Administration Guide vA1(7), Cisco ACE 4700 Series Application Control Engine Appliance
Upgrading Your ACE Software
Downloads: This chapterpdf (PDF - 149.0KB) The complete bookPDF (PDF - 6.38MB) | Feedback

Upgrading Your ACE Software

Table Of Contents

Upgrading Your ACE Software

Overview of Upgrading ACE Software

Before You Begin

Changing the Admin Password

Changing the www User Password

Checking Your Configuration for FT Priority and Preempt

Creating a Checkpoint

Software Upgrade Quick Start

Copying the Software Upgrade Image to the ACE

Configuring the ACE to Autoboot the Software Image

Setting the Boot Variable

Configuring the Configuration Register to Autoboot the Boot Variable

Verifying the Boot Variable and Configuration Register

Reloading the ACE

Displaying Software Image Information


Upgrading Your ACE Software


This appendix provides information to upgrade your Cisco 4700 Series Application Control Engine (ACE) appliance. It contains the following major sections:

Overview of Upgrading ACE Software

Software Upgrade Quick Start

Copying the Software Upgrade Image to the ACE

Configuring the ACE to Autoboot the Software Image

Reloading the ACE

Displaying Software Image Information

Overview of Upgrading ACE Software

The ACE comes preloaded with the operating system software. To take advantage of new features and bug fixes, you can upgrade your ACE with a new version of software when it becomes available.

In the Admin context, you will use the copy command in Exec mode to manually upgrade the ACE software. After the software installation is finished, set the boot variable and configuration register to autoboot the software image. Then, reboot the appliance to load the new image.

To minimize any disruption to existing network traffic during a software upgrade or downgrade, deploy your ACE appliances in a redundant configuration. For details about redundancy, see Chapter 7, Configuring Redundant ACE Appliances.

Before You Begin

Before you upgrade your ACE software, please read this appendix in its entirety so that you fully understand the entire upgrade process. Please be sure that your ACE configurations meet the upgrade prerequisites in the following sections:

Changing the Admin Password

Changing the www User Password

Checking Your Configuration for FT Priority and Preempt

Creating a Checkpoint

Changing the Admin Password

Before you upgrade to software version A1(8.0a) or higher, you must change the default Admin password if you have not already done so. Otherwise, after you upgrade the ACE software, you will only be able to log in to the ACE through the console port.

See Chapter 1, Setting Up the ACE for details on changing the admin account password.

Changing the www User Password

Before you upgrade to software version A1(8.0a) or higher, you must change the default www user password if you have not already done so. Otherwise, after you upgrade the ACE software, the www user will be disabled and you will not be able to use Extensible Markup Language (XML) to remotely configure an ACE until you change the default www user password.

See Chapter 2, Configuring Virtualization, in the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration Guide for details on changing a user account password. In this case, the user would be www.

Checking Your Configuration for FT Priority and Preempt

If you want the currently active ACE to remain active after the software upgrade, be sure that the active ACE has a higher priority than the standby (peer) ACE and that the preempt command is configured. To check the redundant configuration of your ACEs, use the show running-config ft command. Note that the preempt command is enabled by default and does not appear in the running-configuration file.

Creating a Checkpoint

We strongly recommend that you create a checkpoint in the running-configuration file of each context in your ACE. A checkpoint creates a snapshot of your configuration that you can later roll back to in case a problem occurs with an upgrade and you want to downgrade the software to a previous release. Use the checkpoint create command in Exec mode in each context for which you want to create a configuration checkpoint and name the checkpoint. For details about creating a checkpoint and rolling back a configuration, see Chapter 5, Managing the ACE Software.

Software Upgrade Quick Start

Table A-1 provides a quick overview of the steps required to upgrade the software on each ACE. Each step includes the CLI command or a reference to the procedure required to complete the task. For a complete description of each feature and all the options associated with the CLI commands, see the sections that follow Table A-1. For clarity, the original active ACE is referred to as ACE-1 and the original standby ACE is referred to as ACE-2 in the following quick start.

Table A-1 Software Upgrade Quick Start 

Task and Command Example

1. Log in to the ACE. The Exec mode prompt appears at the CLI. If you are operating in multiple contexts, observe the CLI prompt to verify that you are operating in the Admin context. If necessary, log directly in to, or change to the Admin context.

host1/Admin# 

2. Save the running configurations of every context by entering the write memory all command in Exec mode in the Admin context of each ACE.

host1/Admin# write memory all

3. Create a checkpoint in each context of both ACEs by entering the checkpoint create command in Exec mode.

host1/Admin# checkpoint create ADMIN_CHECKPOINT
host1/Admin# changeto C1
host1/C1# checkpoint create C1_CHECKPOINT

4. Enter either the copy ftp, copy sftp, or the copy tftp command in Exec mode to copy the new software image to the image: directory of each ACE. For example, to copy the image with the name c4710ace-t1k9-mz.A1_7.bin using FTP, enter:

host1/Admin# copy ftp://server1/images/c4710ace-t1k9-mz.A1_7.bin 
image:

5. Configure ACE-1 to autoboot from the image. To set the boot variable and configuration register to 0x1 (perform auto boot and use startup-config file), use the boot system image: and config-register commands in configuration mode. For example, enter:

host1/Admin# config
host1/Admin(config)# boot system image:c4710ace-t1k9-mz.A1_7.bin 
host1/Admin(config)# config-register 0x1 
host1/Admin(config)# exit
host1/Admin# 

You can set up to two images through the boot system command. If the first image fails, the ACE tries the second image.


Note Use the no boot system image: command to unset the previously configured boot variable.


6. Verify the boot variable was synchronized to ACE-2 by entering the following command on ACE-2:

host1/Admin# show bootvar
    BOOT variable = "disk0:/c4710ace-t1k9-mz.A1_7.bin; 
    disk0:/c4710ace-mz.3.0.0_AB0_0.488.bin"
Configuration register is 0x1

7. Enter the show ft group detail command in Exec mode to verify the state of each appliance. Upgrade the ACE that has its Admin context in the STANDBY_HOT state (ACE-2) first by entering the reload command in Exec mode. After ACE-2 boots up, it may take a few minutes to reach the STANDBY_HOT state again. Configuration synchronization is still enabled and the connections through ACE-1 are still being replicated to ACE-2.


Note Do not add any more commands to the ACE-1 configuration. At this point in the upgrade procedure, any incremental commands that you add to the ACE-1 configuration may not be properly synchronized to the ACE-2 configuration.


host1/Admin# reload
This command will reboot the system
Save configurations for all the contexts. Save? [yes/no]: [yes]

8. Perform a graceful failover of all contexts from ACE-1 to ACE-2 by entering the ft switchover all command in Exec mode on ACE-1. ACE-2 becomes the new active ACE and assumes mastership of all active connections with no interruption to existing connections.

host1/Admin# ft switchover all

9. Upgrade ACE-1 by reloading it and verify that ACE-1 enters the STANDBY_HOT state (may take several minutes) by entering the show ft group detail command in Exec mode. Because both ACE-1 and ACE-2 are running the same version of software now, configuration mode is enabled. The configuration is synchronized from ACE 2 (currently active) to ACE-1. If ACE-1 is configured with a higher priority and preempt is configured on the FT group, ACE-1 reasserts mastership after it has received all configuration and state information from ACE-2, making ACE-2 the new standby. ACE-1 becomes the active ACE once again.

host1/Admin# reload
This command will reboot the system
Save configurations for all the contexts. Save? [yes/no]: [yes]

10. Enter the show ft group detail command to verify that ACE-1 is in the ACTIVE state and ACE-2 is in the STANDBY_HOT state.


Copying the Software Upgrade Image to the ACE

To copy a software image to the ACE, use the copy command in the Admin context from the Exec mode. You can copy a software image to the ACE from a variety of sources, including:

FTP server

SFTP server

TFTP server

The copy command allows you to rename the image copied to the ACE.

The syntax for this command is:

copy {ftp://server/path[/filename] | sftp://[username@]server/path[/filename] | tftp://server[:port]/path[/filename]} image:[name]

The keywords, arguments, and options are:

ftp://server/path[/filename]—Specifies the URL of the software image located on an FTP server. This path is optional because the ACE prompts you for this information if you omit it.

sftp://[username@]server/path[/filename]—Specifies the URL of a software image on a secure FTP server. This path is optional because the ACE prompts you for this information if you omit it.

tftp://server[:port]/path[/filename]—Specifies the URL of a software image on a trivial FTP server. This path is optional because the ACE prompts you for this information if you omit it.

image:[name]—Specifies the the name for the software image copied to the ACE. If you do not enter the name argument, the ACE uses the default name of the image.

For example, to copy the image c4710ace-t1k9-mz.A1_7.bin located on an FTP server to the ACE, enter:

host1/Admin# copy ftp://server1/images/c4710ace-t1k9-mz.A1_7.bin 
image: 

To set the boot variable and configure the ACE to autoboot this image, see the "Configuring the ACE to Autoboot the Software Image" section.

Configuring the ACE to Autoboot the Software Image

After you copy the image on to the ACE, configure it to autoboot the image by setting the boot variable and the configuration register. The boot variable specifies the image from which the ACE boots at startup. The configuration variable can be set to autoboot the image defined by the boot variable.

This section contains the following topics:

Setting the Boot Variable

Configuring the Configuration Register to Autoboot the Boot Variable

Verifying the Boot Variable and Configuration Register

For detailed information on the boot variable and configuration register, see Chapter 1, Setting Up the ACE.

Setting the Boot Variable

To set the boot variable, use the boot system image: command in the Admin context from the configuration mode. The syntax for this command is:

boot system image:image_name

The image_name argument is the name of the installed image.

You can set up to two images through the boot system command. If the first image fails, the ACE tries the second image.

For example, to set the boot variable with the c4710ace-t1k9-mz.A1_7.bin image, enter:

host1/Admin(config)# boot system image:c4710ace-t1k9-mz.A1_7.bin 

Use the no boot system image: command to unset the previously configured boot variable.

Configuring the Configuration Register to Autoboot the Boot Variable

To configure the ACE to autoboot the system image identified in the boot environment variable, use the config-register command in the Admin context from the configuration mode and set the configuration register to 0x1.

A config-register setting of 0x1 instructs the ACE to boot the system image identified in the BOOT environment variable and to load the startup-configuration file stored in Flash memory. The BOOT environment variable is identified through the boot system command to specify a list of image files on various devices from which the ACE can boot at startup (refer to Chapter 1, Setting Up the ACE).

If the ACE encounters an error or if the image is not valid, it will try the second image (if one is specified). Upon startup, the ACE loads the startup-configuration file stored in Flash memory (nonvolatile memory) to the running-configuration file stored in RAM (volatile memory).

For details about the different settings of the config-register command, refer to Chapter 1, Setting Up the ACE.

For example, to set the register to 0x1 to boot the system image, enter:

host1/Admin(config)# config-register 0x1 

Verifying the Boot Variable and Configuration Register

To verify the boot variable and configuration register, use the show bootvar command in the Admin context from the Exec mode. For example, enter:

host1/Admin# show bootvar
BOOT variable = "disk0:/c4710ace-t1k9-mz.A1_7.bin;disk0:/ 
c4710ace-mz.3.0.0_AB0_0.488.bin"
Configuration register is 0x1

The "0x1" indicates that the configuration register is set to perform an automatic boot and to apply the startup-configuration file.

Reloading the ACE

To allow the ACE to use the installed software upgrade, reload the ACE appliance. To reload the ACE, use the reload command in the Admin context from the Exec mode. The syntax for this command is:

reload

For example, enter:

host1/Admin# reload
This command will reboot the system
Save configurations for all the contexts. Save? [yes/no]: [yes]

Displaying Software Image Information

To display the software image on the ACE, use the show version command in Exec mode. The syntax for this command is:

show version

For example, enter:

host1/Admin# show version
TAC support: http://www.cisco.com/tac
Copyright (c) 1985-2007 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.

Software
  loader:    Version 0.95
  system:    Version A1(7.0) [build 3.0(0)A1(7.999.31) 
adbuild_22:46:11-2008/04/
07_/auto/adbure_nightly2/nightly_scimitar-a18-rib/REL_3_0_0_A1_7_999
  system image file: (nd)/192.168.65.34/scimitar.bin
  Device Manager version 1.0 (0) 20080408:0435

  installed license: ACE-AP-VIRT-020 ACE-AP-OPT-LIC-K9 
ACE-AP-SSL-10K-K9

Hardware
  cpu info:
    number of cpu(s): 1
    cpu type: Pentium(R)
    cpu: 0, model: Intel(R) Pentium(R) 4, speed: 3399.991 MHz
  memory info:
    total: 6226704 kB, free: 4638636 kB
    shared:  kB, buffers: 19300 kB, cached 0 kB
  cf info:
    filesystem: /dev/hdb2
    total: 861668 kB, used: 348552 kB, available: 469344 kB

last boot reason:  reload command by root
configuration register:  0x1
switch kernel uptime is 0 days 18 hours 52 minute(s) 58 second(s)