Cisco Virtual Security Gateway, Rel. 4.2(1)VSG1(2) and Cisco Virtual Network Management Center, Rel. 1.2 Installation and Upgrade
Upgrading the Cisco Virtual Security Gateway and Cisco Virtual Network Management Center
Downloads: This chapterpdf (PDF - 159.0KB) The complete bookPDF (PDF - 4.95MB) | Feedback

Upgrading the Cisco Virtual Security Gateway and Cisco Virtual Network Management Center

Table Of Contents

Upgrading the Cisco Virtual Security Gateway and Cisco Virtual Network Management Center

Information About Cisco VSG Upgrades

Information About Cisco VNMC Upgrades

Upgrade Procedure in Sequence

Upgrading a Cisco VSG Pair

Upgrading the VSM Pair

Using the copy running-config startup-config Command on the Active VSM

Upgrading the VEM

Upgrading Cisco VNMC

Upgrading the VSM-PA

Upgrading the Cisco VSG-PA

Upgrade Compatibility Matrix


Upgrading the Cisco Virtual Security Gateway and Cisco Virtual Network Management Center


This chapter describes how to install and complete an upgrade for the Cisco Virtual Security Gateway (VSG) and the Cisco Virtual Network Management Center (VNMC).

This chapter includes the following sections:

Information About Cisco VSG Upgrades

Information About Cisco VNMC Upgrades

Upgrade Procedure in Sequence

Upgrade Compatibility Matrix

Information About Cisco VSG Upgrades

The upgrade procedure for a standalone Cisco VSG is hitful, which means that you must manually reload the Cisco VSG for the new image to become effective. In HA mode, the upgrade is hitless, which means that the standby Cisco VSG is upgraded first and then after a switchover, the previously active Cisco VSG is upgraded.

Because license information is not stored with the Cisco VSG, but is maintained between the Virtual Supervisor Module (VSM) and Virtual Ethernet Module (VEM), if packets are received at the Cisco VSG, that means that the license is valid and the packets are processed.

An upgrade, there affects two bin files: one is the kickstart file and the other is the system file.

An upgrade does not erase any of the existing information. When the Cisco VSG comes online, everything is as is. Because the Cisco VSG is stateless, it gets all this information from the Cisco VNMC at bootup.

Information About Cisco VNMC Upgrades

When you upgrade the Cisco VNMC software, to all current (command-line interface) CLI and (graphical user interface) GUI sessions are interrupted, which means that you must restart any CLI or GUI sessions.

Upgrade Procedure in Sequence

This section describes the upgrade procedure.


Note We highly recommend that you use the following order for upgrading your Cisco VSG and Cisco VNMC.


Upgrading a Cisco VSG Pair

Upgrading the VSM Pair

Using the copy running-config startup-config Command on the Active VSM

Upgrading the VEM

Upgrading Cisco VNMC

Upgrading the VSM-PA

Upgrading the Cisco VSG-PA


Note An upgraded Policy Agent (PA) without an upgraded Cisco VNMC will not be supported.


Upgrading a Cisco VSG Pair

You can upgrade a Cisco VSG pair using the following procedure.


Note Although you might see the install command on the Cisco VSG CLI, the command is not operational for the current release. Please follow the steps provided in this section to upgrade your Cisco VSG software.


BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

You are logged in to the CLI in EXEC mode.

You have already copied the new software files into the bootflash file system.

You have confirmed that the system is in high availability (HA) mode for an HA upgrade using the show system redundancy status command.

SUMMARY STEPS

1. configure

2. no boot system

3. no boot kickstart

4. boot system bootflash: system-filename

5. boot kickstart bootflash: kickstart-filename

6. (Optional) show boot

7. copy running-config startup-config

8. reload module standby_module_no

9. system switchover

DETAILED STEPS

 
Command
Purpose

Step 1 

configure

Example:

vsg# configure

vsg(config)#

Places you in global configuration mode.

Step 2 

no boot system

Example:

vsg(config)# no boot system

Removes the existing system boot variable.

Step 3 

no boot kickstart

Example:

vsg(config)# no boot kickstart

Removes the existing kickstart boot variable.

Step 4 

boot system bootflash: system-filename

Example:

vsg(config)# boot system bootflash: system-filename

Adds the new system boot variable.

Step 5 

boot kickstart bootflash: kickstart-filename

Example:

vsg(config)# boot kickstart bootflash: kickstart-filename

Adds the new kickstart boot variable.

Step 6 

show boot

Example:

vsg(config)# show boot

(Optional) Displays the system and kickstart variables for verification.

Step 7 

copy running-config startup-config

Example:

vsg(config)# copy running-config startup-config

Saves the running configuration persistently through reboots and restarts by copying it to the startup configuration. This step also initiates an image synchronization to the standby and the boot variable is synchronized to the standby.

Step 8 

reload module standby_module_no

Example:

vsg(config)# reload module 2

If the primary Cisco VSG is active, the standby module number is 2. If the secondary Cisco VSG is active, the standby module number is 1. Make sure that the standby module has reloaded successfully and the HA pair is established.

Step 9 

system switchover

Example:

vsg(config)# system switchover

Reloads the active Cisco VSG to come up with the new image. Wait for HA synchronization to complete.

Upgrading the VSM Pair

Upgrade the VSM pair according to the procedures in the Cisco Nexus 1000V Software Upgrade Guide, Release 4.2(1)SV1(4a).

Using the copy running-config startup-config Command on the Active VSM

Before continuing with the rest of the upgrade, you must use the copy running-config startup-config command on the active VSM.


Note It is critical that you enter the copy running-config startup-config command at this stage to keep your data flowing correctly.


Upgrading the VEM

Upgrade the VEM according to the procedures in the Cisco Nexus 1000V Software Upgrade Guide, Release 4.2(1)SV1(4a).

Upgrading Cisco VNMC

You can upgrade the Cisco VNMC by using the following procedure.

BEFORE YOU BEGIN

Before beginning this procedure, you must know or do the following:

You are logged in as admin to the CLI in EXEC mode.

You have already copied the new software files into the bootflash file system.

You must have the Cisco VNMC Release 1.0.1 installed.

SUMMARY STEPS

1. connect local-mgmt

2. (Optional) show version

3. copy scp://example-server-ip/example-dir/filename bootflash:/

4. dir bootflash:/

5. update bootflash:/filename

6. (Optional) show version

DETAILED STEPS

 
Command
Purpose

Step 1 

connect local-mgmt

Example:

vnmc# connect local-mgmt

vnmc(local-mgmt)#

Places you in local management mode.

Step 2 

show version

Example:

vnmc(local-mgmt)# show version

(Optional) Displays the version information for the Cisco VNMC software.

Step 3 

copy scp://example-server-ip/example-dir/
filename bootflash:/

Example:

vnmc(local-mgmt)# copy scp://<example-server-ip>/example1-dir/vnmc .1.2.0.635.bin bootflash:/

Copies the Cisco VNMC software file to the VM.

Step 4 

dir bootflash:/

Example:

vnmc(local-mgmt)# dir bootflash:/

Verifies that the desired file is copied in the directory.

Step 5 

update bootflash: filename

Example:

vnmc(local-mgmt)# update bootflash:/vnmc.1.2.0.635.bin

Begins the update of the Cisco VNMC software.

Step 6 

show version

Example:

vnmc(local-mgmt)# show version

(Optional) Allows you to verify that the Cisco VNMC software version is updated.

This example shows how to connect to the local-mgmt CLI:

vnmc# connect local-mgmt
Cisco Virtual Network Management Center
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2011, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php
 
   

This example shows how to display version information for the Cisco VNMC:

vnmc(local-mgmt)# show version
 
   
Name                Package             Version        GUI            
----                -------             -------        ----           
core                Base System         1.0(1m)        1.0(1m)        
service-reg         Service Registry    1.0(1m)        1.0(1m)        
policy-mgr          Policy Manager      1.0(1m)        1.0(1m)        
resource-mgr        Resource Manager    1.0(1m)        1.0(1m)        
vm-mgr              VM manager          1.0(1m)        none           
 
   
 
   

This example shows how to copy the Cisco VNMC software to the VM:

vnmc(local-mgmt)# copy scp://<example-server-ip>/example1-dir/vnmc.1.2.0.635.bin 
bootflash:/
Enter password: 
100%  143MB  11.9MB/s   00:12    
 
   

This example shows how to see the directory information for the Cisco VNMC:

vnmc(local-mgmt)# dir bootflash:/
                                                           
            891 Jun 10 05:52 vnmc-dplug.1.0.1m.bin         
            21M Jun  8 21:01 vnmc-vsgpa.1.0.1m.bin         
            20M Jun  8 21:01 vnmc-vsmpa.1.0.1m.bin         
           144M Jun 16 21:32 vnmc.1.2.0.635.bin            
 
   
 
   
Usage for bootflash://
 
   
            18187836 bytes used
             1534196 bytes free
            19722032 bytes total
 
   

This example shows how to start the update for the Cisco VNMC:

vnmc(local-mgmt)# update bootflash:/vnmc.1.2.0.635.bin
It is recommended that you perform a full-state backup before updating any VNMC component.  
Press enter to continue or Ctrl-c to exit.
 
   

This example shows how to display the updated version for the Cisco VNMC:

vnmc(local-mgmt)# show version
 
   
Name                Package             Version        GUI            
----                -------             -------        ----           
core                Base System         1.2(0.635)     1.2(0.635)     
service-reg         Service Registry    1.2(0.635)     1.2(0.635)     
policy-mgr          Policy Manager      1.2(0.635)     1.2(0.635)     
resource-mgr        Resource Manager    1.2(0.635)     1.2(0.635)     
vm-mgr              VM manager          1.2(0.635)     none       
 
   

Upgrading the VSM-PA

Obtain the new VSM-PA from the Cisco VNMC download page. You can upgrade the VSM-PA by using the following procedure.

PROCEDURE


Step 1 Copy the image on the VSM in the bootflash directory.

vsg# copy scp://<example-server-ip>/example1-dir/vnmc-vsmpa.1.2.1b.bin bootflash:
 
   

Step 2 Uninstall the existing VNM-PA on the Cisco VSM.

vsm# config
vsm(config)# vnm-policy-agent
vsm(config-policy-agent)# no policy-agent-image
 
   

Step 3 Install the new VNM-PA image on the Cisco VSM.

vsm(config-policy-agent)# policy-agent-image vnmc-vsmpa-image-name
vsm(config-policy-agent)# exit
vsm(config)# exit
vsm#
 
   

Step 4 Verify if the installation was successful.

vsg# show vnm-pa status
VNM Policy-Agent status is - Installed Successfully. Version 1.2(1b)
 
   

Step 5 Copy the running configuration to the startup configuration.

vsm# copy running-config startup-config
[########################################] 100%
 
   

Upgrading the Cisco VSG-PA

You can upgrade the Cisco VSG-PA by using the following procedure.

PROCEDURE


Step 1 Copy the image on the Cisco VSG in the bootflash directory.

vsg# copy scp://<example-server-ip>/example1-dir/vnmc-vsgpa.1.2.1b.bin bootflash:
 
   

Step 2 Uninstall the existing VNM-PA on the Cisco VSG.

vsg# config
vsg(config)# vnm-policy-agent
vsg(config-policy-agent)# no policy-agent-image
 
   

Step 3 Install the new VNM-PA image onthe Cisco VSG.

vsg(config-policy-agent)# policy-agent-image vnmc-vsgpa-image-name
vsg(config-policy-agent)# exit
vsg(config)# exit
vsg#
 
   

Step 4 Verify if the installation was successful.

vsg# show vnm-pa status
VNM Policy-Agent status is - Installed Successfully. Version 1.2(1b)
 
   

Step 5 Copy the running configuration to the startup configuration.

vsg# copy running-config startup-config
[########################################] 100%
 
   

Upgrade Compatibility Matrix

Table 7-1 shows how the components of a Cisco VSG and a Cisco VNMC upgrade work during the complete upgrade process.


Note We highly recommend that you upgrade the Cisco VSG and the Cisco VNMC in the order provided. Any deviation from the ordered steps could cause disruption of your connectivity and data communication.


Table 7-1 CIsco VSG and Cisco VNMC Upgrade Compatibility Matrix

Virtual Appliance
Original State
Phase 1: VSG Upgrade (with old PA)
Phase 2: VSM/VEM Upgrade (with old PA)
Phase 3: VNMC Upgrade

VSG

Release 4.2(1)VSG1(1)

Release 4.2(1)VSG1(2) (bin upgrade for HA or reassociated for standalone)

Release 4.2(1)VSG1(2)

Release 4.2(1)VSG1(2)

VSM/
VEM

Old

Old

New

New

VNMC

Release 1.0.1

Release 1.0.1

Release 1.0.1

Release 1.2

VSM Policy-
Agent

Old

Old

Old

New

VSG Policy-
Agent

Old

Old

Old

New

Supported Operations

All

Existing data sessions (offloaded)

New data sessions

Short disruption in new data session establishment during Cisco VSG upgrade

Allows Cisco Nexus 1000V switch (non-vn-service) operations including non-vn-service port profiles

Cisco VSG failover

Reestablishment of existing sessions

New data sessions

Cisco VSG failover

Existing data sessions (offloaded)

Allows Cisco Nexus 1000V switch (non-vn-service) operations

Once upgraded, all operations supported

Restricted Operations

None

No Cisco VNMC policy configuration change (silent drops)

No VSM/VEM vn-service VM operations (shutdown/bring up existing vn-service VMs, bring down net adapters, and so on)

No new vn-service VMs brought up

No bootstrap of devices (Cisco VNMC, Cisco VSG, VSM)

No vMotion of vn-service firewalled VMs on Cisco Nexus 1000V Switch

No vn-service port profile operations or modifications (toggles, removal, changing the port profiles on VSM)

All VSM to Cisco VNMC to Cisco VSG control operations are restricted

No Cisco VNMC policy configuration change (silent drops)

Allows Cisco Nexus 1000V switch (non-vn-service) operations, including non-vn service port profiles

No VSM/VEM vn-service VM operations (shutdown/bring up existing vn-service VMs, bring down net adapters, and so on)

No new vn-service VMs brought up

No bootstrap of devices (Cisco VNMC, Cisco VSG, VSM)

No vMotion of vn-service firewalled VMs on Cisco Nexus 1000V Switch

No vn-service port profile operations or modifications (toggles, removal, changing the port profiles on VSM)

All VSM to Cisco VNMC to Cisco VSG control operations are restricted

None