cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
411
Views
0
Helpful
2
Replies
Highlighted
Beginner

Virtual Switching System(VSS) problem

Hello.
Network scheme is attached below.
 
Almost 3 months ago we've built VSS pair on 6880-X for VLAN termination (hereafter referred to as "Core").
 

Cisco IOS Software, c6880x Software (c6880x-ADVENTERPRISEK9-M), Version 15.2(1)SY4, RELEASE SOFTWARE (fc4)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2017 by Cisco Systems, Inc.

Compiled Mon 10-Apr-17 14:35 by prod_rel_team

 

ROM: System Bootstrap, Version 15.1(02)SY01 [ Rel 1.1], RELEASE SOFTWARE

BOOTLDR:

CORE uptime is 16 weeks, 6 days, 15 hours, 37 minutes

Uptime for this control processor is 16 weeks, 6 days, 15 hours, 27 minutes

System returned to ROM by Stateful Switchover at 14:27:39 EEDT Wed May 23 2018

System restarted at 15:52:10 EEDT Wed May 23 2018

System image file is "bootdisk:/c6880x-adventerprisek9-mz.SPA.152-1.SY4.bin"

Cisco C6880-X-LE ( Intel(R) Core(TM) i3- CPU @ 2.00GHz ) processor (revision ) with 1686527K/409600K bytes of memory.

Processor board ID SAL1948U2UG

Processor signature 0xA7060200

Last reset from s/w reset

327 Virtual Ethernet interfaces

1 Gigabit Ethernet interface

64 Ten Gigabit Ethernet interfaces

1955824K bytes of USB Flash bootdisk (Read/Write)

Configuration register is 0x2102

 

Recently we've encountered a problem with traffic bypass. Here's an example (here and further I am referring to the scheme for easier understanding):
- on the Po3 (Te1/1/2+Te2/1/2) which is connected to AGG2 L2 switch suddenly half of clients become unreachable
- AGG2 becomes inaccessible for management
- half of clients behind AGG2 are still working
- no logs on AGG2 nor on Core
 
Solution: interface Te2/1/2 shutdown. Port-channel 3 operates in single physical port Te1/1/2. All clients are brought back, management becomes accessible again. And due to VSS we've got traffic partially running through VSL link, and it is not good afaik.
 
Speculation: looks like all traffic passing through Te2/1/2 is being... blocked? Where and how? The issue is being compounded by the fact there're no logs (including SEA logs) on both enclosures, related to loops, OSPF state changes, etc.
 
 
. Progression: - Later, the same problem appeared on AGG3. Same solution: bringing Port-channel down to 1 physical link with interface Te1/5/10 shutdown. - Shutting down Port-channel and bringing in back again has no effect. - If we try to bring back disabled interfaces, problem immediately appears - half of the traffic is blocked. Here how it looks like in logs:
// Core
Sep 19 06:38:22.574 EEDT: %LINK-SW2-3-UPDOWN: Interface TenGigabitEthernet1/1/3, changed state to down
Sep 19 06:38:23.362 EEDT: %LINK-SW2-3-UPDOWN: Interface TenGigabitEthernet1/1/3, changed state to up
Sep 19 06:38:23.854 EEDT: %DTP-SW2-5-TRUNKPORTON: Port Te1/1/3 has become dot1q trunk
Sep 19 06:38:26.098 EEDT: %EC-SW2-5-BUNDLE: Interface Te1/1/3 joined port-channel Po4
Sep 19 06:38:26.198 EEDT: %LINEPROTO-SW2-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/1/3, changed state to up
Sep 19 06:38:26.183 EEDT: %EC-SW1_STBY-5-BUNDLE: Interface Te1/1/3 joined port-channel Po4

// AGG3
Sep 19 06:38:23.816 EEDT: %LINK-3-UPDOWN: Interface TenGigabitEthernet4/1, changed state to up
Sep 19 06:38:24.308 EEDT: %DTP-SP-5-TRUNKPORTON: Port Te4/1 has become dot1q trunk
Sep 19 06:38:26.148 EEDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet4/1, changed state to up
Sep 19 06:38:26.100 EEDT: %EC-SP-5-BUNDLE: Interface Te4/1 joined port-channel Po4
At this point we've lost management access to AGG3 (yet no logs about OSPF neighbor down) and ~half of the active clients behind AGG3 become non-operational. Port-channels from both sides are up and running. I would appreciate any suggestions how to debug and solve the issue.
Everyone's tags (1)
2 REPLIES 2
Beginner

Re: Virtual Switching System(VSS) problem

Absolutely no idea what it might be??? :(
Enthusiast

Re: Virtual Switching System(VSS) problem

Hi

What mode are you using for your mutichassis etherchannels? From the document below:

 

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-virtual-switching-system-1440/109547-vss-best-practices.html

 

Do not use on and off options with PAgP or LACP or Trunk protocol negotiation.

  • PAgP  Run Desirable-Desirable with MEC links.

  • LACP  Run Active-Active with MEC links.

  • Trunk  Run Desirable-Desirable with MEC links.

hth

Andy

 

 

CreatePlease to create content
Content for Community-Ad