No, not use a L3 switch as the CE, but instead create a sub-interface on the CE router to encapsulate the traffic between CE and PE using the ISPs provided VLAN/tag id. Sure, just tunnel the traffic.
... View more
As Jon stated, this does depend on the provider you are using. In my experience, BGP was the standard and therefore easiest to get provisioned, configured, supported, etc. They will provide you an example config for either tagged(sub-interface) or untagged interface config along with a basic BGP config. If you do NOT want to use tagged then make sure you tell them prior to cut-over day. It seems that some providers really try and force customers to use SVIs. Unless you already have a public AS number you can assign to your site, they will give you a private AS number to use. You will also need to make sure you tell your provider the networks you are advertising out to them. Otherwise, they will be blocked by default. This was the #1 issue. During cut-over, have looking glass open in browser to verify public IP advertisements.
Just my 2 cents,
... View more
Hi Tayyab, Thank you for taking the time to share your plan. I have a slightly different upgrade plan that I have been using successfully for years. I just wanted to share this with the group. Steps 1-3 are the same as your plan, step 3 is listed just to introduce some examples. 3. Take the configuration backup before proceeding upgrade.
Examples that will need to be adjusted for your environment: show run | redirect ftp://username:password@YUR.IP.ADD.RES:~/YourBackupDir/your-3850-sw1.cfg show run brief | redirect ftp://username:password@YUR.IP.ADD.RES:~/YourBackupDir/your-3850-sw1_brief.cfg show run all | redirect ftp://username:password@YUR.IP.ADD.RES:~/YourBackupDir/your-3850-sw1_all.cfg 4. There is no need to copy the new version package to each switch. The package only needs to be copied to the "Active" master switch (usely switch #1). The next step will perform that operation for us by copying the package to each switch utilizing the stack-wise connections high-bandwidth. This keeps us from having to saturate the uplink(s) by transferring the package N(# of switches) times. Also, we need to make sure to update any NBAR2 protocol packs as well.
Examples for both: copy ftp://username:password@YUR.IP.ADD.RES:~/YourSoftwareDir/cat3k_caa-universalk9.16.06.04a.SPA.bin flash:cat3k_caa-universalk9.16.06.04a.SPA.bin copy ftp://username:password@YUR.IP.ADD.RES:~/YourSoftwareDir/pp-adv-cat3k-166.4-31-40.0.0.pack flash:pp-adv-cat3k-166.4-31-40.0.0.pack Examples for md5 hash verification: verify /md5 flash:cat3k_caa-universalk9.16.06.04a.SPA.bin verify /md5 flash:pp-adv-cat3k-166.4-31-40.0.0.pack 5. Install the new version using the software install command.
Examples: software install file flash:cat3k_caa-universalk9.16.06.04a.SPA.bin new software install file flash:cat3k_caa-universalk9.16.06.04a.SPA.bin new auto-rollback 60 There are multiple options for this install method like auto-rollback, on-reboot, force, and so on. I would recommend checking them out. You will be prompted to reload the switch (yes|no). The verification process is done automatically during the software install and output to screen for your review prior to accepting reboot. If something is in error, then from here you can stop the process and rollback. I tell users at the very least 20min downtime for a single switch. Multiple switch stacks can take a VERY long time to reload and re-provision themselves correctly. As an example, I have waited 46mins for a stack of 4 to reload completely. I was dialing TAC in panic at 45min...lol. 5. After upgrading the new IOS, verify New IOS with show version 6. After a successful upgrade, now you can update your NBAR2 protocol pack.
Example: ip nbar protocol-pack flash:pp-adv-cat3k-166.4-31-40.0.0.pack 7. Don't forget to save config/wr mem! - Ricky
... View more