Sunday, August 20, 2017

Upgrading a Cisco Nexus 7000 to 6.2(16) with one Supervisor.

The Cisco Nexus 7000 series switches have several features to make upgrading firmware safe and reliable, especially if you don't have a redundant supervisor. The release notes for each software version has a table that clearly shows what previous software versions can be updated to the chosen version.

The Nexus 7000 are Linux based switches and they use kickstart to automate the installation. This means you will be copying a new n7000-s2-kickstart.x.x.xx.bin file along with the n7000-s2-dk9.x.x.xx.bin firmware file. Note that the kickstart and firmware file must be the same version.

Before the upgrade

Make a Backup of the running configuration of all VDCs and key files


The Nexus switch has a couple USB slots that mount as usb1: and USB2:. I used a 1GB flash drive formatted with the FAT file system to back up the current configuration. While not a requirement for an upgrade I like to have a backup in case anything goes wrong. The Nexus can read larger USB drives but I keep several 1GB drives handy for this type of work.

The command that backs up the running configuration of all Virtual Device Contexts (VDC) at once to the USB stick is:

  • copy running-config usb1:MY-N7K.txt vdc-all

Just to be safe I copied the vlan.dat and license files to the USB drive. The license files use a .lic file extension so they are easy to identify. Once the configurations were backed up I put the USB stick into my laptop and verified that the backup was good.

I also looked at the boot settings before and after the upgrade
show boot
Current Boot Variables:

sup-1
kickstart variable = bootflash:/n7000-s2-kickstart.6.2.8a.bin
system variable = bootflash:/n7000-s2-dk9-npe.6.2.8a.bin
No module boot variable set


Download the new kickstart and Nexus software files 
You will need a CCO account and a current contract to get the software. Once the software is downloaded verify that the files are valid using the MD5 hash on the download page. If you are not familiar with verifying hashes it is very easy.

On Linux
mhubbard@1S1K-SYS76:/media/mhubbard/783E-8CFE$ md5sum n7000-s2-dk9.6.2.16.bin
f6ad2c2ea750fb15fc455d670277340c  n7000-s2-dk9.6.2.16.bin

On Windows 7
certutil -hashfile C:\tftp-root\n7000-s2-dk9.6.2.16.bin md5

or

with powershell 4 or above and the community extensions installed.
$PSVersionTable.PSVersion
PS C:\Users\mhubbard> get-hash C:\tftp-root\n7000-s2-dk9.6.2.16.bin -algorithm MD5

If you need more information on how to verify hashes on Windows you can see my blog on Using iPerf3 to verify Link Quality. Scroll down to "Installing iPerf3 on Windows".

Copy the new files to from the USB to bootflash


  • copy usb1: bootflash:
n7000-s2-dk9.6.2.16.bin

  • copy usb1: bootflash:
n7000-s2-kickstart.6.2.16.bin


Run the installer

install all kickstart bootflash:n7000-s2-kickstart.6.2.16.bin system bootflash:n7000-s2-dk9.6.2.16.bin parallel

The parallel keyword allows all modules to be upgraded in parallel to save time.

A lot of feed back is given during the upgrade so you can see if everything is proceeding correctly.

***********************************************************

Installer will perform compatibility check first. Please wait.

Verifying image bootflash:/n7000-s2-kickstart.6.2.16.bin for boot variable "kickstart".
[####################] 100% -- SUCCESS

Verifying image bootflash:/n7000-s2-dk9-npe.6.2.16.bin for boot variable "system".
[####################] 100% -- SUCCESS

Verifying image type.
[####################] 100% -- SUCCESS

Extracting "system" version from image bootflash:/n7000-s2-dk9-npe.6.2.16.bin.
[####################] 100% -- SUCCESS

Extracting "kickstart" version from image bootflash:/n7000-s2-kickstart.6.2.16.bin.
[####################] 100% -- SUCCESS

Extracting "bios" version from image bootflash:/n7000-s2-dk9-npe.6.2.16.bin.
[####################] 100% -- SUCCESS

Extracting "lc1n7k" version from image bootflash:/n7000-s2-dk9-npe.6.2.16.bin.
[####################] 100% -- SUCCESS

Extracting "fexth" version from image bootflash:/n7000-s2-dk9-npe.6.2.16.bin.
[####################] 100% -- SUCCESS

Performing module support checks.
[####################] 100% -- SUCCESS

Notifying services about system upgrade.
[####################] 100% -- SUCCESS



Compatibility check is done:
Module  bootable          Impact  Install-type  Reason
------  --------  --------------  ------------  ------
     1       yes      disruptive         reset  Reset due to single supervisor
     3       yes      disruptive         reset  Reset due to single supervisor
     4       yes      disruptive         reset  Reset due to single supervisor
   101       yes      disruptive         reset  Reset due to single supervisor
   102       yes      disruptive         reset  Reset due to single supervisor
   103       yes      disruptive         reset  Reset due to single supervisor



Images will be upgraded according to following table:
Module       Image                  Running-Version(pri:alt)           New-Version  Upg-Required
------  ----------  ----------------------------------------  --------------------  ------------
     1      system                                   6.2(8a)               6.2(16)           yes
     1   kickstart                                   6.2(8a)               6.2(16)           yes
     1        bios   v2.12.0(05/29/2013):v2.12.0(05/29/2013)   v2.12.0(05/29/2013)            no
     3      lc1n7k                                   6.2(8a)               6.2(16)           yes
     3        bios       v2.0.32(12/16/13):v2.0.32(12/16/13)     v2.0.32(12/16/13)            no
     4      lc1n7k                                   6.2(8a)               6.2(16)           yes
     4        bios       v2.0.32(12/16/13):v2.0.32(12/16/13)     v2.0.32(12/16/13)            no
   101       fexth                                   6.2(8a)               6.2(16)           yes
   102       fexth                                   6.2(8a)               6.2(16)           yes
   103       fexth                                   6.2(8a)               6.2(16)           yes


Additional info for this installation:
--------------------------------------

Service "lacp" in vdc 1: LACP: Upgrade will be disruptive as 0 switch ports and 10 fex ports are not upgrade ready!!
      Issue the "show lacp issu-impact" cli for more details.



Switch will be reloaded for disruptive upgrade.
Do you want to continue with the installation (y/n)?  [n] y

Install is in progress, please wait.

Performing runtime checks.
[####################] 100% -- SUCCESS

Setting boot variables.
[####################] 100% -- SUCCESS

Performing configuration copy.
[####################] 100% -- SUCCESS

Module 1:  Upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS

Module 3:  Upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS

Module 4:  Upgrading bios/loader/bootrom.
Warning: please do not remove or power off the module at this time.
[####################] 100% -- SUCCESS

Finishing the upgrade, switch will reboot in 10 seconds.

*****************************************************************

Upgrade any Fabric Extenders that connected

Once the switch reloaded it will notice that the Fabric extenders need to be upgraded and will automatically start the process. You can view the progress using:

show fex detail
FEX: 102 Description: < SAN Hosts - Backup Rack >   state: Image Download
  FEX version: 6.2(8a) [Switch version: 6.2(16)]

Once the Fabric Extenders have upgraded they will automatically reload.

You can use the following command to see a log of all upgrade steps:

show install all status

References




No comments:

Post a Comment