Cisco 4500-E / 4500-X Serisi Switchlerde Virtual Switching System (VSS) Teknolojisi ve Konfigürasyonu

Bu yazımda cisco 4500/6500 serisi switch ürün ailelerinde sıklıkla kullanılan Virtual Switching System (VSS) yani IT dilinde sıklıkla kullandığımız cluster, stacking teknolojisinden bahsedeceğim.

Amacımız 2 switchi alıp bu özel teknoloji ile birbirine bağlayarak:

– Active/Active çalışan bir yapı kurmak,
– Spanning-Tree bağımlılığını ortadan kaldırmak,
– “N” verim alacak iken  diğer switchi de yatırmadan çalıştırarak “2N” verim almak.

 

VSS1

VSS yaptığımız switchlerde data plane aynı anda her iki switchte de aktif olarak kullanılmaktadır. Bu da bize gateway yedekliliği sağlayan FHRP protokollere (HSRP, VRRP, etc.) göre daha fazla throughput sağlamaktadır. Yukarıdaki şekilden de görüleceği üzere mantıksal anlamda 2 switch tek bir switch gibi çalışmaktadır.

VSS’i 2 adet switch ile yapıyoruz. VSS’e üye switchler birbirlerine standard Gigabit veya 10 Gigabit Ethernet bağlantıları üzerinden Virtual Switch Link (VSL) ile bağlanmaktadır. VSL üzerinden switchler arasındaki control plane trafiğinin yanı sıra kullanıcı trafiği de geçmektedir. Gereksinimleri altta bulabilirsiniz.

Ben örnek olarak VSS’i 4500X serisi switchler üzerinde yapılandıracağım.

Gereksinimler:

  1. 4500-E / 6500 serisi switchlerde VSS yapılacak ise şaseler üzerinde benzer işleve sahip supervisor’lerin bulunması gerekmektedir. Örneğin:
    1. 4500-E için Supervisor Engine 7-E veya 7-LE bulunmalıdır.
  2. Cihazlar üzerinde aynı IOS ve ROM versiyonu bulunmalıdır.
  3. Lisans olarak mimimum IP base olmalıdır.
    Feature LAN Base IP Base Enterprise Service
    • Virtual Switching System (VSS

     

    No Yes
    (SUP7E only)
    Yes
    • Support for Layer 3 MEC—VSS with Layer 3 Multichassis EtherChannel (MEC) at the aggregation layer
    • Support for VSLP Fast Hello—With VSLP Fast Hello, the Catalyst 4500-X configured for VSS can now connect Access Switches that do not support the ePAgP protocol.
    • Support for VSL Encryption
    • Support for Asymmetrix chassis
    No Yes (SUP7E)No (SUP7LE) Yes (SUP7E)Yes (SUP7LE)
  4. 1G ve 10G ethernet bağlantısı desteği vardır. 4500’lerde tavsiye edilen 10G portlar üzerinden yapılmasıdır.

Konfigürasyon:

    1. Öncelikle 4500-X switchlerin IOS ve ROM versiyonlarını karşılaştırıyoruz. Farklılık varsa cisco tarafından tavsiye edilen versiyonlara geçiş yapıyoruz
Switch-01#show version 
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.05.03.E RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Mon 05-May-14 10:33 by prod_rel_team



Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.



ROM: 15.0(1r)SG11
BackBone-SW uptime is 2 hours, 1 minutes
Uptime for this control processor is 2 hours, 3 minutes
System returned to ROM by reload
System image file is "bootflash:cat4500e-universal.SPA.03.05.03.E.152-1.E3.bin"
Jawa Revision 2, Winter Revision 0x0.0x40

Last reload reason: Reload command



License Information for 'WS-C4500X-16'
    License Level: ipbase   Type: Permanent
    Next reboot license Level: ipbase

cisco WS-C4500X-16 (MPC8572) processor (revision 9) with 4194304K bytes of physical memory.
Processor board ID JAE1852049Z
MPC8572 CPU at 1.5GHz, Cisco Catalyst 4500X
Last reset from Reload
12 Virtual Ethernet interfaces
32 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

Configuration register is 0x2102

Switch-02#show version 
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.05.03.E RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Mon 05-May-14 10:33 by prod_rel_team



Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved.  Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0.  The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.  For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.



ROM: 15.0(1r)SG11
BackBone-SW uptime is 2 hours, 51 minutes
Uptime for this control processor is 2 hours, 53 minutes
System returned to ROM by reload
System image file is "bootflash:cat4500e-universal.SPA.03.05.03.E.152-1.E3.bin"
Jawa Revision 2, Winter Revision 0x0.0x40

Last reload reason: Reload command



License Information for 'WS-C4500X-16'
    License Level: ipbase   Type: Permanent
    Next reboot license Level: ipbase

cisco WS-C4500X-16 (MPC8572) processor (revision 9) with 4194304K bytes of physical memory.
Processor board ID JAE1852049Z
MPC8572 CPU at 1.5GHz, Cisco Catalyst 4500X
Last reset from Reload
12 Virtual Ethernet interfaces
32 Ten Gigabit Ethernet interfaces
511K bytes of non-volatile configuration memory.

Configuration register is 0x2102

2.Lisansları kontrol ederek, aynı seviyede olduklarını görüyoruz.

Switch-01#show license image levels 
Module name        Image level  Priority  Configured  Valid license
--------------------------------------------------------------------
WS-C4500X-16       entservices  1         NO          entservices             
                   ipbase       2         NO          ipbase                  

Module Name     Role           Current Level     Reboot Level
--------------------------------------------------------------------
WS-C4500X-16    Active         ipbase            ipbase            

 

Switch-02#show license image levels 
Module name        Image level  Priority  Configured  Valid license
--------------------------------------------------------------------
WS-C4500X-16       entservices  1         NO          entservices             
                   ipbase       2         NO          ipbase                  

Module Name     Role           Current Level     Reboot Level
--------------------------------------------------------------------
WS-C4500X-16    Active         ipbase            ipbase            

3. Virtual Switch Domain ve Switch Numaralarının Belirlenmesi

Dikkat: Virtual Domain ID aynı, switch ID farklı olmalıdır.

Switch-01#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
Switch-01(config)#switch virtual domain 10 
Domain ID 10 config will take effect only after the exec command 'switch convert mode virtual' is issued 
Switch-01(config-vs-domain)#switch 1 
Switch-01(config-vs-domain)#end
Switch-02#conf t 
Enter configuration commands, one per line. End with CNTL/Z. 
Switch-02(config)#switch virtual domain 10 
Domain ID 10 config will take effect only after the exec command 'switch convert mode virtual' is issued 
Switch-02(config-vs-domain)#switch 2 
Switch-02(config-vs-domain)#end 

4.VSL Port Channel Oluşturulması

Dikkat: Port-channel numaraları muhakkak farklı olmalıdır. Yoksa benim gibi aynı verip 2 saatinizi neden çalışmadığını çözmeye çalışmakla geçirebilirsiniz 🙂

Switch-01(config)#int port-channel 9 
Switch-01(config-if)#switchport 
Switch-01(config-if)#switch virtual link 1 
Switch-01(config-if)#no shut 
Switch-01(config-if)#exit 
*Jan 24 05:19:57.092: %SPANTREE-6-PORTDEL_ALL_VLANS: Port-channel5 deleted from all Vlans
Switch-02(config)#int port-channel 10 
Switch-02(config-if)#switchport 
Switch-02(config-if)#switch virtual link 1 
Switch-02(config-if)#no shut 
Switch-02(config-if)#exit 
*Jan 24 05:19:57.092: %SPANTREE-6-PORTDEL_ALL_VLANS: Port-channel5 deleted from all Vlans

5.VSL Port Konfigürasyonu

(Benim kurduğum topolojiye göre switchler birbirlerine 1/15 ve 1/16 portlarından bağlılar. Her switchin portunu bir önceki adıma göre channel-group’a atıyoruz.)

Switch-01(config)#int range te1/15 - 16 
Switch-01(config-if-range)#switchport mode trunk 
Switch-01(config-if-range)#channel-group 9 mode on 
WARNING: Interface TenGigabitEthernet1/15 placed in restricted config mode. All extraneous configs removed! 
WARNING: Interface TenGigabitEthernet1/16 placed in restricted config mode. All extraneous configs removed! 
Switch-01(config-if-range)#exit 
Switch-02(config)#int range te1/15 - 16 
Switch-02(config-if-range)#switchport mode trunk 
Switch-02(config-if-range)#channel-group 10 mode on 
WARNING: Interface TenGigabitEthernet1/15 placed in restricted config mode. All extraneous configs removed! 
WARNING: Interface TenGigabitEthernet1/16 placed in restricted config mode. All extraneous configs removed! 
Switch-02(config-if-range)#exit 

6.Virtual Switch Mode’a Geçiş

Switchlerin “Virtual Switch” mode’a geçiş yapmaları için gerekli komutu önce 1. switchte (reboot olup açıldıktan sonra), sonrasında da 2. switchte yazıyoruz.

Switch-01#switch convert mode virtual 
This command will convert all interface names to naming convention "interface-type switch-number/slot/port", save the running config to startup-config and reload the switch. 
Do you want to proceed? [yes/no]: yes 
Converting interface names Building configuration... 
Compressed configuration from 6451 bytes to 2781 bytes[OK] 
Saving converted configuration to bootflash: ... 
Destination filename [startup-config.converted_vs-20130124-062921]? 
Please stand by while rebooting the system... 
Restarting system. 
Rommon (G) Signature verification PASSED
Rommon (P) Signature verification PASSED
FPGA   (P) Signature verification PASSED
Switch-02#switch convert mode virtual 
This command will convert all interface names to naming convention "interface-type switch-number/slot/port", save the running config to startup-config and reload the switch. 
Do you want to proceed? [yes/no]: yes 
Converting interface names Building configuration... 
Compressed configuration from 6111 bytes to 2713 bytes[OK] 
Saving converted configuration to bootflash: ... 
Destination filename [startup-config.converted_vs-20130124-062921]? 
Please stand by while rebooting the system... 
Restarting system. 
Rommon (G) Signature verification PASSED
Rommon (P) Signature verification PASSED
FPGA   (P) Signature verification PASSED

Bu komutların girilmesinin ardından switchler kapanıp açılarak her switchin Virtual Switch mode’a geçiş yapmış ve VSS konfigürasyonunun tamamlanmış olması gerekiyor. Artık switch portlarının gösterimi de (module/port) şeklinde değil (switch/module/port) şeklinde olacaktır.

Doğrulama:

1. Artık sadece active olan switche console üzerinden bağlanabilir veya telnet/ssh yaptığımızda active switch üzerinde session açılmış olarak göreceğiz.

Passive olan switche console ile bağlanmak istediğimizde:

Switch-02-standby> Standby console disabled

şeklinde bir ekran ile karşılaşacağız.

Domain ID ve switch ID bilgisinin kontrolü için:

Switch-01#show switch virtual 

Executing the command on VSS member switch role = VSS Active, id = 1


Switch mode                  : Virtual Switch
Virtual switch domain number : 10
Local switch number          : 1
Local switch operational role: Virtual Switch Active
Peer switch number           : 2
Peer switch operational role : Virtual Switch Standby

Executing the command on VSS member switch role = VSS Standby, id = 2


Switch mode                  : Virtual Switch
Virtual switch domain number : 10
Local switch number          : 2
Local switch operational role: Virtual Switch Standby
Peer switch number           : 1
Peer switch operational role : Virtual Switch Active

2. Switchlerin VSS’teki rolleri için:

Switch-01#show switch virtual  role 

Executing the command on VSS member switch role = VSS Active, id = 1

RRP information for Instance 1

--------------------------------------------------------------------
Valid  Flags   Peer      Preferred  Reserved
               Count     Peer       Peer

--------------------------------------------------------------------
TRUE    V        1           1          1

Switch  Switch Status  Preempt       Priority  Role     Local   Remote
        Number         Oper(Conf)    Oper(Conf)         SID     SID
--------------------------------------------------------------------
LOCAL   1      UP      FALSE(N )     100(100)  ACTIVE   0       0   
REMOTE  2      UP      FALSE(N )     100(100)  STANDBY  5305    6073

Peer 0 represents the local switch

Flags : V - Valid 
In dual-active recovery mode: No


Executing the command on VSS member switch role = VSS Standby, id = 2

RRP information for Instance 2

--------------------------------------------------------------------
Valid  Flags   Peer      Preferred  Reserved
               Count     Peer       Peer

--------------------------------------------------------------------
TRUE    V        1           1          1

Switch  Switch Status  Preempt       Priority  Role     Local   Remote
        Number         Oper(Conf)    Oper(Conf)         SID     SID
--------------------------------------------------------------------
LOCAL   2      UP      FALSE(N )     100(100)  STANDBY  0       0   
REMOTE  1      UP      FALSE(N )     100(100)  ACTIVE   6073    5305

Peer 0 represents the local switch

Flags : V - Valid 
In dual-active recovery mode: No

3. VSL ile ilgili bilgi almak için

Switch-01#show switch virtual link 

Executing the command on VSS member switch role = VSS Active, id = 1


VSL Status : UP
VSL Uptime : 20 hours, 0 minutes
VSL Control Link : Te1/1/15 
VSL Encryption : Configured Mode - Off, Operational Mode - Off


Executing the command on VSS member switch role = VSS Standby, id = 2


VSL Status : UP
VSL Uptime : 20 hours, 0 minutes
VSL Control Link : Te2/1/15 
VSL Encryption : Configured Mode - Off, Operational Mode - Off

4. VSL Port Channel ile ilgili bilgiyi görüntülemek için

Switch-01#sh switch virtual link port-channel

Executing the command on VSS member switch role = VSS Active, id = 1

Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator

M - not in use, no aggregation due to minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
d - default port

w - waiting to be aggregated

Group Port-channel Protocol Ports
------+-------------+-----------+-------------------
9 Po9(SU) - Te1/1/15(P) Te1/1/16(P)
10 Po10(SU) - Te2/1/15(P) Te2/1/16(P)

Executing the command on VSS member switch role = VSS Standby, id = 2

Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use N - not in use, no aggregation
f - failed to allocate aggregator

M - not in use, no aggregation due to minimum links not met
m - not in use, port not aggregated due to minimum links not met
u - unsuitable for bundling
d - default port

w - waiting to be aggregated

Group Port-channel Protocol Ports
------+-------------+-----------+-------------------
9 Po9(SU) - Te1/1/15(P) Te1/1/16(P)
10 Po10(SU) - Te2/1/15(P) Te2/1/16(P)

5. Son olarak da redundancy(yedeklilik) durumunu  ve switchlerdeki IOS, config register parametrelerini görüntülemek için

Switch-01#show switch virtual redundancy 

Executing the command on VSS member switch role = VSS Active, id = 1


                  My Switch Id = 1
                Peer Switch Id = 2
        Last switchover reason = none
    Configured Redundancy Mode = Stateful Switchover
     Operating Redundancy Mode = Stateful Switchover

Switch 1 Slot 1 Processor Information :
-----------------------------------------------
        Current Software state = ACTIVE
                 Image Version = Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 15.2(1)E3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Mon 05-May-14 10:33 by prod_rel_team
                          BOOT = bootflash:cat4500e-universal.SPA.03.05.03.E.152-1.E3.bin,1;
        Configuration register = 0x2102
                  Fabric State = ACTIVE
           Control Plane State = ACTIVE

Switch 2 Slot 1 Processor Information :
-----------------------------------------------
        Current Software state = STANDBY HOT (switchover target)
                 Image Version = Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 15.2(1)E3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Mon 05-May-14 10:33 by prod_
                          BOOT = bootflash:cat4500e-universal.SPA.03.05.03.E.152-1.E3.bin,1;
        Configuration register = 0x2102
                  Fabric State = ACTIVE
           Control Plane State = STANDBY


Executing the command on VSS member switch role = VSS Standby, id = 2

show virtual switch redundancy is not supported on the standby

Kişisel Not: 4500X serisi switchler 4500-E ve 6500 serisi ürünlere göre daha yeni olduğundan eski IOS’larında sıkca bug’a rastlayabilirsiniz. Bu ürünlerde mümkün olduğunda güncel firmware kullanmak faydanıza olacaktır.

Detaylı bilgi için 6500 serisi switchlerdeki Sıklıkla Sorulan Sorular kısmını inceleyebilirsiniz.