Ha en Switches Cisco

BRKCRS-2650
Enterprise Network Next

Generation High
Availability
Minhaj Uddin Technical Marketing Engineer

Session Overview and Objectives
High Availability has become part of the Cisco DNA and is being deployed on
all levels of products
In this session, Our focus will be to learn about the existing and new High
Availability features present on the Catalyst 9k Switches. We will also
categorize features based on access and Distribution layer in the Enterprise
Network. In the end we will see how these features can be leveraged
effectively to achieve highly available network. We will also show good
design practices across all the features that will help us achieve better
service availability.
BRKCRS-2650 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda
• High Availability Overview and Evolution
• High Availability Architecture and Designs
• High Availability Solution on the Campus Access
• Stackable High Availability Solution
• Modular High Availability Solution
• High Availability Solution on the Campus Distribution/Core

• Summary/Q&A
Goals
• Efficiently utilize available bandwidth
• Dynamically respond to all types of disruptions
• Leverage most effective design techniques that meet the design
requirements
Where Can Outages Occur?
Remote
• Unplanned Outage
• Planned Outage
Core L3 Protocols
Impact
Application Layer
Link or Device Failure
Distribution L2 Protocols
Impact
Protocol Layer
L3 Link
L2 Link
Access
Physical Layer
Unplanned and Planned Outages
Outages
Unplanned Planned
Device/Link Crashes or Software Hardware

Failure Reloads Upgrade Maintenance
L2/L3 Protocols Impact All Traffic Impact
Options to Mitigate the outages
Remote
• Add more links

• Add more devices
Core
• Leverage FHRP like HSRP and VRRP
• Change the timers
• Tune the application performance
• Etc…
Distribution
L3 Link
Convergence Time?
L2 Link
Failover Detection?
Access
What is the best way ?
Agenda
• High Availability Architecture
High Availability
Architecture in Campus
Enterprise Campus Network Designs
Multi-Tier Layer2/3 Topology Multi-Tier Layer3 Topology
High Availability Architecture in Campus – SSO
Stackwise Virtual
Stateful Switchover (SSO) Catalyst 9500-24Q Catalyst 9500-24Q
SSO
SSO Aware Applications Active Standby
Forwarding Information Base

IEEE 802.1x
PAgP / LACP
…and more
SSO Compliant Applications

Routing Protocols, Netflow, etc
Active
SSO
Standby
Stackwise-480
Active SUP Active
Standby SUP SSO
Standby
Catalyst 9400 Catalyst 9300
SSO by itself Does Not
Provide Redundancy for the
Routing Protocols
Routing Protocol Redundancy With NSF
Active Supervisor/Switch Standby Supervisor/Switch
EIGRP RIB OSPF RIB ARP Table EIGRP RIB OSPF RIB ARP Table
Prefix Next Hop Prefix Next Hop IP MAC Prefix Next Hop Prefix Next Hop IP MAC
192.168.0 192.168.0.1
10.0.0.0 10.1.1.1 10.1.1.1 aabbcc:ddee32 - - - - - -
192.168.55..0 192.168.55.1
10.1.0.0 10.1.1.1 10.1.1.2 adbb32:d34e43 - - - - - -
10.20.0.0 10.1.1.1 192.168.32.0 192.168.32.1 10.20.1.1 aa25cc:ddeee8 - - - - - -
FIB Table SSO FIB Table
Prefix Next HOP Redundancy Facility Prefix Next HOP
10.1.1.1 aabbcc:ddee32 10.1.1.1 aabbcc:ddee32
10.1.1.2 adbb32:d34e43 10.1.1.2 adbb32:d34e43
192.168.0.0 aa25cc:ddeee8 Checkpoint Facility 192.168.0.0 aa25cc:ddeee8
Active Supervisor/Switch Standby Supervisor/Switch
EIG P RIB OSPF RIB ARP Table EIGRP RIB OSPF RIB ARP Table
R
Prefix Next Hop Prefix Next Hop Prefix Next Hop IP MAC
Prefix Next Hop IP MAC
192.168.0 192.168.0.1
- - - - - -
10.0.0.0 10.1.1.1 10.1.1.1 aabbcc:ddee32
192.168.55..0 192.168.55.1
- - - - - -
10.1.0.0 10.1.1.1 10.1.1.2 adbb32:d34e43
192.168.32.0 192.168.32.1 - - - - - -
10.20.0.0 10.1.1.1 10.20.1.1 aa25cc:ddeee8
FIB Table SSO FIB Table
Prefix Next HOP Redundancy Facility Prefix Next HOP
10.1.1.1 aabbcc:ddee32 10.1.1.1 aabbcc:ddee32
10.1.1.2 adbb32:d34e43 10.1.1.2 adbb32:d34e43
192.168.0.0 aa25cc:ddeee8 Checkpoint Facility 192.168.0.0 aa25cc:ddeee8
Standby Supervisor/Switch
EIGRP RIB OSPF RIB ARP Table
Prefix Next Hop Prefix Next Hop IP MAC

192.168.0 192.168.0.1
1-0.0.0.0 -10.1.1.1 -10.1.1.1 a-abbcc:ddee32
192.168.55..0 192.168.55.1
-10.1.0.0 -10.1.1.1 -10.1.1.2 -adbb32:d34e43
-10.20.0.0 1-0.1.1.1 192.168.32.0 192.168.32.1 -10.20.1.1 -aa25cc:ddeee8
FIB Table
Prefix Next HOP
10.1.1.1 aabbcc:ddee32
10.1.1.2 adbb32:d34e43
192.168.0.0 aa25cc:ddeee8
GR/NSF Signaling per protocol
Synchronization per protocol
High Availability Architecture in Campus – SSO/NSF
Stackwise Virtual
Catalyst 9500-24Q Catalyst 9500-24Q
SSO
Active Standby NSF Aware
Non Stop Forwarding(NSF) or

Graceful Restart
OSPF,BGP,LDP, etc
Routing Protocols
Active
NSF Capable
SSO
Standby
Stackwise-480
Active SUP Active
Standby SUP SSO
Standby

Agenda
High Availability in Fixed
Access - Catalyst 9300
High Availability in Campus – Fixed Access
Stackwise Virtual
SSO
Routing Protocols
Fixed Access
NSF Capable
Active
SSO
Standby
Stackwise-480
SSO
Active SUP Active Standby Stackwise-160/80
Standby SUP SSO

Standby

Catalyst 9400
Stackwise-480
High Availability – Stackwise-480
A
Centralized Control Plane
S
Distributed Data Plane

Up to
8 Members
1+1 Stateful Redundancy with

Active & Standby
Stateful Switchover SSO/NSF
Stackwise-480
Stack Active Election
A
1) The stack (or switch) whose member
has the higher user configurable
priority 1–15
2) The switch or stack whose member

has the lowest MAC address
%IOSXE-1-PLATFORM: process stack-mgr: %STACKMGR-1-ACTIVE_ELECTED: Switch 3 has been elected ACTIVE.
Stack Initialization
 Active starts RP Domain (IOSd, WCM,
etc) locally
2min timer
 Programs hardware on all LC Domains LC RP Infra A
 Traffic resumes once hardware is
programmed RP LC Infra
S
 Starts 2min Timer to elect Standby
in parallel
LC Infra
 Active elects Standby
 Standby starts RP Domain locally LC Infra
 Starts Bulk Sync with Active RP

GUIDELINE#show switch
 Standby reaches “Standby Hot” Switch/Stack Mac Address : 2037.0652.a580 - Local Mac Address
Mac persistency wait time: Indefinite
H/W Current
%STACKMGR-1-STANDBY_ELECTED: 3 stack-mgr: Switch 2 Switch# Role Mac Address Priority Version State
has been elected STANDBY. ------------------------------------------------------------
1 Member 2037.0653.ca80 5 P6A Ready
2 Standby 2037.0653.db00 10 P6A HA sync in progress
*3 Active 2037.0652.a580 15 V01 Ready
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
HA Best Practices & Recommendations
Catalyst9300#switch 1 priority 15
 Power up the first Switch that you want to
make it as Active A
 Configure Priority of the switch (1-15) – 1
by default – the higher the better S
 Power up the second member that you Catalyst9300#switch 3 priority 13
want to make as Standby & then power up
rest of the members
 To add a member to an existing stack plug
in the stack cable first, then power up the
switch
 Avoid stack Merge & Stack split if possible
Stack Member Addition – Software Upgrade
 All stack members must have common

IOS software version to pair in SSO RP A
redundancy state
 Stack member with version mis-match RP S
with ACTIVE switch will fail to RPR
mode
 Enable “software auto-upgrade enable”
command to automate upgrade process
 System must boot in install mode LC Infra
(default and recommended). Auto
Upgrade not supported in Bundle Mode
Auto Upgrade
StackPower
Power HA - StackPower
HA with 1+N Flexible Power

Zero RPS Redundancy and Resiliency
Footprint Efficient
How StackPower Works?
StackPower
715 W
• Pools Power from All PS
• All Switches in StackPower share
DataStac 715 W 1100W the available Power in Pool
k
• Each Switch is given their
Minimum Power Budget
1100
715 W
W
715
W
Total Input Power 2530W
Power Redundancy Options
Zero Footprint RPS OR XPS
StackPower - Zero Footprint RPS • eXpandable Power System (XPS)
Power Budget Modes
1100 1100
715 W 715 W
W W
715 715
W W
2530W – 30W 1430W – 30W

Power Sharing Mode Redundant Mode
• The Default Mode • User Configurable

• Sum of All PS – 30~60W • Sum of All PS – Largest PS - 30~60W
Global StackPower Reserve = 30W
Power Priority
Load Shedding
• Stack Mode
Low Priority
Low Priority
Load Shedding Based on configured

priority Load Shedding Based on configured
priority
1. Low Priority Ports
2. High Priority Ports 1. Low Priority Ports
2. High Priority Ports
3. Switch Priority – Highest Priority
Enhanced Fast Software
Upgrade
Achieving High Availability on Catalyst 9300
Enhanced Fast Software Upgrade
• eFSU provides a mechanism to
Control-Plane
upgrade and downgrade the software
image by segregating the Control plane Prefix
RIB
Next Hop
and Data Plane update 10.0.0.0 10.1.1.1
10.1.0.0 10.1.1.1
• It updates the control plane by leveraging 10.20.0.0 10.1.1.1
the NSF/GR Architecture with Flush and

Re-Learn mechanism to reduce the impact Data Plane
on the data plane FIB Table
Prefix Next HOP
10.1.1.1 aabbcc:ddee32
10.1.1.2 adbb32:d34e43
192.168.0.0 aa25cc:ddeee8
Fast Software Upgrade
Regular Upgrade Vs Enhanced Fast Software Upgrade Process
#Install add file image activate commit Enhanced Fast Software Upgrade
#Install add file image activate reloadfast commit
< 30 seconds of
traffic impact
Traffic is impacted throughout the upgrade cycle

* Limited Controlled Availability in 16.10.1
Enhanced Fast Software Upgrade
Supported and Unsupported Designs without Stackwise-480
Layer 2/3 Access Layer Designs– eFSU Supported
STP
L2 Only L2 Only L3 connections with
x x Vlan1-10 Routing Protocols
Access Access OSPF

Layer Layer ISIS
Unsupported Designs
L2 Extensions with L2 Only Design with

Access Layer Device LACP and PagP
Port-channels
Access MEC MEC

Access Future
Layer Layer
Best Practices for
Stackables
Key Recommendations for Stacking
• Run the stack in full ring mode to get full bandwidth
• Configure the Active switch priority and Standby switch priority
• Predetermine which switch is the Active and Standby which will become the Active should the
Active fail
• Simplifies operations
• Configure Active and Standby unit without uplinks if possible

• If deploying a stack of 4 or more switches keep the Active and Standby switches without
uplinks, this will simplify the convergence and reduce the outage time
• Do Not change the stack-mac timer value

• By default the value is 0 (indefinite)
• Avoids protocol flapping
• There is a command to change the stack-mac when needed
Agenda
High Availability in
Modular Access -
Catalyst 9400
High Availability in Campus – Modular Access
Stackwise Virtual
SSO
Routing Protocols
Modular Access
Active
NSF Capable
SSO
Standby
Stackwise-480
Active SUP Active
Standby SUP SSO
Standby

Catalyst 9400 High Availability (Modular)
Dedicated Supervisors
• There are two dedicated supervisors

• Switch Boots Up
• Reads registers on backplane to determine
the inserted card types A
S
• Active Election begins after Discovery exits
•Active Supervisor asserts mastership in the
HW
• Other Supervisor will become Standby

Catalyst 9400 High Availability State Machine
• Active starts its software processes
• Standby starts its software processes
• Active Programs the local Sup HW
• Standby Start Bulk sync with Active RP init
A init
• Standby Reaches “Standby Hot” S
• Standby Programs the local Sup HW
Power Supply Redundancy on the Catalyst 9400
Redundant
• Has Eight power supply bays that can be run in Power Bays
redundant or combined mode.
• Power Supply configuration modes

• Combined Mode: supervisor engines manages
the combined power budget of both units
• Only used for powering POE devices
• that require more power than the 1
supply can provide
• Redundant Mode: One or N Power supplies are

standby and remaining are active
Power Supply Redundancy Modes
Normal PS failure
Combined
(Default)
Load sharing on all PSs Load sharing on functional PSs
Redundant
Load sharing on active PSs Standby PS becomes active

Standby PS in output disabled System enters alarm state
Failed PS ACTIVE STANDBY
Power Redundancy: N+1 and N+N
• Default active is PS1-4 and standby SW(config)#power redundancy-mode redundant ?
is PS5-8 N+N Redundant N+N (N is active, N is standby)
N+1 Redundant N+N (N is active, 1 is standby)
• Standby power slots are configurable SW(config)#power redundancy-mode redundant N+1 ?
<1-8> standby slot in N+N mode
SWR(config)#
• Default active is PS1-7 and standby SW(config)#power redundancy-mode redundant ?

is PS8 N+N Redundant N+N (N is active, N is standby)
N+1 Redundant N+N (N is active, 1 is standby)
• Standby power slot is configurable SW(config)#power redundancy-mode redundant N+1 ?
<1-8> standby slot in N+1 mode
SWR(config)#
ACTIVE STANDBY
In-Service Software
Upgrade(ISSU) with
Dual Supervisors
ISSU Overview
• ISSU provides a mechanism to perform software
upgrades and downgrades without taking the
switch out of service
• Leverages the capabilities of NSF and SSO to
Active Sup
allow the switch to forward traffic during SSO
Supervisor IOS upgrade (or downgrade) Standby Sup
Line Card
• Key technology is the ISSU
Line Card
Infrastructure
• Allows SSO between different versions
Catalyst 9400
ISSU Process
Dual Supervisors
Start ISSU • ISSU Process leverages SSO/NSF
Architecture
• Uplinks on both active and standby SUP

Uplinks are forwarding traffic
Active Supervisor
SSO
Standby Supervisor
Line Card
• Convergence is less than 200 msec

Catalyst 9400
C9K ISSU
Dual Supervisor ISSU
3 Step Process
• Install add file <tftp/ftp/flash/disk:*.bin>
Granular Control on
the upgrade process
• Install activate ISSU
with ability to rollback
• Install commit
1 Step Process
• Install add file <tftp/ftp/flash/disk:*.bin>activate ISSU commit Single Command
to perform
complete ISSU
C9K ISSU Workflow
1. ISSU Started, Image is
expanded on Active and Standby
V1 S1 Active
If S2 fails to become standby it
will revert back to step 1
V1 S2 Standby Abort Timer

Starts
2. Standby Reloads
with the new V2 Image
5. ISSU V2 S1 Standby
V1 S1 Active
Expired Abort timer will revert
Complete to Step 2 and then Step 1
V2 S2 Active V1 V2 S2 Standby
Abort Timer
Expired
Abort Timer
Stopped
V1 V2 S1 Standby
3. Auto-Switchover causes S2 to
4. ‘Commit’ Keyword become new active and S1 reloads
stops the abort timer
V2 S2 Active
with the new V2 image
Best Practices for
Modular
Key Recommendations for Modular
• Redundant Supervisors for better Availability
• Split the Uplinks between the Active and Standby units in a redundant
system
• All uplinks are Actively forwarding traffic
• Active Supervisor will control all uplinks even if the other unit is failed
• Power Redundancy
• Default is redundant Power mode
• Choose the combined mode for running POE devices requiring more power
than 1 supply can provide
Agenda
High Availability in
Distribution/Core-
Catalyst 9400/9500
High Availability in Campus – Distribution/Core
Stackwise Virtual
SSO
Routing Protocols
Modular Access
Active
NSF Capable
SSO
Standby
Stackwise-480
Active SUP Active
Standby SUP SSO
Standby

Stackwise Virtual
Stackwise Virtual
Topology Comparisons
Traditional SV - Physical SV- Logical

HSRP or
VRRP
LACP SVL
or PAGP
STP or LACP or MEC

MST PAGP
Access Switch Access Switch Access Switch Access Switch Access Switch Access Switch
Stack Stack Stack
Benefits of Stackwise Virtual

Simplify Operations by Eliminating STP, FHRP and Multiple Touch-Points
Double Bandwidth & Reduce Latency with Active-Active Multi-chassis EtherChannel (MEC)
Minimizes Convergence with Sub-second 64Stateful and Graceful Recovery (SSO/NSF)

64
Traditional L2 / L3 Campus Multi- Non-Stack
Layer L2
Switches Switches
Campus Core Network Design
94 Total Devices of Image

& Configuration Management
168 Port-Channels
168 Access Trunks
4032 User Ports
Design Considerations:
STP Loop Prevention
CAM & ARP Tuning
FHRP Tuning / Priority
Routing Protocol Tuning
PIM Tuning / DR priority
Building 1 Building 2 Building 3 Building 4
1000 Ports 1000 Ports 1000 Ports 1000 Ports 94 Separate Configurations
of Hostname, VLAN DB, IP/GW, SNMP,
NTP, TACACS, VTY, etc.
Stackwise Virtual Core with Access Stacking
VSS
Stackwise Stacked
Virtual L2
Switches Switches
Campus Core Network Design
25 Total Devices of Image

& Configuration Management
24 Port-Channels
24 Access Trunks
4032 User Ports
Design Considerations:
STP Loop Prevention
CAM & ARP Tuning
FHRP Tuning / Priority
Routing Protocol Tuning
PIM Tuning / DR priority
Building 1 Building 2 Building 3 Building 4
1000 Ports 1000 Ports 1000 Ports 1000 Ports 25 Separate Configurations
of Hostname, VLAN DB, IP/GW,
SNMP, NTP, TACACS, VTY, etc.
Stackwise Virtual
Architecture
Stackwise Virtual Architecture
Control Plane
• Unified Control Plane Active
• Manage, Configure and

troubleshoot two switches Standby
as a single switch
Stackwise Virtual Architecture
Data Plane
Catalyst 9500-24Q Catalyst 9500-24
• Active/Active Data Plane

Active Stackwise-Virtual Link Standby
• Both the switches are capable of

forwarding the traffic locally Port-Channel
Stackwise Virtual Components
• Stackwise Virtual Link Dual-Active Detection Link

• Dedicated Stacking Link facilitating Catalyst 9500-24Q Catalyst 9500-24
communication between the
switches
• Dual Active Detection Link Active Stackwise-Virtual Link Standby
• Dedicated Connection to check and

avoid dual-active scenario
Port-Channel
• Multi-Chassis Ether-channel
• Port-Channel Spanning across
Stackwise virtual switches
• L2 and L3 Port-channels
StackWise Virtual – Multi-Chassis EtherChannel
• Multi-Chassis EtherChannel (MEC) in StackWise Virtual
enables cross stack-member link bundling into single
logical L2/L3 Interface SW-1 SVL SW-2
• StackWise Virtual supports 128 maximum MEC –

Catalyst 9k Catalyst 9k
Port-Channel ID 1-127 available for L2/L3 network configurations
Port-Channel ID 128 is internally reserved for SVL purpose
• MECs can be deployed in three modes –

Cisco PAgP, LACP and Static (ON)
• Combining StackWise Virtual and Layer 2 or Layer 3 MEC

builds simplified, scalable and highly resilient campus
network
• MEC is an primary network design component to enable –

Simplified STP loop-free network topology
Consistent L3 control-plane and network design as traditional
Standalone mode system
Deterministic sub-second network recovery
Stackwise Virtual
Inter Chassis SSO/NSF The original Standby Switch now takes over as
2 the new Virtual Switch Active
Virtual Switch initiates Graceful Restart (NSF)
SW-1 SW-1 Non Stop Forwarding of packets continues

using hardware entries synched to Switch 2
NSF Aware neighbors exchange protocol

updates with the new Virtual Switch Active
Switch 2
Switch Is Down Virtual Switch Active
Virtual Switch incurs a failure of the

1 (SSO) Active Switch 1
The Standby Switch detects failure by

loss of all SVL ports, or no replies to
SSO keep-alive packets Switch 1
StackWise Virtual – Non-Stop Forwarding (NSF)
OSPF
D6-9500sv-1(config)#router ospf <ID> Core
D6-9500sv-1(config-router)#nsf cisco | ietf
EIGRP
D6-9500sv-1(config)#router eigrp <AS ID>
D6-9500sv-1(config-router)#nsf
SW-1 SVL SW-2
BGP
D6-9500sv-1(config)#router bgp <AS ID> Catalyst 9k Catalyst 9k
D6-9500sv-1(config-router)#bgp graceful-restart
MPLS LDP
D6-9500sv-1(config)#mpls ldp graceful-restart
• StackWise Virtual is NSF-Capable and NSF-Helper system.
• NSF capabilities for all Layer 2 protocols and several Layer 3 Unicast and Multicast routing protocols. Including VRF and
MPLS.
• NSF is mandatory configuration for graceful recovery during switch over conditions. Default on for Multicast protocols, manual
configuration required for each Unicast and MPLS LDP protocol.
• Implement IETF based OSPF NSF capability with “nsf ietf” CLI if OSPF neighbor is based on Cisco NXOS.
High Availability
Dual-Active Detection
In a SVL Domain, one switch is elected
as Active and the other as Standby
All Neighbors view SVL as a

single Entity, single MAC, single IP
Since the SVL is always configured

SVL
as a Port Channel, the chance of the
entire SVL going down is remote…
However… IT IS POSSIBLE! 
Recommend to deploy the SVL with 2 or more links, distributed across ASIC’s for highest redundancy
High Availability
Dual-Active Detection
If the entire SVL bundle fails, the SVL Domain will enter
into a “Dual Active” scenario
Both switches transition to SSO Active state, and share
the same network configuration
• IP addresses, MAC address, Router IDs, etc.
This can cause communication problems in the network!
3 Step Process
SVL
1 Dual-Active Detection - using any detection method

enabled in the system.
Previous SVL Active shuts down ALL interfaces, and enters

2 “Recovery Mode”… preventing further network disruption
3 Dual-Active Recovery - when the SVL recovers, the switch in

Recovery Mode will reload to boot into a preferred standby state
High Availability 16.6.1
Dual-Active Protocols
Fast Hello Enhanced PAGP
Hello Hello
Switch 1 Switch 2 Switch 1 Switch 2
Active Standby Active Standby
 Direct L2 Point-to-Point Connection  Requires ePAGP capable

neighbor:
Sub-Second Convergence
 Sub-Second Convergence
 Typically ~50-100ms
 Typically ~200-250ms
Stackwise Virtual ISSU
StackWise Virtual – Software Upgrade
Auto Software Upgrade Cisco Prime Infra SWIM Upgrade In-Service Software Upgrade (ISSU)
Cisco Prime Infra
IOS version – Y IOS version – X

SVL SVL
Without Manual Upgrade
FTP | SFTP | SCP
IOS version – Y IOS version – Y

X
SVL
With
Auto Upgrade
• StackWise Virtual members must have common • Cisco IOS software upgrade from centralized • Cat 9500 series systems deployed in
IOS software version to pair in SSO redundancy Cisco Prime Infrastructure Software Image StackWise Virtual mode will support ISSU
state Management (SWIM)
• StackWise Virtual ISSU support is currently
• Stack member with version mis-match with • Supports internal or external file distribution targeted for 16.7.0
ACTIVE switch will fail to RPR mode. server with – FTP, SFTP and SCP protocols
• Plan for network downtime during software
• Enable “software auto-upgrade enable” • Upgrade single or multiple StackWise Virtual upgrade on both StackWise Virtual systems
command to automate upgrade process. domains based on automated schedule or
on-demand.
• System must boot in Install mode (Default and
Recommended). Auto Upgrade not supported in
Bundle mode.
C9K ISSU
Stackwise Virtual ISSU and Dual Supervisor ISSU
3 Step Process
• Install add file <tftp/ftp/flash/disk:*.bin>
Granular Control on
the upgrade process
• Install activate ISSU
with ability to rollback
• Install commit
1 Step Process
• Install add file <tftp/ftp/flash/disk:*.bin>activate ISSU commit Single Command
to perform
complete ISSU
Stackwise Virtual ISSU
ISSU Process
Install ISSU
Dual-Active Detection Link
Auto-Switchover 1st Sub-second
2nd Sub-second 16.9.3
16.9.2 16.9.3
16.9.2 traffic
traffic convergence
convergence
Stackwise-Virtual Link
Graceful Insertion and
Removal (GIR)
High Availability Architecture in Campus – GIR
Core
Routed Access
Routing Protocols
Active
SSO
Standby
Stackwise-480
Active SUP Active
Standby SUP SSO
Standby

Graceful Insertion and Removal on Catalyst 9000
Isolation of Switch from network Gracefully
Stop Maintenance
Distribution Layer
Start Maintenance
Graceful Insertion and Removal
Upgrades with no or Minimal Traffic Loss
Simple
Comprehensive Node Isolation Framework Customizable
Non-Traffic
Impacting
Easy Execution with a single command
Highly Customizable workflow
L2 and L3 Topology with GIR Isolation
9300#start maintenance
Template default will be applied.
Do you want to continue?[confirm]
*Mar 25 17:43:20.162: %MMODE-6-
MMODE_CLIENT_TRANSITION_START: Maintenance Isolate
start for router isis 1
*Mar 25 17:43:50.213: %MMODE-6-
MMODE_CLIENT_TRANSITION_COMPLETE: Maintenance Isolate
complete for router isis 1
*Mar 25 17:43:50.213: MMODE-6-
MMODE_CLIENT_TRANSITION%_START: Maintenance Isolate
start for shutdown l2
*Mar 25 17:44:20.214: %MMODE-6- Set-overload-bit ISIS
MMODE_CLIENT_TRANSITION_COMPLETE: Maintenance Isolate Set-overload-bit
complete for shutdown l2
*Mar 25 17:44:20.214: %MMODE-6-MMODE_ISOLATED: System Set-overload-bit
is in Maintenance
Order for Maintenance:
EGP -> IGPs in parallel (ISIS) -> L2
L2 and L3 Topology with GIR Isolation
9300#stop maintenance
*Mar 25 19:15:40.235: %MMODE-6-
MMODE_CLIENT_TRANSITION_START: Maintenance
Insert start for shutdown l2
*Mar 25 19:16:10.237: %MMODE-6-
MMODE_CLIENT_TRANSITION_COMPLETE:
Maintenance Insert complete for shutdown
l2
*Mar 25 19:16:10.237: %MMODE-6-
MMODE_CLIENT_TRANSITION_START: Maintenance
Insert start for router isis 1 No set-overload-bit
ISIS
*Mar 25 19:16:40.288: %MMODE-6-
No set-overload-bit
MMODE_CLIENT_TRANSITION_COMPLETE: No set-overload-bit
Maintenance Insert complete for router
isis 1
*Mar 25 19:16:40.612: %MMODE-6-
MMODE_INSERTED: System is in Normal Mode
Order for Maintenance:
L2  IGPs in parallel (ISIS) -> EGP
Default and Customizable Templates
9300L#show system mode maintenance template default
• Default Template System Mode: Normal
default maintenance-template details:
• System Generated Profile based on router isis 1
the switch configuration
shutdown l2
9300L#show system mode maintenance template test
System Mode: Normal
• Customized Template Maintenance Template test details:
shutdown l2
• User Configured Profile based on
specific configuration or use case
Snapshots
Switch#show system snapshots compare before_maintenance
• Automatic Snapshots after_maintenance
================================================================================
• Snapshots are automatically Feature Tag .before_maintenance .after_maintenance
generated when entering and ================================================================================
[interface]
exiting maintenance mode
--------------------------------------------------------------------------------
[Name:Vlan1]
packetsinput 181587 **181589**
• Captures operational data [Name:GigabitEthernet1/0/3]
from the running system like packetsinput
broadcasts
101531
80893
**101550**
**80910**
Vlan’s, Routes etc. packetsoutput 211568 **211594**
[Name:GigabitEthernet1/0/8]
output 00:00:00, **00:00:04,**
packetsinput 6915 **6918**
packetsoutput 57677 **57706**
[Name:GigabitEthernet1/0/17]
• User Configured Snapshots packetsinput 101528 **101550**
broadcasts 80891 **80910**
packetsoutput 211570 **211600**
• Snapshots can be collected

manually for comparing and
troubleshooting
Best Practices
Open IOS-XE
Patchability
9300/9200
Ready for Software Patching
SMU is an emergency point fix positioned for expedited delivery to a customer in case of a network down or
revenue affecting scenario.
Cold Patching: Install of a SMU will require a system Hot Patching: Install of a SMU does not require a
reload in the first release. It is traffic impacting. reload.
SMU Lifecycle – CLI SMU SMU
SMU
Repository
Switch# install add …
Switch# install remove …
show install active
SMU Committed show install committed
Copy to Device
Memory: Process: Memory: Process:
show install inactive
show install packages

Switch# install commit … Catalyst 9k Switch# install activate …
SMU Removed
Memory: Process: SMU Applied
Memory: Process:
Switch# install deactivate … Switch# install commit …

SMU Committed
Memory: Process:
Software Update Creation – Work Flow
Commit
Service NO
DDTS Fixed Impacting
to next
? ?
SW
TAC/HTTS release
YES
NO
Investigat
Request Patch
e
DE Engineer Create SW update

SMU Council
approval
...
Create
DT Engineer SW Update
Unit /Dev Test

Documentation
Build Engineer Integration Test
Post on CCO
Agenda

• Summary/Q&A
Enterprise Campus Network Designs
Multi-Tier Layer2/3 Topology Multi-Tier Layer3 Topology
Stackwise
Virtual
ISSU
Stackwise
Virtual
GIR
Stackwise-480 Stackwise-480
Dual Sup/ Dual Sup/ Stackpower
Stackpower
Power Power
Redundancy FSU Redundancy FSU
ISSU ISSU
High Availability on Catalyst 9000
Catalyst 9300 Catalyst 9400 Catalyst 9500

Graceful Insertion & Removal(GIR)
Supported Protocols: ISIS, OSPF, HSRP,VRRP
Software Maintenance Upgrade

• Cold Patching
• Hot Patching
• Stackwise Virtual
• Stackwise-480 • Stackwise Virtual*
• ISSU with Stackwise
• Stack Power • ISSU(Stackwise
Virtual
Fast Software Virtual / Dual 16.9.2
16.9.2
•
Upgrade Supervisor)
* - No support on C9500 High Performance SKU’s

* Sup1 XL with 9404 and 9410
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
cs.co/ciscolivebot#BRKCRS-2650
Complete your online
session survey
• Please complete your Online Session
Survey after each session
• Complete 4 Session Surveys & the Overall
Conference Survey (available from
Thursday) to receive your Cisco Live T-
shirt
• All surveys can be completed via the Cisco
Events Mobile App or the Communication
Stations
Don’t forget: Cisco Live sessions will be available for viewing

on demand after the event at ciscolive.cisco.com
Continue Your Education
Demos in Meet the Related

Walk-in
the Cisco engineer sessions
self-paced
Showcase labs 1:1
meetings
Thank you

Ha en Switches Cisco

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Ha en Switches Cisco

Caricato da

Copyright:

Formati disponibili

BRKCRS-2650

Enterprise Network Next

Minhaj Uddin Technical Marketing Engineer

• High Availability Solution on the Campus Distribution/Core

Device/Link Crashes or Software Hardware

L2/L3 Protocols Impact All Traffic Impact

• Add more links

What is the best way ?

Multi-Tier Layer2/3 Topology Multi-Tier Layer3 Topology

Forwarding Information Base

SSO Compliant Applications

Catalyst 9400 Catalyst 9300

10.20.0.0 10.1.1.1 192.168.32.0 192.168.32.1 10.20.1.1 aa25cc:ddeee8 - - - - - -

FIB Table SSO FIB Table

Prefix Next HOP Redundancy Facility Prefix Next HOP

10.1.1.1 aabbcc:ddee32 10.1.1.1 aabbcc:ddee32

10.1.1.2 adbb32:d34e43 10.1.1.2 adbb32:d34e43

192.168.0.0 aa25cc:ddeee8 Checkpoint Facility 192.168.0.0 aa25cc:ddeee8

FIB Table SSO FIB Table

Prefix Next HOP Redundancy Facility Prefix Next HOP

10.1.1.1 aabbcc:ddee32 10.1.1.1 aabbcc:ddee32

10.1.1.2 adbb32:d34e43 10.1.1.2 adbb32:d34e43

192.168.0.0 aa25cc:ddeee8 Checkpoint Facility 192.168.0.0 aa25cc:ddeee8

Prefix Next Hop Prefix Next Hop IP MAC

-10.20.0.0 1-0.1.1.1 192.168.32.0 192.168.32.1 -10.20.1.1 -aa25cc:ddeee8

Prefix Next HOP

GR/NSF Signaling per protocol

Synchronization per protocol

Non Stop Forwarding(NSF) or

Catalyst 9400 Catalyst 9300

Standby SUP SSO

Catalyst 9300 Catalyst 9200

Distributed Data Plane

1+1 Stateful Redundancy with

Stateful Switchover SSO/NSF

2) The switch or stack whose member

%IOSXE-1-PLATFORM: process stack-mgr: %STACKMGR-1-ACTIVE_ELECTED: Switch 3 has been elected ACTIVE.

 Starts Bulk Sync with Active RP

 All stack members must have common

HA with 1+N Flexible Power

Total Input Power 2530W

StackPower - Zero Footprint RPS • eXpandable Power System (XPS)

2530W – 30W 1430W – 30W

• The Default Mode • User Configurable

Load Shedding Based on configured

and Data Plane update 10.0.0.0 10.1.1.1

• It updates the control plane by leveraging 10.20.0.0 10.1.1.1

the NSF/GR Architecture with Flush and

Prefix Next HOP

#Install add file image activate reloadfast commit

Traffic is impacted throughout the upgrade cycle

Layer 2/3 Access Layer Designs– eFSU Supported

Access Access OSPF

L2 Extensions with L2 Only Design with

Access MEC MEC

• Configure Active and Standby unit without uplinks if possible

• Do Not change the stack-mac timer value

Catalyst 9400 Catalyst 9300

• There are two dedicated supervisors

• Other Supervisor will become Standby

• Standby Programs the local Sup HW

• Power Supply configuration modes

• Redundant Mode: One or N Power supplies are

Load sharing on active PSs Standby PS becomes active