Solved: 4500x VSS dual-active detection configuration

umer zubairi · ‎07-11-2017

Gents,

I'm configuring dual-active detection on below VSS enabled network.

Between Dist & Access I've configured PAgP for dual-active detection (see the below configs and let me know if you see anything missing)
Between Dist to Core I'm not sure what will be the most appropriate method of dual-active detection.

In addition, client has given me /30 point-to-point addresses for the VSL links, which I don't know how to use as my VSL port-channels are layer2 interfaces (switchports).

Need the experts' opinion to conclude this in a production network. Love to all the Cisco boys ❤

DUAL-ACTIVE DETECTION BETWEEN DIST & ACCESS

******************** DISTRIBUTION *******************************

SW1-VSS(config)# interface TenGigabitEthernet X/X/X
　SW1-VSS(config-if)# switchport
　SW1-VSS(config-if)# switchport mode trunk
　SW1-VSS(config-if)# switchport trunk allowed vlan XY,YX // only the required vlans
　SW1-VSS(config-if)# switchport nonegotiate
　SW1-VSS(config-if)# channel-group 10 mode desirable // PO given on page#

　SW1-VSS(config)# interface TenGigabitEthernet X/X/X
　SW1-VSS(config-if)# switchport
　SW1-VSS(config-if)# switchport mode trunk
　SW1-VSS(config-if)# switchport trunk allowed vlan 10,20
　SW1-VSS(config-if)# switchport nonegotiate
　SW1-VSS(config-if)# channel-group 10 mode desirable

　SW1-VSS(config)# interface port-channel 10
　SW1-VSS(config-if)# shutdown

　SW1-VSS(config)# switch virtual domain XYZ
　SW1-VSS(config-vs-domain)# dual-active detection pagp
　SW1-VSS(config-vs-domain)# dual-active detection pagp trust channel-group 10

　SW1-VSS(config)# interface port-channel 10
　SW1-VSS(config-if)# no shutdown

******************** ACCESS *******************************

　SW1-VSS(config)# interface port-channel 10
　SW1-VSS(config-if)# shutdown
　

SW1-VSS(config)# interface range TenGigabitEthernet 1/0/1-2
　SW1-VSS(config-if)# switchport
　SW1-VSS(config-if)# switchport mode trunk
　SW1-VSS(config-if)# switchport trunk allowed vlan 10,20
　SW1-VSS(config-if)# switchport nonegotiate
　SW1-VSS(config-if)# channel-group 10 mode desirable

　SW1-VSS(config)# interface port-channel 10
　SW1-VSS(config-if)# no shutdown

Reza Sharifi · ‎07-12-2017

1) Looking at my updated topology I shared couple of minutes ago, please let me know if dual-active is required to be enabled on all the VSS clusters (Core, Dist and Server Farm) OR it's only required on Distribution and Server farm as they're connecting to the Access Layers.

You need it for all (core, distro, sever farm).

2) Yes, but I wanna know if there's a difference between the VSS running on 6500 and 4500X series nodes.

Yes, Cisco had made some changes in the way you deploy VSL for the 6800 series versus the 4500x.

3) Can I use the mgmt interfaces to connect this fast-hello link between the VSS nodes?

No, you need a regular interface for fast-hello.

HTH

View solution in original post

paul driver · ‎07-13-2017

Hello

needs to applied on both vss sides pc 20-30 and the vss side of pc 10-40

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Reza Sharifi · ‎07-11-2017

Hi,

You dual-active detection configuration is correct. You also have an option to use Fast-hello for your dual-active detection if you have an extra port on each switch with a path cable.

Also, you don't need any dual-active config between distro and core and no need for any /30 for vsl,as you said it correctly, the links are just layer-2

HTH

umer zubairi · ‎07-11-2017

Thanks Reza, glad to see your reply :)

I've been reading your answers on different VSS discussions on support forum. I know you've good command of VSS deployments.

Seems I still need to know few things to understand the VSS in detail.

1) Why the dual-active detection isn't needed between the Core & Dist nodes? What if the split brain occurs on any of these VSS enabled switching clusters.

2) Configuration of fast-hello requires a dedicated interface for the interconnection between boxes. Bit confusing :(

3) Maybe the client has provided the /30 point-to-point addresses whilst keeping the configuration of recovery IP addresses in mind. But I'm not really sure if this is the case.

Please help me clearing these confusions regarding the VSS.

Reza Sharifi · ‎07-11-2017

Hi Umer,

1) Why the dual-active detection isn't needed between the Core & Dist nodes? What if the split brain occurs on any of these VSS enabled switching clusters.

My apologies, I misunderstood your diagram and thought you have only one set of VSS switches. Looking at your diagram again, you have 2 sets of VSS and so, yes you are correct, you use the access switch (po10) for providing dual-active recovery for the distro set and you would use a different switch that is connected to both core switches (not the distro switches) to provide dual-active detection for the core.

2) Configuration of fast-hello requires a dedicated interface for the interconnection between boxes. Bit confusing :(

For fast-hellom you need a dedicated interface (copper of fiber port) to connected the switches together. Fast-hello is easy and more common to use for dual-active detection than pagp.

3) Maybe the client has provided the /30 point-to-point addresses whilst keeping the configuration of recovery IP addresses in mind. But I'm not really sure if this is the case.

No need for /30 for VSL when using VSS on the 4500x switches. The /30 is needed for the 6800 or 6500 series switches but yours are 4500x.

See link for fast-hello config example.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-5-0E/15-21E/configuration/guide/config/vss.html#34173

HTH

umer zubairi · ‎07-12-2017

Hello Reza,

Thanks again for your response.

I just updated the design to make it more clear for better understanding, please have a look to the below:

Few quick questions:

1) Is it required that we configure the dual-active detection between the VSS enabled clusters connected to each other (Core, Dist & Server Farm - all are 4500X )

OR it is only required when an Access Block is connected to the VSS cluster?

2) /30 is only needed for the 6500/6800 series switches why Cisco made it that way?

3) In case if we configure fast-hello instead of PAgP, is there any configuration is needed on the connected Access switches? OR the fast-hello requires only the configuration on VSS enabled nodes and on their connected Virtual Switching Links (VSL)?

paul driver · ‎07-12-2017

Hello

1) required on ALL MECs directly connecting to the VSS core

2) VSL's are L2 connected no L3 so require no ip addressing

3) This will be between the two physical switches that make up the VSS and it WILL be a separate interconnect from anything else and thats including the VSL link

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

umer zubairi · ‎07-12-2017

Thanks Paul,

1) Looking at my updated topology I shared couple of minutes ago, please let me know if dual-active is required to be enabled on all the VSS clusters (Core, Dist and Server Farm) OR it's only required on Distribution and Server farm as they're connecting to the Access Layers.

2) Yes, but I wanna know if there's a difference between the VSS running on 6500 and 4500X series nodes.

3) Can I use the mgmt interfaces to connect this fast-hello link between the VSS nodes?

Reza Sharifi · ‎07-12-2017

1) Looking at my updated topology I shared couple of minutes ago, please let me know if dual-active is required to be enabled on all the VSS clusters (Core, Dist and Server Farm) OR it's only required on Distribution and Server farm as they're connecting to the Access Layers.

You need it for all (core, distro, sever farm).

2) Yes, but I wanna know if there's a difference between the VSS running on 6500 and 4500X series nodes.

Yes, Cisco had made some changes in the way you deploy VSL for the 6800 series versus the 4500x.

3) Can I use the mgmt interfaces to connect this fast-hello link between the VSS nodes?

No, you need a regular interface for fast-hello.

HTH

umer zubairi · ‎07-13-2017

Thanks Bro, it really helps!

umer zubairi · ‎07-12-2017

Hi Paul,

Looking at my topology above, can you please check whether dual-active is also required for the port-channels 20 and 30 connecting the VSS Core & Distribution? OR the need of dual-active detection is only for the port-channels 10 and 40 connecting the Access nodes?

***** PAgP is the mode we selected for the dual-active detection*****

Thanks Bro!

paul driver · ‎07-13-2017

Hello

needs to applied on both vss sides pc 20-30 and the vss side of pc 10-40

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

umer zubairi · ‎07-13-2017

Thanks Bro, it really helps!

paul driver · ‎07-11-2017

Hello

Adding to Reza comments, Using enhanced pagp you need to apply it to all mecs between the vss core and access switches, Howerver a lot less intrusive way would be to use an additional L2 interconnect between the two physical switches in the VSS and enable fast hello feature instead..

Dual-active fast-hello

switch virtual domain xxx
dual-active detection fast-hello

interface x/x
shutdown
dual-active fast-hello
no shutdown

interface x/x
shutdown
dual-active fast-hello
no shutdown

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul