VSS implementation issues

regibbons · ‎06-06-2011

Hello all,

I have a network with four 6509s in a ring with 10Gb links. Two adjacent switches are at the home office, the other two at the DR site. The switches at each location are physically similar to each other with respect to what blades are in them. We went through an upgrade from SUP-720's to VS-SUP-720's recently, only at the DR site - basically a practice, with the home office conversion hopefully taking place next weekend.

We initially just brought up the two chassis separately, in non-VSS formation (stand-alone). So far, so good - everything was connected, all traffic was passiing, all links were up, everything was reachable: EVERYTHING worked. Then we made the conversion: step-by-step from the cisco.com page; create a virtual domain, make one switch switch 1, the other switch 2, create differently numbered port-channels on each 6509, add the SUP 10Gb links to the port-channel, do the conversion.

Here's where the trouble started. First of all, the two 10Gb links back to home office created a spanning-tree loop and we had to shut down one of the links. (Is there something that needs to be configured on those links to turn spanning tree on? Does VSS conversion turn stp off?) Secondly, though it worked while in stand-alone mode, the copper blade in the standby 6509 stopped passing traffic - it would take config, the links would come up, but you could not ping across those links. Interestingly enough, there was an access switch with links to each of the copper blades, and having them both up also caused a spanning-tree loop. adding a new port-channel and putting both links in it did nothing to alleviate the loop. This leads me to believe that stp is not working properly. I reiterate, that even though the loop occurred, nothing else plugged into that blade was pingable.

I am pasting the modules below, mod 2 of switch 2 is what is not passing traffic. I don't know it is is bad hardware (hard to believe since it passed traffic before the VSS conversion), hardware incompatibility (slightly more plausible, but still odd since the other card is working), or (most likely) user error on my part.

If you want to help and I have left out any pertinent information, just ask.

Thanks,

Russell

PS: Since I cannot use the 1Gb ports on the SUP for VSS, can I use them to connect a dist/access switch?

DRVSS#sh mod
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
2   48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX     SAL1006D4WS
5    5 Supervisor Engine 720 10GE (Active)    VS-S720-10G        SAL1515B3V0
7    4 CEF720 4 port 10-Gigabit Ethernet      WS-X6704-10GE      SAL10499LPJ
8    8 8 port 1000mb GBIC Enhanced QoS        WS-X6408A-GBIC     SAL1049AC13

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
2 0016.c8c4.d830 to 0016.c8c4.d85f   2.3   12.2(14r)S5 12.2(33)SXH8 Ok
5 588d.09e6.1ad4 to 588d.09e6.1adb   4.0   8.5(4)       12.2(33)SXH8 Ok
7 0019.aaf1.ac90 to 0019.aaf1.ac93   2.5   12.2(14r)S5 12.2(33)SXH8 Ok
8 001a.6c62.8fb8 to 001a.6c62.8fbf   4.1   Unknown      Unknown      PwrDown

Mod Sub-Module                  Model              Serial       Hw     Status
---- --------------------------- ------------------ ----------- ------- -------
2 Distributed Forwarding Card WS-F6700-DFC3C     SAL1516C0JJ 1.4    Ok
5 Policy Feature Card 3       VS-F6K-PFC3C       SAL1514AJAZ 1.1    Ok
5 MSFC3 Daughterboard         VS-F6K-MSFC3       SAL15108RF1 5.1    Ok
7 Centralized Forwarding Card WS-F6700-CFC       SAD110605ZA 3.1    Ok

Mod Online Diag Status
---- -------------------
2 Pass
5 Pass
7 Pass
8 Not Applicable
DRVSS#sh mod switch 2
Switch Number:     2   Role: Virtual Switch Standby
---------------------- -----------------------------
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
2   48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX     SAL1006D4V0
5    5 Supervisor Engine 720 10GE (Hot)       VS-S720-10G        SAL1514AF3S
7    4 CEF720 4 port 10-Gigabit Ethernet      WS-X6704-10GE      SAL10499QH0
8    8 8 port 1000mb GBIC Enhanced QoS        WS-X6408A-GBIC     SAL1052C3L0

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
2 0016.c8c4.d770 to 0016.c8c4.d79f   2.3   12.2(14r)S5 12.2(33)SXH8 Ok
5 588d.098a.38fc to 588d.098a.3903   4.0   8.5(4)       12.2(33)SXH8 Ok
7 0019.aa6f.94b0 to 0019.aa6f.94b3   2.5   12.2(14r)S5 12.2(33)SXH8 Ok
8 001a.6d39.95b8 to 001a.6d39.95bf   4.1   Unknown      Unknown      PwrDown

Mod Sub-Module                  Model              Serial       Hw     Status
---- --------------------------- ------------------ ----------- ------- -------
2 Distributed Forwarding Card WS-F6700-DFC3C     SAL1517C42Q 1.4    Ok
5 Policy Feature Card 3       VS-F6K-PFC3C       SAL1514AFB6 1.1    Ok
5 MSFC3 Daughterboard         VS-F6K-MSFC3       SAL1513A942 5.1    Ok
7 Centralized Forwarding Card WS-F6700-CFC       SAD110403TX 3.1    Ok

Mod Online Diag Status
---- -------------------
2 Pass
5 Pass
7 Pass
8 Not Applicable

Reza Sharifi · ‎06-06-2011

Hi Russell,

In your hardware configuration, VSS does not support all the modules you have installed in your devices

please refer to table-1 in this link for VSS supported module. Basically all your modules have to be in the 6700 series.

Also, what ports are you using for your VSL connections? You can use the 2 10Gig ports on the sup module or if you are planning to use a line card, you have to use the 8 port 10Gig module (X6708). You can also do a combination of one port from the sup and one port from the line card.

as for your last question, you can use the 1 gig ports on the sup for any type connection you want ie uplink, access port, managment port, etc.... 2 out of 3 are SFP and the last one is 10/100/1000 copper. The copper usually used for out of band managment.

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9336/prod_qas0900aecd806ed74b_ps2797_Products_Q_and_A_Item.html

HTH

Reza

regibbons · ‎06-07-2011

For the VSL links, I am using both of the 10Gb interfaces of the SUP. So far, the only other 10Gb in use is one on each of the blade 7's, one to each 6509 at home office - although one is shut down due to it causing a loop. We knew that blade 8 would stop functioning, but it wasn't in use to begin with - it is only there because we don't have any blanks available right now. Could those being there cause the problems I am seeing?

To sum my previous post:

Is there anything in this physical configuration that would prevent blade 2 in switch 2 from functioning properly?

Is there anything I need to do in VSS mode to prevent the spanning tree loop that occurs when I turn up the second 10Gb link back to home office?

vann_will · ‎07-18-2012

Hey Russell

I don't know know if your issue has been solved yet or not, but if it has not try and see if this works.

Have you set the devices for SSO/NSF, if not please implement by during the following command:

conf t

redundancy

mode sso

exit

router ospf 1

nsf

exit

What this command does is set the Supervisor Engines up for State Switch Over as well as keep the data flowing between both sup engines in the VSS.

Let me know if this helps or not.

Also if you have done these commands can you please post the config setup for the VSS