cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

I don't have an SCP server for Nexus 3k image compacting, what now?

263
Views
0
Helpful
0
Comments

What to do when you don't have access to an SCP server during an N3K upgrade that requires compaction/compacting.

 

Purpose

Some of the Nexus 3k switches require that you manually compact the image in order for it to fit on the bootflash of the switch. In some instances this is done locally on the switch itself. Other instances require you to compact the image "in-flight" while the image is being copied to the switch itself. This process requires access to a Server which allows SCP (Secure Copy), while most SSH servers also support SCP, sometimes this is not the case.

This guide will demonstrate how to use a Nexus switch (3k, 5k, 6k, 7k, 9k) as an SCP server in the event you don't have one readily available.

Note:  Nexus 3k is mentioned above as some Nexus 3000 products have sufficient bootflash space for multiple large images.

Topology

Below is the example topology that will be used in this article. 

  • The cloud simply represents that the switch we will be converting temporarily as an SCP server is "somewhere else" in your Network and is L2/L3 reachable
  • The traffic in this example is in VRF: default, if you're accessing the device over the management network you will need to ensure you specific `vrf management` for the `copy` command.
  • SOURCE-SW1 will need to contain the image you wish to load on your Nexus 3k, before proceeding with the steps below please ensure you have copied your NX-OS *.bin file onto SOURCE-SW1

 

+--------------+                                  +--------------+
|              |                                  |              |
|              |        vPC Peer-keepalive        |              |
|              | - - - - - - - - - - - - - - - - -+              |
|    n3k-1     +                                  |    n3k-2     |
|              ====================================              |
|              |          vPC Peer-link           |              |
|              |                                  |              |
+------+-------+                                  +--------+-----+
       |  VLAN: 10                                         |  VLAN: 10
       |  IP address: 192.0.2.1/25                         |  IP address: 192.0.2.2/25
       |                                                   |
       |                                                   |
       |                                                   |
       |                                                   |
       |                      .-~~~-.                      |
       |              .- ~ ~-(       )_ _                  |
       |             /                     ~ -.            |
       +------------+      Your Network         \+---------+
                     \                         .'
                       ~- . _____________ . -~
                                  +
                                  |
                                  |
                                  |
                                  |
                                  | VLAN: 11
                                  | IP address: 192.0.2.150/25
                                  |
                           +------+-------+
                           |              |
                           |              |
                           |              |
                   +-----> |  SOURCE-SW1  |
                   |       |              |
                   |       |              |
                   |       |              |
                   |       +--------------+
                   |
                   +      This Nexus can be a:
                          3k, 5k, 6k, 7k, 9k

 

Configuration required

In this scenario we'll be converting SOURCE-SW1 temporarily into an SCP Server to copy our images from. This switch will act like an SCP server and be the "source" we're copying from.

  • Before selecting a switch as an SCP server ensure it's reachable via Ping and that you can SSH into that switch
  • Enabling the scp-server feature should be non-disruptive, but always be mindful that it is a "change" and there is always a risk when changing any configuration on production devices.
  • You will need to copy your NX-OS image to "SOURCE-SW1" before running the commands below.

 

  1. Login to "SOURCE-SW1" and configure the SCP server feature
    1. conf
    2. feature scp-server
  2. Verify that the SCP server is enabled

    1. show feature | i i Feature|--|scp
      <or>
      show feature | i i scp
  3. Login to the switch you are attempting to upgrade (this will be the "destination" switch, the one where the image will be copied to and upgraded) in our case that's "n3k-1"
    1. n3k-1# copy scp://USERNAME@192.0.2.150/nxos.x.x.x.x.x.bin . compact [vrf management]
      1. USERNAME = This is the username you login to the switch with (e.g. admin, john, bob8011)
      2. "nxos.x.x.x.x.x.bin" is the name of the image you're trying to upgrade to
      3. Note: The single period '.' after ".bin"means "this directory", in our case that means "bootflash:".
        1. By default the working directory when you login to a Nexus switch is "bootflash". You can check this with `pwd`
      4. The last portion [vrf management] is optional, use this is you access SOURCE-SW1 via the management VRF
  4. Once the copy is complete, there should be a file "nxos.x.x.x.x.x.bin" in the bootflash which will be much smaller than the original image.
    1. For instance the reduction size is normally:
      1. Original: 1.5-2 GB
      2. Compacted: 350-550 MB
  5. If you're also going to upgrade n3k-2, you could perform the same steps above and enable the `scp-server` on n3k-1 and transfer the compacted image across using the same method. This means you can avoid having to perform another compaction, possibly saving some time.
    1. Note: Compacted images will only work on the same platform. For instance if you compact the image above for a n3172 it will not work on an n3048.
    2. The rule of thumb is that you should be able to share these images between deivces in a vPC (such as n3k-1, n3k-2 above)
  6. To revert "SOURCE-SW1" back to it's original configuration we can run the following commands to disable the scp-server
    1. conf
    2. no feature scp-server
  7. Verify that the SCP server is disabled
    1. show feature | i i Feature|--|scp
      <or>
      show feature | i i scp

 

Conclusion

This guide is for those situations where for some reason there is an issue with the SSH server or one doesn't exist and compacting is required. The scp-server can also be left on (or enabled on-demand, when you need it) in order to facilitate easier/faster (faster than TFTP) copying files to and from the switch.

Failing that, if you're struggling to compact your image please don't hesitate to contact TAC who can assist with obtaining/generating a compacted image.

 

HTH,

Jason.

Content for Community-Ad