04-11-2014 04:38 AM - edited 03-07-2019 07:03 PM
Morning,
Im just going through testing VSS on 2*4500x, when i pull the power from the Standby or Active unit the host's see a 6 ping drop out.
Am i expecting to much by having 0 loss or have i missed some fail over configuration?
Many thanks for any help.
I can post config if needed.
S
04-11-2014 05:29 AM
It depends, if the ping packets are traversing a link to the switch you are shutting down, you will lose some ping packets (the once that are already in the wire). 6 ping drops is a little too high, but I but 1, 2 or even 3 is normal.
Can you post your VSS config?
HTH
04-11-2014 06:07 AM
Thank's for your comments. Im just in the process of getting the VSS config and will post it shortly.
S
04-11-2014 07:43 AM
sh run
Building configuration...
Current configuration : 16559 bytes
!
! Last configuration change at 06:10:42 UTC Fri Apr 11 2014
!
version 15.1
no service pad
service timestamps debug datetime
service timestamps log datetime
service password-encryption
service compress-config
service sequence-numbers
!
hostname VSScore
!
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.04.02.SG.151-2.SG2.bin
boot-end-marker
!
!
vrf definition mgmtVrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret
!
username
aaa new-model
!
!
aaa authentication login CONSOLE local
!
!
!
!
!
aaa session-id common
clock summer-time UTC recurring last Sun Mar 2:00 last Sun Oct 2:00
!
switch virtual domain 10
switch mode virtual
switch 1 priority 200
mac-address use-virtual
!
dual-active detection pagp trust channel-group 201
dual-active recovery ip address 192.168.22.1 255.255.255.192
udld enable
!
ip vrf Liin-vrf
!
no ip domain-lookup
ip domain-name
!
!
!
!
!
power redundancy-mode redundant
!
mac access-list extended VSL-BPDU
permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
permit any any 0x888E
mac access-list extended VSL-GARP
permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
permit any host 0180.c200.000e
mac access-list extended VSL-MGMT
permit any host 00ff.a3e1.f864
permit any host 00ff.f271.3e20
mac access-list extended VSL-SSTP
permit any host 0100.0ccc.cccd
port-channel load-balance src-dst-mac
!
!
!
!
!
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree vlan 2-999 priority 8192
!
redundancy
mode sso
main-cpu
auto-sync startup-config
auto-sync standard
!
vlan internal allocation policy ascending
!
ip ssh source-interface Vlan500
ip ssh version 2
!
class-map match-any VSL-MGMT-PACKETS
match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
match any
class-map match-any VSL-L2-CONTROL-PACKETS
match access-group name VSL-DOT1x
match access-group name VSL-BPDU
match access-group name VSL-CDP
match access-group name VSL-LLDP
match access-group name VSL-SSTP
match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
match access-group name VSL-IPV4-ROUTING
match access-group name VSL-BFD
match access-group name VSL-DHCP-CLIENT-TO-SERVER
match access-group name VSL-DHCP-SERVER-TO-CLIENT
match access-group name VSL-DHCP-SERVER-TO-SERVER
match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
match dscp af41
match dscp af42
match dscp af43
match dscp af31
match dscp af32
match dscp af33
match dscp af21
match dscp af22
match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
match dscp ef
match dscp cs4
match dscp cs5
class-map match-any VSL-SIGNALING-NETWORK-MGMT
match dscp cs2
match dscp cs3
match dscp cs6
match dscp cs7
!
policy-map VSL-Queuing-Policy
class VSL-MGMT-PACKETS
bandwidth percent 5
class VSL-L2-CONTROL-PACKETS
bandwidth percent 5
class VSL-L3-CONTROL-PACKETS
bandwidth percent 5
class VSL-VOICE-VIDEO-TRAFFIC
bandwidth percent 30
class VSL-SIGNALING-NETWORK-MGMT
bandwidth percent 10
class VSL-MULTIMEDIA-TRAFFIC
bandwidth percent 20
class VSL-DATA-PACKETS
bandwidth percent 20
class class-default
bandwidth percent 5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
description VSL Link from Switch 1
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 1
!
interface Port-channel2
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 2
interface Port-channel200
description Link:-Security
switchport
!
interface Port-channel201
description Link:01
switchport
switchport mode trunk
!
interface Port-channel202
description Link:02
switchport
!
interface Port-channel203
description Link:03
switchport
!
interface Port-channel204
description Link:04
switchport
!
interface Port-channel205
no ip address
!
interface Port-channel206
no ip address
!
interface Port-channel207
no ip address
!
interface Port-channel208
no ip address
!
interface Port-channel209
no ip address
!
interface Port-channel210
description Link:10
switchport
switchport mode trunk
!
interface Port-channel211
description Link:11
switchport
switchport mode trunk
interface Port-channel212
description Link:12
switchport
switchport mode trunk
!
interface Port-channel213
description Link:13
switchport
switchport mode trunk
!
interface FastEthernet1
vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
!
interface TenGigabitEthernet1/1/1
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 1 mode on
service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet1/1/2
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 1 mode on
service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet1/1/3
description WAN:
no switchport
no ip address
ip ospf message-digest-key 199 md5 xxxxxxx
ip ospf network point-to-point
ip ospf 1 area 0
!
interface TenGigabitEthernet1/1/4
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 201 mode desirable
!
interface TenGigabitEthernet1/1/5
description Link: 02
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 202 mode desirable
!
interface TenGigabitEthernet1/1/6
description Link: 03
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 203 mode desirable
!
interface TenGigabitEthernet1/1/7
description Link: 04
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 204 mode desirable
interface TenGigabitEthernet1/1/8
description Link: 10
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 210 mode desirable
!
interface TenGigabitEthernet1/1/9
description Link: 11
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 211 mode desirable
!
interface TenGigabitEthernet1/1/10
description Link: 12
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 212 mode desirable
!
interface TenGigabitEthernet1/1/11
description Link: 13
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 213 mode desirable
!
interface TenGigabitEthernet1/1/12
description Link: Security
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 200 mode desirable
!
interface TenGigabitEthernet1/1/13
!
interface TenGigabitEthernet1/1/14
!
interface TenGigabitEthernet1/1/15
!
interface TenGigabitEthernet1/1/16
!
interface TenGigabitEthernet1/2/1
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 1 mode on
service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet1/2/2
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 1 mode on
service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet1/2/3
description WAN:
no switchport
no ip address
ip ospf message-digest-key 199 md5
ip ospf network point-to-point
ip ospf 1 area 0
interface TenGigabitEthernet1/2/4
!
interface TenGigabitEthernet1/2/5
!
interface TenGigabitEthernet1/2/6
!
interface TenGigabitEthernet1/2/7
!
interface TenGigabitEthernet1/2/8
!
interface TenGigabitEthernet2/1/1
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 2 mode on
service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet2/1/2
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 2 mode on
service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet2/1/3
description WAN:
no switchport
no ip address
ip ospf message-digest-key 199 md5 7 08191B783E375242431A040D327C
ip ospf network point-to-point
ip ospf 1 area 0
!
interface TenGigabitEthernet2/1/4
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 201 mode desirable
!
interface TenGigabitEthernet2/1/5
description Link: 02
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 202 mode desirable
!
interface TenGigabitEthernet2/1/6
description Link: 03
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 203 mode desirable
!
interface TenGigabitEthernet2/1/7
description Link: 04
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 204 mode desirable
!
interface TenGigabitEthernet2/1/8
description Link: 10
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 210 mode desirable
!
interface TenGigabitEthernet2/1/9
description Link: 11
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 211 mode desirable
!
interface TenGigabitEthernet2/1/10
description Link: 12
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 212 mode desirable
!
interface TenGigabitEthernet2/1/11
description Link: 13
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 213 mode desirable
!
interface TenGigabitEthernet2/1/12
description Link: Secu
switchport mode trunk
logging event link-status
logging event trunk-status
channel-group 200 mode desirable
!
interface TenGigabitEthernet2/1/13
!
interface TenGigabitEthernet2/1/14
!
interface TenGigabitEthernet2/1/15
!
interface TenGigabitEthernet2/1/16
!
interface TenGigabitEthernet2/2/1
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 2 mode on
service-policy output VSL-Queuing-Policy
interface TenGigabitEthernet2/2/2
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 2 mode on
service-policy output VSL-Queuing-Policy
!
interface TenGigabitEthernet2/2/3
description WAN:
no switchport
no ip address
ip ospf message-digest-key 199 md5
ip ospf network point-to-point
ip ospf 1 area 0
!
interface TenGigabitEthernet2/2/4
!
interface TenGigabitEthernet2/2/5
!
interface TenGigabitEthernet2/2/6
interface TenGigabitEthernet2/2/7
!
interface TenGigabitEthernet2/2/8
!
!
router ospf 1
router-id 192.168.22.3
area 0 authentication message-digest
passive-interface default
network 10.10.0.0 0.0.255.255 area 0
network 192.168.0.0 0.0.255.255 area 0
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.10.183.3
!
ip access-list extended VSL-BFD
permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
permit ip any 224.0.0.0 0.0.0.255
!
kron occurrence DAILYat1 at 1:00 recurring
policy-list SaveConfig
!
kron policy-list SaveConfig
cli wr mem
!
logging trap debugging
logging source-interface Vlan500
!
snmp-server community
snmp-server community
!
!
!
!
ipv6 access-list VSL-IPV6-ROUTING
permit ipv6 any FF02::/124
!
!
module provision switch 1
chassis-type 70 base-mac B838.6121.2F90
slot 1 slot-type 401 base-mac B838.6121.2F90
slot 2 slot-type 400 base-mac 4C4E.358C.E548
!
module provision switch 2
chassis-type 70 base-mac B838.6121.2D50
slot 1 slot-type 401 base-mac B838.6121.2D50
slot 2 slot-type 400 base-mac 4C4E.358C.E580
!
end
VSScore#
04-11-2014 09:53 AM
Your config looks good. How are you doing your testing?
04-11-2014 10:02 AM
04-11-2014 12:13 PM
NSF does a make difference since you are running OSPF, but if it is not supported by the 4506, then you can't really use it.
HTH
04-11-2014 10:00 PM
Thanks for confirming what i thought.
Not sure why im dropping pings though, would be nice to confirm thats normal operation. If i was running HSRP i would expect similar drops. Is this correct
redundancy
mode sso
main-cpu
auto-sync startup-config
auto-sync standard
04-12-2014 10:53 AM
Ok, so your testing does not rely on OSPF since both SVIs are on the 4500 VSS. I am curious what happens if you turn off OSPF for the subnets/vlan and test again. Even with VRRP, HSRP 6 ping loss is too many. Usually, a couple or even 3 is normal.
Also, what type of switches are in your access layer and what type switch are you using for dual active detection?
HTH
04-13-2014 11:52 AM
04-14-2014 07:12 AM
Ive just read
"NSF deals with the layer 3 routing protocols and their topology tables. When the standby supervisor takes over, the Vlan SVIs reset which normally would result in the loss of any Layer 3 routing protocol neighbors"
If this is the case, it would explain why i lost the SVI for so long
S
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: