Subsystem In-Service Software Upgrades on the Cisco Catalyst 6500 Series with Cisco IOS Software Modularity
PDF(148.6 KB) View with Adobe Reader on a variety of devices
Updated:Jan 27, 2009
This product bulletin highlights the Subsystem In-Service Software Upgrade (ISSU) feature available with Cisco IOS® Software Modularity on the Cisco® Catalyst® 6500 Series Switches (Figure 1).
The Cisco Catalyst 6500 Series with Cisco IOS Software Modularity, first released in Release 12.2(18)SXF4, boosts operational efficiency and minimizes downtime through evolutionary software infrastructure advancements providing operational consistency, protected memory, fault containment, process restartability, modularized processes, and Subsystem ISSU. These enhancements are delivered in Cisco IOS Software for the Cisco Catalyst 6500 Series Supervisor Engine 720, Cisco Catalyst 6500 Supervisor Engine 32, and Cisco Catalyst ME-6524
maintaining the feature richness and operational environment already familiar to network operators.
By enabling modular Cisco IOS Software subsystems to run in independent processes, this innovation:
• Minimizes unplanned downtime through self-healing processes
• Simplifies software changes through subsystem ISSU
• Enables process-level, automated policy control by integrating Embedded Event Manager (EEM)
Figure 1. Cisco Catalyst 6500 Series with Cisco IOS Software Modularity
A major benefit of Software Modularity is Subsystem ISSU. This is the ability to update, or patch, selective software subsystems and activate it through process restart. The versioning and patch-management capabilities of Software Modularity allow patches to be downloaded, verified, installed, and activated without incurring a system reload*, thereby limiting service effects on the system being upgraded. Selective software updates also allow network administrators to reduce and target the software certification specifically to software being upgraded.
With Cisco IOS Software Modularity, if a software fix is required, the change can be made available as an individual patch, which reduces code certification time (Figure 2).
Subsystem ISSU can allow the change to be applied with no service disruption.
Figure 2. Reduced Code Certification Time with Cisco IOS Software Modularity
With Cisco IOS Software Modularity, patches are delivered as maintenance packs containing one or more patches. Maintenance packs will provide patches to address publicly announced security vulnerabilities (PSIRTs). Maintenance packs for non-PSIRT issues are not supported at this time. Availability is being evaluated based on customer input and demand.
Demo maintenance packs are provided as well for verification, validation, and development of upgrade processes and procedures within your organization. Demo maintenance packs allow network operators to gain experience performing Subsystem ISSU before a critical fix is needed.
Patches might require other patches to be installed due to dependency of prior fixes. With Cisco IOS Software Modularity, maintenance packs always include the complete set of dependant patches, thereby removing the need to search and preinstall any other patches during installation. At patch installation, Cisco IOS Software Modularity performs integrity and compatibility checks and determines the processes affected by the software patch.
* Patches to nonrestartable process
With Cisco IOS Software Modularity Release 12.2(18)SXF4, maintenance packs are named according to the following convention:
• Example: s3223-mp-001.122-18.SXF7
- s3223 Hardware platform identifier.
- mp This is a maintenance pack.
- 001 Sequential maintenance pack number specific to a base release.
- 122-18.SXF7 Indicates the base release for this maintenance pack.
Patch Selection and Download
Cisco IOS Software Modularity patches are available for download on Cisco.com Software Center (registered Cisco.com users only). Cisco offers a special companion tool to Feature Navigator called "Patch Navigator" (
http://www.cisco.com/go/pn) to search and download desired maintenance packs. Patch Navigator allows the user to search for patches based on bug ID, base image, and hardware platform or a combination of all three (Figure 3).
After cryptographic content has been added to a maintenance pack, all subsequent maintenance packs will continue to be restricted because of the cumulative nature of maintenance packs. Additionally, when cryptographic content is included in a maintenance pack, Cisco does not anticipate providing nonrestricted versions of cryptographic content or versions without cryptographic content. A maintenance pack with cryptographic content can be used to upgrade software versions that do not contain restricted content (noncryptographic images), and the maintenance pack, by itself, will not enable restricted content.
Maintenance Pack Releases
Cisco IOS Software Modularity is offered for both standard maintenance and extended maintenance releases. Standard releases receive software maintenance for severity 1, severity 2, and select severity 3 bugs for one year after introduction. Extended maintenance releases receive software maintenance for severity 1, severity 2, and select severity 3 bugs for two years after introduction.
Cisco IOS Software Modularity maintenance for PSIRT issues is offered through maintenance packs. All maintenance packs are delivered using a set of cumulative maintenance packs for each base image released.
Demo Maintenance Packs
Cisco offers patching demonstration capability through demo maintenance packs. Demo maintenance packs allow customers to:
• Educate the network operations staff about adding and removing maintenance packs
• Test and qualify the patching facility
• Enhance customer-specific tools
Demo maintenance packs are for testing purposes only and should not be installed concurrently with regular production maintenance packs at any time.
Patching with Cisco IOS Software Modularity is a two-step process (Figure 4):
1. Install: Installation of a patch does not change the state of the running system. The installation process can be repeated for multiple patches.
2. Activate: With an activate, all patches that are pending for install are activated, and relevant processes are restarted. A copy of the preactivation image is retained should the system need to be rolled back to the previous state.
The Cisco IOS Software Modularity Software determines affected processes and informs the operator. The affected processes are restarted to incorporate the patch.
Figure 4. Applying a Cisco IOS Software Modularity Patch on a Cisco Catalyst 6500 Series
Cisco IOS Software Modularity has certain minimum memory requirements (Table 1) for patching.