Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss with Cisco expert Sachin Gupta how Cisco Catalyst 6500 Series, with IOS Software Modularity, boosts operational efficiency, and minimizes downtime through evolutionary software infrastructure advancements. Sachin is a senior manager of product management for the Catalyst 6500 Series.
Remember to use the rating system to let Sachin know if you have received an adequate response.
Sachin might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through October 21, 2005. Visit this forum often to view responses to your questions and the questions of other community members.
I have a 6500 with the modules listed below. IOS Version 12.2(17a)SX4 In order to upgrade to the modular IOS what do I need to be concerned of. DO any edge switches need to be upgraded. What are the major issues we should expect to see when upgrading
1 8 8 port 1000mb GBIC Enhanced QoS WS-X6408A-GBIC
2 8 8 port 1000mb ethernet WS-X6408-GBIC
3 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX
5 2 Supervisor Engine 720 (Active) WS-SUP720-BASE
6 2 Supervisor Engine 720 (Hot) WS-SUP720-BASE
7 6 Firewall Module WS-SVC-FWM-1
8 48 48 port 10/100 mb RJ-45 ethernet WS-X6248-RJ-45
We plan on supporting this configuration with Software Modularity on the 6500 at FCS. There may be a minimum version requirement for the software on the Firewall Service Module so please check the release notes for this at FCS. The only issue you should consider is that the new IOS image with Software Modularity requires a minimum of 256MB of flash.
Please see the following Q&A for more information:
Can 6500 with sup32 offer per-SVI policing? Idea is pretty simple - we are looking for a device, capable to terminate about 500+ SVI and do some bandwidth limitations (policing) perSVI base. Can 6500 do this ?
Each SVI will have service-policy configured.
We do support per-SVI policing with the 6500 and should scale to 500+ SVI with PFC3B.
Please let me know the basic difference in protocol states both data and control plane traffic in case of RPR, RPR+, SRM SSO. NSF SSO. What all protocl stacks it maintain and it syncs it with standby Sup. What about the routing protocl stack. Does it creates in both of the sup, ruting table population etc..
The following doc should answe your questions:
If you don't find what you need, please post another request.
Thanks for the info. Just have one doubt on this " SRM with SSO uses the existing PFC and DFC Layer 3 switching information to forward traffic for a configurable route-convergence interval while the newly active Multilayer Switch Feature Card (MSFC) builds its routing table ".
So does PFC and DFC tables also get synced with the redundent sup's PFC.bcoz it whole sup crashes then PFC will go out also so how does it work in that case ??
PFC and DFC tables do get synched. If a PFC fails, the traffic being forwarded by that PFC at that time will be lost. However, this is within 0-3 seconds, and that is the Sup failover time that we market. The secondary Sup PFC will be up and forwarding within that time.
I'm a little unclear as to the extent of the modularity. Will the IOS start shipping with seperate modules that all need to be loaded: i.e.
or will the IOS continue be shipped in its current form with the ability to reset/upgrade certain subsystems?
I guess what I'm looking for are some real life examples of actually using the modular functionality and not just some marketting write ups. :)
The Software Modularity whitepaper should answer some of your questions:
We plan on offering the IOS image as it is today - no changes. On top of the IOS image, we are planning to offer a patch level, called "maintenance pack", which will provide certain critical fixes in a cumulative manner. Users have the ability to combine the base IOS image and the maintenance pack into a single binary using the "repackage" feature in order to simplify deployment on a large number of devices.
You will have the ability to restart processes and upgrade subsystems (one or more subsystems form a process) in-service in modular processes.
I have a 6513 runnning 12.2(18)SXD3 with ENT/IPV6/SSH/3DES/LAN ONLY and we are migrating to 12.2SXE2 with ADVANCE ENTERPRISE SERVICE SSH. The time the swith takes to boot with the new image is about 30 minutes with the Supervisor 720B / 512RAM, is this behaviour normal? Old version takes about 3-4 minutes. We are trying to achieve additional functionalities with this image but such booting time is very long.
This does not sound like normal behavior. Please open a TAC case on this issue with any logs you may have for this behavior. If you don't get the answer you need, please send me the case number.
I have defined 200 VLAN at my network (1 catalyst 4500 and many switch 2950). VLAN 2 contain ip of my server and others is department, division VLAN with different policy (like VPN access, Internet-access, CCTV-acces, etc). I want my client at different VLAN can communicate with vlan2 only (it contain ip of my servers) and its own vlan. the problem is my dhcp server at VLAN2 can't be contacted by vlan client when my access-list is activated. And when I try to permit bootps and bootpc, dhcp work properly, my client get ip automatically (with scope in vlan of course) but my client can ping ( can contact) any pc in different vlan. how to solve the problem? how to make make vlan really works ( can ping) with certain VLAN only and DHCP also work properly?
This is not my area of expertise but I did some lookng around and it seems that you should be able to accomplish this with the proper ACL. I would recommend re-checking your ACL and working with Cisco TAC if it still does not work for you.
I have a cat 6000 with an MSFC2
I have catOS on the switch and IOS on the MSFC2. I wan t to upgrade the IOS on the MSFC2 and run this from a PC Flash Card on the supervisor.
I have seen this note in CatOs Release Notes 8.3.7:
Also note that with software release 8.1(1) and later releases you need to use the Cisco IOS
Release 12.1(13)E4 or 12.1(13)E5 bootloader on the MSFC/MSFC2 to boot a Cisco IOS image reliably
from sup-slot0 or sup-bootflash. The Cisco IOS Release 12.1(19)E train bootloader, or bootloaders
earlier than Cisco IOS Release 12.1(13)E4, do not support booting the MSFC/MSFC2 from sup-slot0 or
sup-bootflash due to caveats CSCeb36759, CSCdz60980, and/or CSCdz31321.
How can I see the bootloader versión? Is it the same that ROM: System Bootstrap that appears in sh versión?
How can I upgrade bootloader?
This is not an area I am familiar with. However, I checked with Ben Basler, a TME in ISBU, and he answered this as follows:
A Sup2/MSFC2 based system running in hybrid mode needs to have a bootloader (c6msfc2-boot-mz ) on the MSFC2 bootflash: The release note you are referring to does outline that it is necessary to have a minimum bootloader version to load the MSFC2 IOS image from supervisor based file systems such as sup-bootflash: or sup-slot0:.
The bootloader version can be verified using the show bootvar command. In addition you should find the following command in your current running configuration referring to the bootloader boot bootldr bootflash:c6msfc2-boot-mz .
To upgrade the bootloader download it from the software center on cisco.com and copy it to the bootflash of the MSFC2. Then adjust the boot bootldr string to the new bootloader and reload the system.
I hope this helps!
I have read the document regarding the memory requirements to run the modular IOS. It states that the RP and SP should have 512 meg of dram. How do I find out how much dram my SP has. I am running native IOS 12.2(18)SXD.
Remote command switch show version or remote command switch show memory should give you the info.
We have a Cisco Catalyst 6500 with SUP-720-BASE (720A). Can we use it for Layer3 MPLS VPN Functionality?
The following modules are installed:
1 0 2 port adapter FlexWAN WS-X6182-2PA
2 0 2 port adapter FlexWAN WS-X6182-2PA
3 8 8 port 1000mb GBIC Enhanced QoS WS-X6408A-GBIC
5 2 Supervisor Engine 720 (Active) WS-SUP720-BASE
6 2 Supervisor Engine 720 (Hot) WS-SUP720-BASE
Isn't the PFC3 integrated with the Sup720? If yes then what is the need to buy again?
I have 2 6500's running supervisor 723B's. The IOS version 12.2(18) SXD3 is on the device right now. The exact file is:
I have 2 supervisors, 2 X6416-GBIC, 2 X6148-GE-TX and a WLSM (running version 1.2)
I run, BGP, mGRE, VRF-Lite, Eigrp, and soon we will be switching to ospf. Additionally we run ipx/spx also.
#1 is my configuration supported?
#2 how much downtime / how rigorous is the upgrade?
Should i expect my 4500 and 3500 series switches to see a similar IOS?
Your configuration may require more flash to run the IOS image with Software Modularity. Additionally, the WLSM card is not planned in the first release at this time. In terms of features, VRF-lite is expected in a re-release within 3 months after FCS, but the other features you list are planned at FCS.
The upgrade process is the same as regular IOS upgrades today. To take advantage of patching, you need to "install" the image which can add a few more minutes to the upgrade process initially.
IOS with Software Modularity is only planned for the 6500 right now.
I have a 6509 with a Sup 720 running IOS Version 12.2(17d)SXB1, a WS-X6416-GBIC, a WS-X6408A-GBIC and 2 ea. WS-X6348-RJ-45 modules. I will be connecing one of the gigabit interface ports to a 7206-VXR router via a PA-GE module. (This is one of the network interfaces to my network).
Question: Is there a Cisco best practice recommendation on connecting the 7206-VXR to the 6509? Is it a good idea to use either of the 2 ports that are supported on the SUP-720 or would I be better served using one of the gigabit ports on either the 6408 or 6416 Gigabit modules?
The uplink ports on the Supervisor are OK to use for data. You should have no issue whether you use these or some ports on a linecard.
We are connecting a 6509 to a 12008 across a 1 Gbps metro ethernet link. We need to do testing on this new 1 Gbps connection but we do not have an additional GigE port on the 12008 to do server-to-server testing. Is there an effective way within IOS to generate traffic from router-to-router to test out a metro ethernet circuit like this? It doesn't seem like the normal ping tests would generate enough traffic for an extended period of time, so I'm wondering if there are any other options for testing from router-to-router.
Thanks in advance.
You can try using IP SLAs: