I'm looking to hear your thoughts regarding the VSS based on your hands on experiences. Is it good or bad and why? Have you run into any odd edge cases that have made you wish you stuck with the non vss 720s?
A VSS (Virtual Switching System )is network system virtualization technology that pools multiple CiscoÂ® CatalystÂ® 6500 Series Switches into one virtual switch, increasing operational efficiency, boosting nonstop communications, and scaling system bandwidth capacity to 1.4 Tbps. At the initial phase, a VSS will allow two physical Cisco Catalyst 6500 Series Switches to operate as a single logical virtual switch called a virtual switching system 1440 (VSS1440).
In a VSS, the data plane and switch fabric with capacity of 720 Gbps of supervisor engine in each chassis are active at the same time on both chassis, combining for an active 1400-Gbps switching capacity per VSS. Only one of the virtual switch members has the active control plane. Both chassis are kept in sync with the interchassis Stateful Switchover (SSO) mechanism along with Nonstop Forwarding (NSF) to provide nonstop communication even in the event of failure of one of the member supervisor engines or chassis.
VSS offers superior benefits compared to traditional Layer 2/Layer 3 network design. Benefits can be grouped into four main categories:
1. VSS increases operational efficiency by simplifying the network, reducing switch management overhead by at least 50 percent.
â¢ Single point of management, IP address, and routing instance for the Cisco Catalyst 6500 virtual switch
- Single configuration file and node to manage. Removes the need to configure redundant switches twice with identical policies.
- Only one gateway IP address is required per VLAN, instead of the three IP addresses per VLAN used today.
- Removes the need for Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol (VRRP), and Gateway Load Balancing Protocol (GLBP)
- CiscoWorks LAN Management System (LMS) 3.0 can be used to centrally manage a Cisco Catalyst 6500 virtual switch as a single entity.
â¢ Multichassis EtherChannelÂ® (MEC) is a Layer 2 multipathing technology that creates simplified loop-free topologies, eliminating the dependency on Spanning Tree Protocol, which can still be activated to protect strictly against any user misconfiguration.
â¢ Flexible deployment options. The underlying physical switches do not have to be colocated. The two physical switches are connected with standard 10 Gigabit Ethernet interfaces and as such can be located any distance based on the distance limitation of the chosen 10 Gigabit Ethernet optics. For example, with X2-10GB-ER 10 Gigabit Ethernet optics, the switches can be located up to 40 km apart.
2. VSS boosts nonstop communications.
â¢ Interchassis stateful failover results in no disruption to applications that rely on network state information (for example, forwarding table info, NetFlow, Network Address Translation [NAT], authentication, and authorization). VSS eliminates L2/L3 protocol reconvergence if a virtual switch member fails, resulting in deterministic subsecond virtual switch recovery.
â¢ Utilizes EtherChannel (802.3ad or Port Aggregation Protocol (PAgP) for deterministic subsecond Layer 2 link recovery, removing the dependency on Spanning Tree Protocol for link recovery.
3. VSS scales system bandwidth capacity to 1.4 Tbps.
â¢ Activates all available Layer 2 bandwidth across redundant Cisco Catalyst 6500 Series Switches with automatic, even load sharing. Link load sharing is optimized because it is based on more granular information, such as L2/L3/L4 parameters, unlike virtual LAN (VLAN)-based load balancing in Spanning Tree Protocol configuration.
â¢ Enables standards-based link aggregation for server network interface card (NIC) teaming across redundant data center switches, maximizing server bandwidth throughput and increasing the number of standards-based components in the data center (that is, server NICs) with needing to configure proprietary NIC vendor mechanisms.
â¢ Maximizes the utilization of all (132) 10 Gigabit Ethernet ports in a Cisco Catalyst 6500 virtual switch.
â¢ Conserves bandwidth by:
- Eliminating unicast flooding caused by asymmetrical routing in traditional campus designs.
- Optimizing the number of hops for intracampus traffic using multichassis EtherChannel enhancements.
â¢ VSS enhances existing multilayer switching architecture using simplification of architecture without fundamentally changing the architecture resulting in easy of adoption of the technology.
â¢ Uses existing Cisco Catalyst 6500 investments, easing the deployment of VSS. The VSS is supported on non-E and E series Catalyst 6500 Series Switches chassis and supports all Cisco Catalyst 6500 series 6700 series modules.
â¢ VSS uses standards-based 10 Gigabit Ethernet connectivity between Cisco Catalyst 6500 virtual switch members allowing for flexible distance options. The underlying physical switches do not have to be colocated
I have actual experience with a VSS. So far I've built one for the core layer of a data center and plan to build more as soon as the IOS that supports FWSM in VSS comes out. I hear it will be available next year. Right now it doesn't support any service modules (well, maybe one) so it's a pretty simple config.
The VSS feels a lot like 3750 stacks in terms of interface configurations. Everything else is the same as any other 6500. The VSS only supports 1 Sup module per chassis so don't overspend on 4 sups like you probably would when running just a traditional redundant pair.
The only bug I have hit so far has to do with floating statics over OSPF. If I lose a certain link OSPF removes the /24 routes to that site from the table. I have a /16 floating static in place that routes them all over a VPN. When the link comes back up, longer prefixes come back into the table including a /16 that matches the floating static. Unfortunately, the floating static does not get replaced by the OSPF route even though it has a better admin dist. I have to manually remove it from the config and put it back in before the next link failure. The same problem does not occur on the other side of the link but that is not a VSS or sup 720 with 10gb. It's a different IOS too.
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...