01-31-2017 04:04 AM - edited 03-08-2019 09:07 AM
Hi,
About 6 years ago we suffered a major DC failure on our VSS switches where they went into a split-brain situation. We were running IOS 12.33 at the time and advised by Cisco to use both PAGP – AND - Fast-Hello for Dual-Active-Detection.
We are now running 15.2 on our 6500 Sup’s and starting to decommission some legacy Access layer switches. These include the trunk port-channels we were using for the PAGP Dual-Active-Detection under the VSS domain. So we will be left with just Fast-Hello.
So my question is.. are any of the Dual-Active-Detection methods (PAGP, Fast-Hello, BFD) preferred over each other. And is using only Fast-Hello adequate protection against a split-brain scenario?
Appreciate any feedback.
Thanks
John
Solved! Go to Solution.
01-31-2017 04:25 AM
Hi
as below in docs fast hello is quicker than BFD in this scenario , we use FH never had an issue with it and we have had multiple failover tests etc , we carry them out twice a year.
We have anything from 2960s right up to 6500s connected to our VSS , its our prod core user traffic
xxxxxxxxxxx#show switch virtual dual fast-hello
Fast-hello dual-active detection enabled: Yes
Fast-hello dual-active interfaces:
Port Local State Peer Port Remote State
---------------------------------------------------
Gi1/7/47 Link up Gi2/7/48 Link up
Gi1/7/48 Link up Gi2/7/47 Link up
Dual Active
Dual-Active fast-hello employs fast-hello Layer 2 messages over a direct Ethernet connection. When the VSL goes down, the event is communicated to the peer switch. If the switch was operating as the active before the VSL went down, it goes into recovery mode upon receipt of a VSL down indication from the peer switch. This method is faster than IP BFD and ePAGP and does not require a neighboring switch.
Both PAGP and Fast Hello should protect against split brain as below
See fast hello in this doc good explanation
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/VSS30dg/campusVSS_DG/VSS-dg_ch4.html#wp1095735
01-31-2017 04:25 AM
Hi
as below in docs fast hello is quicker than BFD in this scenario , we use FH never had an issue with it and we have had multiple failover tests etc , we carry them out twice a year.
We have anything from 2960s right up to 6500s connected to our VSS , its our prod core user traffic
xxxxxxxxxxx#show switch virtual dual fast-hello
Fast-hello dual-active detection enabled: Yes
Fast-hello dual-active interfaces:
Port Local State Peer Port Remote State
---------------------------------------------------
Gi1/7/47 Link up Gi2/7/48 Link up
Gi1/7/48 Link up Gi2/7/47 Link up
Dual Active
Dual-Active fast-hello employs fast-hello Layer 2 messages over a direct Ethernet connection. When the VSL goes down, the event is communicated to the peer switch. If the switch was operating as the active before the VSL went down, it goes into recovery mode upon receipt of a VSL down indication from the peer switch. This method is faster than IP BFD and ePAGP and does not require a neighboring switch.
Both PAGP and Fast Hello should protect against split brain as below
See fast hello in this doc good explanation
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/VSS30dg/campusVSS_DG/VSS-dg_ch4.html#wp1095735
01-31-2017 06:42 AM
Hi Mark,
Many thanks for your reply and info. That certainly answers my question.
Much appreciated.
John
10-15-2020 03:53 PM
I know this posting is few yrs old, wondering anyone can comment on a situation we had with a client VSS - 4500-X stack running
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch
Software (cat4500e-UNIVERSALK9-M), Version 03.06.00.E RELEASE SOFTWARE (fc3)
License Information for 'WS-C4500X-32'
License Level: entservices Type: Permanent
Next reboot license Level: entservices
PAGP DAD enabled for Port-channel 30, however the checks did not validate
xxxxxxx#sh pagp nei
Flags: S - Device is sending Slow hello. C - Device is in Consistent state.
A - Device is in Auto mode. P - Device learns on physical port.
Channel group 30 neighbors
Partner Partner Partner Partner Group
Port Name Device ID Port Age Flags Cap.
Te1/1/1 BHPGTESACR01 0c85.25d4.d400 Gi1/0/25 1s SC 1E0001
Te2/1/1 BHPGTESACR01 0c85.25d4.d400 Gi1/0/28 2s SC 1E0001
But the virtual switch command did not show that activation
xxxxxxx#sh sw vir dual-active pagp
Executing the command on VSS member switch role = VSS Active, id = 2
Executing the command on VSS member switch role = VSS Standby, id = 1
When both VSL links got cut , both stayed active causing dual active detection
Any reason why VSS did not detect the DAD
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide