Sunday, June 16, 2013

VSS vs VPC (difference between VSS and vPC)

I know many of you have been looking for an answer to this question "what are the differences between VSS and vPC? "..here are the differences  between VPC and VSS in a very easy way, You just need to read it once..

Both are used basically to support multi-chassis ether-channel that means we can create a port-channel whose one end is device A,however, another end is physically connected to 2 different physical switches which logically appears to be one switch.

There are certain differences as listed below:

-vPC is Nexus switch specific feature,however,VSS is created using 6500 series switches

-Once switches are configured in VSS, they get merged logicaly and become one logical switch from control plane point of view that means single control plane is controlling both the switches in active standby manner  ,however, when we put nexus switches into vPC, their control plane are still separate. Both devices are controlled individually by their respective SUP and they are loosely coupled with each other.


-In VSS, only one logical switch has be managed from management and configuration point of view. That means, when the switches are put into VSS, now, there is only one IP which is used to access the switch. They are not managed as separate switches and all configuration are done on active switch. They are managed similar to what we do in stack in 3750 switches,however, in vPC, the switches are managed separately. That means both switches will have separate IP by which they can be accessed,monitored and managed. Virtually they will appear a single logical switch from port-channel point of view only to downstream devices.
-As i said, VSS is single management and single configuration, we can not use them for HSRP active and standby purpose because they are no longer 2 seperate boxes. Infact HSRP is not needed, right?
one single IP can be given to L3 interface and that can be used as gateway for the devices in that particular vlan and we will still have redundancy as being same ip assigned on a group of 2 switches. If one switch fails, another can take over.,however, in vPC as i mentioned above devices are separately configured and managed, we need to configure gateway redundancy same as in traditional manner.

For example: We have 2 switches in above diagram. Switch A and B, when we put them in VSS, they will be accessed by a single logical name say X and if all are Gig ports then interfaces will be seen as GigA\0\1, GigA\0\2....GigB\0\1,GigB\0\2 and so on...
however,if these are configured in vPC, then they will NOT be accessed with single logical name. They will be accessed/managed separately. Means, switch A will have its own port only and so on B.

-Similary, in VSS same instances of stp,fhrp,igp,bgp etc will be used,however, in vPC there will be separate control plane instances for stp,fhrp,igp,bgp just like they are being used in two different switches

-in VSS, the switches are always primary and secondary in all aspects and one switch will work as active and another as standby,however, in vPC they will be elected as primary and secondary from virtual port-channel point of view and for all other things,they work individualy and their role of being primary/secondary regarding vpc is also not  true active standby scenario,however, it is for some particular failure situation only. For example, if peer-link goes down in vpc, then only secondary switch will act and bring down vpc for all its member ports.

-VSS can support L3 port-channels across multiple chassis,however, vpc is used for L2 port-channels only.

-VSS supports both PAgP and LACP,however, VPC only supports LACP.

-In VSS, Control messages and Data frames flow between active and standby via VSL,however, in VPC,Control messages are carried by CFS over Peer Link and a Peer keepalive link is used to check heartbeats and detect dual-active condition.

I hope this was helpful. I will keep adding more as i experience more.Thank you!!


43 comments:

  1. Excellent!! your blog has nice articles.

    ReplyDelete
  2. First of all a great article!
    As I understand, from Cisco NX-OS release 5.0(3)N1(1b) it is possible to use Layer-3 port-channels with vPC.
    See: http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/mkt_ops_guides/513_n1_1/n5k_L3_w_vpc_5500platform.pdf

    ReplyDelete
    Replies
    1. hi..thanks for ur comment. The link which hv given describes L3 forwarding and not specificaly, L3 port-channeling. They hv givn example of a router connecting to a pair of N5k using a l3 portchannel but they also mentioned it is not recommended. If you think of a normal L3 port-channel, you will have Ip address on both end of the port-channel, but in case of vPC where two nexus switch are not single switch like VSS, you will hv to assign one IP address on each of the vPC peer and one on downstream device. That means, you will have 3 IP addresses in a single port-channel which will lead to a sub-optimal and not recommended design.

      Delete
    2. Really good article.

      But I think you can still have a L3 port channel towards the access but its not recommended to use L3 port channel again towards the core. This is not a recommended design.

      Delete
  3. Excellent article found on blogspot. Well done my friend..my doubts are much clear about vpc and vss. Many thanks!!!!

    Regards,
    Prathamesh Bagave

    ReplyDelete
  4. Just passing by to thank you for this brief, eye-opening explanation.
    I really said A-ha! while reading.

    ReplyDelete
  5. The article is very nice.
    However , do you have a link for the step by step procedure how to configure VPC and VSS ?

    Thank you.

    ReplyDelete
  6. yeah Vijay thanks man,its very good explanation to differentiate between vss and vpc.

    ReplyDelete
  7. Very well explained....

    ReplyDelete
  8. I was searching this info from couple of months but you explained it much better then anyone else. Thanks!!!

    ReplyDelete
  9. Very well explained!!

    ReplyDelete
  10. Nice Explanation ....

    I have query regarding VSS and HSRP what is the advantages of both and difference...

    ReplyDelete
    Replies
    1. HSRP is used to provide hardware level GATEWAY redundancy and one virtual IP is shared by 2 or more different machines and one of them acts as primary who forwards the traffic destined for that gateway IP address. If primary device goes down, standby takes over but the gateway address remains the same for end user. It uses 3 IP address, 1physical IP for primary, 1physical IP for standby and one virtual IP. VSS is a different technology which is supported on 6500 switches only where 2 switches logicaly become one. So it also provides hardware level redundancy redundancy to downstream devices and uses only one IP for gateway and interaly through VSS, if primary goes down, secondary takes over BUT...VSS provides hardware level redundancy from every perspective like port-channel while HSRP provides only gateway redundancy. VSS is used to acheive multichassis portchannel but HSRP has nothing to do with portchannel

      Delete
    2. Hi Vijay, correct me if a m wrong VSS is also supported on 4500 i guess not only on 6500

      Delete
    3. Yes, 4500 switch will support for VSS

      Delete
    4. Cisco Release IOS XE 3.4.0SG and later releases support VSS

      Delete
    5. yes, that is correct. Now it is supported on 4500 also. you may check the complete configuration guide:http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1-2/XE_340/configuration/guide/config/vss.html

      Delete
    6. And the difference is that only L2 portchennel will be configured between primary and secondary devices,but in 6500 both L2&L3 port channels configured to enable vss.

      Delete
  11. Great Article Vijay :-) You are really great. Explained so well about VPC and VSS :-) Really appreciated ...

    ReplyDelete
  12. Question - If you have VSS setup, you mentioned a VLAN interface would just have 1 IP since the switch is logically the same. If the VSS link between the switches drop - do they both work independently? I'm assuming not or the same L3 gateway IP would reside in multiple locations. Or will the L3 information just stay on the primary switch?

    Thanks

    ReplyDelete
  13. in VSS topology, if VSL link down is detected by both peers through the keepalive link so the Active peer will go in recovery mode and shutdown all interfaces and standyby peer becomes active.....if dual active is not detected so you have two switches with identical configs and same ip address and guess, you are in big terrible situation:)

    ReplyDelete
  14. This comment has been removed by the author.

    ReplyDelete
    Replies
    1. A very well described post. Totally worth bookmarking.

      Delete
    2. A very well described post. Totally worth bookmarking.

      Delete
  15. Hello! Can you explain why vPC uses in DC? Why vPC is better then VSS? I see more disadvantages. Why this technology was introduced when we could use usual VSS?

    ReplyDelete
    Replies
    1. Simply, separate control planes is an enough benefit

      Delete
  16. Very good explanation...!!!

    ReplyDelete
  17. Awesome Vijay....Superb Explanation!!...Every statement of your was visualized....Thank you and much appreciated.

    ReplyDelete
  18. Excellent bro very impressive.

    JP

    ReplyDelete
  19. This comment has been removed by the author.

    ReplyDelete
  20. In Data Center or cloud environment which is one better ? vPC or VSS and why?

    ReplyDelete
  21. Wonderful post! We are linking to this particularly great content on our website. Keep up the good writing.

    ReplyDelete
  22. Very very Helpful to me ....
    A Billion Thanks

    ReplyDelete