Catalyst 6807 least (non) disruptive software upgrade recommendation

S891 · ‎06-18-2020

We are currently running 6807-XL in a VSS pair using Quad--SUP6T. We are planning to upgrade from 15.5(1)SY3 to 15.5(1)SY5 as the current version has some software vulnerability.

What is the leats disruptive to almost non-disruptive upgrade recommendation. Cisco document suggests eFSU and these versions are compatible. I am looking for some practical suggestion if eFSU will be better to go with or even the FSU with "redundancy reload peer" will work without disruption.

What about the simple old technique of just changing boot variable and reload the chassis? I guess it reloads both chassis at the same time which will definitely be disruptive but I saw some old posts with this suggestion. Not sure if this old method suports reloading one chassis at a time only.

Reza Sharifi · ‎06-18-2020

Hi,

What about the simple old technique of just changing boot variable and reload the chassis? I guess it reloads both chassis at the same time which will definitely be disruptive but I saw some old posts with this suggestion. Not sure if this old method suports reloading one chassis at a time only.

In my opinion, ISSU is complicated and requires multiple reboots if things go as planed. If you can have an hour of maintenance window for when it is least disruptive to your network, I think it is so much easier and faster if you use the traditional way of loading the the same exact IOS into both primary and backup chassis, change boot variables, save config, verify boot variable and finally reload both chassis at the same time. Fully loaded 6807 will not take more than 15 min to reboot specially since your current IOS version is not very old.

HTH

balaji.bandi · ‎06-18-2020

i have done some ISSU - (eFSU) - its been long. but the procedure still works.

1. Read the release notes and understand the gotchas (caveats).

2. Take the configuration backup our of the box.

3. make sure devices connected to this VSS are dual-homed and verified.

4. safe side choose the maintenance window.

High-level steps :

1. copy the image to all supervisors. 
2. show issu state detail
3. Issu loadversion bootdisk:/new-image.bin
4. issu runversion 
5. issu acceptversion 
6. issu commitversion

6500 good document still valid :

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-5SY/config_guide/sup6T/15_5_sy_swcg_6T/enhanced_fast_software_upgrade_efsu.html

Good understand and how the process takes place explained here :

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2015/pdf/BRKCRS-3035.pdf

Note: if you are happy with traditional upgrade still works, that also tested and works a charm. depends on what is your comfort.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Leo Laohoo · ‎06-18-2020

Read the Release Notes very, very carefully.

RECOMMENDED: Get TAC on the phone.

The Release Notes contains a "document bug" and 15.5(1)SY5 has a "hidden command" bug. Here's how it goes:

Read the section called "Secure FPGA Support".
Under the "Notes" section, it recommends operators to go to the Secure Field Programmable Gate Array and Performing FPGA Upgrade section.
Click on that link and it will discuss about doing in FPGA upgrade (manually) on the following line cards: C6800-32P10G, C6800-16P10G, C6800-8P10G and C6800-8P40G-XL.
Everything is all fine until you following the instruction to invoke the command because the command to do to FPGA upgrade is HIDDEN. The last bit, "gold", is a hidden option.

I would not attempt to the upgrade in ISSU, FSU/eFSU without TAC on the phone.

S891 · ‎06-22-2020

Thank you everyone for your valuable comments. We did the software upgrade over the weekend using the eFSU process. We had the hitless upgrade and I am releieved that the process worked well as we decided to do the eFSU at the last moment without TAC on the line.

What I noticed is that the Cisco document on eFSU is missing some important details. You have ot figure it out what to do at more than one steps. We have documented it and I am sharing it here so people can follow it.

These are the key points which I found no mention in the Cisc eFSU document.

1. Do not change the bootvar using boot system command before the upgrade. It will be done automatically.

2. When you enter the "issu loadversion" it upgrades the Standby SUP to the new image and it stops after that without proceeding with any other upgrade.

3. The "issue runversion" command will only perform the failover to the previously Standby SUP which now has the current version. It will become Active on the new image and the previously Active SUP will reload on the old image. Nothing happens after this and still the remaining SUPs are at older version.

4. Only after you apply the " issu commitversion" command the rest of the VSS shelf starts the upgrade process, one-by-one, and you do not need to interrupt it or perform any step manually until all SUPs are upgraded to the new version.

Hope it helps !!

Reza Sharifi · ‎06-22-2020

Glad it went well. Thank you for sharing this document Fawad!

balaji.bandi · ‎06-22-2020

Nice good eFSU confirmed and working.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help