Catalyst 5000,5500, 6000 and 6500 switches support dual supervisor modules. Catalyst 6500 supervisor engines are hot swappable. The first supervisor module goes Active while the second is standby.
Active status can be determined with the Active LED on the front of the module, or with show module. They must be the same type with the same model feature card.
The active supervisor controls the system and all line cards. This includes all protocols and all packet fowarding. The standby card does not communicate with the line cards, nor does it do any packet forwarding or load-sharing. It does receive packets from the network and populates its forwarding tables with the information. Additionally, all protocols are initialized, but not active.
This is called N+1 redundancy. If the active supervisor fails, the standby immediately takes over and is able to maintain the system load. The standby supervisor polls the active supervisor regularly using an out-of-band channel. Restoration of services takes place using a fast switchover or high-availability switchover. The active supervisor could go offline for the following reasons.
Redundant Supervisor Uplink Modules
Uplink ports on supervisor modules are modular, allowing rapid replacement in case of failure and easy upgrades. The following options are available.
- four-port autosensing 10/100 Fast Ethernet (RJ-45)
- four-port 100Base-FX (MT-RJ)
- two-port autosensing 10/100 Fast Ethernet (RJ-45)
- two-port 100Base-FX (SC)
- two-port Gigabit Ethernet SX, LX/LH (SC) or GBIC
All ethernet ports can use Fast Etherchannel, providing up to 800Mpps.
Redundant Distributed Forwarding
A Distributed Forwarding Card (DFC) for Catalyst 6500 allows high-speed, distributed services and fowarding for data center backbones and server farm aggregation. It allows distribution of centralized forwarding intelligence enabled by the Supervisor 2 engine to DFC-enabled line cards. This allows localized forwarding and service decisions on each line card, accelerating forwarding performance of the 6500 series to 100+ Mbps.
When the Distributed Forwarding Card-3 is installed, modules that are DFC-enabled make forwarding decisions locally, leaving the supervisor engine free to perform routing and management functions. The Distributed Forwarding Card-3 replicates Layer 2 and 3 forwarding logic of the Supervisor 720's PFC-3 on each DFC-3 equipped linecard. This enables hardware acceleration of IPv6, MPLS, GRE, QoS, ACL policy enforcement and more. The DFC-3 equipped interface modules are backward compatible with all other Catalyst 6500 interface modules. However, they must be used with a Supervisor 720 and any other modules that will use distributed forwarding must also be DFC-3 equipped. (source,
Cisco.com)
Multiple Power Supplies
Multiple power supplies allow both fail-over and load-sharing, depending on the wattage. The following table should clarify.
Power Supplies | Redundancy | description |
Equal Wattage | NonRedundant | Both modules are powered up and the combined wattage is used to power the system. If one module fails, the other powers as many modules as possible. If unable to power all modules, some are shut down. Show module status will show these modules as power-deny |
Unequal Wattage | NonRedundant | Same as above. Both modules are powered up and the combined wattage is used to power the system. If one module fails, the other powers as many modules as possible. If unable to power all modules, some are shut down. Show module status will show these modules as power-deny |
Equal Wattage | Redundant | Total power drawn never exceeds the capabilities of one power supply. This power is load-balanced across both supplies. If one supply fails, the other takes over. Load-sharing and redundancy is automatically enabled. |
Unequal Wattage | Redundant | The higher wattage power supply continues to run while the lower wattage one is shut down. If the primary fails, the secondary is powered up. If it's unable to meet power demands some modules may be shut down. |
First Hop Failure
The biggest problem with modern networks is the potential failure of the first hop. Network infrastructure is relatively easy to make redundant, but the first hop is a major weakness. The primary reason is that most clients are set up with one default gateway. If that default gateway goes down, that client (and probably the entire segment) will lose connectivity. This is also true with proxy ARP, in which the router intercepts an ARP for a computer on another segment and responds with its own MAC address. That mac is cached, so if the router goes down, that destination is lost until the ARP entry times out.
Some operating systems are able to run their own routing protocol, such as RIP or OSPF. However, this is both an administrative burden and a security issue. Some operating systems allow the specification of multiple default gateways. However, with Windows the selection of default gateways is not dynamic. It's only done at bootup, during which time the O/S chooses the gateway that responds first to a ping.
ICMP Router Discovery Protocol
ICMP Router Discovery Protocol (IRDP) is a method for a host to automatically choose a new router. This has to be running on both the host and the router. The router multicasts ICMP packets to 224.0.0.1 once every 7 - 10 minutes (default). The default lifetime is 30 minutes. If the host doesn't hear a hello packet, it switches to another router.
With a 30 minute fail-over, IRDP is not well-suited for high-availability.
The following commands are used with IRDP:
Command | Description |
ip irdp | Enable IRDP on a router |
ip gdp irdp | Use the IRDP protocol to configure router discovery |
show ip irdp | Display IRDP values |
debug ip icmp | Debug ICMP messages, which includes IRDP |
Hot Standby Router Protocol
Hot Standby Router Protocol (HSRP) is a Cisco proprietary protocol and is a means for multiple routers to work redundantly at the access layer. Two or more routers share a virtual ip address and mac address. One of these routers is active and replies to client requests as if it had the virtual ip address and virtual mac address. If that router were to fail, the standby router then comes up and continues to use the same virtual ip address and mac address.
By creating a virtual router like this, the client will never see a change in network topology. Though the physical routers have changed, the ip address and mac address stay exactly the same from the client's perspective.
Groups of routers arranged to create virtual routers are called hot standby groups. These groups can coexist together on a lan and can overlap. The standby router for one group can be the active router for another group.
There will be significantly more information on this protocol later.