We are in the process of upgrading our network infrastructure. We are planning to invest on 2X 6500 core switches, so I thought of proposing VSS to the management as the best solution.
I have few questions that need to be clarified before that.
1. Does VSS support FWSM
2. Dose VSS support EIGRP and MPLS
Can any one share the experience they have with VSS. (e.g. Reliability, Bugs, configuration issues, etc.)
I try to get some one in Australia but unfortunately no one has done it here.
Congratulations on your upgrade. =)
To answer your questions:
The only service modules currently supported while doing VSS are NAM-1 and NAM-2. Support for these was added as of 12.2(33)SXH1
Support for other service modules (FWSM, ACE10, ACE20, IDSM, WiSM) will be supported in 12.2(33)SXI, which is targeted for Q3CY08 (CSM will not be supported with VSS).
VSS currently supports routing protocols like EIGRP, and MPLS will also be supported as of 12.2(33)SXI.
I have played around with VSS a bit in my lab, and I can say the reliability of it is its true success - so long as it is set up correctly (more on that in a moment). There will always be bugs in software, and SXH is a reasonably 'young' train compared to SXF, but I am impressed with what I have seen of the train thus far. Many of the caveats/workarounds from SXF have been removed which I think is one of the more attractive reasons to run this code. That being said, SXH hasn't quite passed safe-harbor testing yet for one reason or another.
However, even were one of these switches in your VSS setup to crash because of a software bug, say, the setup should remain active because of the nature of VSS. 95% of its purpose is resiliency and high availability.
If I were doing the campus design, I would ensure that each and every device are dual uplinked to the switches. Multi-chassis etherchannel (MEC) is your friend...I have seen a number of people implement VSS as a solution simply for more ports in the core layer, and while it certainly could be used this way, I don't think this is its strength. All you gain when doing this is the ease-of-manageability factor. Make sure you read about VSS dual-active detection. If possible put each of the switches on separate power circuits.
Here's the config guide for VSS...It's linked to the part on service modules:
Hope this helps! Let me know if you have other questions.
Its nice to get in touch with some one who really has done this. Since FWSM is also part of my requirement I will wait till 12.2(33)SXI comes.
I may go with hardware purchasing, for the time being, implement dual core switches with out VSS.
Do you think, to run 12.2(33)SXI do we have to go for another hardware upgrade. We are thinking of 720-10G-VSS to be use as the suprevisor module.
Thanks again for the information, which really was helpful.
12.2(33)SXI will work on the vs-s720 without a hw upgrade, so you can purchase the devices and implement in a non-redundant setup if desired.
We have 2 6509 core switches using VSS and have been up for about 2 months now with no.....knock on wood.....issues. We did some failover testing by powering off one of the switches and it worked great, we did not lose connectivity to the servers (as long as they are dual connected. We are running S72033-rp-advipservicesk9_wan-vz.122-33.sxh2 and again so far not having any problems.
Mike, you are running 12.2(33)SXH2 - SXH2a was recently released to address several severe bugs...I am not suggesting that you upgrade, but you may want to be aware of them at the very least. The bugs are documented in the release notes:
Specifically you may want to look at:
CSCso53516 - VSS: Incorrect fpoe programming causing unicast traffic blackhole
CSCso05127 - WS-X6708-10GE crashes following upgrade to 12.2(33)SXH1 and 12.2(33)SXH2
Thank you. I have been watching for updates because of that. It made me nervous when they told me to go to that version even when I told them about the bugs. I have been watching the safe harbor testing, would that be what I should watch or is there some other thing I should watch for new fixes.
I was wondering if a hardware change of FWSM would also be required with integrating it with VSS or would it just be a IOS upgrade. Would there be a separate FWSM to use with VSS ?
hi all, today I use S72033-rp-advipservicesk9_wan-vz.122-33.sxh3a on my 4x6500. For redundancy, i do install 2x6500s the primary datacenter and 2x6500 on the secondary datacenter. Between these two datacenters, we have 2x10Gbs dark fiber and we run MPLS VPN between these swiches. My question is:
Can i use VSS in my MPLS solution and which IOS version I should use here?