What is VSS

--------------------------------------

The Virtual Switching System (VSS) is a clustering technology that combines two Cisco Catalyst 4500 or
6500 Series into a single virtual switch. In a VSS, the data plane of both clustered switches is active at the
same time in both chassis. VSS members are connected by virtual switch links (VSLs) using standard
Gigabit or 10 Gigabit Ethernet connections between the VSS members. VSLs can carry regular user traffic
in addition to the control plane communication between the VSS members.

VSS BACKGROUND

--------------------------------------

In case of redundant devices, there are actually quite a few solutions that can be used.

We have HSRP & VRRP available as the redundancy protocol. These first-hop redundancy protocols are
usually heavily tied to a fast-converging routing protocol like EIGRP, and still require that each device
maintain its own control plane.

In simple words, two switches are actually acting as separate switches in terms of processing. One
switch will act as Active & one as Standby.

Often, two switches are configured, and one responds to ARP requests while the other does not. This is
an active/passive relationship.

VSS goes one step ahead to all of these.

VSS merges the two switches into one virtual “mega-switch”, rather than wasting a perfectly good
switch.

There’s still a master/slave relationship, but rather than placing one switch in standby while the other is
active, this determines which switch maintains control over the other.

TRADITIONAL NETWORK vs VSS NETWORK

--------------------------------------

In either case, these two switches are configured with a port channel between them. Using HSRP, you
can establish redundancy just fine, but keep in mind that since both switches are distinct entities, you
must rely on spanning tree to eliminate bridging loops, which means each access layer switch will put
one of their uplink connections to the core in a blocking state.

VSS utilizes the port channel between the switches to merge them together into one massive switch. As
a result, redundant connections from the Access layer to the Core no longer need to be blocked because
since they’re virtually both connected to the same switch, they can be configured in a port-channel
UNDERSTANDING VSS CLI

-------------------------------------

Both the switches are virtually & merged, which looks like a single switch in their functionality.

Switch ports naming convention: This configuration also adds a third number to the interface names,
which looks like Chassis/Slot/Port.

Example: GigabitEthernet 2/1/1

It is signifying Switch number 2 / Line card 1 / Port number 1 Or,

First port on the first card on switch 2

We cannot enter into global configuration mode on the secondary switch

6509SW1-sdby#conf t

Standby console disabled

VSS CONFIGURATION

---------------------------------------

CONFIGURE REDUNDANCY MODE

6509SW1(config)# redundancy

6509SW1(config-red)# mode sso

SSO: Stateful Switch Over. With SSO redundancy, the VSS standby supervisor engine is always ready to
assume control following a fault on the VSS active supervisor engine.

VSS operates with SSO, if following conditions are met

Both supervisor engines must be running the same software version.

VSL-related configuration in the two chassis must match.

PFC mode must match.

SSO and nonstop forwarding (NSF) must be configured on each chassis.

BASIC / STANDARD CONFIGURATION

---------------------

6509SW1(config)# switch virtual domain 100

6509SW1(config-vs-domain)# switch 1

6509SW1(config-vs-domain)# switch mode virtual

6509SW1(config-vs-domain)# switch 1 priority 110

6509SW1(config-vs-domain)# switch 2 priority 100

6509SW2(config)# switch virtual domain 100

6509SW2(config-vs-domain)# switch 2

6509SW2(config-vs-domain)# switch mode virtual

6509SW2(config-vs-domain)# switch 1 priority 110

6509SW2(config-vs-domain)# switch 2 priority 100

The priority configuration shown above is optional, and will produce the same results as is the default,
since in the event of a priority tie, the smaller numbered switch will be elected the primary, but it is
important to remember that the configurations must be identical to form a VSS system.

CONFIGURE PORT CHANNEL BETWEEN VSS SWITCHES

6590SW1(config)# interface port-channel 1

6509SW1(config-if)# no shut

6509SW1(config-if)# switch virtual link 1

6509SW1(config-if)# interface range TenGigabitEthernet 1/1 – 2

6509SW1(config-if-range)# no shut

6509SW1(config-if-range)# channel-group 1 mode on

6509SW2(config)# interface port-channel 2

6509SW2(config-if)# no shut

6509SW2(config-if)# switch virtual link 2

6509SW2(config-if)# interface range TenGigabitEthernet 1/1 – 2

6509SW2(config-if-range)# no shut

6509SW2(config-if-range)# channel-group 2 mode on

FINAL STEP ON BOTH THE SWITCHES

6509SW1# switch convert mode virtual

It should ask you to reload, select yes. The switches will come back up as a VSS pair, and the interfaces
on the secondary switch will be assimilated into the configuration for the primary switch

VERIFY VSS DETAILS

6509SW1#show switch virtual

Switch mode : Virtual Switch

Virtual switch domain number : 100

Local switch number : 1

Local switch operational role: Virtual Switch Active

Peer switch number : 2

Peer switch operational role : Virtual Switch Standby

VSS Benefits

-------------------------------------------

Single Configuration

Single Node to manage

Only 1 gateway IP address needed

No need for HSRP/VRRP/GLBP

MEC (Multi-chassis Etherchannel) simplified loop-free topologies

Physical switches can be located provided they do not exceed to 10Gb Ethernet distance requirements
Nonstop communications, Inter-chassis stateful fail-over, Eliminate L2/L3 protocol re-convergence if a
VSS member switch fails

Deterministic sub-second VSS recovery

802.3ad and PagP for deterministic sub-second L2 recovery

Scales to 1.4Tbps

VSS offers superior benefits compared to traditional Layer 2/Layer 3 network design. Benefits can be
grouped into four main categories:

1. VSS increases operational efficiency by simplifying the network, reducing switch management
overhead by at least 50 percent.

• Single point of management, IP address, and routing instance for the Cisco Catalyst 6500 virtual switch

– Single configuration file and node to manage. Removes the need to configure redundant switches
twice with identical policies.

– Only one gateway IP address is required per VLAN, instead of the three IP addresses per VLAN used
today.

– Removes the need for Hot Standby Router Protocol (HSRP), Virtual Router Redundancy Protocol
(VRRP), and Gateway Load Balancing Protocol (GLBP)

– CiscoWorks LAN Management System (LMS) 3.0 can be used to centrally manage a Cisco Catalyst 6500
virtual switch as a single entity.

• Multichassis EtherChannel® (MEC) is a Layer 2 multipathing technology that creates simplified loop-
free topologies, eliminating the dependency on Spanning Tree Protocol, which can still be activated to
protect strictly against any user misconfiguration.

• Flexible deployment options. The underlying physical switches do not have to be colocated. The two
physical switches are connected with standard 10 Gigabit Ethernet interfaces and as such can be located
any distance based on the distance limitation of the chosen 10 Gigabit Ethernet optics. For example,
with X2-10GB-ER 10 Gigabit Ethernet optics, the switches can be located up to 40 km apart.

2. VSS boosts nonstop communications.

• Interchassis stateful failover results in no disruption to applications that rely on network state
information (for example, forwarding table info, NetFlow, Network Address Translation [NAT],
authentication, and authorization). VSS eliminates L2/L3 protocol reconvergence if a virtual switch
member fails, resulting in deterministic subsecond virtual switch recovery.

• Utilizes EtherChannel (802.3ad or Port Aggregation Protocol (PAgP) for deterministic subsecond Layer
2 link recovery, removing the dependency on Spanning Tree Protocol for link recovery.

3. VSS scales system bandwidth capacity to 1.4 Tbps.

• Activates all available Layer 2 bandwidth across redundant Cisco Catalyst 6500 Series Switches with
automatic, even load sharing. Link load sharing is optimized because it is based on more granular
information, such as L2/L3/L4 parameters, unlike virtual LAN (VLAN)-based load balancing in Spanning
Tree Protocol configuration.

• Enables standards-based link aggregation for server network interface card (NIC) teaming across
redundant data center switches, maximizing server bandwidth throughput and increasing the number of
standards-based components in the data center (that is, server NICs) with needing to configure
proprietary NIC vendor mechanisms.

• Maximizes the utilization of all (132) 10 Gigabit Ethernet ports in a Cisco Catalyst 6500 virtual switch.

• Conserves bandwidth by:

– Eliminating unicast flooding caused by asymmetrical routing in traditional campus designs.

– Optimizing the number of hops for intracampus traffic using multichassis EtherChannel enhancements.

4. VSS utilizes existing multilayer switching architecture.

• VSS enhances existing multilayer switching architecture using simplification of architecture without
fundamentally changing the architecture resulting in easy of adoption of the technology.
• Uses existing Cisco Catalyst 6500 investments, easing the deployment of VSS. The VSS is supported on
non-E and E series Catalyst 6500 Series Switches chassis and supports all Cisco Catalyst 6500 series 6700
series modules.

• VSS uses standards-based 10 Gigabit Ethernet connectivity between the Cisco Catalyst 6500 virtual
switch members, allowing for flexible distance options. The underlying physical switches do not have to
be collocated.

what is vss 1440

------------------------------------

The VSS 1440 is a feature on the Cisco Catalyst 6500 Series Switches that effectively allows the clustering
of two physical chassis into a single logically managed entity.

VSS 1440 simplifies network complexity and management overhead by 50 percent:

• VSS 1440 is managed using a single point of management through the active virtual switch member.
The number of devices that need to be managed by Simple Network Management Protocol [SNMP] is
reduced by 50 percent.

• VSS 1440 has a single combined configuration file for both virtual switch members, and VSS allows
configuration of both the switches from a single management interface (using a CLI or SNMP).

Dual active detection Method in VSS

A VSS is formed by using a VSL (virtual switch link) between both switches of 4500 or 6500 series.

In VSS, one switch acts as a active switch & other as standby switch

If the VSL link between both the switches is broken, then standby switch assumes the active switch
chasis has failed and becomes as an active switch in VSS
But here, in this case, only the link between both switches has been failed but the active switch is still
working.

this scenerio results both switches to work as active switches & it can cause the problem in network

Dual active detection method can be configured in VCC to prevent this problem from happening.

i) Dual Active detection using enhanced PAgP

An enhanced version of PAgP is configured on the EtherChannel which provides the Dual-Active
detection.

Upstream Switch should support this functionality

ii) Dual Active detection using IP BFD

In this method we need to provide direct Ethernet connection between the two switches

The VSS uses bidirectional forwarding detection (BFD) protocol to detect the connectivity between both
switches.

If the VSL between both switches fails then both the switches try to form BFD neighbor relationship
between them.

when the active switch receives a BFD message from neighbor switch then it understand VSL link
between both switches has been failed.

iii) Dual active detection using Dual-Active Fast Hello packets

In this method also, we need to provide direct Ethernet connection between the two VSS switches

We can use up to four non-VSL links for this method.

The two switches periodically exchange special layer 2 dual-active hello message containing information
about the switch state

if the VSL link between both switches fails and a dual-active scenerio occurs, each switch recognizes
from the peer's messages that there is dual-active scenerio and starts recovery actions.
What Is VSS Quad Supervisor (Sup) RPR?

----------------------------------------------------

When a chassis is running in virtual switching system (VSS) mode, it supports a second supervisor
engine. However, support occurs only in rommon mode, by disabling auto-boot with the confreg
command.

Catalyst 4500-E switch configured with Supervisor 7E, 7-LE, or 8E supports quad-supervisor VSS Route
Processor Redundancy (RPR) mode. This mode enhances the VSS with support for Redundant Supervisor
Module (RSM) within a single chassis. This functionality is also called in-chassis standby (ICS).

The two supervisor modules use RPR technology to establish an RPR standby cold-redundancy
relationship within each local chassis, and Stateful Switchover (SSO) technology to establish an SSO
active/standby redundancy relationship across the chassis. In the unlikely event that the active
supervisor should fail within the chassis, the standby cold supervisor will transition to the active role (in-
chassis active [ICA]). This transition occurs by fully booting up the ICS supervisor; it remains non-
operational until the SSO redundancy is re-established with the VSS active supervisor across the chassis.

Key Benefits of VSS Quad Sup RPR

---------------------------------------------

When you support an in-chassis standby supervisor, the resiliency of the individual chassis increases, as
well as the performance of the VSS, during a supervisor failure event.

The main benefits are:

● Increased chassis resiliency

● Automated and deterministic recovery of a failed supervisor without human intervention

● The standby supervisor will automatically boot in an event of active supervisor failure
Can I check Serial number of Standby switch in VSS?

-------------------------------------------------

YES. command "Show inventory" or "show module switch all"

Point to Point Connection

---------------------------------------------

A Point to Point Connection is a private data connection securely connecting two or more locations for
private data services. A point to point connection is a closed network data transport service which does
not traverse the public Internet and is inherently secure with no data encryption needed. Point to Point
connections are available in a range of a bandwidth speeds including point to point T1, point to point
Ethernet or point to point DS3. A point to point connection provides unparalleled quality of service
(QoS) as it is not a shared service (a private line) and follows the same direct network path every time.
Point to Point links are used by businesses to provide reliable, secure point to point network data
service for applications including credit card processing, file sharing, data backup, point to point VOIP,
and video conferencing. A point to point network can also be configured to carry voice, video, Internet,
and data services together over the same point to point connection. Point to Point circuits are also
known as a Point to Point Link, Private Line, Leased Line, or Data Line.

Point to point vs. point to multipoint

It is important to distinguish, between these two communication methods, as these terms are
frequently used interchangeably. A point to multipoint connection (also known as P2MP) can also be
described as a one-to-many connection. While one node remains the same, it can communicate with
multiple locations. While most point to point communication applications are used to communicate
both ways, P2MP systems are frequently designed without a return channel for the multiple receives to
reply back to the sending node. The most common example of such a system is a radio station, which
broadcasts its material to multiple nodes using radio frequencies.

Summary of differences between Point to Point and Point to Multipoint

Point to point connection Point to multipoint connection

The communication channel of a point to point connection is used by just two devices. || The
communication channel is used by multiple nodes.

A connection can only be established if both devices are online. || A connection can be
established at any time, regardless of whether other devices are online.

Network capacity is entirely reserved for the connection between two dedicated devices. || The
capacity is distributed amongst all connected devices.

One device transmits data, while the other receives it || One device transmits data, while many
others can receive it. (Broadcasting)

As this is not a shared communication channel, there are much fewer security risks and privacy risks
associated with a point to point connection ||As a shared communication channel, the security and
privacy of the connection can be compromised, if not encrypted properly.

What is EtherChannel

---------------------------------------------------

EtherChannel is a port link aggregation technology or port-channel architecture used primarily on cisco
switches. if allows grouping of several physical Ethernet links to create one logical Ethernet link for the
purpose of providing fault-tolerance and high-speed links between switches, routers & servers. All
member ports within the bundle must have the same physical settings such as port type, speed &
duplex. traffic is load-shared across the ports. It is important to note that traffic is not loadbalanced, as
load distribution is not always equals across all member ports.

There are three types of Etherchannels negotiation mechanism

------------------------------------------------------

PAgP (Port Aggregation Protocol)- Cisco’s proprietary negotiation protocol

LACP (Link Aggregation Protocol) – Standards-based negotiation protocol

Static Persistence (“On”) – No negotiation protocol is used

What is PAgP

------------------------------------------------
Post aggregation protocol is a Cisco proprietary networking protocol, which is used for automated,
logical aggregation of Ethernet switch ports, known as an EtherChannel. PAgP can be configured on a
cisco switch to operate 3 diffrent modes

What is LACP Port

-------------------------------------------------

LACP is a part of the IEEE specificaion 802.3ad that allows you to bundle several physical ports to form a
single logical channel. when you change the number of active bundle ports on a port channel, traffic
patterns will reflect rebalanced state of the port channel.

There are two types of Etherchannels 1) Layer2 2) Layer3

1) Layer2 Etherchannels:

Switch1(config)# interface range gigabitethernet0/1 -4

Switch1(config-if-range)# switchport access vlan 100

Switch1(config-if-range)# channel-group 5 mode ?

active–Enable LACP unconditionally

auto–Enable PAgP only if a PAgP device is detected

desirable–Enable PAgP unconditionally

on–Enable Etherchannel only “Manual On Mode”

passive–Enable LACP only if a LACP device is detected

Switch1(config-if-range)# channel-group 5 mode desirable

2) Layer 3 Etherchannels:

Switch1(config)# interface port-channel 2

Switch1(config-if)# no switchport

Switch1(config-if)# ip address 172.16.1.10 255.255.255.0

Switch1(config-if)# end

Multichassis EtherChannel

---------------------------------------------------

An EtherChannel (also known as a port channel) is a collection of two or more physical links that
combine to form one logical link. Layer 2 protocols operate on the EtherChannel as a single logical
entity.

A multichassis EtherChannel (MEC) is a port channel that spans the two chassis of a VSS. The access
switch views the MEC as a standard port channel. See Figure 4-4.

The VSS supports a maximum of 512 EtherChannels. This limit applies to the combined total of regular
EtherChannels and MECs. Because VSL requires two EtherChannel numbers (one for each chassis), there
are 510 user-configurable EtherChannels. If an installed service module uses an internal EtherChannel,
that EtherChannel will be included in the total.

STP

-------------------------------------------

What is STP and Redundant Links?

Spanning Tree Protocol (STP) is a protocol which prevents layer 2 loops. STP enables switches to become
aware of each other so that they can negotiate a Loop-Free path through the network. In practical
Scenario, Redundant links are created to avoid complete network failure in an event of failure of one
link.

How STP works?

STP chooses a reference point (Root Bridge) in the network and calculates all the redundant paths to
that reference point. Then it picks one path which to forward frames and blocks other redundant paths.
When blocking happens, Loops are prevented.

What are the different port states?

1 Disabled - A port in the disabled state does not participate in the STP.

2.Blocking - A blocked port does not forward frames. It only listens to BPDUs. The purpose of the
blocking state is to prevent the use of looped paths.

3.Listening - A port in the listening state prepares to forward data frames without populating the MAC
address table. The port also sends and listens to BPDUs to make sure no loops occur on the network.

4.Learning - A port in learning state populates the MAC address table but doesn’t forward data
frames. The port still sends and receives BPDUs as before.

5.Forwarding- The port now can send and receive data frames, collect MAC addresses in its address
table, send and receive BPDUs. The port is now a fully functioning switch port within the spanning-tree
topology.

What is STP Timer and Explain different types of STP Timers?

STP uses three timers to make sure that a network converges properly before a bridging loop can form.

Hello timer- The time interval between configuration BPDUs sent by the root bridge. It is 2 seconds by
default.

Forward Delay timer - The time interval that a switch port spends in both the Listening and Learning
states. The default value is 15 seconds.

Max (Maximum) Age timer - Maximum length of time a BPDU can be stored without receiving an
update. It can also be defined as a time interval that a switch stores a BPDU before discarding it. It is
seconds by default.

Explain types of STP Port Roles?

Root port- The root port is always the link directly connected to the root bridge, or the shortest path to
the root bridge. It is always on Non-Root Bridge.

Designated port - A designated port is one that has been determined as having the best (lowest) cost. A
designated port will be marked as a forwarding port. It can be on both the root Bridge non-root Bridge.
All ports of root bridge are designated port.
Forwarding port - A forwarding port forwards frames.

Blocked port - A blocked port is the port that is used to prevent loops. It only listens to BPDUs. Any port
other than root port & designated port is a blocked port.

What is BPDU?

All the switches exchange information to select root bridge as well as for configuration of the network.
This is done through the Bridge Protocol Data Unit (BPDU). Each switch compares the parameters in the
BPDU that it sends to one neighbor with the one that it receives from another neighbor.

What is the destination MAC address used by Bridge Protocol Data Units (BPDUs)?

Bridge Protocol Data Units (BPDUs) frames are sent out as at multicast destination MAC address
01:80:c2:00:00:00.

Two types of BPDU exist:-

Configuration BPDU - This type of&nbsp; BPDU is used for spanning-tree computation.<br />

Topology Change Notification (TCN) BPDU - This type of BPDU is used to announce changes in the
network topology.

How Root bridge is elected?

The bridge ID is used to elect the root bridge in the STP domain. This ID is 8 bytes long and includes both
the priority and the MAC address of the device.

Switch with the lowest Bridge ID is elected as the root bridge which means switch with the lowest
priority will become root bridge if two or more switches have same priority then switch with lowest mac
address will become root Bridge.

What is path cost or Spanning tree path cost value?

The spanning tree cost value is inversely proportional to the bandwidth of the link and therefore a path
with a low cost value is preferable than a path with hig cost value.

Link Bandwidth Cost Value

10 Gbps 2

1 Gbps 4

100 Mbps 19

10 Mbps 100

What is Root Port?

Once the Root Switch is elected, every other Switch in the network must select a single port on itself to
reach the Root Switch. The port with the lowest root path cost (lowest cumulative cost to reach the root
switch) is elected as the root port and is placed in the forwarding state. Root bridge will never have a
root port.

What is Extended System ID?

The Extended System ID is utilized by spanning-tree to include the VLAN ID information inside 16-bit STP
Bridge Priority value. Extended System ID is the least significant 12-bits in 16-bit STP Bridge Priority
value.