6509E VSS w/Quad-Sup 720 - Traffic Forwarding Issue

Hello all,
I ran into an interesting problem yesterday evening while performing a quad-sup upgrade to an existing dual-sup 6509E VSS architecture. Unfortunately, the expiration of my maintenance window forced me to roll back the changes before I had the opportunity to truly discover the root issue, however, I wanted to post my experience on Support Forums with the hope that someone else has run into it before.
The customer I was working with has an existing dual-sup (720) environment operating in VSS mode. Both sup's were installed an operational in slot 5 of each chassis. The switch ID's had been assigned as 1 and 2, and the VSL was comprised of the two 10GE interfaces connected between each of the sup modules (1/5/4-2/5/4 and 1/5/5-2/5/5). The customer wanted to increase their intra-chassis redundancy by installing two additional sup 720 modules in slot 6 of each chassis, and adding these 10GE interfaces to the VSL.
The overall upgrade went very well. I began by physically installing an additional sup 720 in slot 6 of the VSS standby chassis, and the sup module came up into RPR-Warm status (which is the desired state). I then physically installed an additional sup 720 in the VSS active chassis, and it too came up into RPR-Warm status. After reviewing the VSS redundancy state, I determined that everything looked good, and proceeded to add the additional 10GE links (1/6/4-2/6/4 and 1/6/5-2/6/5) into the VSL configuration. I then physically connected the additional VSL links (but shifted them around as to achieve diversity between the chassis (1/5/4-2/5/4, 1/5/5-2/6/5, 1/6/4-2/6/4, 1/6/5-2/5/5). I then reviewed the VSL link state and EtherChannel state, and everything looked great.
At that point, we were pretty much done with the switch configuration, and proceeded to verify that server/network resources were not affected. I found that there seemed to be an issue sending traffic across the VSL. For example, some physical servers connected to switch ID 1 were having a difficult time communicating to physical servers connected to switch ID 2 (this customer is still working on dual-homing hosts). I looked at all of the obvious things - physical VSL interfaces, EtherChannel status, etc., and everything looked good. I then proceeded to remove physical VSL interfaces from the configuration, eliminating those that were added that evening (e.g., all interfaces except the original 1/5/4-2/5/4 were removed) - nothing. At this point, I was 10 minutes from the expiration of the maintenance window and was forced to roll back. It wasn't until the newly added sup's were physically removed from the chassis that the issue subsided. That said, I was able to conclude that the VSL wasn't the problem at all, but perhaps the installation of the sup's was??
All of the sup 720's were running 12.2(33)SXI6 code, which I had verified to be a safe harbor version (although there are known bugs, none appear to be related to this issue).
Has anyone run into this issue before? Any thoughts would be appreciated!

You bring up VSS outside of the current environemnt. Create all vlans with a spanning tree priority higher than the existing.
Create all the vlan interfaces and leave them shutdown.
Connect the existing core to the new VSS core. Make sure that all vlans are properly crossing the trunk between old and new cores. Depending on how you're routing is set up, you might need to create a vlan to use for routing updates only.
At this point, you can start changing spanning tree priorities to move the root of the vlans to the vss. Once these have been moved, you can start to manipulate hsrp.
Whichever switch has the backup interface, shut those interfaces down. After this is done, shut the vlan inteface on the old core and no shut on the vss. Since vss doesn't use hsrp, it's hard to manipulate the vss since you want the vlan interface to be the previous standby ip.
Flipping the vlan intefaces shouldn't cause any issues. I've done this method several times in large hospitals with no issues.
Once you have the vss running, you can move the access switches 1 link at a time. Make sure you're running rapid pvst.
The method I've used for this is to create a port channel on both the access switch and the vss. On the vss, you can assign the interfaces into the port channel immediately. On the access switch, disconnect one of the interfaces that goes to the old core. Add the disconnected inteface into the port channel then plug it back in. It should come up as the only member of the etherchannel. After you verify this link is up properly, perform the same with the second uplink on the access switch. When you plug it in, it should join the channel and you should be fine. With rapid pvst, nothing should be noticeable when the links block and unblock.

Similar Messages

  • VSS Quad Sup Question

    Hi, 
    We have two chassis 4500's with Quad Sup's. They are currently in VSS mode with Secondary Sup in each Chassis in Rom mon. 
    Our problem is contained to the chassis themselves, not the VSS.
    When we do power failure test, the chassis reboots but the now rom mon mode supervisor powers up and becomes Primary. It does not have the configuration of the Primary Supervisor. 
    So we need to know -
    1. Does the config get synced, if not do you have to manually load config from primary sup if it fails. 
    2. Can you force a specific supervisor in a chassis to be Primary. 
    Thanks

    When we do power failure test, the chassis reboots but the now rom mon mode supervisor powers up and becomes Primary. It does not have the configuration of the Primary Supervisor.
    Without VSS, if a chassis has dual-supervisor card, the configuration of the primary card is always synchronized to the standby card.  Same goes with VSS (single- or dual supervisor card per chassis):  The configuration is synchronized to all "on-line" supervisor card. 
    The only time this doesn't happen is when the standby card is either in ROMmon or couldn't join the "redundancy" (of a dual-supervisor card per chassis or VSS) due to incorrect IOS.

  • Sup 720 Fabric questions

    Hi,
    If you use a 6509-E with a Sup 720 this gives you a 720 Aggregate switch fabric which is broken down across all of teh 9 slots. However each slot only has 2 x 20 Gbps interfaces, so if you plugged in a 48 10/100/1000 you will not be able to get the full 48 Gbps throughput.
    I know it is probably impossible to generate so much traffic but i am curious as the modules are marketed as non-blocking?
    does anybody have some infor on this
    Thanks

    Fabric channels run at 20 Gbps Full Duplex, so 20 Gbps in / 20 Gbps out, so the claim is 40 Gbps in full duplex and 80 Gbps/slot with dual fabric channels
    Search for 80 Gbps:
    http://www.cisco.com/en/US/products/hw/modules/ps4835/products_data_sheet09186a00801dce34.html

  • 6500 sup 720 with MPLS, GRE and FWSM problem

    We have 6500 sup 720 with MPLS configured and FWSM in transparent  mode. We also terminate GRE tunnels on the same 6500.
    After implementing the command “mls mpls tunnel-recir” GRE tunnels are hardware switched (which we want them to be), but we don’t have any more connection from locations thru GRE tunnels to servers behind FWSM.
    Does anybody have idea how to solve this problem?

    Hi,
    not sure what you mean exactly.
    the command “mls mpls tunnel-recir” is needed to avoid packets corruption in cases where the Supervisor engine is handling both the GRE header encapsulation and the MPLS label stack imposition. Since it cannot do it in one single shot (without causing random corruption) recirculation is needed. Nevertheless its presence does not influence whether the GRE traffic is handled in hardware or in software. Even without it, IF THE GRE TUNNELS ARE CORRECTLY CONFIGURED (meaning that each GRE tunnels has its unique source address etc.), the traffic is handled in hardware.
    However since you say that after you enabled it you don't have connectivty anymore I suppose that some issue related to recirculation is happening (i.e. traffic ends up in the wrong internal vlan after recirculation).
    Unfortunately the support forum is not meant to help in this case as in-depth troubleshooting is required. For that you need a TAC case.
    regards,
    Riccardo

  • EFSU and quad-sup

    Hello,
    I need help on this. I have two Cisco Catalyst 6807 with quad sup 2T.  I'm trying to upgrade to latest IOS with the following procedure :
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/config_guide/sup2T/15_1_sy_swcg_2T/enhanced_fast_software_upgrade_efsu.html
    I'm upgrading from IOS 151-2.SY1 to 151-2.SY2.
    So I'm doing this :
    # issu loadversion bootdisk:s2t54-adventerprisek9-mz.SPA.151-2.SY2.bin
    At this point, the standby-ICS sup reboot fine with the new IOS.
    Then the standby sup reboots and after several minutes I always get this :
    * %ISSU_PROCESS-SW1-3-ABORT: Starting abort sequence, reason: LOADVERSION: New Standby has failed to respond
    At this point, the process fail and do a rollback.
    So my question is, does eFSU supports quad-sup ?
    Thanks

    Hi Richard,
    i dont think the whole switch will go down since it falls back to Chassis A Supervisor 2 and Chassis B supervisor 2 will be VSS standby Sup and Inchassis active for Chassis 2.
    Please read the Supervisor Switchover Events under the below link for a better understanding.
    http://www.cisco.com/c/en/us/products/collateral/switches/mgx-8800-series-switches/white_paper_c11-729039.html
    Hope this helps you. 
    "Rating encourages particpation"
    Thanks
    Madhu.

  • Difference between RSP-720 and SUP-720 on 7600

    Hi all,
    I wonder what's the big difference between RSP-720 and SUP-720. both have almost the same feature set, performance and also same price. Anyone can explain in detail?
    This can also be applied to difference between 6500 and 7600 and narrow difference between routers and switches these days.

    There are tons of differences between the RSP and the SUP 720.
    http://www.cisco.com/en/US/prod/collateral/routers/ps368/product_data_sheet0900aecd8057f3b6.html
    Look @ the " Hardware Enhancements over Supervisor Engine 720" section
    The 6500 and 7600 are diverging in terms of software release support on 12.2(33)SX* for 6500 and 12.2(33)SR* for 7600 which means the feature sets will be diametrically opposite.
    E.g. VSS on Cat6k's is not available on 7600's

  • Sup 720 unlabelled Red LED

    I have a pair of 6513s with a pair of Supervisors in each and on one of the standby (Sup 720) front panel is a RED LED. This LED has no label and is just to the left of the Console port. I have checked reference documents and this LED is not mentioned? Any idea? Thanks

    Hi
    I feel the sup mite have got stuck up in rommon prompt and requires manual boot command to boot it up..
    once it gets booted up check out the valid ios file in the disk0 or disk1 and configure the boot system command accordingly.
    once you are thru with that save the config and check with show bootvar to verify whether the changes got replicated or not..
    regds

  • MPLS support GEC on 7600 with SUP-720-3BXL ?

    Hi all
    Could someone let me know does 7600 with SUP-720-3BXL support full MPLS, MPLS-TE, QoS, ... on Gigabit Ethernet channel interface ?
    Which port interface (LAN/WAN, ...) does 7600/SUP-720-3BXL support full MPLS features ?
    And does 10GBASE XENPAR Modules support full MPLS features ?
    thanks you

    The Cisco 7200 Series offers numerous LAN and WAN interfaces for diverse connectivity requirements. Modular processors for the Cisco 7200 Series provide flexibility as their need grows. The three onboard Gigabit Ethernet interfaces,in the Cisco 7301 VAM2+ security router bundle provides the same high performance.For further information verify the following URL:
    http://www.cisco.com/en/US/products/hw/routers/ps341/prod_bulletin0900aecd80205255.html

  • Sup 720 & Sup 32 with WS-X6408-GBIC

    I have an old 6509 with sup 1 and some WS-X6408-GBIC. Now i will upgarde to Sup 720 or Sup 32.
    I need to confirm if WS-X6408-GBIC ( no A) is compatible with the new sups? specially with the shared Bus limitation on the module.

    Ran your configuration through dynamic config tool (www.cisco.com/dprg) and it doesnt show support for that gbic blade. The closest i can find is 6408A.
    HTH
    PS: please remember to rate helpful posts!

  • Weird CSS forwarding Issue

    Hi all.
    I am having some weird forwarding issue using a pair of 11503 CSS (Box-to-box redundancy).
    Here is my L3 network topology:
    Internet
    |
    | CP FW-1 |
    |
    |
    |6500-Sup720|
    |
    |
    | CSS 11503 |
    |
    |
    |
    Client
    I have drawn only one device because redundancy is achieved via HSRP on 6500, Active/Standby on CSS.
    Moreover, L2 connectivity is provided by 2 4507 (CSS are connected 1 x 4500 on different vlans), connected to the 6500 via gigabit fiber connections.
    A LDAP server is located on the internet and when the client tries to issue an LDAP query, it could take up to 2 minutes to have the reply back (20 seconds in the best cases). If I move the L3 on the 4500 or the 6500, the request takes form 1 to 2 seconds to complete.
    We have tried both CSS, both 4500, both 6500, different clients with the same results. We upgraded the WebNS to the latest release (7.50.004). We changed physical cables, physical ports on CSS and switches, moved clients on other vlans on CSS, 4500 and 6500 and the results are always the same.
    Neither errors on CSS interfaces, nor on 4500 interfaces, nor on 6500 interfaces.
    I captured traffic via snoop on the Sun Client, and also with monitoring session on catalyst 4500, and when the CSS is routing, I can see lots of duplicate acks, tcp out of sequence, retransmissions which disappear when routing is performed by 6500 or 4500.
    I was wondering if there is anything connected to the L3 1500 bytes size of every frames (the query produces an output of about 600k). We are at the L3 MTU limit... We also tried with ftp, but in that case everything was fine also with CSS. It looks like there something ldap related at least. The ldap query is a normal query, tcp port 389. The command come and go very well, the actual data transfer produces all the crappy tcp output (retransmission, lost segments ecc...).
    I am very confused, CSS is not balancing, it's only forwarding traffic.
    Sorry for my long post, any help will be really appreciated!
    Regards
    Massimo Magnani.

    From your statements i understand that you want to know how to load balance using CSS. Content rules are where the CSS's load balancing features are customized, virtual IP address are defined, and where the actual servers (called services) are bound to that virtual IP address. Content rules allow you to specify load balancing types, sticky methods, port specific Virtual IP addresses, and a host of other features Refer to the following URL to understand how CSS load balancing works and how CSS load balancing can be configured.
    http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_configuration_example09186a008009438d.shtml

  • Home Hub 3 Port Forwarding Issue - Question to BT

    Question to BT
    Hello i have recently joined BT Infinity and have hit the issue of the Port Forwarding not working. My HH3 is on the following version of software. Will this version automatically upgrade to the latest version of firmware and will this fix my port forwarding issue?
    As i work in IT (Cisco Network Eng) i need to be able to access several devices/services at home and this is a real pain for me. If you think that this could drag on as some posts have indicated could you please let me know and i will either get a draytek or throw in a cisco 1841.
    Thank you
    Dean.
    Current firmware:
    V100R001C01B031SP09_L_B
    Last updated:
    Unknown

    requiem wrote:
    Question to BT
    Hello i have recently joined BT Infinity and have hit the issue of the Port Forwarding not working. My HH3 is on the following version of software. Will this version automatically upgrade to the latest version of firmware and will this fix my port forwarding issue?.........
    Thank you
    Dean.
    Current firmware:
    V100R001C01B031SP09_L_B
    Last updated:
    Unknown
    Hi Dean
    By the look of it you've got the type B version of the HH3 with current firmware.
    From http://bt.custhelp.com/app/answers/detail/a_id/13073
    The latest versions of the firmware are:
    BT Home Hub 3 – Software version 4.7.5.1.83.8.57.1.3 (Type A) or V100R001C01B031SP09_L_B
    Please Click On any Text in Blue as that automatically links to information.
    PC (NDEGR)

  • Quantum Gateway Port Forwarding issues

    This post can be removed.... the port forwarding worked once I set it up under "Advanced Settings -> Network Settings ->Port Forwarding" instead of "Firewall -> Port Forwarding"
    Hello,
    I am having an issue setting up port forwarding.  I have made several attempts to make port forward TCP 8096, but it continues not to work.  I had it working with no problems at my with my old router before we moved so I know it's not an issue with my computer firewall or antivirus and MediaBrowser is working fine on the local network. Is anyone else experiencing Port Forwarding issues?  Also when will DMZ be enabled on this gateway?
    Any help would be apprciated. I'm trying to setup MediaBrowser so I can schedule recordings when i'm not at home.
    Thanks!
    Armyb77
    This post can be removed

    See kayster contribution here.
    SYNOLOGY DS214 - Remote access via BT Home Hub
    There are some useful help pages here, for BT Broadband customers only, on my personal website.
    BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones.

  • Post Moved Mac Port Forwarding Issues

    Post Moved to Other BB Queries http://community.bt.com/t5/Other-BB-Queries/Mac-Port-Forwarding-issues/td-p/550779
    If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’

    Does this help...?
    http://community.bt.com/t5/Other-BB-Queries/Port-forwarding-and-Loopback-DO-work-YMMV/m-p/538328

  • WRTU54G-TM Port Forward issues, DHCP server disabled but still gives out addresses

    I've seen other posts about port-forwarding issues.  I've had to hard-reset the device twice in 2 months to clear this up.
    One issue that I can't figure out at all is that the DHCP server gives out addresses when it is set to disabled.  This is a problem because it gives out the public DNS servers, which will not resolve addresses on my LAN.  Anyone else seen this?
    Anyone had success putting this router behind a better one and still getting the phone SIM to register and work? 

    Have you tried to upgrade the firmware on your Router?
    Click Download  the latest firmware for your Router and save the Firmware file on your Desktop. 
    Once you Download the firmware for your Router, Now you need to login to the Router setup page and click on the "Administration" tab and below click on "Firmware Upgrade" and then click on the Browse Button and select the firmware file and click on Upgrade. 
    Once the firmware is upgraded successfully then you need to Reset your Router and Re-configure all the settings on your Router from scratch. 

  • RealVNC with Quad Core Mac Mini "Refresh Issues"

    Upgraded my Mac Mini server from a dual core to Quad Core machine.  Headless machine, hence used RealVNC to administrator it.  So when I utilised RealVNC, connecting via an ipad and the quad core machine had "Refresh Issues"!!  Went back to the Dual Core machine and you can view everything in real-time!  Can't explain it and the RealVNC people can't understand it either, yet!!!???

    It has a wired ethernet connection, the wireless is on but more for "location" services.  And no USB 2.0 or 3.0 devices attached, in fact it's headless, and only the power and ethernet connection attached.  But interesting to learn of the wireless issues on the new mini's.  Thanks!

Maybe you are looking for

  • Time off by an hour in Calendar alarms

    Experiencing my alarms in Calendar appts off by 1 hour (early). I have checked Settings/General and Settings Mail, Contact, Calendars and they are both set to New York time which should be correct? How do I fix please?

  • Generating PDF from Microsoft Word with C#

    Hello, We have created web-based system for a customer that stores/handles Microsoft word documents and provides these to users as PDF versions. Unfortunately some problems appear with our third-party component that generates PDF from Word. Our custo

  • Another "extract pages" and "split" PDF question

    I have subscribed adobe's convert to pdf and I was happy with convert function until I found out that I can't upload nor convert 59 MB of a file. Tried several methods, non of them worked. I decided to split the pdf or extract pages that I want it to

  • Send purchase order e-mail with release strategy

    Hi!! I have a problem with sending e-mails in purchase order that are blocked with release strategy. I create a purchase order that is block for the release strategy, then I release it. This is working OK, but I can't send an e-mail with this release

  • I have DELETED  calendars showing in my "Sync Calendars" list!?

    Sorry,  neglected to include that this additional information: I am not using any clouds I do not have any calendar subscriptions Thank you.