Cisco Stateful Switchover (SSO)

Cisco Stateful Switchover (SSO) is one of the redundancy mechanisms used in networking. In this CCNP ENCOR  lesson, we will focus on this redundancy mechanism and we will learn what is Cisco Stateful Switchover (SSO), why we use this mechanism and how to configure Cisco SSO on Cisco devices.

 

---

 

What is Stateful Switchover?

For device redundancy, we can use two route processors. If one of these route processors fails, the other one takes over. This process can cause some packet loss and connectivity problems. Stateful Switchover (SSO) works here and it minimize the network unavailable time after a switchover.

 

When we use Stateful Switchover (SSO), device uses double route processors. If one of these route processors fails, then the system works on the other standby route processor. In other words, standby route processor takes control and maintain protocols. With this mechanism, non-stop forwarding is achieved.

 

 

Stateful Switchover is generally used on edge network devices. It provides a redundancy mechanism with dual Route Processors (RP).

 

SSO is generally used with Cisco Nonstop Forwarding (NSF).

 

---

You Can Also Check Network Questions and Network Cheat Sheets on IPCisco.

---

 

How SSO Works? : SSO Operation

Stateful Switchover (SSO) works with an active/standby redundancy system. Here, there are two route processors on the device. One is Active and the other is Standy. Standby processor is synchronized with the Active processor before any failure. This provides a ready second backup system.

 

When a failure occurs, switchover is immediately done in 0-3 seconds without interrupting layer 2. Here, there is no card reset, FIB or adjacency entry update.

 

---

 

When SSO Occurs?

There are different reasons for a switchover in a system but we have some common issues here.

 

One of these problems is a failure on the active processor. When a failure occurs on the active system, the ready standby processor takes over.

 

Another reason can be a manual shutdown or switchover. Sometimes in network operation this is done to change the active processors. When you start this manual process, switchover immediately takes place.

 

Another one can be a clock synchronization problem between active and standby processors. Here, systems thinks that there is a failure in the primary processor and it starts a switchover.

 

---

 

Benefits of SSO

There are many benefits of Stateful Switchover. What are these benefits, let’s write one by one:

 

There is no session loss on line cards, because there is no line card reset. They continue to forward traffic as before.

 

SSO provides a fast switchover. Because active/standby system provide a ready backup processor before any failure.

 

Routing protocols’ convergence time is very low with SSO because state information is synchronized.

 

Stateful Switchover (SSO) provides more stable networks.

 

It maintains stateful feature information, user session information is maintained during a switchover.

 

---

 

SSO With NSF (NonStop Forwarding)

Stateful Switchover (SSO) provides Active/Standby redundancy mechanism and there is no interruption at layer 2. But here, there can be an interruption at layer 3 if we do not use an additional mechanism. This additional mechanism is NonStop Forwarding (NSF).

 

When a failure occurs, route processors switchover with SSO. With this switchover, routing protocol adjacencies are flapped and the routing tables are cleared. Because of this, an interruption occurs at layer 3 for a while. But, when NonStop Forwarding (NSF) is enabled, CEF (Cisco Express Forwarding) entries are kept for a while and packet forwarding continues. During this period, routing information is restored. With this mechanism, SSO with NSF reduces the period of inaccessible time.

 

Here, the critical point is the switchover time. Switchover must be completed before NFS dead and hold timers expired.

 

---

 

Cisco SSO Configuration

We have learned what is SSO and how SSO works. Now, let’s focus on Cisco SSO Configuration and learn how to configure SSO on Cisco routers. To do this, we will use “redundancy” command under global configuration mode and after that we will select mode with “mode sso” command.

 

Router# configure terminal

Router(config)# redundancy

Router(config)# mode sso

Router(config-red)# end

Router# write

 

Here, after SSO mode configuration, the Standby RP will automatically reset.

 

To verify Cisco SSO Configuration, we can use different verification commands. These are given below with optional parameters.

 

Router(config-red)# crashdump-timeout [mm | hh:mm]

 

Router# debug redundancy {all | ui | clk | hub}

 

Router# show diag [slot-number | chassis | subslot slot/subslot] [details | summary]

 

Router# show redundancy [clients | counters | debug-log | handover | history | switchover history | states | inter-device]

 

Router# show version

 

Router# show redundancy

Redundant System Information :

——————————

Available system uptime = 1 day, 12 hours, 15 minutes

Switchovers system experienced = 0

Standby failures = 2

Last switchover reason = none

Hardware Mode = Duplex

Configured Redundancy Mode = sso

Operating Redundancy Mode = sso

Maintenance Mode = Disabled

Communications = Up

Current Processor Information :

——————————-

Active Location = slot 3

Current Software state = ACTIVE

Uptime in current state = 1 day, 12 hours, 15 minutes

 

---

 

Cisco NSF Configuration

Cisco NSF is configured under routing protocol process on the routers. For example, we can configure NSF under OSPF process. Below, you can find the basic commands for Cisco NSF configuration.

 

Here, there are two NSF device modes. These are:

• Restarting Mode
• Helper Mode

 

In NSF Restarting mode, OSPF router performs Non-stop Forwarding because of Route processor switchover.

In NSF Helper mode, the neighbor router is restarting and it helps in NSF recovery.

 

To enable nsf in restarting mode, we will use “nsf” command under the routing process.

 

Router# configure terminal

Router(config)# router ospf 1

Router (config-router)# nsf ?

cisco  Cisco Non-stop forwarding

ietf   IETF graceful restart

 

As you can see above, there are two options above. These are nsf cisco and nsf ietf. There is a difference between them. While Cisco NSF is supported in multiple routing protocols like OSPF, EIGRP, BGP, EITF NSF is supported only in OSPF. Here, we will select one of the below commands.

 

Router(config-router)# nsf cisco

 

Or

 

Router(config-router)# nsf ietf

 

We can also configure NSF in helper mode. Here, there are two options again. We can do this configuration with “nsf cisco helper” command or “nsf ietf helper” command. When we use one of them, we will disable the other one.

 

Router (config-router)# nsf cisco helper

Router (config-router)# nsf ietf helper disable

 

Or

 

Router (config-router)# nsf ietf helper

Router (config-router)# nsf cisco helper disable

 

To check OSPF NSF state information, we use “show ip ospf nsf” command.

 

Router# show ip ospf nsf

Routing Process “ospf 1”

Non-Stop Forwarding enabled

IETF NSF helper support enabled

Cisco NSF helper support disabled

OSPF restart state is NO_RESTART

Handle 1346765231, Router ID 1.1.1.1, checkpoint Router ID 0.0.0.0

Config wait timer interval 10, timer not running

Dbase wait timer interval 120, timer not running