Cisco Switch Virtualization

In a previous lesson I explained about campus network design and how we use different layers and “switch blocks” to create a hierarchical design that has redundant links.

You also learned in the spanning-tree lesson how spanning-tree creates a loop-free topology by blocking some of the redundant links. The “thing” with spanning-tree is that we have a loop-free topology, we have redundancy but we can’t use all the redundant links for forwarding. Here’s an illustration to visualize this:

Spanning-tree access-layer blocked ports

The dashed lines are layer 2 links. Spanning-tree will block two of these links to create a loop-free topology. Another issue with this topology is that we do have redundancy in the distribution (and core) layer but we don’t have redundancy in the access layer.

When one of the distribution layer switches fails, the other one can take over. We don’t have this luxury in the access layer…when either of the switches fails then the other one can’t take over.

One way of solving this problem is to create a logical switch. Cisco switches offer some technologies to convert two or more physical switches into a single logical switch, it will look like this:

access layer logical switch

A1 and A2 are two physical switches but they are combined into a single logical switch. The distribution layer switches think that they are connected to one access layer switch. The uplink pairs to each distribution layer switch can be combined into an Etherchannel.

When the link between D1 and D2 is a layer 2 link, spanning-tree will still have to block one of the etherchannels.

We can improve this topology by doing the same thing in the distribution layer, combining the two physical distribution layer switches into a single logical switch:

access distribution layer logical switch

The two distribution layer switches are now combined into a single logical switch. The four links between the switch pairs can be combined into a single etherchannel. Since we now have a single link between the two logical switches, spanning-tree doesn’t have to block anything. Normally we can’t create an etherchannel that spans multiple physical switches. By creating logical switches, this is no problem. An etherchannel like this between multiple physical switches is also called Multi-Chassis Etherchannel.

Combining multiple physical switches into logical switches makes our network topology a LOT simpler, here’s a “before and after” example:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 662 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

514 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!


Forum Replies

  1. Hello Kesav!

    I’ll try to answer your questions one by one below:

    a) Why two virtual links need to be created? Is it that one virtual link is used for data traffic and one for management traffic? What is the benefit / use case of having two virtual links?

    Actually, Rene has created only one virtual link and one port channel. It just happens that he named the port channel on SW1-VSS Po1 and the port channel on SW2-VSS Po2. They’re just two ends of the same set of physical links that form the port channel. The same occurs for the Virtual link. The end of the

    ... Continue reading in our forum

  2. Hi,

    Rene If a switch is connected to VSS enable switch ( redundant connectivity switch 1 and switch 2 ) and RSTP is running in this case
    who will be the root bridge ?


  3. Hi Abhishek,

    If your VSL fails then the standby switch can’t tell if the active switch is still there or not. If the standby switch goes active while the active switch is still there, both will be active, forwarding packets and you’ll run into issues. This is called “dual active”.

    Dual-active detection is configured outside of the VSL link. There’s enhanced PAgp, BFD and Dual-Active Fast Hello Packets to use. You can use one or all three at the same time.

    Cisco has a pretty good document for this:

    ... Continue reading in our forum

  4. Hello Helen

    The use of two or more links for the Virtual Switch Link (VSL) is only a recommendation by Cisco. It is not manditory. However, this is not recommended as VSS is designed to be a high availability system and by having only one link, this high availability is sacrificed. It should be implemented fully realising this. Ideally, you should purchase an additional module to implemente multiple links.

    I hope this has been helpful!


  5. Hello Justin

    VSS requires that VSLs are configured on 10Gbps ports only. Not only this, but these ports must either be on the supervisor itself or on one of several switching modules. You can find more info about this at the following Cisco documentation:

    Look at the section titled “VSL Hardware Requirements”.

    Now the reason that only specific ports can be used is because the requirements of the VSL are very specific. A VSL link has the following characteristics:

    • The VSL gives control traffic
    ... Continue reading in our forum

50 more replies! Ask a question or join the discussion by visiting our Community Forum