As for the control plane, one more thing is worth noting. Since the active control plane is only on one of the switches, all network protocols traffic is processed by it. For example, the traffic of dynamic routing protocols (OSPF, EIGRP, etc.) should eventually get to the active control plane. This means that if it first gets on the redundant switch, this traffic will be transmitted to the main switch via VSL channel. The response packets can be sent directly from the main switch (priority option), or they can be transmitted through the backup switch. This depends on a few things: the type of network protocol and the presence of a direct channel from the main switch to the recipient.
If we deal with switches 4500E/6500E/6800, we can install two supervisors in each of them (so to speak, we will duplicate the duplicated one). VSS also supports this configuration (called Quad-Supervisor). This is necessary when we don't want to lose the overall performance of the system in case one of the supervisors fails. For all variants except Sup2T, the second supervisor in the chassis works in Route Processor Redundancy. This means that the second supervisor goes into the operating mode (becomes a backup in the VSS section) only after rebooting the entire chassis. In the case of Sup2T, the second supervisor in one chassis works in SSO mode and no reboot is required.
Now let's talk about transferring user traffic through the virtual VSS switch. Still, this is its main task. One of the main reasons to use VSS is the ability to aggregate multiple channels coming to different switches (in Cisco terms - Multichassis EtherChannel (MEC)). It is a question of connecting external devices (for example, other switches) to the virtual switch.
When we aggregate several channels into one logical one within VSS, one of the dynamic aggregation protocols (PAgP or LACP) or static EtherChannel (ON mode) can be used. Hash-based mechanism is responsible for traffic distribution within the logical channel. The hash function is applied to specific header fields of the transmitted traffic. For example, the hash function can be applied to the value of the sender's IP address. In this case, if we have two channels aggregated, the first channel will transmit traffic flows with even sender's IP-addresses and the second - odd ones. This allows you to distribute traffic flows between different channels united in one etherchannel. In more complex variants, several parameters (e.g. Src IP + Dst IP + Src Port + Dst Port + Dst Port) can influence the decision on the channel selection.
In the case of VSS, the following rule always works: first of all, local communication channels are used to transmit traffic within MEC (Figure 5). This is done in order not to overload the VSL channel. Note that this statement for the 6500E/6800 is valid for both the MEC and Equal Cost Multipath cases (if the connection between the virtual switch and the adjacent device is via separate L3 channels).
It doesn't matter how much bandwidth we have for each switch. In our example, even if we have a double link between SW2 and SW3, packets arriving at SW1 and addressed to recipients behind SW3 will always go through a single local port. But if this connection is broken (or if the SW3 switch was originally connected only to SW2), all traffic will go through the VSL channel (Figure 6).
Hence, we conclude that the recommended scheme of VSS operation is to connect devices simultaneously to both VSS switches (Figure 7). In this case the traffic will be distributed between both VSS switches and we will get the increase of the whole system performance almost twice as much as one switch. Otherwise, we load the VSL channel and lose the total performance of the system (consuming on the processing of one traffic flow of power of both switches).
In order to improve the work of the mechanisms of traffic balancing within MEC channels, the following functions were added for VSS technology:
- Adaptive hash allocation - when adding and removing channels, the system tries to keep the traffic flows on the same channels as they were.
- In our example , when adding a third channel, only the 7th and 8th traffic streams will be affected.
- The variants of traffic balancing between channels are extended (for example, VLAN number can be used), and also the additional pseudo-random identifier Unique ID is used. All this is added to prevent the effect of traffic polarization (when traffic is mainly transmitted only through certain channels, underloading others).