I have two Nexus 5010 switches setup with vPC. I have two Nexus 2148T FEXs, each one is connected to one of the Nexus 5000s. I have a Dell M1000e blade chassis with 4 blade switches installed. The A1/A2 IO slots have PowerConnect M6220 1G switches. These switches are not stacked. Each has two uplinks to each of the two FEXs. The first uplink from each and the second uplink from each are configured to belong to two vPCs. The B1/B2 IO slots have PowerConnect M8024 10G switches. These switches are not stackable. Each has two uplinks to each of the two Nexus 5010s. The first uplink from each and the second uplink from each are configured to belong to two vPCs.
When I run "show spanning-tree issu-imapct" on either Nexus 5010 switch, I have problems with criteria 3 with non-edge ports. Ports 11-14 on each Nexus 5010 switch are what are used for the 10G uplinks from the M8024 switches. vPCs 11-14 are used for these ports.
Given this network hardware and connectivity, is there a way to resolve the non-edge ports so that I would be able to do non-disruptive firmware updates?
switch31b# show spanning-tree issu-impact
For ISSU to Proceed, Check the Following Criteria :
1. No Topology change must be active in any STP instance
2. Bridge assurance(BA) should not be active on any port (except MCT)
3. There should not be any Non Edge Designated Forwarding port (except MCT)
4. ISSU criteria must be met on the VPC Peer Switch as well
Following are the statistics on this switch
No Active Topology change Found!
Criteria 1 PASSED !!
No Ports with BA Enabled Found!
Criteria 2 PASSED!!
List of all the Non-Edge Ports
Port VLAN Role Sts Tree Type Instance
---------------- ---- ---- --- --------- ---------
port-channel13 3201 Desg FWD PVRST 3201
port-channel11 3201 Desg FWD PVRST 3201
port-channel13 3202 Desg FWD PVRST 3202
port-channel11 3202 Desg FWD PVRST 3202
port-channel13 3203 Desg FWD PVRST 3203
port-channel11 3203 Desg FWD PVRST 3203
port-channel13 3204 Desg FWD PVRST 3204
port-channel11 3204 Desg FWD PVRST 3204
port-channel13 3205 Desg FWD PVRST 3205
port-channel11 3205 Desg FWD PVRST 3205
port-channel13 3206 Desg FWD PVRST 3206
port-channel11 3206 Desg FWD PVRST 3206
port-channel13 3207 Desg FWD PVRST 3207
port-channel11 3207 Desg FWD PVRST 3207
port-channel13 3208 Desg FWD PVRST 3208
port-channel11 3208 Desg FWD PVRST 3208
port-channel13 3209 Desg FWD PVRST 3209
port-channel11 3209 Desg FWD PVRST 3209
port-channel13 3210 Desg FWD PVRST 3210
port-channel11 3210 Desg FWD PVRST 3210
port-channel13 3301 Desg FWD PVRST 3301
port-channel11 3301 Desg FWD PVRST 3301
port-channel13 3302 Desg FWD PVRST 3302
port-channel11 3302 Desg FWD PVRST 3302
port-channel13 3303 Desg FWD PVRST 3303
port-channel11 3303 Desg FWD PVRST 3303
port-channel13 3304 Desg FWD PVRST 3304
port-channel11 3304 Desg FWD PVRST 3304
port-channel13 3305 Desg FWD PVRST 3305
port-channel11 3305 Desg FWD PVRST 3305
port-channel12 3308 Desg FWD PVRST 3308
port-channel14 3308 Desg FWD PVRST 3308
port-channel13 3309 Desg FWD PVRST 3309
port-channel11 3309 Desg FWD PVRST 3309
port-channel13 3310 Desg FWD PVRST 3310
port-channel11 3310 Desg FWD PVRST 3310
Criteria 3 FAILED !!
ISSU Cannot Proceed! Change the above Config
In most platforms where we support ISSU we have two supervisors, in other words two CPUs. However in the N5K we have just the single CPU so
we have quite some limitations on ISSU, or rather it can only be carried out in certain circumstances.
The following section of the ISSU document outlines these limitations:
The caveat here which is most relevant would be "STP can not be enabled on switches under the parent Cisco Nexus 5000 Series switch." So ISSU is unfortunetly not supported with your current topology.
If you absolutely need ISSU you could workaround it by temporarily using edge ports, but it comes with fairly inherent risks (and is not a Cisco recomendation). I could not follow the exact topology you described, but presuming there is no internal link between the blade switches, what you could do during the ISSU is shut down all links that would normally be blocking, then make the forwarding links to the Dell blade chassis as portfast trunk ports, this would mean they would no longer be considered as designated and the ISSU would then be supported. Once the ISSU is complete, you could remove the portfast configuration, and renable the shut down links.
I would really emphasize here that it is vital to shut down the links that are normally blocking so you have no redundant path between the Dell and Nexus switches and therefore can't create a loop. As stated above, if not followed correctly there is the risk of a loop which could potentially lead to a network down, so it is really your call if you consider this preferable to a normal disruptive NX-OS upgrade.
Hope this helps.
My workaround to do an ISSU upgrade with switch connected to the 5K (not recommanded but it's works if you be careful to your spanning-tree topology).
For me, i configured that:
With that the ISSU checking pass with success.