Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1259
Views
0
Helpful
10
Replies

VSS fail over

Si
Level 1
Level 1

‎04-11-2014 04:38 AM - edited ‎03-07-2019 07:03 PM

Morning,

Im just going through testing VSS on 2*4500x, when i pull the power from the Standby or Active unit the host's see a 6 ping drop out.

Am i expecting to much by having 0 loss or have i missed some fail over configuration?

Many thanks for any help.

I can post config if needed.

 

S

Labels:
0 Helpful
10 Replies 10

Reza Sharifi
Hall of Fame
Hall of Fame

‎04-11-2014 05:29 AM

It depends, if the ping packets are traversing a link to the switch you are shutting down, you will lose some ping packets (the once that are already in the wire). 6 ping drops is a little too high, but I but 1, 2 or even 3 is normal. 

Can you post your VSS config?

HTH
 

0 Helpful

Si
Level 1
Level 1
In response to Reza Sharifi

‎04-11-2014 06:07 AM

Thank's for your comments. Im just in the process of getting the VSS config and will post it shortly.


S

0 Helpful

Si
Level 1
Level 1
In response to Reza Sharifi

‎04-11-2014 07:43 AM

sh run
Building configuration...

Current configuration : 16559 bytes
!
! Last configuration change at 06:10:42 UTC Fri Apr 11 2014
!
version 15.1
no service pad
service timestamps debug datetime
service timestamps log datetime
service password-encryption
service compress-config
service sequence-numbers
!
hostname VSScore
!
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.04.02.SG.151-2.SG2.bin
boot-end-marker
!
!
vrf definition mgmtVrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable secret 
!
username 
aaa new-model
!
!
aaa authentication login CONSOLE local
!
!
!
!
!
aaa session-id common
clock summer-time UTC recurring last Sun Mar 2:00 last Sun Oct 2:00
!
switch virtual domain 10
 switch mode virtual
 switch 1 priority 200
 mac-address use-virtual
!
 dual-active detection pagp trust channel-group 201
dual-active recovery ip address 192.168.22.1 255.255.255.192
udld enable

!
ip vrf Liin-vrf
!
no ip domain-lookup
ip domain-name 
!
!
!
!
!
power redundancy-mode redundant
!
mac access-list extended VSL-BPDU
 permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
 permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
 permit any any 0x888E
mac access-list extended VSL-GARP
 permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
 permit any host 0180.c200.000e
mac access-list extended VSL-MGMT
 permit any host 00ff.a3e1.f864
 permit any host 00ff.f271.3e20
mac access-list extended VSL-SSTP
 permit any host 0100.0ccc.cccd
port-channel load-balance src-dst-mac
!
!
!
!
!
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree vlan 2-999 priority 8192
!
redundancy
 mode sso
 main-cpu
  auto-sync startup-config
  auto-sync standard
!
vlan internal allocation policy ascending
!
ip ssh source-interface Vlan500
ip ssh version 2
!
class-map match-any VSL-MGMT-PACKETS
  match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
  match any 
class-map match-any VSL-L2-CONTROL-PACKETS
  match access-group name VSL-DOT1x
  match access-group name VSL-BPDU
  match access-group name VSL-CDP
  match access-group name VSL-LLDP
  match access-group name VSL-SSTP
  match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
  match access-group name VSL-IPV4-ROUTING
  match access-group name VSL-BFD
  match access-group name VSL-DHCP-CLIENT-TO-SERVER
  match access-group name VSL-DHCP-SERVER-TO-CLIENT
  match access-group name VSL-DHCP-SERVER-TO-SERVER
  match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
  match  dscp af41 
  match  dscp af42 
  match  dscp af43 
  match  dscp af31 
  match  dscp af32 
  match  dscp af33 
  match  dscp af21 
  match  dscp af22 
  match  dscp af23 
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
  match  dscp ef 
  match  dscp cs4 
  match  dscp cs5 
class-map match-any VSL-SIGNALING-NETWORK-MGMT
  match  dscp cs2 
  match  dscp cs3 
  match  dscp cs6 
  match  dscp cs7 
!
policy-map VSL-Queuing-Policy
 class VSL-MGMT-PACKETS
    bandwidth percent 5
 class VSL-L2-CONTROL-PACKETS
    bandwidth percent 5
 class VSL-L3-CONTROL-PACKETS
    bandwidth percent 5
 class VSL-VOICE-VIDEO-TRAFFIC
    bandwidth percent 30
 class VSL-SIGNALING-NETWORK-MGMT
    bandwidth percent 10
 class VSL-MULTIMEDIA-TRAFFIC
    bandwidth percent 20
 class VSL-DATA-PACKETS
    bandwidth percent 20
 class class-default
    bandwidth percent 5
!

!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
 description VSL Link from Switch 1
 switchport
 switchport mode trunk
 switchport nonegotiate
 switch virtual link 1
!
interface Port-channel2
 switchport
 switchport mode trunk
 switchport nonegotiate
 switch virtual link 2
interface Port-channel200
 description Link:-Security
 switchport
!
interface Port-channel201
 description Link:01
 switchport
 switchport mode trunk
!
interface Port-channel202
 description Link:02 
 switchport
!
interface Port-channel203
 description Link:03
 switchport
!
interface Port-channel204
 description Link:04
 switchport
!
interface Port-channel205
 no ip address
!
interface Port-channel206
 no ip address
!
interface Port-channel207
 no ip address
!
interface Port-channel208
 no ip address
!
interface Port-channel209
 no ip address
!
interface Port-channel210
 description Link:10
 switchport
 switchport mode trunk
!
interface Port-channel211
 description Link:11
 switchport
 switchport mode trunk
interface Port-channel212
 description Link:12
 switchport
 switchport mode trunk
!
interface Port-channel213
 description Link:13
 switchport
 switchport mode trunk
!
interface FastEthernet1
 vrf forwarding mgmtVrf
 no ip address
 speed auto
 duplex auto
!
interface TenGigabitEthernet1/1/1
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 no cdp enable
 channel-group 1 mode on
 service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet1/1/2
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 no cdp enable
 channel-group 1 mode on
 service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet1/1/3
 description WAN:
 no switchport
 no ip address
 ip ospf message-digest-key 199 md5 xxxxxxx
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface TenGigabitEthernet1/1/4
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 201 mode desirable
!
interface TenGigabitEthernet1/1/5
 description Link: 02
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 202 mode desirable
!
interface TenGigabitEthernet1/1/6
 description Link: 03
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 203 mode desirable
!
interface TenGigabitEthernet1/1/7
 description Link: 04
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 204 mode desirable
interface TenGigabitEthernet1/1/8
 description Link: 10
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 210 mode desirable
!
interface TenGigabitEthernet1/1/9
 description Link: 11
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 211 mode desirable
!
interface TenGigabitEthernet1/1/10
 description Link: 12
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 212 mode desirable
!
interface TenGigabitEthernet1/1/11
 description Link: 13
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 213 mode desirable
!
interface TenGigabitEthernet1/1/12
 description Link: Security
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 200 mode desirable
!
interface TenGigabitEthernet1/1/13
!
interface TenGigabitEthernet1/1/14
!
interface TenGigabitEthernet1/1/15
!
interface TenGigabitEthernet1/1/16
!
interface TenGigabitEthernet1/2/1
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 no cdp enable
 channel-group 1 mode on
 service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet1/2/2
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 no cdp enable
 channel-group 1 mode on
 service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet1/2/3
 description WAN:
 no switchport
 no ip address
 ip ospf message-digest-key 199 md5
 ip ospf network point-to-point
 ip ospf 1 area 0
interface TenGigabitEthernet1/2/4
!
interface TenGigabitEthernet1/2/5
!
interface TenGigabitEthernet1/2/6
!
interface TenGigabitEthernet1/2/7
!
interface TenGigabitEthernet1/2/8
!
interface TenGigabitEthernet2/1/1
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 no cdp enable
 channel-group 2 mode on
 service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet2/1/2
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 no cdp enable
 channel-group 2 mode on
 service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet2/1/3
 description WAN:
 no switchport
 no ip address
 ip ospf message-digest-key 199 md5 7 08191B783E375242431A040D327C
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface TenGigabitEthernet2/1/4
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 201 mode desirable
!
interface TenGigabitEthernet2/1/5
 description Link: 02
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 202 mode desirable
!
interface TenGigabitEthernet2/1/6
 description Link: 03
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 203 mode desirable
!
interface TenGigabitEthernet2/1/7
 description Link: 04
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 204 mode desirable
!
interface TenGigabitEthernet2/1/8
 description Link: 10
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 210 mode desirable
!
interface TenGigabitEthernet2/1/9
 description Link: 11
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 211 mode desirable
!
interface TenGigabitEthernet2/1/10
 description Link: 12
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 212 mode desirable
!
interface TenGigabitEthernet2/1/11
 description Link: 13
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 213 mode desirable
!
interface TenGigabitEthernet2/1/12
 description Link: Secu
 switchport mode trunk
 logging event link-status
 logging event trunk-status
 channel-group 200 mode desirable
!
interface TenGigabitEthernet2/1/13
!
interface TenGigabitEthernet2/1/14
!
interface TenGigabitEthernet2/1/15
!
interface TenGigabitEthernet2/1/16
!
interface TenGigabitEthernet2/2/1
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 no cdp enable
 channel-group 2 mode on
 service-policy output VSL-Queuing-Policy
interface TenGigabitEthernet2/2/2
 switchport mode trunk
 switchport nonegotiate
 no lldp transmit
 no lldp receive
 no cdp enable
 channel-group 2 mode on
 service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet2/2/3
 description WAN:
 no switchport
 no ip address
 ip ospf message-digest-key 199 md5 
 ip ospf network point-to-point
 ip ospf 1 area 0
!
interface TenGigabitEthernet2/2/4
!
interface TenGigabitEthernet2/2/5
!
interface TenGigabitEthernet2/2/6
interface TenGigabitEthernet2/2/7
!
interface TenGigabitEthernet2/2/8
!

!
router ospf 1
 router-id 192.168.22.3
 area 0 authentication message-digest
 passive-interface default
 network 10.10.0.0 0.0.255.255 area 0
 network 192.168.0.0 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.10.183.3
!
ip access-list extended VSL-BFD
 permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
 permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
 permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
 permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
 permit ip any 224.0.0.0 0.0.0.255

!
kron occurrence DAILYat1 at 1:00 recurring
 policy-list SaveConfig
!
kron policy-list SaveConfig
 cli wr mem
!
logging trap debugging
logging source-interface Vlan500

!
snmp-server community 
snmp-server community 
!
!
!
!
ipv6 access-list VSL-IPV6-ROUTING
 permit ipv6 any FF02::/124

!
!
module provision switch 1
 chassis-type 70 base-mac B838.6121.2F90
 slot 1 slot-type 401 base-mac B838.6121.2F90
 slot 2 slot-type 400 base-mac 4C4E.358C.E548
 !
module provision switch 2
 chassis-type 70 base-mac B838.6121.2D50
 slot 1 slot-type 401 base-mac B838.6121.2D50
 slot 2 slot-type 400 base-mac 4C4E.358C.E580
 
!

end

VSScore#   

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Si

‎04-11-2014 09:53 AM

Your config looks good.  How are you doing your testing?

 

0 Helpful

Si
Level 1
Level 1

‎04-11-2014 10:02 AM

That's good to know. I've added two distribution switches on different PO groups. One laptop in either switch with icmp to each other and both svi gateways. The proceeding to reload primary/standby/vsl failure etc I was concerned I hasn't configured the redundancy part correct, I couldn't use NSF as one ospf neighbour is a 4506 which didn't support NSF other neighbours at 6509s that do Si
0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Si

‎04-11-2014 12:13 PM

NSF does a make difference since you are running OSPF, but if it is not supported by the 4506, then you can't really use it.

HTH


 

0 Helpful

Si
Level 1
Level 1
In response to Reza Sharifi

‎04-11-2014 10:00 PM

Thanks for confirming what i thought.

Not sure why im dropping pings though, would be nice to confirm thats normal operation. If i was running HSRP i would expect similar drops. Is this correct

redundancy
 mode sso
 main-cpu
  auto-sync startup-config
  auto-sync standard

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to Si

‎04-12-2014 10:53 AM

Ok, so your testing does not rely on OSPF since both SVIs are on the 4500 VSS.  I am curious what happens if you turn off OSPF for the subnets/vlan and test again.  Even with VRRP, HSRP 6 ping loss is too many.  Usually, a couple or even 3 is normal.

Also, what type of switches are in your access layer and what type switch are you using for dual active detection?

HTH

0 Helpful

Si
Level 1
Level 1

‎04-13-2014 11:52 AM

Hi ya , I have passive interface default on, but I will disable ip routing to test again. I'm using 2960s as the dual active detection switch. All running latest IOS. I was surprised I lost so many pings.
0 Helpful

Si
Level 1
Level 1

‎04-14-2014 07:12 AM

Ive just read

 

"NSF deals with the layer 3 routing protocols and their topology tables. When the standby supervisor takes over, the Vlan SVIs reset which normally would result in the loss of any Layer 3 routing protocol neighbors"

If this is the case, it would explain why i lost the SVI for so long


S

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card