CATALYST 6500

BOOTCAMP

VIRTUAL
SWITCHING SYSTEM
(VSS)

VIRTUAL SWITCHIN

Agenda Topics

VSS Introduction

APPENDIX

Architecture

Hardware and Software

Requirements

Deploying VSS with

Server Virtualization

Migration to VSS

Quality of Service

High Availability

Quad-Sup Uplink Forwarding

Operational
Management

Software Upgrades

Service Module Integration

Deployment Considerations &

Best Practices

Summary

INTRODUCTION

VSS
INTRODUCTION

Agenda Topics

Current Network
Challenges
Traditional Enterprise
Campus deployments have been

designed in such a way that allows for scalability,

Enterprise Campus
differentiated services and high availability. However
they also face many challenges, some of which are listed
in the below diagram
Extensive routing
L3 Core

L2/L3
Distribution

Access

topology, Routing
reconvergence

FHRP, STP,
Asymmetric routing,
Policy Management

Single active uplink

per VLAN (PVST), L2
reconvergence

Current Network
Traditional Data Center
designs are increasingly requiring Layer 2
Challenges
adjacencies between Server nodes due to the use of Server

Center
Virtualization technology.Data
However,
these designs are pushing the
limits of Layer 2 networks, placing more burden on loop-detection
protocols such as Spanning Tree
FHRP, HSRP, VRRP
Spanning Tree
Policy Management
L2/L3 Core
Single active uplink per
VLAN (PVST), L2
reconvergence,
L2
excessive BPDUs
Distribution
Dual-Homed Servers to
single switch, Single
active uplink per VLAN
(PVST), L2
reconvergence
L2 Access

Catalyst 6500 Virtual Switching System

Overview
Today (Today)

VSS (Physical View)

10GE
Si

10GE
Si

Si

802.3ad
or
PagP

Access Switch or
ToR or Blades

VSS (Logical View)

Server

Access Switch or
ToR or Blades

Si

802.3ad

Server

802.3ad
or
PagP

Access Switch or
ToR or Blades

802.3ad

Server

Simplifies operational Manageability via Single point of Management,

Elimination of STP, FHRP etc

Doubles bandwidth utilization with Active-Active Multi-Chassis Etherchannel

(802.3ad/PagP) Reduce Latency

Minimizes traffic disruption from switch or uplink failure with Deterministic

subsecond Stateful and Graceful Recovery (SSO/NSF)

Virtual Switching System

Enterprise Campus

A Virtual Switching System-enabled Enterprise Campus

network takes on multiple benefits including simplified
management & administration, facilitating greater high
availability, while maintaining a flexible and scalable
architecture

L3 Core

L2/L3
Distribution

Access

Reduced routing
neighbors,
Minimal L3
reconvergence

No FHRPs
No Looped topology
Policy Management

Multiple active
uplinks per VLAN,
No STP
convergence

Virtual Switching System

Data Center

A Virtual Switching System-enabled Data Center allows for

maximum scalability so bandwidth can be added when required,
but still providing a larger Layer 2 hierarchical architecture free of
reliance on Spanning Tree
Single router
node, Fast L2
convergence,
Scalable
architecture
Dual Active
Uplinks, Fast L2
convergence,
minimized L2
Control Plane,
Scalable
Dual-Homed
Servers, Single
active uplink per
VLAN (PVST),
Fast L2
convergence

L2/L3 Core

L2
Distribution

L2 Access

ARCHITECTURE

VSS
ARCHITECTURE

Agenda Topics

VSS Architecture
Catalyst 6500 that operates as the
Active Control Plane for the VSS

Virtual Switch Primary

Concepts
Defines two Catalyst 6500s that are participating
together as a Virtual Switching System

Virtual Switch Domain

Active
ActiveControl
ControlPlane
Plane
Active
Data
Plane
Active Data Plane

Virtual Switch Secondary

Hot
HotStandby
StandbyControl
ControlPlane
Plane
Active
Data
Plane
Active Data Plane

Virtual Switch Link

Special 10GE link bundle joining two Catalyst 6500s allowing

them to operate as a single logical device

Catalyst 6500 that operates as the

Hot Standby Control Plane for the VSS

VSS Architecture
Virtual Switch Link (VSL)

The Virtual Switch Link joins the two physical switch

together - it provides the mechanism to keep both the
chassis in sync
A Virtual Switch Link
bundle can consist of
up
to 8 x 10GE links

All traffic traversing the VSL link is

encapsulated with a 32 byte Virtual
Switch Header containing ingress and
egress switchport indexes, class of
service (COS), VLAN number, other
important information from the layer 2
and layer 3 header
VS Header L2 HdrL3 Hdr

Data

Control plane uses the VSL

for
CPU
to
CPU
communications while the
data plane uses the VSL to
extend the internal chassis
fabric
to
the
remote
chassis

CRC

Virtual Switch Link

Virtual
Switch
Active

Virtual Switch
Standby

VSS Architecture
VSLP Ping

A new ping mechanism has been implemented in VSS

mode to allow the user to objectively verify the health of
the VSL itself. This is implemented as a VSLP Ping
VSL
VSLP
VSLPPing
Ping

VSLP
VSLPPing
Ping

VSLP
VSLPPing
Ping

VSLP
VSLPPing
Ping

Switch1

Switch2

The VSLP Ping operates on a per-physical interface basis and parameters such as COUNT,
DESTINATION, SIZE, TIMEOUT may also be specified

vss#
vss#ping
ping vslp
vslp output
output interface
interface tenGigabitEthernet
tenGigabitEthernet 1/5/4
1/5/4
Type
Type escape
escape sequence
sequence to
to abort.
abort.
Sending
Sending 5,
5, 100-byte
100-byte VSLP
VSLP ping
ping to
to peer-sup
peer-sup via
via output
output port
port 1/5/4,
1/5/4, timeout
timeout is
is 22 seconds:
seconds:
!!!!!
!!!!!
Success
Success rate
rate is
is 100
100 percent
percent (5/5),
(5/5), round-trip
round-trip min/avg/max
min/avg/max == 12/12/16
12/12/16 ms
ms

VSS Architecture
VSL Configuration Consistency Check
After the roles have been resolved through RRP, a Configuration
Consistency Check is performed across the VSL switches to
ensure proper VSL operation. The following items are checked for
consistency: Switch
Switch Virtual
Virtual Domain
Domain ID
ID
Switch
Switch Virtual
Virtual Switch
Switch ID
ID
Switch
Switch Priority
Priority

Virtual Switch

Switch
Switch Preempt
Preempt
VSL
VSL Port
Port Channel
Channel Link
Link ID
ID
VSL
VSL Port
Port state,
state, interfaces
interfaces
Power
Power Redundancy
Redundancy mode
mode
Power
Power Enable
Enable on
on VSL
VSL cards
cards

Note
Note that
that ifif configurations
configurations do
do not
not match,
match, the
the Hot-Standby
Hot-Standby Supervisor
Supervisor will
will revert
revert
to
to RPR
RPR mode,
mode, disabling
disabling all
all non-VSL
non-VSL interfaces
interfaces

VSS Architecture
Unified Control Plane
One supervisor in each chassis with inter-chassis Stateful Switchover (SSO)
method
in with one supervisor is ACTIVE and other in HOT_STANDBY mode
Active/Standby supervisors run in synchronized mode (boot-env, runningconfiguration, protocol state, and line cards status gets synchronized)
Active supervisor manages the control plane functions such as protocols
(routing, EtherChannel, SNMP, telnet, etc.) and hardware control (Online
Insertion Removal, port management)

CFC or DFC Line Cards

CFC or DFC Line Cards

CFC or DFC Line Cards

CFC or DFC Line Cards

VSL

CFC or DFC Line Cards

SF

RP

PFC

SF

Active Supervisor
CFC or DFC Line Cards
CFC or DFC Line Cards
CFC or DFC Line Cards

CFC or DFC Line Cards

RP

PFC

Standby HOT Supervisor

SSO
Synchronization

CFC or DFC Line Cards

CFC or DFC Line Cards
CFC or DFC Line Cards

VSS Architecture
Dual Active Forwarding Planes
Both forwarding planes are active
Standby supervisor and all linecards including DFCs are actively
forwarding
VSS#
VSS#

show
show switch
switch virtual
virtual redundancy
redundancy

My
My Switch
Switch Id
Id == 11
Peer
Peer Switch
Switch Id
Id == 22

<snip>
<snip>
Switch
Switch 11 Slot
Slot 55 Processor
Processor Information
Information ::
-------------------------------------------------------------------------------------------Current
Current Software
Software state
state == ACTIVE
ACTIVE
<snip>
<snip>

Si

Data
Plane
Active

Si

Data
Plane
Active

Fabric
Fabric State
State == ACTIVE
ACTIVE
Control
Plane
Control Plane State
State == ACTIVE
ACTIVE

Switch
Switch 22 Slot
Slot 55 Processor
Processor Information
Information ::
-------------------------------------------------------------------------------------------Current
Current Software
Software state
state == STANDBY
STANDBY HOT
HOT
(switchover
(switchover target)
target)
<snip>
<snip>

Fabric
Fabric State
State == ACTIVE
ACTIVE
Control
Control Plane
Plane State
State == STANDBY
STANDBY

Switch
1

Switch
2

VSS Architecture
Virtual Switch Domain

A Virtual Switch Domain ID is allocated during the conversion

process and represents the logical grouping the 2 physical
chassis within a VSS. It is possible to have multiple VS Domains
throughout the network

VSS Domain 10

VSS Domain 20

VSS Domain 30

Use a UNIQUE VSS Domain-ID for each VSS Domain throughout the network.
Various protocols use Domain-IDs to uniquely identify each pair.

VSS Architecture
Router MAC Address Assignment

In a Virtual Switching System, there is only one router MAC address

to represent both physical chassis as a single logical device.
By default, the MAC address allocated to the Virtual Switching System is taken from the first
Active Switch burnt-in MAC-address, which is negotiated at system initialization. Regardless of
either switch being brought down or up in the future, the same MAC address will be retained
such that neighboring network nodes and hosts do not need to re-learn a new address.

Router MAC = burnt-in or virtual mac-address

Recommendation is to use the virtual mac-address option. This eliminates the possibility of a duplicate
MAC address in case the original Supervisor is ever reused within the same network.

VSS Architecture
Virtual Router MAC Address Assignment
Instead of using default chassis mac-address assignment, from
12.2(33)SXH2 onwards virtual mac-address can be specified as
shown below
VSS(config-vs-domain)#switch
VSS(config-vs-domain)#switch virtual
virtual domain
domain 10
10
VSS(config-vs-domain)#mac-address
use-virtual
VSS(config-vs-domain)#mac-address use-virtual
Configured
Configured Router
Router mac
mac address
address is
is different
different from
from operational
operational value.
value. Change
Change
will
take
effect
after
config
is
saved
and
the
entire
Virtual
Switching
will take effect after config is saved and the entire Virtual Switching
System
System (Active
(Active and
and Standby)
Standby) is
is reloaded.
reloaded.

VSS#show
VSS#show interface
interface vlan
vlan 11
Vlan1
Vlan1 is
is up,
up, line
line protocol
protocol is
is up
up
Hardware
is
EtherSVI,
address
Hardware is EtherSVI, address is
is 0008.e3ff.fc0a
0008.e3ff.fc0a (bia
(bia 0008.e3ff.fc0a)
0008.e3ff.fc0a)

The use-Virtual MAC address is assigned from a reserved pool of MAC addresses
appended with the VSS domain id. The reserved pool is 0008.e3ff.fc00 to
0008.e3ff.ffff.

VSS Architecture
Multichassis EtherChannel (MEC)
Prior to the Virtual Switching System, EtherChannels were restricted to reside
within the same physical switch. In a Virtual Switching environment, the two
physical switches form a single logical network entity - therefore
EtherChannels can now be extended across the two physical chassis
VSS

Standalone

Both
Both LACP
LACP and
and PAGP
PAGP
Etherchannel
Etherchannel protocols
protocols and
and
Manual
Manual ON
ON modes
modes are
are
supported
supported

Regular Etherchannel on single

chassis

Multichassis EtherChannel
across 2 VSS-enabled chassis

Etherchannel Concepts
Etherchannel Hash Distribution
The default hashing algorithm will redistribute all the Result Bit Hash values across
the available ports when there is a change. This affects all traffic traversing the
Etherchannel
RBH (for MEC)
2 Link Bundle Example
Link 1
Link 2
Flow
Flow 11
Flow
Flow 33
Flow
Flow 55
Flow
Flow 77

Flow
Flow 22
Flow
Flow 44
Flow
Flow 66
Flow
Flow 88

Links 1,2
Links 1,2,3

RBH (for MEC)

3 Link Bundle Example
Link 1
Link 2
Link 3
Flow
Flow 11
Flow
Flow 44
Flow
Flow 77

Flow
Flow 22
Flow
Flow 55
Flow
Flow 88

Flow
Flow 33
Flow
Flow 66

Links 3,4
Links 4,5,6

Etherchannel Concepts
Etherchannel Hash Distribution Adaptive
Adaptive Hash Distribution Enhancement allows for the addition or removal of links
in a bundle without affecting all of the traffic in an Etherchannel. Note in the below
example, only Flow 7 and 8 are affected by the addition of an extra link to the
Channel
RBH (for MEC)
RBH (for MEC)
2 Link Bundle Example
Link 1
Link 2
Flow
Flow 11
Flow
Flow 33
Flow
Flow 55
Flow
Flow 77

Flow
Flow 22
Flow
Flow 44
Flow
Flow 66
Flow
Flow 88

3 Link Bundle Example

Link 1
Link 2
Link 3
Flow
Flow 11
Flow
Flow 33
Flow
Flow 55

Flow
Flow 22
Flow
Flow 44
Flow
Flow 66

Flow 7
Flow
Flow 88

vss#conf
vss#conf tt
Enter
Enter configuration
configuration commands,
commands, one
one per
per line.
line. End
End with
with CNTL/Z.
CNTL/Z.
vss(config)#port-channel
vss(config)#port-channel hash-distribution
hash-distribution adaptive
adaptive
vss(config)#
vss(config)# ^Z
^Z
vss#
vss#

Available in 12.2(33)SXH

VSS Architecture
MEC Load-Balance Schemes
VSS(config)#port-channel
VSS(config)#port-channel load-balance
load-balance ??
dst-ip
dst-ip

Dst
Dst IP
IP Addr
Addr

dst-mac
dst-mac

Dst
Dst Mac
Mac Addr
Addr

dst-mixed-ip-port
dst-mixed-ip-port

Dst
Dst IP
IP Addr
Addr and
and TCP/UDP
TCP/UDP Port
Port

dst-port
dst-port

Dst
Dst TCP/UDP
TCP/UDP Port
Port

mpls
mpls

Load
Load Balancing
Balancing for
for MPLS
MPLS packets
packets

src-dst-ip
src-dst-ip

Src
Src XOR
XOR Dst
Dst IP
IP Addr
Addr

src-dst-mac
src-dst-mac

Src
Src XOR
XOR Dst
Dst Mac
Mac Addr
Addr

src-dst-mixed-ip-port
src-dst-mixed-ip-port

Src
Src XOR
XOR Dst
Dst IP
IP Addr
Addr and
and TCP/UDP
TCP/UDP Port
Port

src-dst-port
src-dst-port

Src
Src XOR
XOR Dst
Dst TCP/UDP
TCP/UDP Port
Port

src-ip
src-ip

Src
Src IP
IP Addr
Addr

src-mac
src-mac

Src
Src Mac
Mac Addr
Addr

src-mixed-ip-port
src-mixed-ip-port

Src
Src IP
IP Addr
Addr and
and TCP/UDP
TCP/UDP Port
Port

src-port
src-port

Src
Src TCP/UDP
TCP/UDP Port
Port

VSS Architecture
EtherChannel Hash
A command can be invoked to assist in determining which link in
the bundle will be used - it can use various hash inputs to yield
an 8-bucket RBH value that will correspond to one of the port
channel members

vss#show
vss#show etherchannel
etherchannel load-balance
load-balance hash-result
hash-result interface
interface portportchannel
channel 120
120 switch
switch 11 ip
ip 192.168.220.10
192.168.220.10 192.168.10.10
192.168.10.10
Computed
Computed RBH:
RBH: 0x4
0x4
Would
Would select
select Gi1/2/1
Gi1/2/1 of
of Po120
Po120
Note:
Note: specify
specify switch
switch <id>
<id> when
when using
using hash
hash result
result command,
command, ifif not
not VSS
VSS assumes
assumes switch
switch
<1>
<1> while
while commuting
commuting hash
hash results
results from
from the
the hardware.
hardware.

Presentation_ID

2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

HARDWARE AND SOFTWARE

HARDWARE AND
SOFTWARE
REQUIREMENTS

Agenda Topics

VSS Hardware
VSS capable Supervisors
Requirements
Sup720-10GE
Supervisor Modules

Sup2T (1H CY2011)

New forwarding engine ASICs
VS-S720-10G-3C/XL

Interface indices and

mappings allowing traffic
forwarding across two
chassis
MAC address learning
across two chassis
VSL-capable 10GE uplinks

Supervisor 2T
1H CY2011

VSS is not supported on

Sup720 or legacy Supervisor
modules

Module
VS-S720-10G-3C/XL

VSS Hardware
Requirements
Description

VSL-Ports
(capable)

VSL
Capable Interfaces
Supervisor
2

Status
Shipping

WS-X6708-10G-3C/XL

10 GE Linecard

Shipping

WS-X6716-10G-3C/XL

10 GE Linecard

Shipping

(Performance
mode)

16-port 10GBASE-T

10 GE Copper Linecard

16

2Q CY 2010
(target)

Supervisor 2T

Supervisor

1H CY 2011
(target)

NEW 8-port 10GE

Linecard

10 GE Linecard

1HCY 2011
(target)

NEW 4-port 40GE/16port 10GE

Dual Speed 40/10 GE

4 or 16

2H CY 2011
(target)

(all ports)

Module

VSS Hardware
Requirements
Descripiton

Status

10GE Linecard

Shipping

WS-X6708-10G-3C/XL

10GE Linecard

Shipping

WS-X6716-10G-3C/XL

10GE Linecard

Shipping

WS-X6724-SFP

1000BASE-X Linecard

Shipping

WS-X6748-SFP

1000BASE-X Linecard

Shipping

WS-X6748-GE-TX

10/100/1000 BASE-TX Linecard

Shipping

16-port 10GBASE-T

10 GE Copper Linecard

2Q CY 2010
(target)

NEW 8-port 10GE Linecard

10 GE Linecard

1H CY 2011
(target)

NEW 4-port 40GE/16-port

10GE

Dual Speed 40/10 GE

2H CY 2011
(target)

VSS Supported Ethernet Modules

WS-X6704-10G-3C/XL

VSS does not support Ethernet WAN interfaces provided on the SPA Carrier Modules

VSS Hardware
Requirements

Module

Description

VSS
Minimum
Software

Service
Module
Minimum
Software

ACE10/ACE 20-6500-K9

Application Control Engine (ACE)

12.2(33)SXI

A2(1.2)

WS-SVC-FWSM-1-K9

Firewall Services Module (FWSM)

12.2(33)SXI

4.0(4)

WS-SVC-IDSM2-K9

Intrusion Detection System

Services Module (IDSM-2)

12.2(33)SXI

6.0(2)E1

WS-SVC-NAM-1
WS-SVC-NAM-2

Network Analysis Module (NAM1)

Network Analysis Module (NAM2)

12.2(33)SXH1

3.6(1a)

WS-SVC-WISM-1-K9

Wireless Services Module (WiSM)

12.2(33)SXI

3.2.171.6

Service Module Support

Application Control Engine (ACE)

Firewall Services Module (FWSM)

ACE10/ACE 20-6500-K9

WS-SVC-FWM-1-K9

Network Analysis Module (NAM 1&2)

WS-SVC-NAM-1 WS-SVCNAM-2

Wireless Services Module (WiSM)

WS-SVC-WISM-1-K9

Intrusion Detection System Services Module (IDSM-2)

WS-SVC-IDSM2-K9

VSS Hardware
Requirements
Sup720-10G

Sup2T

Linecard Type

Sup720-10G
Non-VSS Mode
System wide
PFC Mode

System wide
PFC Mode

System Wide
PFC Mode

Sup2T
VSS Mode
System Wide
PFC Mode

DFC4

Not Supported

Not Suppprted

PFC4

PFC4

DFC3C

PFC3C

PFC3C

Not Supported

Not Supported

DFC3B

PFC3B*

Not Supported

Not Supported

Not Supported

DFC3A

PFC3A*

Not Supported

Not Supported

Not Supported

DFC2

Not Supported

Not Supported

Not Supported

Not Supported

CFC

PFC3C

PFC3C

Supported

Not Supported

Classic

PFC3C

Not supported

Not Supported

Not Supported

PFC and VSS

DFC
Modules
Mode
Non-VSS Mode

* Non-VSS mode, inserting DFC3A or DFC3B will be

powered down until a reload, Up on reload systems runs
in lowest common denominator DFC mode.

Software Requirements
VSS Packaging
Supported with 12.2(33)SXI1 (CCO 03/31/09)

IOS IP Base
(available with
bundles only)

IOS IP Services
and Above

Before
12.2(33)SXI1

After
12.2(33)SXI1

VSS
VSS1440
1440
Mode
ModeNot
Not
Supported
Supported

VSS
VSS1440
1440
Mode
Mode
Supported
Supported

VSS
VSS1440
1440
Mode
Mode
Supported
Supported

VSS
VSS1440
1440
Mode
Mode
Supported
Supported

New

Please refer to the SXI1 product bulletin for more

information
http://www.cisco.com/en/US/products/ps9336/prod_bulletin
s_list.html