I know many of you have been looking for an answer to this question "what are the differences between VSS and vPC? "..here are the differences between VPC and VSS in a very easy way, You just need to read it once..
Both are used basically to support multi-chassis ether-channel that means we can create a port-channel whose one end is device A,however, another end is physically connected to 2 different physical switches which logically appears to be one switch.
There are certain differences as listed below:
-vPC is Nexus switch specific feature,however,VSS is created using 6500 series switches
-Once switches are configured in VSS, they get merged logicaly and become one logical switch from control plane point of view that means single control plane is controlling both the switches in active standby manner ,however, when we put nexus switches into vPC, their control plane are still separate. Both devices are controlled individually by their respective SUP and they are loosely coupled with each other.
-In VSS, only one logical switch has be managed from management and configuration point of view. That means, when the switches are put into VSS, now, there is only one IP which is used to access the switch. They are not managed as separate switches and all configuration are done on active switch. They are managed similar to what we do in stack in 3750 switches,however, in vPC, the switches are managed separately. That means both switches will have separate IP by which they can be accessed,monitored and managed. Virtually they will appear a single logical switch from port-channel point of view only to downstream devices.
-As i said, VSS is single management and single configuration, we can not use them for HSRP active and standby purpose because they are no longer 2 seperate boxes. Infact HSRP is not needed, right?
one single IP can be given to L3 interface and that can be used as gateway for the devices in that particular vlan and we will still have redundancy as being same ip assigned on a group of 2 switches. If one switch fails, another can take over.,however, in vPC as i mentioned above devices are separately configured and managed, we need to configure gateway redundancy same as in traditional manner.
For example: We have 2 switches in above diagram. Switch A and B, when we put them in VSS, they will be accessed by a single logical name say X and if all are Gig ports then interfaces will be seen as GigA\0\1, GigA\0\2....GigB\0\1,GigB\0\2 and so on...
however,if these are configured in vPC, then they will NOT be accessed with single logical name. They will be accessed/managed separately. Means, switch A will have its own port only and so on B.
-Similary, in VSS same instances of stp,fhrp,igp,bgp etc will be used,however, in vPC there will be separate control plane instances for stp,fhrp,igp,bgp just like they are being used in two different switches
-in VSS, the switches are always primary and secondary in all aspects and one switch will work as active and another as standby,however, in vPC they will be elected as primary and secondary from virtual port-channel point of view and for all other things,they work individualy and their role of being primary/secondary regarding vpc is also not true active standby scenario,however, it is for some particular failure situation only. For example, if peer-link goes down in vpc, then only secondary switch will act and bring down vpc for all its member ports.
-VSS can support L3 port-channels across multiple chassis,however, vpc is used for L2 port-channels only.
-VSS supports both PAgP and LACP,however, VPC only supports LACP.
-In VSS, Control messages and Data frames flow between active and standby via VSL,however, in VPC,Control messages are carried by CFS over Peer Link and a Peer keepalive link is used to check heartbeats and detect dual-active condition.
I hope this was helpful. I will keep adding more as i experience more.Thank you!!
Both are used basically to support multi-chassis ether-channel that means we can create a port-channel whose one end is device A,however, another end is physically connected to 2 different physical switches which logically appears to be one switch.
There are certain differences as listed below:
-vPC is Nexus switch specific feature,however,VSS is created using 6500 series switches
-Once switches are configured in VSS, they get merged logicaly and become one logical switch from control plane point of view that means single control plane is controlling both the switches in active standby manner ,however, when we put nexus switches into vPC, their control plane are still separate. Both devices are controlled individually by their respective SUP and they are loosely coupled with each other.
-In VSS, only one logical switch has be managed from management and configuration point of view. That means, when the switches are put into VSS, now, there is only one IP which is used to access the switch. They are not managed as separate switches and all configuration are done on active switch. They are managed similar to what we do in stack in 3750 switches,however, in vPC, the switches are managed separately. That means both switches will have separate IP by which they can be accessed,monitored and managed. Virtually they will appear a single logical switch from port-channel point of view only to downstream devices.
-As i said, VSS is single management and single configuration, we can not use them for HSRP active and standby purpose because they are no longer 2 seperate boxes. Infact HSRP is not needed, right?
one single IP can be given to L3 interface and that can be used as gateway for the devices in that particular vlan and we will still have redundancy as being same ip assigned on a group of 2 switches. If one switch fails, another can take over.,however, in vPC as i mentioned above devices are separately configured and managed, we need to configure gateway redundancy same as in traditional manner.
For example: We have 2 switches in above diagram. Switch A and B, when we put them in VSS, they will be accessed by a single logical name say X and if all are Gig ports then interfaces will be seen as GigA\0\1, GigA\0\2....GigB\0\1,GigB\0\2 and so on...
however,if these are configured in vPC, then they will NOT be accessed with single logical name. They will be accessed/managed separately. Means, switch A will have its own port only and so on B.
-Similary, in VSS same instances of stp,fhrp,igp,bgp etc will be used,however, in vPC there will be separate control plane instances for stp,fhrp,igp,bgp just like they are being used in two different switches
-in VSS, the switches are always primary and secondary in all aspects and one switch will work as active and another as standby,however, in vPC they will be elected as primary and secondary from virtual port-channel point of view and for all other things,they work individualy and their role of being primary/secondary regarding vpc is also not true active standby scenario,however, it is for some particular failure situation only. For example, if peer-link goes down in vpc, then only secondary switch will act and bring down vpc for all its member ports.
-VSS can support L3 port-channels across multiple chassis,however, vpc is used for L2 port-channels only.
-VSS supports both PAgP and LACP,however, VPC only supports LACP.
-In VSS, Control messages and Data frames flow between active and standby via VSL,however, in VPC,Control messages are carried by CFS over Peer Link and a Peer keepalive link is used to check heartbeats and detect dual-active condition.
I hope this was helpful. I will keep adding more as i experience more.Thank you!!
Excellent!! your blog has nice articles.
ReplyDeleteGreat!
ReplyDeleteFirst of all a great article!
ReplyDeleteAs I understand, from Cisco NX-OS release 5.0(3)N1(1b) it is possible to use Layer-3 port-channels with vPC.
See: http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/mkt_ops_guides/513_n1_1/n5k_L3_w_vpc_5500platform.pdf
hi..thanks for ur comment. The link which hv given describes L3 forwarding and not specificaly, L3 port-channeling. They hv givn example of a router connecting to a pair of N5k using a l3 portchannel but they also mentioned it is not recommended. If you think of a normal L3 port-channel, you will have Ip address on both end of the port-channel, but in case of vPC where two nexus switch are not single switch like VSS, you will hv to assign one IP address on each of the vPC peer and one on downstream device. That means, you will have 3 IP addresses in a single port-channel which will lead to a sub-optimal and not recommended design.
DeleteReally good article.
DeleteBut I think you can still have a L3 port channel towards the access but its not recommended to use L3 port channel again towards the core. This is not a recommended design.
Excellent article found on blogspot. Well done my friend..my doubts are much clear about vpc and vss. Many thanks!!!!
ReplyDeleteRegards,
Prathamesh Bagave
Thank you!!
ReplyDeleteJust passing by to thank you for this brief, eye-opening explanation.
ReplyDeleteI really said A-ha! while reading.
The article is very nice.
ReplyDeleteHowever , do you have a link for the step by step procedure how to configure VPC and VSS ?
Thank you.
yeah Vijay thanks man,its very good explanation to differentiate between vss and vpc.
ReplyDeletenice work
ReplyDeleteVery well explained....
ReplyDeleteI was searching this info from couple of months but you explained it much better then anyone else. Thanks!!!
ReplyDeleteVery well explained!!
ReplyDeleteNice Explanation ....
ReplyDeleteI have query regarding VSS and HSRP what is the advantages of both and difference...
HSRP is used to provide hardware level GATEWAY redundancy and one virtual IP is shared by 2 or more different machines and one of them acts as primary who forwards the traffic destined for that gateway IP address. If primary device goes down, standby takes over but the gateway address remains the same for end user. It uses 3 IP address, 1physical IP for primary, 1physical IP for standby and one virtual IP. VSS is a different technology which is supported on 6500 switches only where 2 switches logicaly become one. So it also provides hardware level redundancy redundancy to downstream devices and uses only one IP for gateway and interaly through VSS, if primary goes down, secondary takes over BUT...VSS provides hardware level redundancy from every perspective like port-channel while HSRP provides only gateway redundancy. VSS is used to acheive multichassis portchannel but HSRP has nothing to do with portchannel
DeleteHi Vijay, correct me if a m wrong VSS is also supported on 4500 i guess not only on 6500
DeleteYes, 4500 switch will support for VSS
DeleteCisco Release IOS XE 3.4.0SG and later releases support VSS
Deleteyes, that is correct. Now it is supported on 4500 also. you may check the complete configuration guide:http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1-2/XE_340/configuration/guide/config/vss.html
DeleteAnd the difference is that only L2 portchennel will be configured between primary and secondary devices,but in 6500 both L2&L3 port channels configured to enable vss.
DeleteGreat Article Vijay :-) You are really great. Explained so well about VPC and VSS :-) Really appreciated ...
ReplyDeleteQuestion - If you have VSS setup, you mentioned a VLAN interface would just have 1 IP since the switch is logically the same. If the VSS link between the switches drop - do they both work independently? I'm assuming not or the same L3 gateway IP would reside in multiple locations. Or will the L3 information just stay on the primary switch?
ReplyDeleteThanks
in VSS topology, if VSL link down is detected by both peers through the keepalive link so the Active peer will go in recovery mode and shutdown all interfaces and standyby peer becomes active.....if dual active is not detected so you have two switches with identical configs and same ip address and guess, you are in big terrible situation:)
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteA very well described post. Totally worth bookmarking.
DeleteA very well described post. Totally worth bookmarking.
DeleteThanx
ReplyDeleteHello! Can you explain why vPC uses in DC? Why vPC is better then VSS? I see more disadvantages. Why this technology was introduced when we could use usual VSS?
ReplyDeleteSimply, separate control planes is an enough benefit
DeleteVery good explanation...!!!
ReplyDeleteAwesome Vijay....Superb Explanation!!...Every statement of your was visualized....Thank you and much appreciated.
ReplyDeleteExcellent bro..
ReplyDeleteThank you so much
ReplyDeleteExcellent ,,,thank you so much...
ReplyDeleteExcellent bro very impressive.
ReplyDeleteJP
This comment has been removed by the author.
ReplyDeleteIn Data Center or cloud environment which is one better ? vPC or VSS and why?
ReplyDeleteVPC
DeleteWhy?
Deleteexcellent explanation
ReplyDeleteWonderful post! We are linking to this particularly great content on our website. Keep up the good writing.
ReplyDeleteVery very Helpful to me ....
ReplyDeleteA Billion Thanks