Showing results for 
Search instead for 
Did you mean: 

xFSU on Catalyst 9300: The Always-On Access Network

Cisco Employee

A major international airport is looking to build a cutting-edge new terminal, designed to run 24/7 with no interruptions. With the airport always on round the clock, a critical component required to support this is the surveillance infrastructure, which continuously sends back feeds from thousands of security cameras across the terminal. Since no interruption in security surveillance is acceptable, the network infrastructure supporting them would need to be always on as well.


What they require is a highly resilient infrastructure, with very low downtimes, even during upgrades.


At Cisco, High Availability is baked into our Switching DNA, with resiliency at every level, from Fan trays and power supplies, Redundant networking hardware platforms and protocols, right to the Modular Operating system. Developed with resiliency in mind, Cisco IOS XE reduces planned and unplanned downtime. Service and software upgrades are more efficient, and Graceful Insertion and Removal lets you update or debug a switch without disrupting network traffic.


While StackWise Virtual with ISSU ensures that your core is always up, the access layer always has required downtimes and maintenance windows in order to upgrade the network hardware.


For devices connected to the access layer, we always face a single point of failure, as the ability to dual-home endpoints is rare. Furthermore, switches at the access layer are occasionally smaller and less complex, and hence the option of redundant hardware on the access layer devices does not make a compelling business argument. Finally, is the question of scale, with thousands of access devices, and tens of thousands of connected endpoints: upgrading needs to be as painless as possible.


Coming in to solve this problem, is the cutting edge Modular Network Operating System Cisco IOS-XE 17.3, which simplifies upgrades of fixed access platforms and reduces upgrade downtimes to as low as a few seconds!



Figure 1: Divide and Conquer to upgrade with minimal downtime


This is made possible with xFSU or Extended Fast Software Upgrade The Modular IOS-XE operating system, is capable of separately upgrading the control plane and the data plane. As a first step, while data continues to forward, the control plane goes in for an upgrade. Once this is done, the data plane is then upgraded, and this completes in as little as 4s-30s depending on what protocols are present in the configuration.

stacked xfsu.jpg

Figure 2: Presenting Stacked xFSU

We’ve gone ahead and built this on the stack as well, as this is our customer’s primary deployment method in the access layer. To deal with the additional complexity of a stack, we run the upgrade in 2 stages: one where the standby and members are upgraded, and a second; where the active switches over, and is brought up with the new version of the image. While running supported protocols, your entire stack upgrades with less that 30s of loss for any connected device. This is superior to options such as the rolling stack upgrade, which keeps the entire network in a state of flux while each member of the stack upgrades.


Critical devices such as emergency communication systems can also be ‘dual-homed’,or connected to both the active and a member switch, and thus have no packet drops during the upgrade. All this makes xFSU a clear choice for Healthcare, Retail and Industrial verticals, providing high availability to the access closet: something that only Cisco can offer you


To solve the problem of upgrading thousands of switches to ensure the all-important airport surveillance stays up, ensuring safe skies for all of us, the newest terminal of a major International Airport now utilizes xFSU, picked for its ease of use and robustness. 


“The Airport Terminal has more than 2000 IP cameras which continuously stream traffic to the server 24x7. In case of airport perimeter security, 4-5 minutes of camera outage are critical as security guards have to physically control the area. The other important use-case is emergency calling in elevators, which must be possible at any time, even during network code upgrades. Long outages would require onsite checks of the emergency calling systems after each upgrade. A shorter outage during network code upgrades avoids conflicts with the department responsible for the emergency call system, who are looking for zero downtime. It also simplifies our task to continuously keep the infrastructure on latest security fixes and even helps us to attract more users onto the network. Using Cisco Catalyst 9300 platform with its premier resiliency and availability features like Extended Fast Software Upgrade (xFSU) helps us tremendously to achieve those goals, especially running always-on multicast applications.”


All this means that one can centrally upgrade their entire network of access devices in less time that it would take to walk down to the water cooler. What this brings to your business is clear: your maintenance windows can be much shorter and an always on network is closer to reality.