After completing this module, you'll be familiar with stacking concepts and types. You'll be able to describe device operational planes, the control, management, and data planes. You'll also be able to describe stacking technologies and their benefits, and configure arubas virtual switching framework or VSF and to trace Layer 2 traffic when using VSF. You will be able to describe VSF failover mechanisms. The knowledge you gain from this module about stacking technologies, will help you to design, implement, and configure more resilient, reliable, and high performing networks. You first explore device operational planes, the control, management and data plane interrelationship between them. You will learn about how this relates to stacking technologies. Features let you group multiple physical switches into a single virtual switch. Then you will learn about arubas stacking technology, virtual switching framework or VSF. You will explore VSF operation, requirements, roles, members, imports. Then you will learn how to configure VSF along with VSF use cases and about tracing Layer 2 traffic and a VSF scenario. You will look at VSF failover scenarios and how to improve upon them with split detection. Arubas other virtual switching technology, virtual switching extension, or VSX for short, which is supported on the 6,400, 8,320, 8,325 and 8,400 series of switches, is covered in the implementing ArubaOS-CX course, or ICX for short. A network device is logically composed of three operational planes. In each plane perform specific task. The data plane receives and sends frames using specialized hardware called application specific integrated circuits or ASICs, which is much faster than using software. ASICs modulate and demodulate data, and handle other functions related to frame transmission and receipt. The control plane logic determines what to do with the data that has been received. These decisions are made with internal processes like routing, switching, security, and flow optimization. Data plane, and control planes have a tight relationship to process any data as fast as possible. You use dimension plane to monitor and configure the device. This plan must be separate from the data plane for security and accessibility reasons. You do not want your access to the device to be completely reliant on things like VLANs or VRF, you must be able to access the device even if their control and data planes fail. Also, you don't want end-users to gain access to the management plane since this could be a nacreous security issue. ArubaOS-CX devices have a specific interface and VRF that is used for out-of-band management, which maintains a total separation from the data plane. A stacking technology allows you to manage a group of switches as a single device, a virtual switch. Control and management plane functions are centralized in one group member, but each member runs its own independent data plane. The tight relationship between the control and data planes is maintained. It just happens on an inter-switch basis. Stacking benefits include ease of management. With ease management, you no longer need to connect to, configure and manage each individual's switch. You simply configure the primary switch. That configuration is then automatically distributed to the other virtual switch members. This simplifies network setup, operation and maintenance. Second stacking benefit is network simplification. Since multiple devices share a common control plane, routing protocols in spanning tree are no longer needed inside the stacking group. Connected devices perceive the group as a single device. Note that a Aruba switching family support two primary stacking technologies, Virtual Switching Framework or VSF, and Virtual switching extension, VSX. This training focuses on VSF. Stacking technologies maintain the data plane distributed across all the members. This implies each physical device individually creates and populates forwarding tables, like Mac and app. Each tables are then shared across all members using the Control Plane. Motor controllers, firewalls, and servers can benefit from the stacking with a lag enabled switches, since they perceive in lag connection to a single device. However, physical links terminate in different stack members. If switch 1 fails in example shown, the tropic can still use the other lag links. Lag and stacking features enabled the network to fully use all available links at the same time. Notice that spanning tree is not needed because the stack operates from a single control plane. Aruba highly recommends this implementation. Aruba Virtual Switching Framework, or VSF, defines a virtual switch which is composed by individual physical switches, interconnected using ethernet links. All member switches share a single control plane. Devices connected to the VSF perceive a single device. As you recently learned, this virtual switch behavior has significant benefits related to simplifying management and improve connectivity. ArubaOS-CX, VSF is supported on a 62 hundreds, where you can configure a maximum of eight members in a stack. This features enabled by default. Also in ArubaOS-CX, VSF is also supported on a 6300M and 6300F models. You can configure a maximum of 10 members that are either 6300Ms, 6300Fs, or a combination of 6300 Ms and Fs and a stack. This features enabled by default. The VSF feature is also available on the older AOS switching family, including the 5400 and 2930 F series, but the feature is disabled by default. Understand that the VSF feature is not compatible between the AOS CX and the older AOS platforms. You cannot form a VSF stack which switches from different AOS families. This means that VSF cannot be formed using any combination of the same CX, which series. Like a stack is 6200 or stack is 6300 Fs and or 6300 Ms. Note that the other switching models, like the 8320, 8325. This 6400 and 8400 use a different technology called VSX. VSF creates a single control plane that runs on a single VSF member. This is the primary member and always uses member ID number 1. This device assumes the master role in stack. Note that a factory default, Aruba 6200 or 6300 switch boots up as a VSF enabled switch with a member ID of one. This implies that the switch behaves as the primary member. A secondary member provides for high availability in case the primary fails. You can choose any member in a stack to take the secondary role, but it must be explicitly defined. Just configure any member ID except for the number 1. The other devices in the VSF are members which only run the data plane and cannot assume the master or secondary roles. VSX switches are interconnected using SFP56 ports. When you configure a port for VSF, it can no longer be used as a layer 2 or layer 3 interface. In other words, the port does not belong to the switches data plane. In module 1, you learned about the current state database. As the most important element of the ArubaOS-CX architecture, it is contacted by all control management protocols. In a VSF stack, this database runs on the master switch. When VSF runs on a group of switches, the open virtual switch database or OVSDB is also created. These two database runs on the Master Switch and contains state and configuration data for the VSF stack itself. The Master Switch synchronizes the OVSDB content with the standby to ensure that it can quickly take over the master role without interruption. The OVSDB database includes six tables: the VSF member table, VSF link table, the system table, which includes a number of members, matt status, fragments status, and topology type. The database includes a system table, which basically has a boot time for each member. There's an interface table and lastly, there's a topology table. Of course, VSF members must be physically connected to form the virtual switching stack. They can use one of two topologies: daisy chain or ring. As the name implies, a daisy chain topology interconnects VSF members with this single chain of Ethernet connections. From the example on the screen, you can easily see that a switch or link failure can cause the stack to be split. This means that part of the stack is unable to provide endpoint conductivity. With a ring topology, it is recommended since it offers a backup path in case of a switch or link failure. Note that a ring topology created with just two switches is not permitted since a unique link between two members must exist. This last rule takes precedence. Also, note that a full mesh topology is not supported. VSF has some requirements that you must meet. With the 6300M and 6300F series switches, you must have ArubaOS-CX version 10.04 or higher, running on the switches. All members must run the same OS-CX version. Only 6300 switch modules can form the stack, but model combinations are allowed. A single link is only allowed for the VSF link. The VSF link uses a regular Ethernet port. It's recommended to use the uplink port, which support 10, 25, or 50 gigabits per second. A maximum of 10 members are supported. Requirements for the 6,200 series switches includes; they must run 10.04 or higher, and all members must run the same version of code. Only 6200 switch models can form this kind of stack. A single-link is only allowed for the VSF link. The VSF link uses a regular Ethernet port. It's recommended to use the uplink ports would support 10-gigabit speeds and a maximum eight members are supported. When the VSF stack forms, all physical devices use a single control plane. This means that all switch interfaces are available for configuration using the standard ArubaOS-CX member slash slot slash port notation as shown in the above figure. Use a command show interface brief to see all the available ports for all the switches in the stack. Note that since all the 6200 and 6300 switch series models are fixed-port switches, the slot number is always one. Here is a VSF configuration example. Consider the scenario where a couple of 6300 series switches are assigned to the same VSF step. On the axis 1 switch, is define with a member number 1. This takes you into a sub-context. The VSF link is identified with the VSF link number, which in this case it's the number 1, and physical port or ports that make up the VSF link. Currently, only one physical port can be included. On axis switch 2, the VSF context is entered and the VSF link is defined. This gate here, port 27 is included with VSF link number 1. Next, axis 2 is renumbered. Each switch in the VSF stack needs a unique member number. Axis 1, has a member number 1. Axis 2, is being switched to member number 2. When you do this, this switch will automatically reboot. On axis 1, you can add a secondary member and identify its number. Uses of VSF commanded determine the member status enroll. CX supports member pre-provisioning. This enables you to prepare the VSF link and member configuration for a specific 6300 switch model before the switch is connected to the stack. When a switch joins a stack, it boots up with the proper configuration. The tape 1 slide indicates the available model numbers. When a VSF member receives a frame for Layer 2 Forwarding, it consults a Layer 2 Forwarding table to determine the egress interface. It forwards a frame out this interface, which might be local or on another member of the stack. If egress interface is on another member, the source member forwards the packet across the VSF link. A VSF fabric is similar to any switch configured with link aggregation. It learns MAC addresses on a logical lag entity as opposed to the physical interfaces. It selects one lag member link for forwarding each conversation. However, VSF overrides the typical lag hash function used for physical interface selection. VSF members prefer to use their own local links and to avoid using the VSF link. If the member has multiple local links in the aggregation, then it uses a typical hashing mechanism to choose between one of the local links. The primary member is the most important device in the stack. It runs a controlling management plane. External devices exchange routing and switching protocols directly to this member. If this device fails, the entire stack is down. Therefore, you should configure a VSF secondary member for redundancy. The secondary assumes the master role upon the primary failure. The new master runs all control-plane protocols using the configuration databases and responds to management sessions. When the primary member fails, Layer 2 Traffic continues to be forwarded without disruption. Layer 2 protocols such as OSPF perform graceful restart by notifying peers of the failover event. This triggers a rebuild of OSPF adjacencies. During convergence, the switch continues to route traffic based on the last known routing information prior to the failure. This typically only last a few seconds. After OSPF is fully operational, routing uses the new information. With VSF, there is no preemption. This means that when the failed member rejoins the stack, it will not replace the current master of the stack, but instead takes on the standby or secondary role. VSF link failures could cause a fragmented stack. The figure shows a fragmented VSF stack due to link failures. Originally, SW1 was a primary and SW2 was a secondary. After fragmentation, there is no direct connection between the two switches. SW1 continues to think that it is a primary. SW2 no longer hears from SW1 and so now thinks that it is a primary. This is known as a split brain condition. Both fragments continue to function, although there is no communication between them. Split brain can cause unstable, unexpected network behavior. A packet received in one fragment and destined for another fragment is discarded. Even worse, both segments use the same IP addresses in Mac addresses in the same routing information. External devices could start populating duplicated data. This can cause very strange network behavior. Note that a split brain situation could also occur if a VSF member fails in a Daisy chain topology. The best way to solve a split brain situation is to disable the ports on one of the switches or one of the segments of switches. You can use multiple active detection or MAD to avoid split-brain situations. Thus, if a VSF link failure occurs, the segment that includes the standby or secondary member verifies the primary member status. If the original primary is up, then all members in the fragment that does not include the primary member will disable all their data ports. VSF uses two mechanisms to detect and verify the status of the primary member. The first is management interface split detection. This method requires you to connect the out-of-band management interface of the primary and secondary stack members. These interfaces must be in the same Layer 2 broadcast domain or villain. This network is used to identify active stack fragments. Each member broadcasts split detection protocol packets to identify stack fragments that are currently operational. The second mechanism is peer switch-based detection. This method does not require additional connections and relies on link aggregation group implementation. Switches ask the LAG peer about its interface status. Those interfaces connected to the primary, secondary stack fragments. If the LAG peer indicates that its interfaces toward the primary member are up, then a standby member has detected a split-brain situation, it shuts down its interfaces. Aruba Virtual Switching Extension, or VSX, is a virtualization technology for ArubaOS-CX switches. This technology can be run in all the CX portfolio models with exception of the 6200 and 6300 series switches, which only support VSF. VSX is commonly implemented in core devices and at datacenters, whereas VSF is more suitable as an acess layer technology for campus networks. VSX improves data plane performance. With VSF, the control plane can only be run in the primary member. That sometime is wasted when non-primary members ask the control plane how to handle packets. With VSX, each member runs its own control plane, allowing for faster decisions, reduce latency, and better performance. Although VSX switches run separate control planes, they still maintain database synchronization for the configuration. Unlike VSF, each switch can modify and populate the control plane while presenting themselves as one virtualized switch to other devices. VSX allows you to upgrade members with near-zero downtime and with continuous packet forwarding. VSX is covered in the ICX Course. Which of the following statements below accurately describes network devices operational planes? The data plane moves data from ingress to egress ports, and the control and data planes are tightly integrated. Which of the options below describe a valid VSF scenario? Configure two switches, one as a primary and one as a member using a single VSF link. Remember that when you have two or more switches, it's important to identify one of them as a secondary. Which of the statements describe a valid VSF requirements and specifications? You can daisy-chain up to 10 VSF members with the 6300 series of switches. You can connect 10 VSF members in a ring topology with 6300 series switches. When configuring VSF, it may cause members to reboot. Congratulations. The knowledge you gain from this module about stacking technologies will help you to design, implement, and configure more resilient, reliable, high-performing networks. You first explored device operational planes; the control, management, and data planes, and the relationship between them. You learned how this relates to stacking technologies, features that let you group multiple physical switches into a single virtual switch. Then you learned about Aruba stacking technology, Virtual Switching Framework or VSF, explored VSF operation, requirements, roles, members, and ports. Then you learned how to configure VSF, along with VSF use cases about tracing Layer 2 traffic in a VSF scenario. You examined VSF failover scenarios, and how to improve upon them with multiple active detection or MAD. Then you experienced a brief introduction to Aruba's VSX virtual switching technology
