Adding a 6506-E to another 6506-E for an HA pair.

Answered Question
Jan 25th, 2010
User Badges:

What are the requirements for setting up a 6506-E to an already existing 6506-E so that they work in an HA pair? A heartbeat is needed in between them, too. Can't seem to find any info in the forums or on the web pertaining to this subject. Any help would be appreciated.

Correct Answer by Jon Marshall about 7 years 4 months ago

I know I probably sound like a complete fool for asking these types of questions, but I really don't know. This seems to be more like a CCNP level task, as opposed to my CCNA level knowledge.


You don't sound like a complete fool at all, we've all been there before facing a situation we have never been in. That's what these forums are for


Does this mean that you can connect from any port on one switch to any port on the other? Aside from running HSRP/GLBP between the two switches, what else is entailed? This sounds a little too easy.


It's probably not as complicated as you think it is. Basically you would need to make sure both switches have the same vlan info and you can do this by simply making your current switch a VTP server. You then connect your new switch, make it a VTP client and it will get the vlan info from the first switch. Are you familiar with VTP ? If not then you do need to be careful when you first connect up the switch that is has a lower VTP revision number but we can sort that out.


VTP will synchronise the vlan info at L2. You must then manually configure the L3 vlan interfaces. So if you have a vlan 10 L3 interface on your existing switch you would also configure a vlan 10 L3 interface on your new switch. And then configure HSRP between the 2 switches.


You would connect the 2 switches together with a L2 trunk. This trunk is usually an etherchannel connection for redudancy and throughput.


Basically my requirements are that the switches need to be in an HA pair with a heartbeat in between. There is also a little bit of controversy as to put the other switch in active mode, too, for load balancing and possible faster switch over times, or is it better to place it in passive/standby mode? What do you feel is best?


It's not really like that. You don't run either switch in standby mode, ie. they are both active so traffic can go to either one. Now you can influence which one the traffic goes to by setting which switch is HSRP active for which vlans and also switch switch is STP root for which vlans but both switches will be active.


What about upgrading the IOS......when you do the sh ver, it show ROM and the IOS versions, so I can assume that you would use the IOS versioning to determine what to upgrade, BUT when you go to Cisco's website and do a software search, it shows IOS boot image, IOS software, IOS portable modules or something like that. How do you know which one to choose?


Depends on what you want but unless you go for IOS Modularity you just need one IOS image. Makes sense to have the same image on both 6500s. Boot loaders are not that relevant as they used to be.


12.2SXF is a common IOS that is used on these switches. If you need certain features that are not available in this version then 12.2SXH is a later IOS. There are costs involved with upgrading between versions so it may be easier to just use the latest IOS out of the 2 switches. This is actually where the 6500 can become a bit difficult. Not all IOS versions support all modules in the chassis so if you want to be sure then use the IOS from the existing switch presuming you are getting the same modules.


There is a lot more that could be said but what i would say is don't be too put off just because they are 6500 switches. They are complex bits of kit but the basic config would not be too much different from say a redundant pair of 3560s.


One last thing. You will probably get quicker responses and more people helping if you post under "Lan Switching and Routing" rather than here.


Let me know if you have more queries.


Edit - one thing i forgot to mention. The concept of active/passive is not relevant in general but with certain service modules in the 6500 then you can run these modules in active/passive. The type of modules i am talking about are the FWSM (Firewall Service Module), CSM (Content Switch Module), ACE (Application Control Engine). If you have any of these modules then there is a decision to be taken about how to run these modules, but the overall switches would still both be active. If you are unsure what you have then "sh module" will show you.


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Mon, 01/25/2010 - 09:48
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

klambert1218 wrote:


What are the requirements for setting up a 6506-E to an already existing 6506-E so that they work in an HA pair? A heartbeat is needed in between them, too. Can't seem to find any info in the forums or on the web pertaining to this subject. Any help would be appreciated.


Depends what you mean. Are you talking abotut VSS where you see the 2 switches as one virtual switch ? Note for this you need specific modules and supervisors.


If you just mean to run together connected via either a L3 connection or more likely a L2 trunk then you won't find any actual docs because there isn't any specific HA software. You simply interconnect them as i say usually with a L2 trunk and then run HSRP/GLBP between the 2 switches to provide gateway redundancy for devices like servers connected to them. If you are connecting switches to them have an uplink from each switch to both 6500 switches.


Perhaps if you could be more specific in your requirements ?


Jon

klambert1218 Mon, 01/25/2010 - 10:11
User Badges:

Unfortunately, our switches don't contain the VSS switching modules, because that was going to be my plan of action, but instead they just have the SUP720's w/o the 10G ports.

john.marshall wrote:



You simply interconnect them as i say usually with a L2 trunk and then run HSRP/GLBP between the 2 switches to provide gateway redundancy for devices like servers connected to them. If you are connecting switches to them have an uplink from each switch to both 6500 switches.


Does this mean that you can connect from any port on one switch to any port on the other? Aside from running HSRP/GLBP between the two switches, what else is entailed? This sounds a little too easy.


Basically my requirements are that the switches need to be in an HA pair with a heartbeat in between. There is also a little bit of controversy as to put the other switch in active mode, too, for load balancing and possible faster switch over times, or is it better to place it in passive/standby mode? What do you feel is best?


What about upgrading the IOS......when you do the sh ver, it show ROM and the IOS versions, so I can assume that you would use the IOS versioning to determine what to upgrade, BUT when you go to Cisco's website and do a software search, it shows IOS boot image, IOS software, IOS portable modules or something like that. How do you know which one to choose?


I know I probably sound like a complete fool for asking these types of questions, but I really don't know. This seems to be more like a CCNP level task, as opposed to my CCNA level knowledge.

Correct Answer
Jon Marshall Mon, 01/25/2010 - 10:31
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

I know I probably sound like a complete fool for asking these types of questions, but I really don't know. This seems to be more like a CCNP level task, as opposed to my CCNA level knowledge.


You don't sound like a complete fool at all, we've all been there before facing a situation we have never been in. That's what these forums are for


Does this mean that you can connect from any port on one switch to any port on the other? Aside from running HSRP/GLBP between the two switches, what else is entailed? This sounds a little too easy.


It's probably not as complicated as you think it is. Basically you would need to make sure both switches have the same vlan info and you can do this by simply making your current switch a VTP server. You then connect your new switch, make it a VTP client and it will get the vlan info from the first switch. Are you familiar with VTP ? If not then you do need to be careful when you first connect up the switch that is has a lower VTP revision number but we can sort that out.


VTP will synchronise the vlan info at L2. You must then manually configure the L3 vlan interfaces. So if you have a vlan 10 L3 interface on your existing switch you would also configure a vlan 10 L3 interface on your new switch. And then configure HSRP between the 2 switches.


You would connect the 2 switches together with a L2 trunk. This trunk is usually an etherchannel connection for redudancy and throughput.


Basically my requirements are that the switches need to be in an HA pair with a heartbeat in between. There is also a little bit of controversy as to put the other switch in active mode, too, for load balancing and possible faster switch over times, or is it better to place it in passive/standby mode? What do you feel is best?


It's not really like that. You don't run either switch in standby mode, ie. they are both active so traffic can go to either one. Now you can influence which one the traffic goes to by setting which switch is HSRP active for which vlans and also switch switch is STP root for which vlans but both switches will be active.


What about upgrading the IOS......when you do the sh ver, it show ROM and the IOS versions, so I can assume that you would use the IOS versioning to determine what to upgrade, BUT when you go to Cisco's website and do a software search, it shows IOS boot image, IOS software, IOS portable modules or something like that. How do you know which one to choose?


Depends on what you want but unless you go for IOS Modularity you just need one IOS image. Makes sense to have the same image on both 6500s. Boot loaders are not that relevant as they used to be.


12.2SXF is a common IOS that is used on these switches. If you need certain features that are not available in this version then 12.2SXH is a later IOS. There are costs involved with upgrading between versions so it may be easier to just use the latest IOS out of the 2 switches. This is actually where the 6500 can become a bit difficult. Not all IOS versions support all modules in the chassis so if you want to be sure then use the IOS from the existing switch presuming you are getting the same modules.


There is a lot more that could be said but what i would say is don't be too put off just because they are 6500 switches. They are complex bits of kit but the basic config would not be too much different from say a redundant pair of 3560s.


One last thing. You will probably get quicker responses and more people helping if you post under "Lan Switching and Routing" rather than here.


Let me know if you have more queries.


Edit - one thing i forgot to mention. The concept of active/passive is not relevant in general but with certain service modules in the 6500 then you can run these modules in active/passive. The type of modules i am talking about are the FWSM (Firewall Service Module), CSM (Content Switch Module), ACE (Application Control Engine). If you have any of these modules then there is a decision to be taken about how to run these modules, but the overall switches would still both be active. If you are unsure what you have then "sh module" will show you.


Jon

klambert1218 Tue, 01/26/2010 - 07:36
User Badges:

Jon,


Thank you so much for all of the VERY useful information. I've been doing some research into GLBP and HSRP, when I ran across VRRP. Is this a viable option for this situation, too?


None of our interfaces, with exception to our management VLAN, have IPs assigned to them, because no routing is performed on these switches. We utilize VLANs, but no inter-VLAN routing. I don't know if this changes your suggestions or not.

aaronbrown Tue, 01/26/2010 - 08:22
User Badges:

It is my understanding that GLBP and HSRP are Cisco proprietary protocols, while VRRP is the cross platform IEEE standard. It works very similarly to HSRP.

Jon Marshall Tue, 01/26/2010 - 09:11
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

klambert1218 wrote:


Jon,


Thank you so much for all of the VERY useful information. I've been doing some research into GLBP and HSRP, when I ran across VRRP. Is this a viable option for this situation, too?


None of our interfaces, with exception to our management VLAN, have IPs assigned to them, because no routing is performed on these switches. We utilize VLANs, but no inter-VLAN routing. I don't know if this changes your suggestions or not.


VRRP is less commonly used than the other 2.


If you are not doing inter-vlan routing then you don't need to worry about HSRP/GLBP or VRRP because it's not needed. You only have to worry about the L2 vlans.


Is there a reason you are not routing on the 6500 ? - where is the inter-vlan routing happening ie. which device ?


Jon

klambert1218 Wed, 01/27/2010 - 11:28
User Badges:

There isn't any reason why we are not routing on the 6500....it was set up like that before I started working here. My take on this is that none of the VLANs need to communicate with each other, and so my understanding is that routing is only required when different VLANs needs to communicate. Is this not correct? Eventually it may be used as a L3 device, but what will most likely happen in the future is that we will buy a less robust system to support our LAN.

Jon Marshall Wed, 01/27/2010 - 11:34
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

klambert1218 wrote:


There isn't any reason why we are not routing on the 6500....it was set up like that before I started working here. My take on this is that none of the VLANs need to communicate with each other, and so my understanding is that routing is only required when different VLANs needs to communicate. Is this not correct? Eventually it may be used as a L3 device, but what will most likely happen in the future is that we will buy a less robust system to support our LAN.


If the vlans do not need to communicate with each other or any other subnets anywhere else in your network then yes you do not need to do any inter-vlan routing.


Jon

klambert1218 Wed, 01/27/2010 - 13:20
User Badges:

Jon,


I have another question for you. Hopefully this will be my last.


Would it be to my advantage to upgrade the IOS on the active switch before turning on the secondary one, or does that really matter? I mean, I know for redundancy and failover purposes, the IOS' need to match, but as far as the order in which they are done, does that make a difference?

Jon Marshall Wed, 01/27/2010 - 13:26
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

klambert1218 wrote:


Jon,


I have another question for you. Hopefully this will be my last.


Would it be to my advantage to upgrade the IOS on the active switch before turning on the secondary one, or does that really matter? I mean, I know for redundancy and failover purposes, the IOS' need to match, but as far as the order in which they are done, does that make a difference?


Actually they don't need to match. They would if you have 2 supervisors in the same chassis or were running VSS but if you have 2 different chassis they don't need to be the same. Obviously it goes without saying that it's best if they are the same.


So it makes no difference in your scenario when you do it.


Jon

klambert1218 Fri, 01/29/2010 - 07:51
User Badges:

In my continual preparation for the upcoming set up of the secondary 6506-E, I noticed that our active 6506-E doesn't have any information in the boot statement other than 'disk0:,1;sup-bootdisk:,1;' when you do a 'sh boot:'. If you do a 'sh disk0:' then the image is present. Also, after issuing 'sh ver', I get a message stating that 'Patching is not available since the system is not running from an installed image. To install please use the "install file" command.'

This needs to be done before we upgrade, correct? To create/establish the heartbeat between the switches, is there any additional configuration necessary other than the physical configuration itself, say, to 5/0 or 5/1?

klambert1218 Tue, 02/09/2010 - 09:55
User Badges:

Is it possible to force a switchover/failover if we're only using L2? If so, how is it done? We're down to the wire, and I want to make sure that as little goes wrong with this project as possible.

Actions

This Discussion

Related Content