5(59.95s) Te1/2/5 vfsp operational vfsp f1c Te2/1/5 T4(152ms) T5(59.98s) Flags: v - Valid flag set f - Bi-directional flag set s - Negotiation flag set p - Peer detected flag set Timers: T4 - Hello Tx Timer T5 - Hello Rx Timer 143

144 ISSU Compatibility Matrix - Stored VSS01#show issu comp-matrix stored Number of Matrices in Table = 1 (1) Matrix for s2t54-advipservicesk9-m(10) - s2t54-advipservicesk9-m(10) ========================================== Start Flag (0xDEADBABE) My Image ver: 15.1(1)SY1 Peer Version Compatibility (1)SY Incomp(1) 15.0(1)SY1 Incomp(1) 15.0(1)SY2 Incomp(1) 15.0(1)SY3 Incomp(1) 15.0(1)SY4 Incomp(1) 15.1(1)SY Dynamic(0) 15.1(1)SY1 Comp(3) VSS01# 144

145 ISSU Show Commands VSS4Sup#show issu state The system is configured to be upgraded in staggered mode. 4 nodes are found to be online. Summary: the system will be upgraded in staggered mode. Slot = 1/5 RP State = Active ISSU State = Init Boot Variable = bootdisk:s2t54-advipservicesk9-mz.ssa wia111.90,1; Slot = 2/5 RP State = Standby ISSU State = Init Boot Variable = bootdisk:s2t54-advipservicesk9-mz.ssa wia111.90,1; Slot = 1/6 RP State = Active-ICS ISSU State = Init Boot Variable = bootdisk:s2t54-advipservicesk9-mz.ssa wia111.90,1; Slot = 2/6 RP State = Standby-ICS ISSU State = Init Boot Variable = bootdisk:s2t54-advipservicesk9-mz.ssa wia111.90,1; 145

146 Staggered Upgrade with Quad-Sup SSO Loadversion A V1 ICS V1 S V1 ICS V1 ISSU State = INIT Switch ID 1 Switch ID 2 #issu loadversion bootdisk:v1.bin A V1 ICS V1 S V1 ICS V2 V1 R ISSU State = LV Switch ID 1 Switch ID 2 146

147 Staggered Upgrade with Quad-Sup SSO Loadversion (Step2) A V1 ICS V1 S V1 ICS V2 V1 ISSU State = LV Switch ID 1 Switch ID 2 VSS Standby ICA (2,1) reloads causing an SSO switchover event, linecards then reload with new version to match the new ICA (2,2) A V1 ICS V1 S V1 ICS V1 ICS S V2 SSO ISSU State = LV R Switch ID 1 Switch ID 2 R This step occurs automatically, no CLI user required Begins after the Sup in 2/2 reaches ICS Standby Hot running V2 The newly active Sup in (2,2) is running V2 software and causes linecard to reload with V2 147

148 Staggered Upgrade with Quad-Sup SSO Runversion A V1 ICS V1 ICS S V1 ICS S V2 V1 ISSU State = LV #issu runversion R A ICS V1 S V1 ICS V1 ICS S V1 ICS S A V2 V2 V1 ISSU State = RV 148

149 Staggered Upgrade with Quad-Sup SSO Commitversion (Step1) ICS V1 S V1 ICS V1 A V2 ISSU State = RV #issu commitversion R ICS A V2 V1 S ICS V1 ICS S V1 ICS S A V2 V1 ISSU State = CV1 149

150 Staggered Upgrade with Quad-Sup SSO Commitversion (Step2) ICS A V2 V1 S ICS V1 ICS S V1 ICS S V1 A V2 ISSU State = CV1 R ICS S V2 S ICS V1 V2 R R ICS V1 V2 A V2 R ISSU State = INIT Linecards in Switch 1 reload with new version when the new ICA running v2 goes active Linecards perform pre-download of software image if the linecard is capable (requires 512MB memory) 150

151 EFSU Staggered Mode Time Table 100% 50% ~1-2 min linecard reload time ~1-2 min linecard reload time loadversion runversion acceptversion commitversion 151

152 EFSU Staggered versus Tandem Mode 100 % 50 % 100 % ~15min reload time ~15min reload time ~15min reload time loadversion runversion acceptversion commitversion Tandem Upgrade Staggered Upgrade 50 % ~1-2 min ~1-2 min linecard linecard 1 reload time 2 3 reload time 4 loadversion runversion acceptversion commitversion 152

153 ISSU Image Version Compatibility Both software versions must support the ISSU infrastructure and the two images must be compatible for the upgrade process to proceed in SSO redundancy mode Check the Cisco Feature Navigator or the Software Release Notes for listing of compatible release In general Cisco will attempt to provide ISSU compatibility for releases within an 18 month time frame of each other 153

154 ISSU Image Compatibility Rules 18 month window release time frame exceptions for major releases or other significant changes between releases ISSU requires the same software licenses between images IP Base to IP Base Advanced IP Service to Advanced IP Services Universal_lite to Universal_lite ISSU is also not supported from a k9 image to a non-k9 image, or vice versa. 154

155 ISSU Compatibility Matrix on Cisco.com 155

156 VSS & EFSU Important Points EFSU supported on Sup720-10G based systems with SXI software train and newer EFSU supported on Sup2T based systems with 15.0(1)SY software and newer Dual-homed connectivity is required for minimal traffic disruption with EFSU Single-homed devices will experience an outage when the attached chassis reloads Software images files must be ISSU compatible (these are not VSS specific requirements) Must be the same image types, meaning Native to Native or Modular to Modular For Modular images, both images must use the same installation method, therefore installed mode or binary mode The software feature sets must be the same between the two software image files Always Check the Release Notes for hardware and software compatibility 156

157 VSS Software Upgrades on Catalyst 4500-Series ISSU Manual and Automatic Methods The Catalyst 4500-E and Catalyst 4500-X support ISSU upgrades in VSS mode similar to what is supported on the Catalyst 6500 Traditional four step ISSU upgrade, described as the manual method Catalyst 4500-E and Catalyst 4500-X support ISSU Changeversion command using a single command to execute the upgrade single command ISSU upgrade automatic method ISSU Changeversion performs the ISSU upgrade without user intervention scheduling option quick option skips the intermediate trial phase upgrade, faster overall upgrade process 157

158 VSS Distribution Design Considerations

159 VSS Distribution with Dual-Homed Core Connections Dual-homed connections Each core device has a physical connection to each VSS switch Leverages modifications to Etherchannel and ECMP forwarding to always favor locally attached interfaces Hardware based convergence L3 Core VSS Distribution Access 159

160 VSS Distribution Topologies with ECMP Logical View # Show IP Route D Next Hop 1 Next Hop 2 Next Hop 3 Next Hop Network Physical View

161 Catalyst 6500 VSS Enabled Campus Design Unicast ECMP Traffic Flows ECMP forwarding also favors locally attached interfaces Si Si Hardware FIB inserts entries for ECMP routes using locally attached links If all local links fail the FIB is programmed to forward across the VSL link T1/2/1 T1/2/2 cr vss# sh ip route longer-prefixes D /17 [90/3328] via , 2d10h, TenGigabitEthernet2/2/1 [90/3328] via , 2d10h, TenGigabitEthernet1/2/1 [90/3328] via , 2d10h, TenGigabitEthernet2/2/2 [90/3328] via , 2d10h, TenGigabitEthernet1/2/2 cr vss# sh mls cef switch 1 Codes: decap - Decapsulation, + - Push Label Index Prefix Adjacency /17 Te1/2/2, 0012.da67.7e40 (Hash: 0001) Te1/2/1, 0018.b966.e988 (Hash: 0002) Four ECMP Entries Two FIB Entries 161

162 ECMP Link Convergence IOS-Based Route Removal Catalyst Switch 5 Si 1 2 Software Routing Table (RIB) Routing Protocol Process Si Prefix Next Hop Interface / gig 1/ gig 1/2 Si Cisco IOS Software CEF Tables Link failure detection Removal of the entries in the routing table FIB Table Prefix Adjacency Ptr /16 Adj1 (gig 1/1) Adj2 (gig 1/2) Adjacency Table Rewrite Information AA.AA.AA.AA.AA, VLAN BB.BB.BB.BB.BB, VLAN Update of the software CEF table to reflect to loss of the next-hop adjacencies Update of the hardware tables Routing protocol notification and reconvergence Hardware Tables FIB Table Prefix Adjacency Ptr /16 Adj1 (gig 1/1) Adj2 (gig 1/2) 4 Adjacency Table Rewrite Information AA.AA.AA.AA.AA, VLAN BB.BB.BB.BB.BB, VLAN 162

163 ECMP Link Convergence IGP-Based Route Removal OSPF ECMP Design Core Si Si Core, Distribution and Access (L3) Switch(config)# no ip routing protocol purge-interface Si Si Dist L3 Access Route purge procedure modified to improve converge on un-equal cost network designs. Recommended to enable no ip routing protocol purge-interface for sub-second network recovery in OSPF enabled ECMP network design. Keep default for EIGRP enabled ECMP network design. 163

164 VSS Distribution with Single-Homed Core Connections Each core layer device has a single connection to the VSS (not a recommended design) Recommended design is to dualhome connections to the VSS Single-home might be the only option available Lack of available fiber Expensive fiber and optics L3 Core VSS Distribution Access 164

165 VSS Distribution with Single-Homed Core Connections Full Reroute Required for Certain Link/Node Fail Scenarios Core link fail will cause down stream traffic to perform a full reroute to converge Core node fail will cause a full reroute to converge VSS node fail will cause a full reroute to converge Full reroute for Link/SFP/Module/ISSU etc Reroute L3 Core VSS Distribution Access 165

166 VSS Distribution with Single-Homed Core Connections VSL Traffic Impact Under Normal Operating Conditions Creates control plane traffic path over the VSL Be aware of the traffic patterns Size the VSL accordingly L3 Core VSS Distribution Active Standby Access 166

167 VSS Distribution with Single-Homed Core Connections is Fully Supported Just Understand the Behavior Single-homed design is fully supported however convergence is not optima L3 Core Advantage is that it requires fewer links Understand the convergence expectations VSS Distribution Active Standby Convergence is software based but may still be sub second CPU utilization Number of routes Access 167

168 VSS Core Design Considerations 168

169 Why VSS in the Core? VSS or Dual Standalone Switches in the Campus Core VSS Core Pros Simplified topology MEC Hardware based convergence Reduced # routes, unicast and multicast Reduced L3 IGP peering Simplify IP multicast configuration Increase IP multicast bandwidth capacity through the core VSS Core Cons ISSU compatible software images required to support core software upgrade using EFSU 169

170 VSS Core Network Design Alternatives Single Home Network Design Full-Mesh Network Design Physical Design Physical Design ECMP MEC ECMP Dual MEC Single MEC Logical Design Logical Design 170

171 VSS Core Network Design Analysis Single Link ECMP Single Link MEC Full-Mesh ECMP Full-Mesh Dual-MEC Full-Mesh Single MEC Total physical links Total logical links Total layer 3 links ECMP routing path Per switch local forwarding path Routing Peers Double Single Quadrupled Double Single Single link failure recovery mechanic ECMP via VSL ECMP MEC MEC NSF/SSO benefits No Yes Yes Yes Yes MEC Load-sharing benefits No No No Yes Yes Dual-Active Trust Support No Yes No Yes Yes Fast-Link Notification capability No Yes No Yes Yes Single Link Failure Upstream Network Convergence (ave) Single Link Failure Downstream Network Convergence (ave) Variable ~600 msec ~200-msec <=100 msec <=100 msec Variable ~600 msec ~200-msec <=100 msec <=100 msec Recommended Best Practice Core routing Design No No No No Yes 171

172 VSS Core Simplifies Multicast Operation, Improve Performance and Redundancy Standalone Core needs AnyCast MSDP peering for RP Redundancy. VSS based Core simplifies PIM RP Redundancy with NSF/SSO/MMLS technologies. ECMP builds single Multicast forwarding path. MEC increases multicast forwarding capacity by utilizing all member-links. Single Logical PIM RP PIM RP Single Logical PIM Interface Single Logical PIM Router PIM Router Si Si AnyCast - MSDP VSL Si Multiple Multicast Forwarding Paths Single OIL Single Logical OIL Si PIM Join PIM RP Core PIM Router PIM Join Dist Core Dist 172

173 Convergence (sec) VSS Core & Distribution with Single MEC Design MEC Provides Hardware Based Link and Node Convergence MEC/EC multicast recovery is hardware-based and recovery is scale-independent in sub-seconds ECMP multicast recovery is mroute scale dependent could range in seconds. Time for ECMP/MEC Multicast Recovery ECMP 2 MEC/EC Number or Multicast Routes Core/Distribution Sup720-10GE MEC/EC Convergence 173

174 Why VSS in the Core? VSS or Dual Standalone Switches in the Campus Core VSS Core Pros Simplified topology MEC Hardware based convergence Reduced # routes, unicast and multicast Reduced L3 IGP peering Simplify IP multicast configuration Increase IP multicast bandwidth capacity through the core VSS Core Cons ISSU compatible software images required to support core software upgrade using EFSU 174

175 Deployment Considerations and Best Practices

176 Virtual Switching System Architecture Virtual Switch Domain A Virtual Switch Domain ID is allocated during the conversion process and represents the logical grouping the 2 physical chassis within a VSS. It is possible to have multiple VS Domains throughout the network VSS Domain 10 VSS Domain 20 VSS Domain 30 Use a UNIQUE VSS Domain-ID for each VSS Domain throughout the network. Various protocols use Domain-IDs to uniquely identify each pair. 176

177 Virtual Switching System Architecture Router MAC Address Assignment One router MAC address to represent both physical chassis as a single logical device Configuration options Burnt-In MAC address Virtual MAC address Router MAC address = 0008.e3ff.fc0a Recommendation is to use the virtual mac-address option. This eliminates the possibility of a duplicate MAC address in case the original Supervisor is ever reused within the same network. 177

178 Virtual Switching System Architecture Virtual Router MAC Address Assignment Instead of using default chassis mac-address assignment, from 12.2(33)SXH2 onwards virtual mac-address can be specified as shown below VSS(config-vs-domain)#switch virtual domain 10 VSS(config-vs-domain)#mac-address use-virtual Configured Router mac address is different from operational value. Change will take effect after config is saved and the entire Virtual Switching System (Active and Standby) is reloaded. VSS# show interface vlan 1 Vlan1 is up, line protocol is up Hardware is EtherSVI, address is 0008.e3ff.fc0a (bia 0008.e3ff.fc0a) The use-virtual MAC address is assigned from a reserved pool of MAC addresses appended with the VSS domain id. The reserved pool is 0008.e3ff.fc00 to 0008.e3ff.ffff. 178

179 Virtual Switching System Dual-Attach Whenever Possible Si Si Si Si Dual-Attach connected devices whenever possible Etherchannel and CEF hashing algorithms have been modified for VSS to always favor locally attached interfaces With a dual-attached design Data traffic will not traverse the VSL under normal conditions, only control traffic will traverse the VSL Data traffic will traverse the VSL if there is a failure event and there no local interfaces are available 179

180 VSL Bandwidth Sizing How Many Links are Needed in the VSL? Si Si Si Si The VSL is an Etherchannel Supports up to eight links Consider possible failure scenarios Fiber, SFP, Interface, Line Card, Supervisor, downstream switch interfaces Consider the bandwidth needed for any Service Modules Consider the bandwidth needed for any SPAN sessions Consider the bandwidth for routing protocol neighbor peering 180

181 VSS High Availability NSF Configuration and Monitoring Router# show ip protocol *** IP Routing is NSF aware *** Routing Protocol is "eigrp " <snip> EIGRP NSF-aware route hold timer is 240s EIGRP NSF enabled EIGRP Switch(config)#router eigrp 100 Switch(config-router#nsf OSPF Switch(config)#router ospf 100 Switch(config-router#nsf Router# show ip ospf Routing Process "ospf 100" with ID Start time: 00:01:37.484, Time elapsed: 3w2d Supports Link-local Signaling (LLS) <snip> Non-Stop Forwarding enabled, last NSF restart 3w2d ago (took 31 secs) Recommendation: Non-Stop Forwarding is required for sub-sec supervisor switchover convergence with L3 Routing Protocols 181

182 Use Default Timers with NSF/SSO (VSS) NSF/SSO redundancy is intended to provide availability by avoiding topology change during the Out-of Band IGP/EGP convergence event Fast IGP timers are intended to provide availability through fast route convergence L3 Core In an NSF environment dead timer must be greater than: SSO recovery + Routing Protocol restart + time to send first hello VSS Distribution Active Standby Recommendation Do not configure aggressive timer Layer 2 protocols, i.e. Fast UDLD Do not configure aggressive timer Layer 3 protocols, i.e. OSPF Fast Hello, BFD etc. Keep all protocol timers at default settings 182

183 Dual-Active Detection Recommendations: Use MEC with EPAgP or MEC with VSLP Fast Hello for faster VSL link loss convergence results. Si Si Enable BOTH EPAgP and direct heartbeat link based VSLP Fast Hello methods (if possible ) Enable EPAgP to core (if access-layer is not EPAgP capable EPAgP Redundant VSL Fiber VSLP Fast-Hello or BFD EPAgP 183

184 Operational Management Reloading the VSS Should there be a requirement to reload the entire Virtual Switching System (both chassis), the command reload can be used to accomplish this task Virtual Switch vss#reload Warning: This command will reload the entire Virtual Switching System (Active and Standby Switch). Proceed with reload? [confirm] 1d04h: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command. *** *** --- SHUTDOWN NOW --- *** 1d04h: %SYS-SP-5-RELOAD: Reload requested System Bootstrap, Version 8.5(1) Copyright (c) by cisco Systems, Inc. Cat6k-Sup720/SP processor with Kbytes of main memory < snip > 184

185 Operational Management Reloading a Member of the VSS Switch1 Switch2 VSL vss# redundancy reload? peer shelf <1-2> vss# redundancy reload shelf 2 Reload the entire remote shelf[confirm] Preparing to reload remote shelf vss# Active Hot Standby vss# redundancy force-switchover This will reload the active unit and Force switchover to standby [confirm] vss# 185

186 Revert from VSS to Standalone How to revert a system from VSS to Standalone mode core6506#erase nvram: Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] *Jul 2 10:12:02.073: %SYS-SW1_SP-7-NV_BLOCK_INIT: Initialized the geometry of nvram *Jul 2 10:12:04.627: %SYS-SW2_SPSTBY-7-NV_BLOCK_INIT: Initialized the geometry of nvram core6506# *Jul 2 10:12:05.243: %VS_GENERIC-SW2_SPSTBY-5-VS_SWITCH_NUMBER_CHANGE: Switch_number getting changed from 2 to 0. *Jul 2 10:12:05.347: %VS_GENERIC-SW1_SP-5-VS_SWITCH_NUMBER_CHANGE: Switch_number getting changed from 1 to 0. Use Erase NVRAM Exec level command Will erase the startup-config and also set the VSS switch number ROMMON variables on both switches to default value of 0 Reload the chassis after the Erase NVRAM and the system will boot as a standalone switch with a default configuration 186

187 VSS Deployment Best Practices DO Use unique VSS domain-id within the same network Save backup configuration file to all Supervisor file systems in the same relative location, for example both active & hot-standby bootdisk: Use a minimum of one Supervisor uplink for the VSL, this provides for faster VSL bring up. Use all four (per chassis) Supervisor uplinks in a Quad-Sup configuration Dual-home connected devices whenever possible, use L2 or L3 Multi-Chassis Etherchannel, L3 ECMP Use epagp and VSLP Fast Hello Dual Active Protocol. Enable NSF under routing protocols 187

188 VSS Deployment Best Practices Con t DO NOT. Do Not Tune VSLP timers unless recommended by cisco Do Not Use preemption (VSS switch preemption has been removed from SXJ and SY release trains) Do Not Issue shutdown on VSL port-channel interface for VSL failure testing, it creates config mismatch. If you want to test the dual-active detection mechanisms simply disconnect the VSL cables, this will create a realistic failure scenario without causing the configurations to get out of sync. Do Not Change VSL hashing algorithm in production. It requires a shut/no shut on PO. Shutting down VSL will cause traffic disruption and dual-active scenario. 188

189 Summary

190 Benefit 1: Simplifies Network Designs Build redundant topology without First Hop Redundancy Protocols No Spanning Tree blocking ports Single control plane and management interface Reduces the number of L3 routing protocol peers 190

191 Benefit 2: Scales System Capacity No Spanning Tree Blocking Ports Groups resources together and activates all available bandwidth across redundant Cisco Catalyst VSS switches Enables standards-based link aggregation for server or service appliance connectivity, maximizing system bandwidth 191

192 Benefit 3: Increase Network Availability Inter-chassis Stateful Failover enables real time applications to continue without disruption Etherchannel based link resiliency provides subsecond recovery Simplifies network designs reducing human error in network operations 192

193 Complete Your Online Session Evaluation Give us your feedback and you could win fabulous prizes. Winners announced daily. Complete your session evaluation through the Cisco Live mobile app or visit one of the interactive kiosks located throughout the convention center. Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online 193