cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8641
Views
0
Helpful
2
Replies

Nexus 5000 ISSU and non-edge ports

David Goldsmith
Level 1
Level 1

I have two Nexus 5010 switches setup with vPC.  I have two Nexus 2148T FEXs, each one is connected to one of the Nexus 5000s.  I have a Dell M1000e blade chassis with 4 blade switches installed.  The A1/A2 IO slots have PowerConnect M6220 1G switches.  These switches are not stacked.  Each has two uplinks to each of the two FEXs. The first uplink from each and the second uplink from each are configured to belong to two vPCs.  The B1/B2 IO slots have PowerConnect M8024 10G switches.  These switches are not stackable.  Each has two uplinks to each of the two Nexus 5010s. The first uplink from each  and the second uplink from each are configured to belong to two vPCs.

When I run "show spanning-tree issu-imapct" on either Nexus 5010 switch, I have problems with criteria 3 with non-edge ports.  Ports 11-14 on each Nexus 5010 switch are what are used for the 10G uplinks from the M8024 switches.  vPCs 11-14 are used for these ports.

Given this network hardware and connectivity, is there a way to resolve the non-edge ports so that I would be able to do non-disruptive firmware updates?

Thanks,

David Goldsmith

switch31b# show spanning-tree issu-impact

For ISSU to Proceed, Check the Following Criteria :
1. No Topology change must be active in any STP instance
2. Bridge assurance(BA) should not be active on any port (except MCT)
3. There should not be any Non Edge Designated Forwarding port (except MCT)
4. ISSU criteria must be met on the VPC Peer Switch as well

Following are the statistics on this switch


No Active Topology change Found!
Criteria 1 PASSED !!

No Ports with BA Enabled Found!
Criteria 2 PASSED!!

List of all the Non-Edge Ports

Port             VLAN Role Sts Tree Type Instance
---------------- ---- ---- --- --------- ---------
port-channel13   3201 Desg FWD  PVRST      3201
port-channel11   3201 Desg FWD  PVRST      3201
port-channel13   3202 Desg FWD  PVRST      3202
port-channel11   3202 Desg FWD  PVRST      3202
port-channel13   3203 Desg FWD  PVRST      3203
port-channel11   3203 Desg FWD  PVRST      3203
port-channel13   3204 Desg FWD  PVRST      3204
port-channel11   3204 Desg FWD  PVRST      3204
port-channel13   3205 Desg FWD  PVRST      3205
port-channel11   3205 Desg FWD  PVRST      3205
port-channel13   3206 Desg FWD  PVRST      3206
port-channel11   3206 Desg FWD  PVRST      3206
port-channel13   3207 Desg FWD  PVRST      3207
port-channel11   3207 Desg FWD  PVRST      3207
port-channel13   3208 Desg FWD  PVRST      3208
port-channel11   3208 Desg FWD  PVRST      3208
port-channel13   3209 Desg FWD  PVRST      3209
port-channel11   3209 Desg FWD  PVRST      3209
port-channel13   3210 Desg FWD  PVRST      3210
port-channel11   3210 Desg FWD  PVRST      3210
port-channel13   3301 Desg FWD  PVRST      3301
port-channel11   3301 Desg FWD  PVRST      3301
port-channel13   3302 Desg FWD  PVRST      3302
port-channel11   3302 Desg FWD  PVRST      3302
port-channel13   3303 Desg FWD  PVRST      3303
port-channel11   3303 Desg FWD  PVRST      3303
port-channel13   3304 Desg FWD  PVRST      3304
port-channel11   3304 Desg FWD  PVRST      3304
port-channel13   3305 Desg FWD  PVRST      3305
port-channel11   3305 Desg FWD  PVRST      3305

port-channel12   3308 Desg FWD  PVRST      3308
port-channel14   3308 Desg FWD  PVRST      3308
port-channel13   3309 Desg FWD  PVRST      3309
port-channel11   3309 Desg FWD  PVRST      3309
port-channel13   3310 Desg FWD  PVRST      3310
port-channel11   3310 Desg FWD  PVRST      3310

Criteria 3 FAILED !!

ISSU Cannot Proceed! Change the above Config

2 Replies 2

In most platforms where we support ISSU we have two supervisors, in other words two CPUs.  However in the N5K we have just the single CPU so
we have quite some limitations on ISSU, or rather it can only be carried out in certain circumstances.

The following section of the ISSU document outlines these limitations:
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/upgrade/421_n2_1/Cisco_Nexus_5000_Series_NX-OS_Software_Upgrade_and_Downgrade_Guide__Release_421_chapter1.html#concept_AE035169721C43BCBBEA755030183CD3

The caveat here which is most relevant would be "STP can not be enabled on switches under the parent Cisco Nexus 5000 Series switch."  So ISSU is unfortunetly not supported with your current topology.

If you absolutely need ISSU you could workaround it by temporarily using edge ports, but it comes with fairly inherent risks (and is not a Cisco recomendation).  I could not follow the exact topology you described, but presuming there is no internal link between the blade switches, what you could do during the ISSU is shut down all links that would normally be blocking, then make the forwarding links to the Dell blade chassis as portfast trunk ports, this would mean they would no longer be considered as designated and the ISSU would then be supported.  Once the ISSU is complete, you could remove the portfast configuration, and renable the shut down links.

I would really emphasize here that it is vital to shut down the links that are normally blocking so you have no redundant path between the Dell and Nexus switches and therefore can't create a loop.  As stated above, if not followed correctly there is the risk of a loop which could potentially lead to a network down, so it is really your call if you consider this preferable to a normal disruptive NX-OS upgrade.

Hope this helps.

Chris

kevin.dubourg1
Level 1
Level 1

Hello,

My workaround to do an ISSU upgrade with switch connected to the 5K (not recommanded but it's works if you be careful to your spanning-tree topology).

For me, i configured that:

  • On remote device and on the interface which do the interconnection to the 5K, activate the BPDUFilter
  • On the Nexus 5K, on the interface which do the interconnection to the remote switch, active the spanning-tree port type edge (trunk if it's necessary).

With that the ISSU checking pass with success.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco