Re: AMA: Cisco Catalyst Center Software Image Management (SWIM)

Brooke Hammer · ‎06-18-2024

Ask Me Anything Event

Welcome to the Cisco Community Ask Me Anything conversation. Submit your questions from Friday, June 21, 2024 through Friday, July 12, 2024. Our colleagues Saurabh Khillare, and Absar UI Farooq will be waiting to assist you and resolve any questions that have not been clarified, or answer any new questions that you may have. We are waiting for you!

More about this event:

Join us for an Ask Me Anything (AMA) event where you can dive deep into Cisco Catalyst Center Software Image Management (SWIM)!

What is it?• Cisco Catalyst Center inventory offers various automation capabilities. One of them is Software Image upgrades using Software Image Management (SWIM).
• Using SWIM users can upgrade, downgrade or SMU patch their network devices managed on Catalyst Center inventory. In matter of few clicks we can perform image upgrades on upto 100 devices in a go.
• We can distribute the golden image on device flash during production hours too and schedule activation at non business hours or in maintenance window.

Get Expert Advice!
• This AMA session is your chance to get expert insights on this powerful feature.
• Whether you're a seasoned network pro or just starting out, feel free to ask any questions you have about SWIM, image repository or Cisco Catalyst Center in general.

Official Resources:

• SWIM Documentation

• Youtube: SWIM

Note: Please post your post as a comment below no later than July 12, 2024.

Post your question below by clicking "Reply"

(Answers will be processed depending on the availability of the experts)
Don't forget to thank the expert by giving it a helpful vote!

Our experts

Saurabh Khillare

Technical Consulting Engineer

Absar Ul Farooq

Technical Consulting Engineer

For more information, visit the Cisco Catalyst Center discussion forums . If you have questions or are experiencing technical problems with any of the Cisco products, post your question, request information or use the Cisco Community before opening a case with the TAC.

sankkr · ‎06-23-2024

Are there any rollback capabilities in SWIM in case a software update causes issues?

SaurabhKhillare · ‎06-24-2024

SWIM uses a concept called Golden images. A golden image is a standard software version that the network team selects and tags in the Cisco Catalyst Center image repository for network devices. When you upgrade a device through DNAC, it gets upgraded to this golden image version.

If the new version causes problems and you need to go back to a previous version, follow these steps:

1. Re-tag the previous image: Go to the Catalyst Center image repository and tag the old version as the golden image.

2. Perform a SWIM upgrade: Use SWIM to upgrade the device to this re-tagged golden image version. This will take your device back to old version.

Note that Catalyst center does not have a direct rollback feature. You have to manually tag the previous version as the golden image and then upgrade to it.

sankkr · ‎06-23-2024

Can we use SWIM Automation to check for any custom command outputs as a pre or post check and abort the process in case any issues found in the checks?

sankkr · ‎06-23-2024

When uploading images from Computer, we see message saying "Unable to verify" below the image name. Why is this displayed? and how can I get it to "Verify"?

SaurabhKhillare · ‎06-24-2024

During the import process, the system determines image integrity by comparing the software and hardware platform checksum value of the image that you are importing to the checksum value identified for the platform in the Known Good Values (KVG) file to ensure that the two values match.

If you encounter the message "unable to verify" when importing an image to the Image repository, it indicates that the Catalyst Center cannot verify the image's integrity. To check if the KGV file is present on the Catalyst Center, navigate to System > Settings > Integrity Verification.

If the file is not present, it can be manually uploaded to the Catalyst Center or fetched from the Cisco Trust center. By default, the Catalyst Center attempts to fetch this file automatically every day.

gpairait · ‎06-23-2024

How many devices can be upgraded at a time without performance issue in one swim job?
are there any recommendation ?

SaurabhKhillare · ‎06-25-2024

As of now on Catalyst center, you can initiate image update task on upto 100 devices simultaneously. There are no limitations as such on triggering such bulk task. Catalyst center would be able to handle the job without any deterioration of performance.

Leo Laohoo · ‎06-23-2024

Can SWIM perform CPLD or ROMMON or golden capsule upgrade?

auifaroo · ‎06-27-2024

Currently, DNAC does not support CPLD or golden capsule upgrades. While ROMMON upgrades are supported, this capability is limited to specific devices listed below.

Leo Laohoo · ‎06-23-2024

Can SWIM do the following scenario:

Router is on 17.3.X and I want to upgrade to 17.12.3.

SWIM will detect that it is not possible to upgrade directly, from 17.3.X, to 17.12.X without going through an intermediate version (like 17.9.X) and stop the process.

SaurabhKhillare · ‎06-27-2024

For routers, starting 17.1.x, the standard ROMMON image version is set to 16.12(2r). This ROMMON image is same for all the releases till date. Hence, there are no limitation from platform side to perform direct upgrades which support same ROMMON version.

Therefore, Catalyst center would be able to perform SWIM on the router without any issues for your given scenario.

Say the device is running a ROMMON version which is not compatible with the targetted SWIM version, the task is going to fail as the device would not boot with the new image due to non compatibility of image version. Catalyst center would not learn this limitation in the process.

Leo Laohoo · ‎06-27-2024

@SaurabhKhillare wrote:
Say the device is running a ROMMON version which is not compatible with the targetted SWIM version, the task is going to fail as the device would not boot with the new image due to non compatibility of image version. Catalyst center would not learn this limitation in the process.

That will be bad for routers which, for example, cannot upgrade from 17.3.X (and earlier) to 17.12.X (and later) and guaranteed to fail because Cisco has not disclosed about the 17.9.X intermediate firmware. 17.9.X has 17.7(1r) (aka ROMMON version 17.7.1r) and is a prerequisite to 17.12.X.

Does anyone understand the repercussion to this? No? Let me explain: The routers, attempting to boot 17.12.X with ROMMON version earlier than 17.7.1r will go into a boot-crash-loop. Any customer who is in this situation will need to pay a lot of money to get this fixed.

If the ROMMON version is not compatible, SWIM should stop unpacking the packages.

mmehtabu · ‎06-24-2024

does swim do image integrity check after pushing IOS bin image?

can we do it two step process?

push the image, validate the IOS file integrity
then activate and reload during mw.

auifaroo · ‎06-27-2024

Yes, Cisco DNA Center (DNAC) aka Catalyst Centre does support a two-step process for updating IOS images on network devices.

Two-Step Process:

Step 1: Push and Validate the Image

Push the Image:
- Using Cisco DNAC, you can deploy the IOS image to the network devices. This involves uploading the image to the DNA Center repository and then pushing it to the target devices.
Validate the Image:
- After the image is pushed, DNAC will perform an integrity check to confirm that the image file on the device matches the original file. This validation ensures that the file has been transferred correctly and is ready for activation.

Step 2: Activate and Reload

Schedule Activation and Reload:
- Once the image integrity is validated, you can schedule the activation of the new IOS image during a maintenance window (MW). This can be done through the DNAC interface, where you specify the time for the activation to minimize disruption.
Activate the Image:
- During the maintenance window, DNAC will activate the new image. This involves setting the new image as the boot image on the device.
Reload the Device:
- Finally, DNAC will reload the device to boot with the new image. This step is crucial to apply the new firmware and ensure the device operates with the updated software.