cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15349
Views
0
Helpful
21
Replies

Stack, VSS, StackWise Virtual, or none

Steven Williams
Level 4
Level 4

I currently run a pair of 4500x in the core in a VSS configuration. I am replacing these with Cat9ks that support StackWise Virtual...I am curious to hear peoples take on stacking core switches or not? Obviously both have pros and cons. The pro for me is that I dont have to deal too much with STP when it comes to access layer switches with duel fiber runs connecting to each core. 

21 Replies 21

Mark Malone
VIP Alumni
VIP Alumni
Hi
we do in all our regions , core 6509 VSS dist 4500X VSS and even access are VSS 4507 or stackwise 9k and in DC we 7k VPC , we have to remain up at all costs at each layer so for us its important, then you have the extra throughput , single management of core , loop free as you said , no requirement for FHRP , less management
our requirements is basically no users should be down wired or wireless so we have everything dual homed right down to the aps , even though i think access layer VSS is bit overkill thats whats in place

i suppose it depends on the criticality of your network what exactly your doing , this is only at core sites now , remote offices wouldn't get same design but would have some for of redundancy maybe dual routers but not switches , these are offices with 4- 500 plus users etc where VSS is in place

I guess my concern with VSS or SWV is the shared control and data plane. Also the hassle of upgrades.

both VSS and SWV work in similar way. VSS for Cat 4K, 6K kind of platform, SWV is new one like 3850, 9400, 9500 ( refer the models before yo deploying)

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

We are deploying Cat 9500 so SWV, I am just trying to justify if it is smart to stack in the core or not? Run separate switches and run GLBP or HSRP and leverage ECMP. Looking for design suggestions and gotchas

When we are discussing Core, these are your heard of enterprise network, these always required HA/Resilience for the best to protect distribution and access network.

 

Stack can not be deployed here.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Right, that was my concern. But what are the options here to get the most use of both switches. alternate HSRP groups to each to some traffic flows through Core A and Core B then let ECMP handle north bound? If both Both Cores are connecting northbound to an active/standby core firewall pair does it make sense to do this?

yes and you are in correct path. ( if your FW support you can do Clustering - that is differet topic , but possiblle).

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

They are core firewalls. Palo Alto, active/passive.

 

Screen Shot 2019-03-02 at 4.23.18 PM.png

This is more Of Eve-Ng Lab ? i 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

This is what I am going to be building. Easy to mock it before I start replacing core devices.

Seems to be reasonable approach (Hopefully you have Panorama for Managing these Palos ?).

 

Personally always to have 2 vendor NGFW in the network, if one vendor fail, other will cover..(this is my personal experience)

rather put all eggs in one basket..which you did in this design approach.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

We will be running Cisco FTD at the edge and PA in the core for now. Then I assume they will want to go all PA since thats the security departments vision. So for now I have security in layers as it relates to difference vendors. Yes we will have Panorama, which really won't matter with only one pair for now. We are looking at M-500 device for this also since logging to splunk becomes expensive. I just normally struggle with core stacks and VSS. I have worked many places that put their core 6500s in a VSS configuration and people who run nk7 run vPC so I am just wondering if separate layer 3 devices in the core is really still a thing being done. Its going to require me to fine tune STP thats for sure.

vPC some how solves some kind of Spanning tree issues. again depends on your deployment scenarios in the network.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Ya but then I have to run Nexus in the campus core and deal with any "cant route over vPC" issues that come up. I mean the easy method is stack the cat9ks and call it a day. The 4500s in the core right now are vss so no change there except running SWV rather than VSS.

Review Cisco Networking for a $25 gift card