Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Blue

Data Center Virtualization

When you have a clien thats running VMWare in their server farm, what considerations need to be made with regard to the access layer?

Would having a routed access layer cause complications with certain VMWare features, like VMotion? Where does VMWare need L2 adjacency?

How does the existence of a vSwitch inside the chassis effect the access layer? What consideratiosn should be made?

I know these are loaded questions.

What I need is a data center guide that focuses on the effects of virtualization and the choices one must have to make.

Would love to hear some good feedback.

Thanks

26 REPLIES
Hall of Fame Super Silver

Re: Data Center Virtualization

Hello Victor,

in SRND section there is a design guide about vmware server virtualization in a cisco network environment

http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/vmware/VMware.html

>> Would having a routed access layer cause complications with certain VMWare features, like VMotion?

yes indeed a L2 access is more appropriate for this kind of reasons, note that ESX may decide to move some hosts to other HW resources for example if they think active NICs are not connected or for other reasons.

>> How does the existence of a vSwitch inside the chassis effect the access layer? What consideratiosn should be made?

this is currently beyond my understanding

Hope to help

Giuseppe

Blue

Re: Data Center Virtualization

Yeah, I agree with the switched access layer when deploying VMWare. I think thats especially true when the client has VSS in their core and the ability  to stack at the access layer, too.This mitigates the possibility of a layer 2 loop tremendously because of the virtualization and the creation of virtual chassis at all layers. That being the case, deploying a routed access layer no longer has the same value or necessity.

But in this scenario, do you think it is still a good idea to deploy STP in both the access and core? I think its a good idea to do it. You lose nothing and can only gain. For example in the event of a hardware or software failure. or if someone plugs a switch into the chassis....

What do you think....?

Hall of Fame Super Blue

Re: Data Center Virtualization

lamav wrote:

Yeah, I agree with the switched access layer when deploying VMWare. I think thats especially true when the client has VSS in their core and the ability  to stack at the access layer, too.This mitigates the possibility of a layer 2 loop tremendously because of the virtualization and the creation of virtual chassis at all layers. That being the case, deploying a routed access layer no longer has the same value or necessity.

But in this scenario, do you think it is still a good idea to deploy STP in both the access and core? I think its a good idea to do it. You lose nothing and can only gain. For example in the event of a hardware or software failure. or if someone plugs a switch into the chassis....

What do you think....?

Victor

I would always deploy STP on all switches where possible although my understanding is that vswitches do not run STP as it is almost impossible to create an STP loop oin a vswitch.

But the point about using STP is valid because although with VSS/VPCs STP is no longer actively involved in forming a loop free path because there is no loop with dual uplink from access to a VSS pair, it should still be run in the background just in case. It costs you very little to run it and is a useful backup to have.

Jon

Blue

Re: Data Center Virtualization

Jon, yes, you are right, I belive. vSwitches in, say, VMWare do not have the possibility for loops bevcause they dont trunk to other switches. I mean, it can happenb, but you would have to go out of your way to configure a VM vNIC in a certain way to make that happen.

My question was about deploying STP in an environmen that has access switches with stacking capability and core switches (no distro) running VSS.

I have a lot of questions regarding how the uplinks are treated in that kind of environment, which I will ask later. But for now, let me understand what youre saying. You are saying that with VSS and stacking in the access, you should still be running STP. Correct?

Hall of Fame Super Blue

Re: Data Center Virtualization

lamav wrote:

I have a lot of questions regarding how the uplinks are treated in that kind of environment, which I will ask later. But for now, let me understand what youre saying. You are saying that with VSS and stacking in the access, you should still be running STP. Correct?

Personally i would because it costs you nothing except for the exchange of BPDUs and it can protect against link failures or misconfigurations. Whether you run STP or not should not affect failover if one of your VSS pair fails.

I haven't come across any recommendations saying you should turn off STP because it gives you a specific advantage to do so.

Jon

Blue

Re: Data Center Virtualization

Jon/Giuseppe, imagine a looped triangle topology. Two access switches dual homed to distro switches...the usual crap.

Now with VSS in the distro, the 2 distros look like 1 switch to the access layer, correct? So, that would mean that the 1 virtual distro would see itself as having two connections to each access layer switch, correct?

Now, lets say the access layer is stacked/virtualized (lets say its 2 3750s with a stacking cable between them. Now, you would have one distro [virtual] switch and 1 [virtual] access switch, correct? So, that would mean that each [virtual] switch would see itself as having 4 connections to the other [virtual] switch. Correct?

Thanks

Hall of Fame Super Blue

Re: Data Center Virtualization

lamav wrote:

Jon/Giuseppe, imagine a looped triangle topology. Two access switches dual homed to distro switches...the usual ****.

Now with VSS in the distro, the 2 distros look like 1 switch to the access layer, correct? So, that would mean that the 1 virtual distro would see itself as having two connections to each access layer switch, correct?

Now, lets say the access layer is stacked/virtualized (lets say its 2 3750s with a stacking cable between them. Now, you would have one distro [virtual] switch and 1 [virtual] access switch, correct? So, that would mean that each [virtual] switch would see itself as having 4 connections to the other [virtual] switch. Correct?

Thanks

Victor

Not sure it works like this. VSS represents 2 physical switches as a virtual switch to other switches. But each physical switch still runs it's own supervisor and modules so i don't think each chassis sees itself as a virtual switch. From the 6500s perspective they are still 2 physical switches with just the addition of a VSL + the VSL related protocols that are need to run VSS.

Jon

Blue

Re: Data Center Virtualization

"Victor

Not  sure it works like this. VSS represents 2 physical switches as a  virtual switch to other

switches"

Jon, thats precisely what I am suggesting:

"Now with VSS in the distro, the 2 distros look like 1 switch to the  access layer, correct?"


I also think that each of the VSS'd distro switches will see the other as an extension of their chassis. So, the links between them will be viewed as within the system chassis. In other words, D1 will not send STP BPDUs to D2 because they dont see the other as being outside their system. At least this is how I interpret it....

If this is all correct, then what you would get is something that looks like a triangle... if each Access switch is dual homed to the physical distros, then you should picture 2 links going from the virtual distro to each of the access switches, as drawn.

                             Disto-virtual VSS Switch

                                 ||                    ||

                                 ||                    ||

                                 ||                    ||

                         ACCESS 1           ACCESS 2

Hall of Fame Super Silver

Re: Data Center Virtualization

Hello Victor,

I agree with Jon.

VSS and C3750 stacks allow you to use all uplinks with cross stack and Multi chassis etherchannels but STP may be of very great help in dealing with transitions caused for example by one switch failing in the VSS or stack.

The stack has a master and the master can fail, a new master needs to be elected for example (yes, there is MAC address persistency for the stack and so on.)

It is better to stay on the safe side and to use STP.

I need to learn something about these Vswitches.

Hope to help

Giuseppe

Blue

Re: Data Center Virtualization

Jon...

Giuseppe....

Come back! Where did you go? I havent finished torturing you yet!

All kidding aside, I think this is a great discussion....

I would like your input on my last post...

Blue

Re: Data Center Virtualization

Giuseppe:

I agree with you and Jon 100% regarding STP. It can only help, as I see it...

Check out my last question with my silly drawing....

Imagine that the access layer is NOT stacked but the distro is VSS'd...

Thanks

VIP Super Bronze

Re: Data Center Virtualization

Victor,

In order for VSS to work correctly and loop free in the distro, the access layer devices must be capable of doing Multichassis EtherChannel (MEC).

All access layer devices would need to connect to the disto using Etherchannel.  Besides the chassis based switches ie 6500, 4500, the only small access layer device that is capable if doing MEC is 3750s stacked.  So for example you could not use 2 separate 3560s and uplink each one to a VSS set as they are not cable of doing MEC.

HTH

Reza

Blue

Re: Data Center Virtualization

Reza, this is interesting. Do you know this because you have deployed it or is it through reading about it?

So, the topology I drew below can indeed be achieved -- or better stated, would be the result -- but only if I used 6500s on the access layer, or some other non-stackable chassis switch. that supports MEC. Correct?

Follow-up question:

Which Cisco platforms support MEC? Which of them are non-stackable but do support MEC?

Thanks

VIP Super Bronze

Re: Data Center Virtualization

Victor,

I have deployed it and have a done lots of testing with VSS using 6500 at the access and VSS (6500) at the distro

The access layer could be a 6500 with dual sup-720-vs running SSO.  In this scenario you uplink one 10Gig port from the primary sup to the VSS distro and one 10Gig port from the secondary sup to the same VSS distro using Etherchannel.  The nice thing about this scenario is that even though the secondary sup is on stand-by if the primary sup goes bad or the port gets disconnected the secondary sup starts forwarding traffic without interruption.

non-stackable but do support MEC?>

Only 3750 series support MEC and that is because they can be stacked and logically become one switch. So if for example you have 2 3750s in a stack, you uplink one 10Gig from one 3750 and one 10Gig from the other 3750 and form an etherchannel

HTH

Reza

Blue

Re: Data Center Virtualization

"The access layer could be a 6500 with dual sup-720-vs running SSO.  In  this scenario you uplink one 10Gig port from the primary sup to the VSS  distro and one 10Gig port from the secondary sup to the same VSS distro  using Etherchannel."

Need clarification...from the 6500 access switch with dual SUPs, you run a 10 gig connection from the primary SUP to distro1 and another 10G from the secondary SUP to distro 2. Correct?

Youre saying though that the only switch Cisco makes that supports MEC is the 3750. And you said I would need MEC at the access layer to get VSS to work right. So why would I go with a 6500?

Please make your answers idiot-proof because this is a difficult topic...a loto of options...

Thank you!!

VIP Super Bronze

Re: Data Center Virtualization

Need clarification...from the 6500 access switch with dual SUPs, you run a 10 gig connection from the primary SUP to distro1 and another 10G from the secondary SUP to distro 2. Correct?

That is Correct

Youre saying though that the only switch Cisco makes that supports MEC is the 3750. And you said I would need MEC at the access layer to get VSS to work right. So why would I go with a 6500?

If you have high density need for fiber ports at the access layer.  The Maximum number of fiber ports a 3750 supports is only 12.

HTH

Reza

Blue

Re: Data Center Virtualization

"If you have high density need for fiber ports at the access  layer.  The Maximum number of fiber ports a 3750 supports is only 12"

OK, that makes sense, but once agin, you said you need an access switch with MEC to support a distro layer with VSS....so what would happen in this case?

Hall of Fame Super Blue

Re: Data Center Virtualization

Reza

In order for VSS to work correctly and loop free in the distro, the access layer devices must be capable of doing Multichassis EtherChannel (MEC).

That is interesting because i wasn't aware of this.  I thought that as the 6500 pair appeared as one switch you could use any access-layer switch and uplink to both 6500 chassis using normal etherchannel. There wouldn't be a L2 loop because unlike a normal design where the interconnect between the 6500 switches is counted as one of the L2 paths this isn't the case with VSS.

So are you saying it is recommended to use MEC in access-layer switches with a VSS distro layer or that you can only use MEC ?

Victor, apologies for not getting back, been a bit busy.

Jon

VIP Super Bronze

Re: Data Center Virtualization

Hi Jon,

You don't have to use MEC capable switch only.  Another word if you have a single switch as long as it is capable of utilizing Etherchannel you can uplink 2 ports from it to 2 different distro 6500 (VSS). But if you have multiple switches you can only use 3750s to stack them and have one link from one 3750 and another link from the second 3750 uplink to the VSS pair to create an Etherchannel (MEC) and make it logically look like one switch is connecting to one switch.

Sorry, if I was not clear.

Reza

Hall of Fame Super Blue

Re: Data Center Virtualization

sharifimr wrote:

Hi Jon,

You don't have to use MEC capable switch only.  Another word if you have a single switch as long as it is capable of utilizing Etherchannel you can uplink 2 ports from it to 2 different distro 6500 (VSS). But if you have multiple switches you can only use 3750s to stack them and have one link from one 3750 and another link from the second 3750 uplink to the VSS pair to create an Etherchannel (MEC) and make it logically look like one switch is connecting to one switch.

Sorry, if I was not clear.

Reza

Reza

Many thanks for getting back on this.

I should have read your answer more carefully because i missed the bit about using 2 x non MEC switches uplinked to a VSS distro pair. Come to think of it i was being a bit stupid because MEC would be irrelevant with only one switch

In essence with that config ie. a pair of 3560 switches connected to each other and then connected to a VSS pair you have simply inverted the triangle i was referring to in previous post.

So a single non MEC capable switch uplinked to both VSS 6500 switches is fine with no blocking as i understand it ?

Jon

VIP Super Bronze

Re: Data Center Virtualization

Jon,

So a single non MEC capable switch uplinked to both VSS 6500 switches is fine with no blocking as i understand it ?

Yes,

Reza

Blue

Re: Data Center Virtualization

Hi - sorry it took me so long to get back. Its been a real busy weekend.

Anyway, I have done some reading of my own on VSS and I think I better understand what's going on - at least as far as you can understand without getting your hands on the technology.

In my scenario, in which we have access layer switches uplinked to an aggregation layer running VSS, the MEC functionality is not a function of the access layer switches; it is a function of VSS itself. In other words, you dont need an access switch that supports MEC, per se. Any switch that supports normal etherchannel will be able to be placed in an MEC with a VSS pair.

That was one point that was confusing me. This is possible because the active virtual chassis that includes the active supervisor manages the control-plane and forwards excapsulated messages to the standby switch.

So, as I postulated before, two (2) access switches that are not stacked and are dual-homed to two (2) switches in a distribution layer in a VSS cluster will produce a logical topology that looks like the above (and below) drawing.

Thoughts?

Thanks again

Each access layer switch sees one switch at the distro layer because of  VSS.

                           Disto-virtualized VSS Switch(es)

                                  ||                    ||

                                  ||                    ||

                                  ||                    ||

                         ACCESS  1           ACCESS 2

VIP Super Bronze

Re: Data Center Virtualization

Victor,

Each access layer switch sees one switch at the distro layer because of  VSS.

                           Disto-virtualized VSS Switch(es)

                                  ||                    ||

                                  ||                    ||

                                  ||                    ||

                         ACCESS  1           ACCESS 2

Correct, and the lines connecting the access layer switches to VSS are Portchannels right?

So in this scenario these switches could be any switch as long as they are capable of doing Etherchannel ie 2960, 3560, etc...

HTH

Reza

Blue

Re: Data Center Virtualization

Hi, Reza...yes, each one of those lines is a single link that [physically] goes to one of the distro switches and they both make up a port channel.

Im glad I got that cleared up. lol

Thanks, man....I may pick your brain more later,. is that OK? Im very happy that you have  alot of practical experience with VSS...

Victor

VIP Super Bronze

Re: Data Center Virtualization

Hi Victor,

No problem at all.  I'll be more then happy to help.

Just as an FYI, today with SXI3 (the latest version of IOS for VSS)  only a single Sup-720-VS is supported per switch.  SXI4 supposed to be released some times in June and according to Cisco it will support 2 Sup-720-VS per chassis.!!!!!

Reza

New Member

Re: Data Center Virtualization

HI ,

in case we have access switch non Cisco and connected by etherchannel to the two distribution 6509 VSS , still can see the two 6509 VSS as one switch, or because the access switch is not cisco will not be able to see the two 6509 VSS as one switch.

Also if we have two non cisco switches running technology like VSS connected to two cisco 6509 VSS, can cisco and the non cisco see each other as one switch

579
Views
45
Helpful
26
Replies
CreatePlease to create content