I have a loan switch that just serves as a PaGP dual-active detect connection to my exiting VSS.
No other connections are on the switch.
The PaGP port-channel is Layer 2, and passes just the Mgmt vlan.
My questions is:
I'm setting up a second VSS pair in the same area.
Can I use the same switch to do PaGP dual-active detect?
To avoid any need to STP block on any of the port-channels, I'd like to convert port-channels to L3 (still with PaGP).
My thought is the dual-active detection mechanism uses the PaGP hello messages, and not any real traffic. So it shouldn't matter if the port-channel is Layer 2 or Layer 3.
I wouldn't even need to put IP Addresses on my Layer 3 port-channel.
Does anyone know if this is valid?
You can defiantly can use the same switch for you second VSS's PAGP dual-active detection. The other option would be to use a one gig link (for the existing VSS and the new one) from the sup module or from a line card for fast hello. If you use this option, you can use your other switch for something else, if this is the only function it is providing.
No need to worry about STP, with VSS both physical devices are logically one, so there is no STP.
Cisco has recommend we not use fast-hello, as it is too slow to recognize the dual active condition.
They recommend ePaGP.
We could use a switch in the LAN, but instead have a switch setup just for the Dual-active detect purpose.
I have two VSSs (meaning 4x 6500s).
Wanted to use the same switch for ePaGP, and not worry about L2 loops.
I did test this yesterday and the L3 portchannel works.
So on my 3750 I have Po1 connecting to both units in my first VSS. Po2 connecting both units of my second VSS. No IPs. So no risk of L2 or L3 looping.
I did test with
as long as both each of the VSS pair switches connected to the same switch for ePaGP then it is ok
by the way fast hello is another Cisco's recommended method for VSS dual-active detection
Our Cisco SE has indicated the PaGP mechanism for dual-active detect is preferred over Fast-hello.
He indicated PaGP will detect the dual-active condition more quickly.
He did not even recommend using both mechanisms together.
Really what my question was about was using PaGP with L3 port-channel with no IPs.
-I want to avoid L2 to avoid worrying about STP issues.
-Didn't see the need for IPs on my L3 port-channel, since the PaGP negotiation itself is what monitors for dual-active condition.
I've gone ahead and done this.
No issues for the last 30 days.
I have both of my VSS pairs using the same 3750 switch with PaGP.
Two PaGP port-channels on the same 3750 going to 4 6500s.
We've deployed fast-hello on direct link between VSS nodes in quite a few case, we haven't met any issue specifically related with fast-hello.
On the other hand, to run the dual-active via a 3rd switch doesn't make sense. In campus netework with VSS is being ported to cat4500, using 3rd access layer switch for ePaGP is not convenient. For example the access layer switches may be 2960s stacks, which doesn't support ePaGP (I haven't tested, but ePaGP has certain hardware/software requirement on the 3rd switch).
Which can win the race: increasing bandwidth with new technologies VS QoS?
Both Fast-Hello and ePAgP are recommended mechanism for dual active detection. Infact Fast-hello provides fastest convergence in most cases. Cisco also recommends to use more than one type of dual-active detection mechanisms.
Here are VSS Best Practices:
Here are some convergence results:
Hope that helps
I have my Access Layer connected to VSS enabled Distribution Layer through layer2 port-channels, and for all of them dual-active detection is configured on Distribution.
But what about the layer 3 port channels between Distribution and Core (VSS enabled)? Are those port-channels also required to configured dual-active detection or they're not needed to be configured as trusted port groups for dual active detection?