This is not an official guide, just something I've been testing to help during those "difficult" situations. All works here are my own!
There are some situations where we need to load an image onto a Nexus switch (or other network devices for that matter) using a TFTP Server or a USB drive. There are some conditions/circumstances where we might not have access to either of these options (Possibly due to firewalls, Lack of physical access in a "lights-out" DC or when certain parts of the network have no reach-ability).
This document attempts to present a solution using Docker Containers to show how we can run a TFTP Server on a Nexus 9000 running 9.3(1) code utilizing Docker.
This could be used to recover a Nexus device (or any other vendor's device that loads an initial image using TFTP). This would be used in an emergency situations where we have run out of options.
A circumstance which may need this solution could be during an upgrade where the switch fails to boot. In order to recover the switch we must wipe the file-system from the switch, losing the NX-OS binary image. In that case we must either use USB or TFTP to bootstrap the switch. There are circumstances where in a remote work situation we don't have physical access to plug in a USB (or remote hands will take some period of time to get to the site) and we don't have a TFTP available in the current network.
The broken switch [In this example IP address: 192.0.2.2]
This will be the victim needing access to a TFTP-server
We will call this switch "Switch bad" or sw-bad for short.
A healthy Nexus device running NX-OS 9.2(x)/9.3(x) code [In this example IP address: 192.0.2.1]
This will be the TFTP-server
We will call this switch "Switch good" or sw-good for short.
A copy of the NX-OS image (e.g. "nxos.bin" for short) you wish to boot (sw-bad) with. This image needs to be copied to the bootflash of (sw-good)
Access to the Internet via the management VRF of (sw-good)
Later I'll re-write this guide to include using the default VRF, but for now this guide will only focus on using mgmt0/management VRF on the TFTP-server
Connectivity (L2/L3) between sw-good & sw-bad.
Configuration of the switch in Loader> :: sw-bad
# Configure the mgmt0 interface on (sw-bad) set ip 192.0.2.2 255.255.255.0
set gw 192.0.2.254
Configuration of Docker/TFTPd on :: sw-good
# Enable the BASH shell feature bash
# Enter BASH shell run bash sudo su
# Check if Docker is running service docker status
# Start the Docker Service service docker start
# Invoke a container which exposes port 69 UDP docker run -d -p 69:69/udp -it pghalliday/tftp
# Show the running containers docker ps
# Copy the image from bootflash into the container, replace "container_id" with the "container_id" found # running the previous "docker ps" command. sudo docker cp /bootflash/nxos.bin container_id:/var/tftpboot
# Exit back to NX-OS and find the mgmt0 interface exit
show ip int bri vrf man (in my example I see 192.0.2.1)
# From sw-bad loader> boot tftp://192.0.2.1/nxos.9.3.3.bin
# If you want to get into the container (name is taken also from `docker ps` output) docker exec -it <NAME> /bin/sh
# To clean up once complete docker kill <container_id>
I hope this helps someone get out of a sticky situation!
Hi, The ACI Multi-pod white paper explains how remote endpoints belonging to different pods are associated to the spines Anycast VTEP address (Proxy), minimising the number of MP-BGP EVPN updates between pods when the endpoint performs local movement...
Hello Friends, I am trying to digest concept of L4-L7 feature in ACI if i understood correct, if we use ASAv in L4-l7, then we dont need physical ASA in network to filter port traffic and ACI l4-l7 ASAv will do port based filtering ? Is it?If we...
Hello Guys,My Cisco ACI fabric have 1 APIC server-M2 (Fimware 2.2(2e)), 1 Spine N9K-9336PQ, 2 Leaf N9K-9396PX using fimware 12.2(2e). can i upgrade my apic fimware to 4.2(3i), spine and leaf fimware to 14.2(3i) ?
Got a fabric module that refused to boot up on a new switch. Upon inspecting the log I've come across this. 2020 Mar 26 17:14:17 N9K-C9504 %$ VDC-1 %$ %MODULE-2-MOD_DIAG_FAIL: Module 22 (Serial number: ) reported failure due to fatal error in device ...