Upgrading the GSS Software
This appendix describes how to upgrade the GSS software to a new software version. To upgrade the software, you must do the following:
•Have access to the GSS download area of the Cisco software download site and to Cisco.com.
•Be familiar with the proper procedure for updating your GSS devices and know the CLI commands required to execute the backup.
To take full advantage of all of the features and capabilities of the software release, we recommend that you upgrade all GSS devices in your network within the same time frame, starting with the primary GSSM. This upgrade sequence ensures that the other GSS devices properly receive configuration information from, and are able to send statistics to, the primary GSSM.
This section contains the following procedures:
•Verifying the GSSM Role in the GSS Network
•Backing up and Archiving the Primary GSSM
•Obtaining the Software Upgrade
•Upgrading Your GSS Devices
The GSS software upgrade requires that you complete each of these procedures in the order shown in this appendix.
Verifying the GSSM Role in the GSS Network
Before you continue with the upgrade procedure, verify that the roles of the designated primary and standby GSSMs have not changed. The changing of roles between the designated primary GSSM and the standby GSSM is intended to be a temporary GSS network configuration until the original primary GSSM is back online.
To verify the role of the current primary GSSM and the standby GSSM, perform the following steps:
1. At the CLI of the current primary GSSM, enter the following commands:
gssm1.example.com# cd /home
gssm1.example.com# type ../props.cfg | grep -i fqdn
The following output appears:
controllerFqdn= domain_name or ip_address
2. Based on the output value for controllerFqdn, follow these guidelines:
•If the value of the domain name or IP address is the current primary GSSM in your network, then the current primary GSSM and standby GSSM configuration is the original configuration and no further action is needed. See the "Backing up and Archiving the Primary GSSM" section.
•If the value of the domain name or IP address is the current standby GSSM in your network, then the current primary GSSM and standby GSSM configuration is not the original configuration. In this case, you must reverse the roles of the primary and standby GSSM devices to those of the original GSS network deployment. See the "Reversing the Roles of the Interim Primary and Standby GSSM Devices" section in Chapter 2, Managing the GSS from the CLI.
•If the value of the domain name or IP address is not the current primary GSSM or the standby GSSM in your network, this indicates that the device is not a primary GSSM or is no longer on the network. No further action is required. See the "Backing up and Archiving the Primary GSSM" section.
The next step is to ensure that you have a full (and current) backup of the primary GSSM database and that you archive this backup. Proceed to the "Backing up and Archiving the Primary GSSM" section.
Backing up and Archiving the Primary GSSM
Before you upgrade your GSS software, ensure that you have a full backup of your primary GSSM database and that you archive the backup by moving it to a remote device. The GSSM database maintains all network and device configuration information, as well the DNS rules that are used by your GSS devices to route DNS queries from users to available hosts.
If necessary, you can quickly restore your GSS network to its previous state by performing a full backup at any time. A full backup does not interfere with the functions of the primary GSSM or other GSS devices.
See the "Performing a Full Primary GSSM Backup" section in Chapter 7, Backing Up, Restoring, and Downgrading the GSSM Database for instructions on performing a full backup of your primary GSSM. Performing a full backup requires access to the CLI.
You are now ready to obtain the upgrade file and upgrade the software on a GSS device. See the "Obtaining the Software Upgrade" section.
Obtaining the Software Upgrade
Before you can update your GSS software, obtain the appropriate software update file from Cisco Systems as follows:
•Access the Cisco.com website and locate the software update files.
•Download the software update files to a server within your own organization that is accessible using FTP or SCP from your GSSs and GSSMs.
You must have a Cisco.com username and password to download a software update from Cisco.com. To acquire a Cisco.com login, go to http://www.cisco.com and click the Register link.
Note You need a service contract number, Cisco.com registration number and verification key, Partner Initiated Customer Access (PICA) registration number and verification key, or packaged service registration number to obtain a Cisco.com username and password.
To add an upgrade file for the GSS software, perform the following steps:
1. Launch your preferred web browser and point it to the Cisco Global Site Selector download page. When prompted, log in to Cisco.com using your designated Cisco.com username and password. The Cisco GSS Software download page appears, listing the available software upgrades for the GSS software product.
2. If you do not have a shortcut to the Cisco Global Site Selector download page:
a. Log in to Cisco.com using your designated Cisco.com username and password.
b. Access the Software Center from the Technical Support link.
c. Click the Content Networking Software link from the Software Center - Software Products and Downloads page.
d. Click the Cisco Global Site Selector link from the Software Center - Content Networking page.
e. Click the Download Cisco Global Site Selector link from the Software Center - Content Networking page.
The Cisco GSS Software download page appears, listing the available software upgrades for the Cisco GSS Software product.
Note When you first access the Content Networking page of the Software Center, you must apply for eligibility for GSS software updates because it is considered a strong encryption image. Under the Cisco Content Networking Cryptographic Software section is the Apply for 3DES Cisco Cryptographic Software Under Export Licensing Controls link. Click this link and complete the Encryption Software Export Distribution Authorization Form. Complete this step to access and download Global Site Selector software images.
3. Locate the .upg file that you want to download by referring to the Release column for the proper release version of the software.
4. Click the link for the .upg file. The download page appears.
5. Click the Software License Agreement link. A new browser window opens to display the license agreement.
6. After you have read the license agreement, close the browser window that displays the agreement and return to the Software Download page.
7. Click Download. If prompted by software, reenter your username and password.
8. Click Save to file, and then choose a location on your workstation to temporarily store the .upg upgrade file.
9. Post the .upg file that you downloaded to a designated area on your network that is accessible to all your GSS devices.
You are now ready to upgrade the software on a GSS device. See the "Upgrading Your GSS Devices" section.
Upgrading Your GSS Devices
Before upgrading from an earlier version of GSS to v2.0, you should do the following:
•Be aware of these considerations when CNR is installed and enabled:
–The Name Service (NS) forwarding feature does not work on v2.0 if CNR is enabled. For example, if a DNS rule has been configured to perform NS forwarding in clause1 on v1.3.3 and you then upgrade to v2.0 with CNR installed and enabled, all DNS requests will be forwarded directly to CNR. This action occurs even if there is a matching DNS rule with NS forwarding configured on the GSS.
–To obtain support for reverse lookup for the answers configured on the GSS, you need to explicitly configure the Pointer (PTR) records to do the same on CNR.
–To perform NS forwarding on GSS v2.0 (without CNR) to a name service that is GSS/CNR, you must configure a proper domain name in the domain name field in the NS type answer configuration. In addition, the external name server must be authoritative for the domain name if the name server is GSS/CNR. By default, the NS type answer queries for ".".
–To obtain the same expiration level for the records returned by the GSS and the CNR, you need to ensure that the TTL configuration is the same on both the CNR and GSS.
–To have the GSS/CNR device process the NON A records for the authoritative domain, you must configure all the NON A records on the CNR that were earlier processed by the external name service using NS forwarding.
•Ensure that you are running v1.3. If not, you should upgrade to v1.3 before performing the v2.0 upgrade. When a primary GSSM has been upgraded to software v1.2(2.1.3) or later, but other GSS devices remain at v1.2(2.0.3) or v1.2(1.1.2), global server load-balancing configuration settings do not propagate to the GSS devices still at v1.2(2.0.3) or v1.2(1.1.2). To avoid this behavior, ensure that all GSS devices on the network are upgraded to same software version as the primary GSSM before you configure global server load balancing.
•Be sure to upgrade the primary GSSM first, followed by the other GSS devices in your network. After you upgrade the primary GSSM, ensure that each GSS device in your network to be upgraded has connectivity to the primary GSSM before you perform the software upgrade procedure.
When executing an upgrade, use the install CLI command. Before proceeding with the software upgrade, the install command performs a validation check on the upgrade file, unpacks the upgrade archive, and installs the upgraded software. Finally, the install command restarts the affected GSS device.
Note Upgrading your GSS devices causes a temporary loss of service for each affected device.
To upgrade the GSS software (starting with the primary GSSM), perform the following steps:
1. Log on to the CLI of the GSS device.
2. Enter the Global Configuration Mode by entering the enable command and then the config command.
3. If you use FTP to copy files into GSS, enable the FTP client by entering the ftp-client enable all command at the config prompt.
4. Type exit to leave Global Configuration mode.
5. Use the ftp or scp command to copy the GSS software upgrade file from the network location to a directory on the GSS. Ensure that you set the transfer type to binary.
For example, to copy an upgrade file named gss.upg from a remote host, your FTP session may appear as follows:
gssm1.example.com> ftp host.example.com
Connected to host.example.com.
220 host.example.com FTP server (Version wu-2.6.1-0.6x.21) ready.
Name (host.example.com:root): admin
331 Password required for admin.
230 User admin logged in. Access restrictions apply.
Remote system type is UNIX.
Using ascii mode to transfer files.
local: gss.upg remote: gss.upg
200 PORT command successful.
6. Enable privileged EXEC mode.
7. Stop the GSS software by entering the following command:
gssm1.example.com# gss stop
8. If the GSS has CNR loaded on it, enter the Global Configuration Mode by entering the enable command and then the config command.
If the GSS does not have CNR loaded on it, skip ahead to Step 11.
9. Disable CNR if the GSS has CNR loaded on it.
gssm1.example.com (config)# no cnr enable
10. Type exit to leave Global Configuration mode.
11. Install the upgrade by entering the following command:
gssm1.example.com# install gss.upg
12. At the Proceed with install (the device will reboot)? (y/n): prompt, type y to reboot the GSS device. After the GSS reboots, you lose any network CLI connections. Console connections remain active.
Note If you did not previously save changes to the startup-config file, the Save current configuration? [y/n]: prompt appears. At the prompt, type y to continue. The GSS then reboots.
13. After the GSS device reboots, log in to the GSS device and enable privileged EXEC mode.
14. Verify that the GSS device reaches a normal operation state of runmode 4 or 5 by entering the gss status command.
15. Enter configuration mode and enable CNR if the GSS has CNR loaded on it.
gssm1.example.com (config)# cnr enable
16. Repeat the entire procedure for the remaining GSS devices in your network.