Understanding SSO: Cisco Stateful Switchover

Routers with hardware redundancy may have dual power supplies and route processors (RPs). The RP is in charge of learning the network topology and creating the route table (RIB), and when it fails, the routing protocol adjacencies reset, causing packet loss and network disruptions. With Stateful Switchover (SSO), Cisco IOS routers with dual RPs can synchronize router configuration and control plane state information.


Cisco SSO Operation

SSO checkpointing is the process of mirroring information between RPs. A router in SSO redundancy mode checkpoints Layer 2 protocol states and line card operation. It designates one of the RPs as the active RP and the other as the standby RP, and it also fully instantiates the standby RP and then synchronizes critical state information between the RPs. In SSO-aware devices, both RPs must have the same configuration.

During a switchover, the line cards are not reset, so the standby RP takes control instantly and avoids simple issues, including interface link flapping. The SSO switchover does not disrupt the Layer 2 traffic. After an SSO switchover, it retains the Forwarding Information Base (FIB) and adjacency entries and can still forward Layer 3 traffic. The duration of SSO switchover is between 0 and 3 seconds.


Automatic and Manual RP Switchovers

An automatic switchover occurs when a fault causes the active RP to crash or reboot and if the active RP is not responding or is dead. A CLI command can be used to force a manual switchover between the active RP and the standby RP. The manual switchover is considered a controlled or “graceful” shutdown of the active RP and switchover to the standby RP, which enables critical cleanup.


NonStop Forwarding (NSF) With SSO

However, without additional configuration, Layer 3 packet forwarding can be interrupted. When the RP switchover occurs, a routing protocol adjacency flap takes place, which clears the routing table. The Cisco Express Forwarding (CEF) entries are purged when the routing table is cleared, and traffic is not routed until the network topology is relearned and the forwarding table is reprogrammed.

Enabling Cisco NonStop Forwarding (NSF) or NonStop Routing (NSR) high availability features instructs the router to keep the CEF entries for a limited time and continue forwarding packets in the event of an RP failure until the control plane recovers.

NSF with SSO reduces the length of time a network is inaccessible to its users after a switchover. Cisco NSF-aware devices help reduce routing flaps in SSO-enabled devices, minimizing network instability.

The example below shows how SSO is usually deployed in a service provider (SP) environment. The Cisco NSF with SSO devices is mostly at the access layer (edge). A failure could result in loss of service for enterprise customers that require access to the SP network.

SSO Cisco


Cisco NSF with SSO can also be deployed at other areas in the network where a single point of failure exists since it can provide additional levels of availability. The image below shows Cisco NSF with SSO at the enterprise network access layer, where every access point represents a single point of failure. When a switchover occurs, the enterprise customer sessions will proceed uninterrupted because of the NSF with SSO feature.

 Cisco NSF with SSO Application Details


Stateful Switchover SSO Benefits

Deploying Cisco Stateful Switchover (SSO) mode has many advantages, which include:

  • Maintains stateful feature information, including user session information
  • Line cards continue to forward network traffic with no session loss
  • Improves network availability
  • Faster switchover by fully initializing and configuring the standby RP
  • Synchronizes state information and reduces the routing protocols’ convergence time
  • Improves network stability


SSO Cisco Configuration

Use the following configurations to enable SSO redundancy mode in a networking device. The ‘configure terminal’ command enters global configuration mode, then enter the ‘redundancy’ and the ‘mode sso’ commands:

Router> enable
Router# configure terminal
Router(config)# redundancy
Router(config)# mode sso
Router(config-red)# end
Router# copy running-config startup-config


SSO Cisco Verification

The following commands can be used to verify and troubleshoot a configured Stateful Switchover (SSO) device and see the log of SSO events:

  • show redundancy
  • crashdump-timeout
  • debug redundancy
  • show diag
  • show version

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: