Solved: Re: VSS with SUP 2T - VSL Links

abhisar patil · ‎11-29-2013

Dear All,

I have two sup2T, one in each 6500E chassis. I need to understand about portchannel for VSL. I have seen some configuration with one portchannel for both 10G link as a singal VSL and some configuration with two different portchannel with two VSL. So what is the recommended configuration and advantage.

Thank You,

Abhisar.

Jon Marshall · ‎11-30-2013

Abishar

You are right when you say generally you use the same port channel number on both ends of an etherchannel link. But that is with standalone switches. The key thing with VSS is that the config from both switches is merged into one configuration fille.

So if you configured switch 1 with port channel 1 then how can you configure switch 2 with port channel 1 as well because when the configs are merged you now have two port channels using the same number.

Jon

View solution in original post

Reza Sharifi · ‎11-30-2013

Hi Jon, Abishar

You guys are both correct.

This is the only case that portchnnel numbers are different. For switch-1 po1 and for switch-2 po2. I know, it is confusing, as people think they are building 2 different portchannels, but in actuality it is one with 2 different numbers.

When you build your portchannles from the access switches to your VSS pair, they can use the same number on both sides just like any other portchannel.

HTH

View solution in original post

Jon Marshall · ‎11-30-2013

Abishar

It is important to have at least one port in the VSL on the supervisor because the supervisor initialises first before any linecards when booting up. If you have a VSL which only uses linecard ports then there is a delay in the VSS boot process. However after that it is up to you as to how you make up the rest of the VSL. It is a good idea to have at least one port on a linecard just in case the port(s) on the supervisor fail.

Also if you are using on the ports on the supervisor you have a choice of running in non-blocking mode on the 10Gbps ports or sharing the bandwidth between the 10Gbps ports and the 1Gbps ports.

Have a look at this table which describes the deployment options for the VSL link -

http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/VSS30dg/VSS-dg_ch2.html#wp1056246

Jon

abhisar patil · ‎11-30-2013

Dear Jon,

Thank you for your reply. Yes, I completely agree to have VSL from sup port only for fast boot.

Actually, I wanted to know that I saw two type of configuration

1. Having single VSL link with singal portchannel.

**************************************

interface Port-channel1

switch virtual link 1

no switchport

no ip address

!

interface TenGigabitEthernet 1/4

no switchport

no ip address

channel-group 1 mode on

no shut

!

interface TenGigabitEthernet 2/4

no switchport

no ip address

channel-group 1 mode on

no shut

**************************************

2. Having two VSL with two different portchannel.

**************************************

interface Port-channel1

no switchport

no ip address

switch virtual link 1

no mls qos channel-consistency

!

interface Port-channel2

no switchport

no ip address

switch virtual link 2

no mls qos channel-consistency

interface TenGigabitEthernet1/5/4

no switchport

no ip address

channel-group 1 mode on

!

interface TenGigabitEthernet1/5/5

no switchport

no ip address

channel-group 1 mode on

interface TenGigabitEthernet2/5/4

no switchport

no ip address

channel-group 2 mode on

!

interface TenGigabitEthernet2/5/5

no switchport

no ip address

channel-group 2 mode on

**************************************

So if we hva e two 10G links then we have to create two different portchannel?

Thank You,

Abhisar.

Jon Marshall · ‎11-30-2013

Abishar

I'm confused by your question. If i am reading this right you don't have 2 VSL links in the second example you are simply looking at both ends of the link ie.

interface Port-channel1

no switchport

no ip address

switch virtual link 1 <--- this is switch 1

no mls qos channel-consistency

interface Port-channel2

no switchport

no ip address

switch virtual link 2 <--- this is switch 2

no mls qos channel-consistency

the "switch virtual link " config line identifies the switch.

What commands did you use to view the config for both examples you have given ?

Jon

Reza Sharifi · ‎11-30-2013

Hi,

although one works, but for redundancy, it is recommended for the VLS link to be 2 10Gig interfaces and not one.

As for your config, it is correct, the portchannels numbers need to be different per chassis.

HTH

Jon Marshall · ‎11-30-2013

Reza

Am i reading it right ie. Abishar thinks in the second example he has 2 separate VSL links but it is just one VSL link (with 2 physical ports) and he is looking at the config on both sides ie. switch 1 and switch 2 ?

Jon

Reza Sharifi · ‎11-30-2013

Hi Jon,

His config is correct. Basically, he has portchannel 1 with interface te1/5/4 and 1/5/5 in it and than he has portchannel 2 with interfaces te2/5/4 and 2/5/5. One portchnnel per chassis.

BTW, best practice is to use one 10Gig from the sup and one 10Gig from a blade and not both from the sup which is the case here.

Thanks,

Reza

Jon Marshall · ‎11-30-2013

Hi Reza

Thanks for that. I have been reading up on VSS and i thought i might not be reading it right. If you don't mind i have a further question.

switch 1 = active supervisor

switch 2 = standby supervisor

I understand that the active supervisor is responsible for all control plane information which i'm assuming includes routing peering and building of the route table - is this correct ?

If so the active supervisor then builds the FIB and sends it to the standby supervisor as well as any DFC linecards. The standby supervisor then forwards packets for it's own linecards/modules whether those packets are L2 switched or L3 switched. So the L3 vlan interfaces are accessible to both switches - is this correct ?

So what happens when a packet is received by the standby supervisor that cannot be hardware switched ie. it needs to be handled by the supervisor's main CPU. Can the standby supervisor use it's own CPU or does it need to forward the packet over the VSL link to the active supervisor ?

I'm guessing it needs to be sent to the active supervisor but could you confirm.

Jon

Reza Sharifi · ‎11-30-2013

Hi Jon,

I understand that the active supervisor is responsible for all control plane information which i'm assuming includes routing peering and building of the route table - is this correct ?

That is correct

If so the active supervisor then builds the FIB and sends it to the standby supervisor as well as any DFC linecards. The standby supervisor then forwards packets for it's own linecards/modules whether those packets are L2 switched or L3 switched. So the L3 vlan interfaces are accessible to both switches - is this correct ?

Yes, that is correct. The forwarding plane of both switches are forwarding, but one supervisor handles both chassis. I am not sure about Sup-2T, but from what I remember (doing VSS a few years ago) you could not even access the stand-by chassis. If you try to console to it, it will give you a message that this is the stand-by chassis and try using the primary.

So what happens when a packet is received by the standby supervisor that cannot be hardware switched ie. it needs to be handled by the supervisor's main CPU. Can the standby supervisor use it's own CPU or does it need to forward the packet over the VSL link to the active supervisor ?

I'm guessing it needs to be sent to the active supervisor but could you confirm.

Correct, if that packet needs to software switched, then it needs to go to the primary sup, as he is the one controlling both chassis.

Thanks,

Reza

Jon Marshall · ‎11-30-2013

Thanks Reza

Just to clarify (for me), when you say -

The forwarding plane of both switches are forwarding, but one supervisor handles both chassis

you mean handles in terms of control plane only don't you ? ie the PFC on the standby supervisor is in use for L2/L3 switching ? Sorry to belabour the point but i just want to be absolutely sure i understand.

Finally with dual sups per chassis my understanding is that it runs in RPR Warm mode. If the active sup fails then the chassis is reloaded and the former RPR Warm supervisor takes over if possible. Is this still the case now and if so do you know if Cisco have any plans to use NSF/SSO so it can take over without a reload ?

Appreciate your patience with my basic questions

Jon

Reza Sharifi · ‎11-30-2013

you mean handles in terms of control plane only don't you ? ie the PFC on the standby supervisor is in use for L2/L3 switching ? Sorry to belabour the point but i just want to be absolutely sure i understand.

That is correct Jon. All control plane functions are manged by the primary Sup. It is kind of like one brain controlling two bodies and that is the reason you don't want to have split brains, as that is not good at all.

Finally with dual sups per chassis my understanding is that it runs in RPR Warm mode. If the active sup fails then the chassis is reloaded and the former RPR Warm supervisor takes over if possible. Is this still the case now and if so do you know if Cisco have any plans to use NSF/SSO so it can take over without a reload ?

I have never deployed quad sup VSS, but I have asked about it in the last 2 Cisco Live events. From what I understand the current solution still utilizes RPR Warm mode (as you described above) and so far I have not seen any changes to this. I think, this is all driven by market demand, as when you deploy 2 sups per chassis, the cost will dramatically change. I see a question here and there on quad sup, but honestly I don't think that many people have deployed it. (hence the market demand). In addition, there are very few accurate documents on quad sups which makes it even harder to understand the function, but I will ask further when I get the opportunity.

All good questions Jon

Thanks,

Reza

Jon Marshall · ‎11-30-2013

Thanks again Reza.

VSS would have made my life a whole lot easier when i was having to choose between L3 routed or L2 access to distribution layer in network designs. Odds were that if you went with L3 routed sooner or later there would be a need to span a vlan across multiple switches and you were looking at a redesign. And it's impossible to explain to your manager why the relatively new network needs to be reconfigured

Regarding quad sups, i guess the only real benefit is if you have devices that are only singly honed to a specific chassis which is not a very good idea in the first place. As you say it's a lot cheaper to have a second NIC in a server, for example, than to have to buy a second supervisor for each chassis.

I'm currently reading the Campus Design Guide using VSS so you can probably expect to get a few more questions in the near future.

Jon

abhisar patil · ‎11-30-2013

Dear Jon/Reza,

Same thing I want to understand about VSL.

So, it means if we have two 10G ports per chassis, then better to have two VSL links with two different portchannels?

If we combine both 10G links with one portchannel and one VSL link, will that be fine?

Also, as per 2nd config only one VSL link will forward the traffic and other will be standby?

Thank You.

Abhisar.

Jon Marshall · ‎11-30-2013

Abishar

You are getting confused by the config. You only have one VSL link in the second example. It is an etherchannel link with 2 x 10Gbps ports in it. You are seeing both ends of that etherchannel link. You do not have two separate VSL links. You only have one VSL link but it has 2 ports in it. in your example port channel 1 is the etherchannel config on switch 1 and port channel 2 is the etherchannel config on switch 2. But it is just one VSL link.

So you have one VSL link only but you use multiple ports in that VSL link ie. you use an etherchannel. If you have 2 10Gbps ports per chassis you put them into one VSL link and you make that link an etherchannel.

You only have one VSL link per VSS setup.

Jon

abhisar patil · ‎11-30-2013

Dear Jon,

Ok, its a singal VSL link.

But I am confused because of the config., for singal VSL I feel following should be the config with one portchannel, same as the earlier posted config 1.

When we are creating portchannel, we are keeping same portchannel ID on both devices, but here two different IDs so its confusing.

********************************************

SW1

********************************************

interface Port-channel1

no switchport

no ip address

switch virtual link 1

no mls qos channel-consistency

!

interface TenGigabitEthernet1/5/4

no switchport

no ip address

channel-group 1 mode on

!

interface TenGigabitEthernet1/5/5

no switchport

no ip address

channel-group 1 mode on

********************************************

Sw2

********************************************

interface Port-channel1

no switchport

no ip address

switch virtual link 1

no mls qos channel-consistency

!

interface TenGigabitEthernet2/5/4

no switchport

no ip address

channel-group 1 mode on

!

interface TenGigabitEthernet2/5/5

no switchport

no ip address

channel-group 1 mode on

********************************************

Anyways I will dig out more on this.

Thank You,

Abhisar.