07-31-2014 05:16 AM - edited 03-07-2019 08:13 PM
Hi folks,
I have a little design question in regards to Catalyst 650X VSS VS4O (quad supervisors) in regards to the dual active detection.
I have seen that the recommendation is to use ePAgP utilizing an access switch as well as doing a separate dual active detection link.
As I do not wish to use an access switch I would like to do one of the following showed below.
Option 1: having a DAD link from chassis to chassis connecting the direct neighboring SUP.
Option 2: Having a full mesh of DAD links between all SUPs
Option 3: Having a full mesh of DAD links between all SUPs configured a port-channels. (is this a valid option)
is this the correct config speaking for option 2 ?
interface GigabitEthernet1/5/1
description VSS Dual-active detection
no switchport
no ip address
no cdp enable
dual-active fast-hello
interface GigabitEthernet2/5/1
description VSS Dual-active detection
no switchport
no ip address
no cdp enable
dual-active fast-hello
interface GigabitEthernet1/5/2
description VSS Dual-active detection
no switchport
no ip address
no cdp enable
dual-active fast-hello
interface GigabitEthernet2/5/2
description VSS Dual-active detection
no switchport
no ip address
no cdp enable
dual-active fast-hello
interface GigabitEthernet1/5/3
description VSS Dual-active detection
no switchport
no ip address
no cdp enable
dual-active fast-hello
interface GigabitEthernet2/5/3
description VSS Dual-active detection
no switchport
no ip address
no cdp enable
dual-active fast-hello
thanks
Colin
07-31-2014 09:59 AM
Hi Colin,
I think you're mixing two aspects of the equation:
- quad-sup SSO is meant to guarantee full uptime redundancy of the full VSS pair and assure no chassis loss in case of a single sup failure.
- dual-active detection is meant to guarantee that if the VSL link across the VSS members goes down, isolating the boxes, (but they are still impersonating a single entity ) one of the boxes "removes" itself from the network in order to avoid network issues related to dessynchronisation of state on these two boxes, towards the rest of the network.
That said, you do not need to place the dual active detection link on the supervisors (it can be on any linecard), as its purpose is only to serve as a redundant link for detection in case the VSL goes down.
Unlike the peer-keepalive link in Nexus, you do not need to have a dual-active detection method enabled to form the VSS pair, so the use case for having it redundant is, frankly, quite debatable...
Im my view, I'd use one link on a separate linecard from the VSL links. I don't really see the need for both links across chassis, and especially not within the same chassis. The situation where you have your VSL link down (4 links) and your dual-active detection link is also down is extremelly unlikely with a single link.
Are the boxes located in different rooms, or is there any significative distance that would heighten the probability of this situation to occur?
My .02$
Gustavo
08-28-2014 05:40 AM
Hi Gustavo,
thanks once again for you expertise, as always your comments are greatly appreciated!
I just wanted to update this thread, as I assume other people will ask the same/similar question in regards to VS4O setups.
Its true to have several ports as Dual-Active-Detection. I have not tried configuring the DAD link as Port-Channel, but several DAD ports will do the job too
This is how I have implemented it recently:
SUP2T's:
12-12-2015 05:11 AM
Hi,
For me i have aready a switch 6509 sup 2 in my network.it's aready configured for network interconnection.For now, i want to add an other 6509 sup 2t with the first in vss.Can you please give me the steps for configure vss.Also,we can help me for upgrade a switch with 2 supervisor.
Thank you for your help.
07-31-2014 06:23 PM
Hi Gustavo,
thanks for your explanation, allow me one last question, could I potentially create a port-channel for the DAD link spreading over two line cards?
not that this makes any sense as long as VSL is up, I am just asking out of curiousity if this actually would work.
int po X
description VSS Dual-active detection
no switchport
no ip address
no cdp enable
dual-active fast-hello
int gi1/9/48
channel-group X mode on
int gi2/9/48
channel-group X mode on
The chassis are located next to each other in the DC, so there is no special requirements. I most likely will use a copper port, chassis to chassis.
Thanks Colin
08-06-2014 01:12 PM
Hi Colin,
I just configured a VSS w/ fast-hello for detection and one of the messages was that if enabling the fast-hello method on that interface, the switch would remove all extraneous configuration.
Couldn't try with a Port-channel, but it seems like you can have more than one wDAD link
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: