VSS too soon to implement?

Unanswered Question

Hi can anyone advise on the following

We are currently planning to upgrade 2 of our core switches in one of our data centres. The question is should we implement VSS or stick with more tried and tested methods HSRP etc..

Whilst we can see the advantages and are eager to deploy vss I have heard a few stories and have been advised by some suppliers that it may be too early for us to implement vss in our environment and we should wait.

We could buy in the appropriate hardware for vss but run it with HSRP for now and adopt vss later but this will involve a lot of reconfiguration later.

Any advice?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
MATTHEW BECK Mon, 10/20/2008 - 13:32
User Badges:


I built a VSS pair for one of my core layers about a month ago. It's running the IOS that was listed as Safe Harbor at the time. It's been running very well but it is a simple config. VSS does not yet support FWSMs and other modules so if you need those, you're going to have to wait a bit longer. I hear that the end of October will see the release of IOS that supports FWSM but it won't be generally available until next year.

I have also found one bug in the version I'm running but I don't have the resources to test and see if it's because of VSS or just the IOS in general. I'm using floating statics for backup routes over VPNs with my OSPF config. When a link drops and the floating static enters the table, everything works as expected. But when the link comes back up and OSPF learns more specific routes, the /16 put in place by the floating static doesn't go away. I have to manually delete it and put it back in for the next failure.

When buying new hardware, keep in mind that VSS only supports 1 Sup per chassis. Don't buy 4 sups. I'm not sure when support for 4 sups will be included.

Good luck!

umamon Mon, 10/20/2008 - 22:17
User Badges:

I just went through a similar scenario. If my assumptions are correct, and you are planning to have 6509-E series (or equivalent) with Sup VS-S720 without FWSM you should be fine, Cisco can support it, but if you have a FWSM included in your upgrade there is not a IOS that will support both VSS w/FWSM (Firwall Service Module).

If your new core switch equipment includes a FWSM then the IOS for that has not been release yet, as of Sept. And I would be a little hesitate to implement, just because the IOS would be fresh out of the lab.

Hope this was somewhat helpful.



This Discussion