Cisco 7600 Series Routers Session Border Controller Configuration Guide
SBC Prerequisites on the ACE
Download this chapter
SBC Prerequisites on the ACESBC Prerequisites on the ACE
Download the complete book
Cisco 7600 Series Routers Session Border Controller Configuration GuideCisco 7600 Series Routers Session Border Controller Configuration Guide (PDF - 9 MB)
give_us_feedback

Table Of Contents

ACE Configuration Prerequisites for the SBC

Restrictions and Usage Guidelines

Bringing Up the ACE

Configuring VLANs and Interfaces for the ACE on the Supervisor

Sessioning and Logging In to the ACE

Assigning a Name to the ACE

Configuring ACE Infrastructure

Configuring the VLAN Interface for Admin Context

Configuring the FT VLAN Interface

Configuring the FT Peer

Configuring the FT Group

Assigning an IP Address to the ACE

Configuring a Static Route

Hairpin Static Route Guidelines

Accessing the ACE Using a Telnet Session

Upgrading the SBC Image on the ACE to Release 3.1.00

Upgrading the SBC Image on the ACE

Upgrading the SBC Image for Redundant ACE Modules

Verifying ACE Status as Active SBC Services Card

Additional Information


ACE Configuration Prerequisites for the SBC

The SBC application runs on an Application Control Engine (ACE) module (hereafter called ACE). The ACE runs its own software. For more information on the ACE and for the ACE software release notes, see http://www.cisco.com/en/US/products/ps6906/tsd_products_support_model_home.html.

The ACE maintains a primary role as the SBC services card.

Note When running an SBC image on the ACE module, Only SBC functionality is supported. ACL configuration is not supported.

This chapter contains the following sections:

Restrictions and Usage Guidelines

Bringing Up the ACE

Verifying ACE Status as Active SBC Services Card

Additional Information

Feature History for Implementing SBC Configuration Prerequisites

Release
Modification

Release 12.2(33)SRC

Added support for ACE20-SBC-K9 with Route Switching Processor 720-1GE.

Release 12.2(33)SRB1

Added support for ACE20-SBC-K9 with Supervisor Engine 720.


Restrictions and Usage Guidelines

When configuring SBC on the Cisco 7600 series router, follow these restrictions and usage guidelines:

Hardware:

Chassis supported: Cisco 7604, Cisco 7606, Cisco 7606-S, Cisco 7609-S, Cisco 7609, Cisco 7613

Maximum of 9 ACEs can be supported with SBC functionality in Cisco 7600 router

All existing line cards that interoperate with ACE are supported

Supervisors supported with ACE module: 720-3B, 720-3BXL, RSP720-C, and RSP720-CXL

Software:

10,000 number of concurrent connections

Less than 1 ms latency and jitter

Max VLANS— 2000

Max shared VLANS—100

Max VPNS—250

Bringing Up the ACE

Before you can configure the SBC, you need to configure the ACE to do the following tasks:

Pass traffic from the supervisor engine in the Cisco 7600 series router to the ACE

Allow network connectivity

Perform remote management through Telnet

This section describes how to accomplish these tasks:

Configuring VLANs and Interfaces for the ACE on the Supervisor

Sessioning and Logging In to the ACE

Assigning a Name to the ACE

Configuring ACE Infrastructure

Configuring a Static Route

Accessing the ACE Using a Telnet Session

Upgrading the SBC Image on the ACE

Configuring VLANs and Interfaces for the ACE on the Supervisor

Before the ACE can receive traffic from the supervisor engine in the Cisco 7600 series router, you must create VLAN groups on the supervisor engine, and then assign the groups to the ACE. After you configure the VLAN groups on the supervisor engine for the ACE, you can configure the VLAN interfaces on the ACE.

In Cisco IOS software, you can create one or more VLAN groups, and then assign the groups to the ACE. For example, you can assign all VLANs to one group, or you can create a group for each customer.

You cannot assign the same VLAN to multiple groups; however, you can assign multiple groups to an ACE. For example, VLANs that you want to assign to multiple ACEs can reside in a separate group from VLANs that are unique to each ACE.

Note Before you begin, contact your network administrator to determine which VLANs and addresses are available for use by the ACE.

To configure VLANs for the ACE using Cisco IOS software, perform the following steps:

1. Connect to the supervisor engine to open a session. For example, use Telnet to connect to the supervisor at the IP address 172.19.110.5 as follows: 

linux$ telnet 172.19.110.5

User Access Verification


Password: cisco

Router#

2. Create VLANs for SBC route. 

Router# config

Router(config)# vlan 87

Router(config)# vlan 23

Router(config)# vlan 99

Note A VLAN for the SBC VRF route is optional; a VLAN for the FT is mandatory (even for a standalone).

3. Create VLAN interfaces on the supervisor for the FT. 

Router(config)# interface vlan23

Router(config)# ip address 23.23.23.1 255.255.255.0

!

4. Create VLAN interfaces on the supervisor for signaling and media addresses. 

Router(config)# interface vlan87

Router(config)# ip address 88.103.29.1 255.255.255.0

!

Router(config)# interface vlan99

Router(config)# ip address 88.103.33.1 255.255.255.0

5. Create VLAN groups for the ACE modules by using the svclc vlan-group group_number vlan_range command in configuration mode. 

Router# config

Router(config)# svclc vlan-group 23 23

Router(config)# svclc vlan-group 200 87, 99

If using multiple signaling VLANs per ACE module, you must configure the following: 

Router(config)# svclc multiple-vlan-interfaces

6. Assign the VLAN groups to the ACEs by using the svc module slot_number vlan-group group_number_range command. 

Router(config)# svclc module 3 vlan-group 23,200

Router(config)# svclc module 4 vlan-group 23,200

7. View the group configuration for the ACE and the associated VLANs by using the show svclc vlan-group command: 

Router(config)# exit

Router# show svclc vlan-group

8. View VLAN group numbers for all modules by using the show svc module command: 

Router# show svclc module

Sessioning and Logging In to the ACE

You can access the ACE two ways from the supervisor engine:

Using a Telnet session. For information on accessing the ACE using a Telnet session, see Accessing the ACE Using a Telnet Session

Using the the session command. See below.

To initially session and log in to the ACE, perform the following steps:

1. Session into the ACE from the supervisor engine by using the session command from the supervisor engine. For example, to session into the ACE in slot 5: 

Router# session slot 5 processor 0

2. At the login prompt, log into the ACE by entering the login username and password. By default, the username and password are admin: 

router login: admin

Password: admin

When the following prompt appears, you are ready to use the ACE command line interface (CLI): 

switch/Admin#

To change the default login username and password, see the Cisco Application Control Engine Module Administration Guide.

3. To prevent this current session from timing out, use the terminal session-timeout command and set it to 0. By default, a session on the ACE is automatically logged out after 5 minutes of inactivity: 

switch/Admin# terminal session-timeout 0

4. Disable the inactivity timeout when you log in to the ACE again by using the login timeout command in configuration mode. For example:

a. Access configuration mode by using the configure command in Exec mode: 

switch/Admin# configure

Enter configuration commands, one per line. End with CNTL/Z

switch/Admin(config)#

b. Disable the inactivity timer by setting the login timeout command to 0: 

switch/Admin(config)# login timeout 0

Assigning a Name to the ACE

The hostname is used for the command-line prompts and default configuration filenames. If you establish sessions to multiple devices, the hostname helps locations of entered commands. By default, the hostname for the ACE is switch.

To change the hostname for the ACE, use the host command. Enter a case-sensitive name that contains from 1 to 32 alphanumeric characters. For example, to change the hostname of the ACE from switch to host1, enter: 

switch/Admin(config)# hostname host1

The prompt appears with the new hostname: 

host1/Admin(config)#

Configuring ACE Infrastructure

Configuring ACE infrastructure consist of the following activities:

Configuring the VLAN Interface for Admin Context

Configuring the FT VLAN Interface

Configuring the FT Peer

Configuring the FT Group

Assigning an IP Address to the ACE

Configuring the VLAN Interface for Admin Context

On the ACE, you must configure VLAN interfaces for Admin context:

1. Configure the interface for administrative context by using the interface vlan command. 

host1/Admin(config)# interface vlan 87

2. Assign an IP address to the VLAN interface for client connectivity by using the ip address command. 

host1/Admin(config-if)# ip address 88.103.29.2 255.255.255.0

3. Configure an IP address that floats between active and standby modules for the VLAN interface by using the alias command. 

host1/Admin(config-if)# alias 88.103.29.100 255.255.255.0

4. Configure the IP address for the standby ACE for the interface VLAN. 

host1/Admin(config-if)# peer ip address 88.103.29.3 255.255.255.0

5. Enable the interface by using the no shutdown command: 

	host1/Admin(config-if)# no shutdown

6. Configure the VLAN interface for administrative context by using the interface vlan command. 

host1/Admin(config)# interface vlan 99

7. Assign an IP address to the VLAN interface for client connectivity by using the ip address command. 

host1/Admin(config-if)# ip address 88.103.33.2 255.255.255.0

8. Configure an IP address that floats between active and standby modules for the VLAN interface by using the alias command. 

host1/Admin(config-if)# alias 88.103.33.100 255.255.255.0

9. Configure the IP address of the standby ACE for the VLAN interface. 

host1/Admin(config-if)# peer ip address 88.103.33.3 255.255.255.0

10. Enable the interface by using the no shutdown command: 

	host1/admin(config-if)# no shutdown

Configuring the FT VLAN Interface

Configuring the FT VLAN interface is mandatory even on standalone configurations. Proceed as follows:

1. Create a dedicated fault tolerance (FT) VLAN over which two redundant peers communicate using the ft interface vlan command. 

host1/Admin(config)# ft interface vlan 23

2. Assign an IP address to the VLAN interface for client connectivity by using the ip address command. 

host1/Admin(config)# ip address 23.23.23.10 255.255.255.0

3. Configure the IP address of a standby module for the VLAN interface by using the peer ip address command. 

host1/Admin(config)# peer ip address 23.23.23.11 255.255.255.0

4. Enable the interface by using the no shutdown command: 

host1/Admin(config)# no shutdown

Caution When modifying the FT VLAN interface :
1. Remove SBC.
2. Remove FT group.
3. Remove FT peer.
4. Modify FT VLAN.
4. Re-add FT peer.
5. Re-add group.
6. Re-add SBC.

Configuring the FT Peer

Configure the FT peer as follows:

Note The default values are 300 for the heartbeat count and 10 for the heartbeat interval; if you don't set any other values, they will default to these values.

1. Create an FT peer and enter the FT peer configuration mode using the ft peer command. 

host1/Admin(config)# ft peer 1

2. Configure the heartbeat interval using the heartbeat command. 

host1/Admin(config-ft-peer)# heartbeat interval 300

3. Configure the heartbeat interval using the heartbeat command. 

host1/Admin(config-ft-peer)# heartbeat count 10

4. Associate the existing FT VLAN with a peer using the ft-interface vlan command. 

host1/Admin(config)# ft-interface vlan 23

Configuring the FT Group

Note Due to the nature of the SBC application, preemption is not supported in inter or intra-chassis HA mode.

Configure the FT group as follows:

1. Create an FT group and access the FT group configuration mode using the ft group command. 

host1/Admin(config)# ft group 1

2. Use the peer command to associate a peer ACE with an FT group. 

host1/Admin(config-ft-group)# peer 1

3. Use the priority command to configure the priority of the active group member. 

host1/Admin(config-ft-group)# priority 127

4. Use the peer priority command to configure the priority of an FT group on the remote standby member. 

host1/Admin(config-ft-group)# peer priority 126

5. Use the associate-context command to associate a context with an FT group. 

host1/Admin(config-ft-group)# associate-context Admin

6. Place the FT group in service using the inservice command. 

host1/Admin(config-ft-group)# inservice

Assigning an IP Address to the ACE

After you assign the VLANs to the ACE, you can assign an IP address to the ACE for client connectivity over the network.

Note The ACE requires a route back to the client before it can forward a request to a server. Otherwise, a flow cannot be established.

Use the show vlans command in Exec mode for the Admin context to display the ACE VLANs downloaded from the supervisor engine. Because show commands are available in Exec mode, you can use these commands from any configuration mode by including the do command. For example, enter: 

host1/Admin(config)# do show vlans

Vlans configured on SUP for this module

 vlan55-57 vlan100

To configure a VLAN interface on the ACE and access interface mode to configure the interface attributes:

1. Access interface configuration mode for the VLAN by using the interface vlan command. For example, to create interface VLAN 87, enter: 

host1/Admin(config)# interface vlan 87

host1/Admin(config-if)#

2. Assign an IP address to the VLAN interface for client connectivity by using the ip address command. For example, to set the IP address of 88.103.29.2 255.255.255.0 for the ACE, enter: 

host1/Admin(config-if)# ip address 88.103.29.2 255.255.255.0

3. Configure an IP address that floats between active and standby modules for a VLAN by using the alias command (this step is mandatory for standalone setup). For example, to configure an alias IP address and mask of 88.103.29.100 255.255.255.0 for the ACE, enter: 

host1/Admin(config-if)# alias 88.103.29.100 255.255.255.0

Note This is a requirement for SBC on the Cisco 7600 series routers. The alias ip address must match the control address.

4. Configure the IP address of a standby module for the VLAN interface by using the peer ip address command (this step is mandatory for standalone setup). For example, to configure an IP address and mask for the peer module 88.103.29.3 255.255.255.02 for the ACE, enter: 

host1/Admin(config-if)# peer ip address 88.103.29.3 255.255.255.0

Note This is a requirement for SBC on the Cisco 7600 series routers. The alias ip address must match the control address.

5. Provide a description for the interface by using the description command: 

host1/Admin(config-if)# description Client side connectivity

6. Enable the interface by using the no shutdown command: 

host1/admin(config-if)# no shutdown

7. Verify that VLAN 87 is up by using the show interface command: 

host1/admin(config-if)# do show interface vlan 87

8. To verify network connectivity, use the ping command: 

host1/admin(config-if)# do ping 88.103.29.1

9. To display the ARP table, use the show arp command: 

host1/admin(config-if)# do show arp

10. Reenter configuration mode by using the exit command: 

host1/admin(config-if)# exit

host1/admin(config)#

11. To display the ACE routing table, use the show ip route command: 

host1/Admin(config)# do show ip route

Configuring a Static Route

The static route identifes the IP address to which the ACE sends IP packets for remote peer signaling addresses and to remote media addresses. To set a static route, use the ip route dest_ip_prefix netmask gateway_ip_address command.

Static routes are necessary for remote peer signaling addresses.

Note See Chapter 3, "SBC Configuration," for information on configuring adjacencies. 

adjacency sip Access

      signaling-address ipv4 88.103.29.100

      remote-address ipv4 200.200.200.0 255.255.255.0

      signaling-peer 200.200.200.118

      attach

    adjacency sip Core

      signaling-address ipv4 88.103.33.100

      remote-address ipv4 200.200.201.0 255.255.255.0

      signaling-peer 200.200.201.118

      attach

For example, to create static routes for the remote peer signaling addresses above, enter: 

host1/Admin(config)# ip route 200.200.200.0 255.255.255.0 88.103.29.1

host1/Admin(config)# ip route 200.200.201.0 255.255.255.0 88.103.33.1

Addtionally, in the case of a SIP proxy, additional (hairpin) static routes are necessary.

Note Hairpin static routes must be /32 bit mask (fully qualified). Summary or default routes should not be used.

host1/Admin(config)# ip route 88.103.29.100 255.255.255.255 88.103.29.1

host1/Admin(config)# ip route 88.103.33.100 255.255.255.255 88.103.33.1

Note The forwarding address can be the IP address for the VLAN interface on the supervisor.

Static routes are necessary for remote media addresses. 

dbe

    media-address ipv4 22.22.179.10

    activate

For example, to create static routes for the remote media address above, enter: 

host1/Admin(config)# ip route 203.101.0.0 255.255.0.0 22.22.179.1

host1/Admin(config)# ip route 203.102.0.0 255.255.0.0 22.22.179.1

Note The media address routes are not necessary if local and remote media addresses are on the same subnet as the signaling addresses.

Hairpin Static Route Guidelines

Hairpin refers to IP traffic going from the SBC on the ACE through the supervisor on the Cisco 7600 series router and then looping back to the SBC on the ACE. For hairpin static routes, use the following guidelines:

If the media address is the same as the signaling alias address:

Add a static route on the ACE pointing to an address on the supervisor side, typically the VLAN supervisor address.

If the media address is different from the signaling alias address:

Add a static route on the ACE pointing to an address on the supervisor side, typically the VLAN supervisor address.

Add a static route on the supervisor pointing to ACE VLAN alias address.

Disable any ICMP redirects on the VLAN interface to the ACE as shown below: 

host1/Admin(config)# interface vlan340 

host1/Admin(config-if)# no ip redirects

Accessing the ACE Using a Telnet Session

This section explains how to access the ACE using a Telnet session using the configurations shown.

Supervisor configuration: 

svclc multiple-vlan-interfaces

svclc vlan-group 24 24

svclc module 3 vlan-group 23,24,200

svclc module 4 vlan-group 23,24,200

!

interface Vlan24

 ip address 2.4.48.25 255.255.0.0

end



interface GigabitEthernet1/48

 switchport

 switchport access vlan 24

 switchport mode access

 no cdp enable

end

ACE configuration: 

interface vlan 24

  ip address 2.4.48.3 255.255.0.0

  alias 2.4.48.10 255.255.0.0

  peer ip address 2.4.48.4 255.255.0.0

  no shutdown

After the supervisor and ACE configurations are completed, you can use Telnet to access the ACE using its IP address. To use Telnet to access the ACE:

1. Connect to the supervisor engine to open another session. For example, enter: 

linux$ telnet 2.4.48.25

Trying 2.4.48.25...

Connected to 2.4.48.25.

Escape character is '^]

Router#

2. Use Telnet to verify that you can access the ACE interface. For example, to access the ACE from the VLAN IP address of 2.4.48.10, enter: 

linux% telnet 2.4.48.10

Trying 2.4.48.10...

Connected to 2.4.48.10.

Escape character is '^]'.

(Alternately, telnet 127.0.0.x0 where x is the slot number)

3. At the prompt, log in to the ACE. Enter the admin login username and the admin password: 

host1 login: admin

Password: 

Cisco Application Control Software (Session Border Controller)

TAC support: http://www.cisco.com/tac

Copyright (c) 2002-2007, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained herein are owned by

other third parties and are used and distributed under license.

Some parts of this software are covered under the GNU Public

License. A copy of the license is available at

http://www.gnu.org/licenses/gpl.html.

host1/Admin#

4. Display the Telnet session by using the show telnet command: 

host1/Admin# show telnet

Upgrading the SBC Image on the ACE to Release 3.1.00

Upgrading to release 3.1.0 is markedly different from the upgrade procedures that follow. For information on upgrading to Release 3.1.00, refer to Appendix D, "Upgrading to Release 3.1.00."

Upgrading the SBC Image on the ACE

Note When running a supervisor engine with Cisco IOS Release 12.2(33)SRD, TFTP times out when attempting to copy an image to an ACE module in that chassis. The ACE module is currently running an SBC image and can boot with eobc from ROMMON, but once booted, it cannot use a TFTP image from the RSP720-3C-10GE to the ACE directly. This occurs because an internal VRF (iVRF) security feature is enabled (the default behavior). To prevent this problem, we recommend that you use the platform ivrf disable command to disable iVRF. The no platform ivrf disable command resets to the default behavior. You can use the show platform ivrf command to display current status.

Note You can only TFTP from the supervisor.

To install a new SBC image on the ACE module, you need to copy the image to the ACE module and then reload the ACE module.

1. Copy the SBC image to a local disk on the supervisor engine. 

host1/Admin# copy tftp://172.69.17.19/tftpboot/user/c76-sbck9-mzg.3.0.1_AS1_1.bin 
disk1:

Destination filename [c76-sbck9-mzg.3.0.1_AS1_1.bin]? 

Accessing tftp://172.69.17.19/tftpboot/user/c76-sbck9-mzg.3.0.1_AS1_1.bin...

Loading tftpboot/user/c76-sbck9-mzg.3.0.1_AS1_1.bin from 172.69.1.129 (via Vlan109): 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[OK - 32184696 bytes]


32184696 bytes copied in 167.276 secs (192405 bytes/sec)

2. Copy the SBC image from the supervisor engine to the SBC image partition (/mnt/cf) on the ACE module. The destination IP address will be 127.0.0.x0, where x is the slot number. In this example, we are copying the image to ACE module in slot 13, so the IP address is 127.0.0.130. 

host1/Admin# copy disk1:c76-sbck9-mzg.3.0.1_AS1_1.bin tftp://127.0.0.130/mnt/cf/

Address or name of remote host [127.0.0.130]? 

Destination filename [mnt/cf/c76-sbck9-mzg.3.0.1_AS1_1.bin]? 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

32184696 bytes copied in 48.996 secs (656884 bytes/sec)

3. Now that the new SBC image is on the ACE module, you must configure the ACE module to autoboot from the new image: 

host1/Admin# config t

Enter configuration commands, one per line.  End with CNTL/Z.

host1/Admin(config)# boot system image:c76-sbck9-mzg.3.0.1_AS1_1.bin

host1/Admin(config)# config-register 1

host1/Admin(config)# end

4. Use the show bootvar command to confirm the ACE module autoboots from the new image. 

host1/Admin# show bootvar 

BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS1_1.bin" 

Configuration register is 0x1

5. Reload the ACE card to boot up with the new SBC image: 

host1/Admin# reload

This command will reboot the system

Save configurations for all the contexts. Save? [yes/no]: [yes] 

Generating configuration....

running config of context Admin saved 

Perform system reload. [yes/no]: [yes] 

BC7613_13/Admin# 

Unmounting ext3 filesystems...

Unmounting FAT filesystems...

Unmounting done...


System Bootstrap, Version 12.2[120], 

Copyright (c) 1994-2006 by Cisco Systems, Inc.

Slot D : Running DEFAULT rommon image ...


ACE platform with 1048576 Kbytes of main memory


Loading disk0:c76-sbck9-mzg.3.0.1_AS1_1.bin.  Please wait ....

Uncompressing Linux...

Starting the kernel...

Upgrading the SBC Image for Redundant ACE Modules

Note When running a supervisor engine with Cisco IOS Release 12.2(33)SRD, TFTP times out when attempting to copy an image to an ACE module in that chassis. The ACE module is currently running an SBC image and can boot with eobc from ROMMON, but once booted, it cannot use a TFTP image from the RSP720-3C-10GE to the ACE directly. This occurs because an internal VRF (iVRF) security feature is enabled (the default behavior). To prevent this problem, we recommend that you use the platform ivrf disable command to disable iVRF. The no platform ivrf disable command resets to the default behavior. You can use the show platform ivrf command to display current status.

Note You can only TFTP from the supervisor.

To upgrade the SBC image of a redundant pair of ACE modules without impacting service, you proceed in a manner similar to upgrading the SBC image on the ACE. In this procedure, we are upgrading from image 3.0.0 to image 3.0.1.

1. Copy the SBC image to a local disk on the supervisor engine. 

SUP720# copy tftp://172.69.17.19/tftpboot/user/c76-sbck9-mzg.3.0.1_AS3_0_01.bin 

disk1:

Destination filename [c76-sbck9-mzg.3.0.1_AS3_0_01.bin]? 

Accessing tftp://172.69.17.19/tftpboot/user/c76-sbck9-mzg.3.0.1_AS3_0_01.bin...

Loading tftpboot/user/c76-sbck9-mzg.3.0.1_AS3_0_01.bin from 172.69.1.129 (via 

Vlan109): 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[OK - 32184696 bytes]

32184696 bytes copied in 167.276 secs (192405 bytes/sec)

2. Copy the SBC image from the supervisor engine to the SBC image partition (/mnt/cf) on the standby ACE module. The destination IP address will be 127.0.0.x0, where x is the slot number. In this example, we are copying the image to ACE module in slot 13, so the IP address is 127.0.0.130. 

SUP720# copy disk1:c76-sbck9-mzg.3.0.1_AS3_0_01.bin tftp://127.0.0.130/mnt/cf/

Address or name of remote host [127.0.0.130]? 

Destination filename [mnt/cf/c76-sbck9-mzg.3.0.1_AS3_0_01.bin]? 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

32184696 bytes copied in 48.996 secs (656884 bytes/sec)

3. Copy the SBC image from the supervisor engine to the SBC image partition (/mnt/cf) on the active ACE module. The destination IP address will be 127.0.0.x0, where x is the slot number. In this example, we are copying the image to ACE module in slot 12, so the IP address is 127.0.0.120. 

SUP720# copy disk1:c76-sbck9-mzg.3.0.1_AS3_0_01.bin tftp://127.0.0.120/mnt/cf/

Address or name of remote host [127.0.0.120]? 

Destination filename [mnt/cf/c76-sbck9-mzg.3.0.1_AS3_0_01.bin]? 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

32184696 bytes copied in 48.996 secs (656884 bytes/sec)

4. Delete the old software entry in bootvar. Add 3.0.1 entry into bootvar and then add back the 3.0.0 entry into bootvar on active card_A, to synchronize to standby card_B. (by this, we created a sequenced bootvar with new image as preferred, and old image as backup) 

card_A/Admin# show ft group brief

FT Group ID: 1  My State:FSM_FT_STATE_ACTIVE    Peer State:FSM_FT_STATE_STANDBY_HOT

                Context Name: Admin     Context Id: 0

card_A/Admin# show version

...

  system image file: [LCP] disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin

...


card_B/Admin# show ft group brief

FT Group ID: 1  My State:FSM_FT_STATE_STANDBY_HOT    Peer State:FSM_FT_STATE_ACTIVE

Context Name: Admin Context Id: 0 


card_B/Admin# show version

...

  system image file: [LCP] disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin

...

card_A/Admin# conf t

Enter configuration commands, one per line.  End with CNTL/Z.

card_A/Admin(config)# no boot system image:c76-sbck9-mzg.3.0.1_AS3_0_00.bin

card_A/Admin(config)# boot system image:c76-sbck9-mzg.3.0.1_AS3_0_01.bin

card_A/Admin(config)# boot system image:c76-sbck9-mzg.3.0.1_AS3_0_00.bin

card_A/Admin(config)# config-register 1

card_A/Admin(config)# end

card_A/Admin# show bootvar

BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_01.bin;disk0:c76-sbck9-mzg.3.0

.1_AS3_0_00.bin"

Configuration register is 0x1

card_B/Admin# show bootvar

BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_01.bin;disk0:c76-sbck9-mzg.3.0

.1_AS3_0_00.bin"

Configuration register is 0x1

5. Reload standby on standby ACE card_B (the reload command is permitted in standby mode). 

card_B/Admin# reload

This command will reboot the system

Save configurations for all the contexts. Save? [yes/no]: [yes]

Generating configuration....

running config of context Admin saved

Perform system reload. [yes/no]: [yes] y

card_B/Admin#

NOTE: Configuration mode is enabled on all sessions


Sending all processes the TERM signal...

card_B/Admin# Sending all processes the KILL signal...

Unmounting ext3 filesystems...

Unmounting FAT filesystems...

switch login: Unmounting done...

INIT: Sending processes the KILL signal

Rebooting... Rest

System Bootstrap, Version 12.2[121],

Copyright (c) 1994-2008 by cisco Systems, Inc.

Slot 13: Running DEFAULT rommon image ...

.ACE platform with 1048576 Kbytes of main memory

.Loading disk0:c76-sbck9-mzg.3.0.1_AS3_0_01.bin.  Please wait ....

a. If the 3.0.1 image fails to boot up with the new image, it will load the previous image that is defined as the boot source in bootvar. You will need to delete the new software entry from bootvar on card_A; this will be synchronized to standby card_B. 


card_A/Admin# show ft group brief

FT Group ID: 1  My State:FSM_FT_STATE_ACTIVE    Peer State:FSM_FT_STATE_STANDBY_HOT

                Context Name: Admin     Context Id: 0

card_A/Admin# show version

...

  system image file: [LCP] disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin

...

card_B/Admin# show ft group brief

FT Group ID: 1  My State:FSM_FT_STATE_STANDBY_HOT    Peer State:FSM_FT_STATE_ACTIVE

                Context Name: Admin     Context Id: 0


card_B/Admin# show version

...

  system image file: [LCP] disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin

...

card_A/Admin# show bootvar

BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_01.bin;disk0:c76-sbck9-mzg.3.0

.1_AS3_0_00.bin"

Configuration register is 0x1

card_A/Admin# conf t

Enter configuration commands, one per line.  End with CNTL/Z.

card_A/Admin(config)# no boot system image:c76-sbck9-mzg.3.0.1_AS3_0_01.bin

card_A/Admin(config)# end

card_A/Admin# show bootvar

BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin"

Configuration register is 0x1

card_B/Admin# show bootvar

BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin"

Configuration register is 0x1

b. If the 3.0.1 image boots up but does not work well, you must rollback to the old image by deleting the new software entry from bootvar on card_A (this will be synchronized to standby card_B) and reloading standby card_B. 


card_A/Admin# show ft group brief

FT Group ID: 1  My State:FSM_FT_STATE_ACTIVE    Peer State:FSM_FT_STATE_STANDBY_HOT

                Context Name: Admin     Context Id: 0

card_A/Admin# show version

...

  system image file: [LCP] disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin

...

card_B/Admin# show ft group brief

FT Group ID: 1  My State:FSM_FT_STATE_STANDBY_HOT    Peer State:FSM_FT_STATE_ACTIVE

                Context Name: Admin     Context Id: 0


card_B/Admin# show version

...

  system image file: [LCP] disk0:c76-sbck9-mzg.3.0.1_AS3_0_01.bin

...

card_A/Admin# show bootvar

BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_01.bin;disk0:c76-sbck9-mzg.3.0

.1_AS3_0_00.bin"

Configuration register is 0x1

card_A/Admin# conf t

Enter configuration commands, one per line.  End with CNTL/Z.

card_A/Admin(config)# no boot system image:c76-sbck9-mzg.3.0.1_AS3_0_01.bin

card_A/Admin(config)# end

card_A/Admin# show bootvar

BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin"

Configuration register is 0x1


card_B/Admin# show bootvar

BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin"

Configuration register is 0x1

card_B/Admin# reload

This command will reboot the system

Save configurations for all the contexts. Save? [yes/no]: [yes]

Generating configuration....

running config of context Admin saved

Perform system reload. [yes/no]: [yes] y

c. If the 3.0.1 image boots up successfully, you will need to switchover to the card with the new image by deleting the 3.0.1 entry from bootvar on the active card_A so that only the 3.0.0 software entry exist in bootvar. This is to ensure that after you switchover from A to B, A will still start with 3.0.0 image as standby (you want to make sure card_B functions as the active card with the 3.0.1 image before you load card_A with the 3.0.1 image).

Note If traffic is running, allowing time for state to synchronize after reloading the standby card and before failing over to the active card will minimize the impact to calls in progress. 

card_A/Admin# show ft group brief

FT Group ID: 1  My State:FSM_FT_STATE_ACTIVE    Peer State:FSM_FT_STATE_STANDBY_HOT

                Context Name: Admin     Context Id: 0

card_A/Admin# show version

...

  system image file: [LCP] disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin

...

card_B/Admin# show ft group brief

FT Group ID: 1  My State:FSM_FT_STATE_STANDBY_HOT    Peer State:FSM_FT_STATE_ACTIVE

                Context Name: Admin     Context Id: 0


card_B/Admin# show version

...

  system image file: [LCP] disk0:c76-sbck9-mzg.3.0.1_AS3_0_01.bin

...

card_A/Admin# show bootvar

BOOT variable = "disk0:c76-sbck9-mzg.devtest_18SEP08.bin;disk0:c76-sbck9-mzg.3.0

.1_AS3_0_00.bin"

Configuration register is 0x1

card_A/Admin# conf t

Enter configuration commands, one per line.  End with CNTL/Z.

card_A/Admin(config)# no boot system image:c76-sbck9-mzg.3.0.1_AS3_0_01.bin

card_A/Admin(config)# end

card_A/Admin# show bootvar

BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin"

Configuration register is 0x1

card_A/Admin# ft switchover

This command will cause card to switchover (yes/no)? [no] y

6. If the 3.0.1 image works well as active, you need to delete the 3.0.0 software entry from bootvar and add new software entry on new active card_B (this will be synchronized to standby card_A). You will then need to reload standby card_A (it will now load the 3.0.1 image). The upgrade is finished. 

card_B/Admin# show ft group brief

FT Group ID: 1  My State:FSM_FT_STATE_ACTIVE    Peer State:FSM_FT_STATE_STANDBY_

HOT

                Context Name: Admin     Context Id: 0


card_B/Admin# show version

...

  system image file: [LCP] disk0:c76-sbck9-mzg.3.0.1_AS3_0_01.bin

...

card_A/Admin# show ft group bri

FT Group ID: 1  My State:FSM_FT_STATE_STANDBY_HOT       Peer State:FSM_FT_STATE_

ACTIVE

                Context Name: Admin     Context Id: 0

card_A/Admin# show version

...

  system image file: [LCP] disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin

...

card_B/Admin# show bootvar

BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin"

Configuration register is 0x1

card_B/Admin# conf t

Enter configuration commands, one per line.  End with CNTL/Z.

card_B/Admin(config)# no boot system image:c76-sbck9-mzg.3.0.1_AS3_0_00.bin

card_B/Admin(config)# boot system image:c76-sbck9-mzg.3.0.1_AS3_0_01.bin

card_B/Admin(config)# end

card_B/Admin# show bootvar

BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_01.bin"

Configuration register is 0x1

card_A/Admin# show bootvar

BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_01.bin"

Configuration register is 0x1

card_A/Admin# reload

This command will reboot the system

Save configurations for all the contexts. Save? [yes/no]: [yes]

Generating configuration....

running config of context Admin saved

Perform system reload. [yes/no]: [yes] y

card_A/Admin#

NOTE: Configuration mode is enabled on all sessions


Sending all processes the TERM signal...

card_B/Admin# Sending all processes the KILL signal...

Unmounting ext3 filesystems...

Unmounting FAT filesystems...

switch login: Unmounting done...

INIT: Sending processes the KILL signal

Rebooting... Rest

System Bootstrap, Version 12.2[121],

Copyright (c) 1994-2008 by cisco Systems, Inc.

Slot 12: Running DEFAULT rommon image ...

.ACE platform with 1048576 Kbytes of main memory

.Loading disk0:c76-sbck9-mzg.3.0.1_AS3_0_01.bin.  Please wait ....

a. If issues are observed after the 3.0.1 image becomes active, you will need to do a ft switchover from card_B to card_A so that card_A with the 3.0.0 image is active: card_B will reload with image 3.0.0. 

card_B/Admin# show version

...

  system image file: [LCP] disk0:c76-sbck9-mzg.3.0.1_AS3_0_01.bin

...

card_A/Admin# show version

...

  system image file: [LCP] disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin

...

card_B/Admin# show bootvar

BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin"

Configuration register is 0x1

card_A/Admin# show bootvar

BOOT variable = "disk0:c76-sbck9-mzg.3.0.1_AS3_0_00.bin"

Configuration register is 0x1

card_B/Admin# ft switchover

This command will cause card to switchover (yes/no)? [no] y

Verifying ACE Status as Active SBC Services Card

To verify that the converted and configured ACE is properly running SBC services, run one of the following commands:

show run sbc

show ft group detail

Additional Information

For additional information on configuring the supervior with an ACE, see the ACE configuration guides at http://www.cisco.com/en/US/products/ps6906/tsd_products_support_model_home.html.