cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
19502
Views
365
Helpful
75
Replies

AMA: Cisco Catalyst Center Software Image Management (SWIM)

Brooke Hammer
Community Manager
Community Manager

Ask Me Anything Event

 

Welcome to the Cisco Community Ask Me Anything conversation. Submit your questions from  Friday, June 21, 2024 through Friday, July 12, 2024. Our colleagues Saurabh Khillare, and Absar UI Farooq will be waiting to assist you and resolve any questions that have not been clarified, or answer any new questions that you may have. We are waiting for you!

More about this event:

 

Join us for an Ask Me Anything (AMA) event where you can dive deep into Cisco Catalyst Center Software Image Management (SWIM)!

What is it?• Cisco Catalyst Center inventory offers various automation capabilities. One of them is Software Image upgrades using Software Image Management (SWIM).
• Using SWIM users can upgrade, downgrade or SMU patch their network devices managed on Catalyst Center inventory. In matter of few clicks we can perform image upgrades on upto 100 devices in a go.
• We can distribute the golden image on device flash during production hours too and schedule activation at non business hours or in maintenance window.


Get Expert Advice!
• This AMA session is your chance to get expert insights on this powerful feature.
• Whether you're a seasoned network pro or just starting out, feel free to ask any questions you have about SWIM, image repository or Cisco Catalyst Center in general.


Official Resources:


SWIM Documentation

• Youtube: SWIM

 

Note: Please post your post as a comment below no later than July 12, 2024.

Post your question below by clicking "Reply"

(Answers will be processed depending on the availability of the experts)
Don't forget to thank the expert by giving it a helpful vote!

 

Our experts

1703154682662.jpg

 

Saurabh Khillare

Technical Consulting Engineer

1686506396914.jpg

 

Absar Ul Farooq

Technical Consulting Engineer

 

 
 
 
Watch this video to learn how Cisco DNA Center SWIM can help you upgrade your network devices to Cisco recommended releases For more training videos, visit the Cisco DNA Center YouTube Channel http://cs.co/dnac-youtube Configure Image Distribution Server - http://cs.co/9000zFOJY Manage Software ...
75 Replies 75

sankkr
Cisco Employee
Cisco Employee

Are there any rollback capabilities in SWIM in case a software update causes issues?

SWIM uses a concept called Golden images. A golden image is a standard software version that the network team selects and tags in the Cisco Catalyst Center image repository for network devices. When you upgrade a device through DNAC, it gets upgraded to this golden image version.

If the new version causes problems and you need to go back to a previous version, follow these steps:

1. Re-tag the previous image: Go to the Catalyst Center image repository and tag the old version as the golden image.

2. Perform a SWIM upgrade: Use SWIM to upgrade the device to this re-tagged golden image version. This will take your device back to old version.

Note that Catalyst center does not have a direct rollback feature. You have to manually tag the previous version as the golden image and then upgrade to it.

sankkr
Cisco Employee
Cisco Employee

Can we use SWIM Automation to check for any custom command outputs as a pre or post check and abort the process in case any issues found in the checks?

When performing SWIM on a device, Catalyst Center performs initial readiness checks using a built-in script. However, users have the option to include additional custom checks if needed. On the software update page, you can click to add a new custom check.

SaurabhKhillare_0-1719663484277.png

This action will prompt you to input the commands for the check, specify the device type, and choose when during operations the check should occur. You have the flexibility to apply the check to both distribution and activation tasks, either before or after each operation.

SaurabhKhillare_1-1719663538201.png

For instance, suppose a user defines a custom check for a 9300 switch, scheduled both before and after distribution and activation tasks during an image update. If the pre-distribution or post-distribution check fails, Catalyst Center will halt all subsequent SWIM workflows and abort them. Although the image may have been transferred to the switch's flash, the entire workflow stops after copying the image, preventing the activation task from proceeding.

Alternatively, if a custom check is defined specifically for post-activation operations and it fails, Catalyst Center will not abort the task since the device has already upgraded and is operational with the new image. However, image update task will be marked as successful but the post check failure will be recorded under the checks tab in Image update status.

sankkr
Cisco Employee
Cisco Employee

When uploading images from Computer, we see message saying "Unable to verify" below the image name. Why is this displayed? and how can I get it to "Verify"?

During the import process, the system determines image integrity by comparing the software and hardware platform checksum value of the image that you are importing to the checksum value identified for the platform in the Known Good Values (KVG) file to ensure that the two values match.

If you encounter the message "unable to verify" when importing an image to the Image repository, it indicates that the Catalyst Center cannot verify the image's integrity. To check if the KGV file is present on the Catalyst Center, navigate to System > Settings > Integrity Verification.

SaurabhKhillare_0-1719230072439.png

If the file is not present, it can be manually uploaded to the Catalyst Center or fetched from the Cisco Trust center.  By default, the Catalyst Center attempts to fetch this file automatically every day.

gpairait
Cisco Employee
Cisco Employee

How many devices can be upgraded at a time without performance issue in one swim job?
are there any recommendation ?

As of now on Catalyst center, you can initiate image update task on upto 100 devices simultaneously. There are no limitations as such on triggering such bulk task. Catalyst center would be able to handle the job without any deterioration of performance. 

Leo Laohoo
Hall of Fame
Hall of Fame

Can SWIM perform CPLD or ROMMON or golden capsule upgrade? 

Currently, DNAC does not support CPLD or golden capsule upgrades. While ROMMON upgrades are supported, this capability is limited to specific devices listed below.

Leo Laohoo
Hall of Fame
Hall of Fame

Can SWIM do the following scenario: 

Router is on 17.3.X and I want to upgrade to 17.12.3.  

SWIM will detect that it is not possible to upgrade directly, from 17.3.X, to 17.12.X without going through an intermediate version (like 17.9.X) and stop the process.

For routers, starting 17.1.x, the standard ROMMON image version is set to 16.12(2r). This ROMMON image is same for all the releases till date. Hence, there are no limitation from platform side to perform direct upgrades which support same ROMMON version. 

Therefore, Catalyst center would be able to perform SWIM on the router without any issues for your given scenario. 

Say the device is running a ROMMON version which is not compatible with the targetted SWIM version, the task is going to fail as the device would not boot with the new image due to non compatibility of image version. Catalyst center would not learn this limitation in the process. 


@SaurabhKhillare wrote:
Say the device is running a ROMMON version which is not compatible with the targetted SWIM version, the task is going to fail as the device would not boot with the new image due to non compatibility of image version. Catalyst center would not learn this limitation in the process. 

That will be bad for routers which, for example, cannot upgrade from 17.3.X (and earlier) to 17.12.X (and later) and guaranteed to fail because Cisco has not disclosed about the 17.9.X intermediate firmware.  17.9.X has 17.7(1r) (aka  ROMMON version 17.7.1r) and is a prerequisite to 17.12.X.  

Does anyone understand the repercussion to this?  No?  Let me explain:  The routers, attempting to boot 17.12.X with ROMMON version earlier than 17.7.1r will go into a boot-crash-loop.  Any customer who is in this situation will need to pay a lot of money to get this fixed.  

If the ROMMON version is not compatible, SWIM should stop unpacking the packages.

From any 17.x version, it is possible to upgrade to 17.12.x directly. The version which you are referring is a factory installed ROMMON version which comes with the newly manufactured boxes. No upgrade or downgrade of this ROMMON version is generally available(GA). 

As long as it is having 16.12(2r) ROMMON image for ISR4k and 17.3(1r) for ISR1k along with the current version present in its flash, the device would not end up in boot failure. Because even if the unsupported upgrade fails, device would look to boot with an ios or bin file present in its flash. 

Review Cisco Networking for a $25 gift card