Re: How do I connect Cisco 2x9500 on vss to uplink device

Gastu · ‎09-03-2022

Hello,

I have 2x9500 Cisco chassis on vss which is logically turned to single switch. And I have 2 SDWAN boxes connected to CE routers,

my question is, can I have 2 layer3 uplink connection from each 9500 chassis to each SDWAN box ? Which is total of 4 L3 link advertising LAN network over OSPF area 0 to the next hope gateways (SDWAN boxes) ? will the Uplink device does equal cost load balancing across multiple path since it’s with the same route type ?

looked at my attached sketch. The black cables are my concerns.

Thank you for you help !!

balaji.bandi · ‎09-03-2022

But you have not made clear, which side are you looking to path load balance, since SD-WAN is not connected to each other so, so that will be a different segment right? in Cat 9500 does that work for you as you mentioned?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Gastu · ‎09-03-2022

Hi Balaji,

Yes sorry forgot to mention that. SDWAN Are connected to each other. They are HA pairs.

balaji.bandi · ‎09-04-2022

what is the use case, if they are bundled, and take advantage of SVL here, why not bundle them (instead of using a single link).

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Gastu · ‎09-04-2022

If you bundle, then the uplink SDWAN boxes won’t understand it. They are none Cisco on independent control plane. It would be nice if you can share a diagram of your thoughts.

Joseph W. Doherty · ‎09-03-2022

As a general rule, for VSS devices, other devices should have a physical connection to each VSS member. The connection might be independent L3 links, or a port-channel supporting a single logical link that's L2 or L3.

The reason for this, VSS members, although logically one device, will always try to use a physical egress port on the VSS member that's sending the traffic. VSS cross member traffic, is, ideally, only for when the sending device does not have a local physical egress port (and, by design, that should be avoided).

Gastu · ‎09-03-2022

Thank you Joseph for your comments.

if I understood you correctly, the egress interface is only through the active member of the vss chassis. The other two L3 uplink connection from the standby chassis forwards ingress routed traffic through vss L3 intra-link as both data planes are actively forwarding data packet??

thank you again.

Joseph W. Doherty · ‎09-04-2022

"if I understood you correctly, the egress interface is only through the active member of the vss chassis."

No, believe you misunderstood. Either VSS member will select its own local (to it) egress port. (NB: correction to my earlier post, this assumes, from the logical VSS device, the paths from each VSS member appear equal.)

For example, if you have a dual Etherchannel link, with one connection to each VSS member, each VSS switch member will "ignore" whatever load balancing algorithm is being used; a local port, on VSS member switch with frame to transmit, will always be used.

Or, for example, each VSS member switch has a routed port, each with equal cost to destination. Unlike "normal" ECMP, which will round-robin flows across egress ports, VSS with packet to send will only use its own egress port.

In you're wondering why VSS operates like this, consider the fabric bandwidth within many VSS member switches, then consider, if both VSS members have (equal cost) egress connections to same destination, up to half of one VSS member switch's bandwidth might be sent to its VSS mate.

Since VSS doesn't load balance between its VSS members for egress, by design, you want to try to load balance traffic being sent to the VSS pair.

BTW, I recall (?) in VSS lingo, the active switch master is the VSS member acting like a supervisor for the VSS pair.