Migrate Switches in a vPC Topology

vPC forklift upgrade

In a vPC topology, you can migrate from a pair of Nexus 9000 Series switches to a different pair of Nexus 9000 Series switches. For example, you can migrate from a pair of Nexus 9508 vPC peer nodes to a pair of Nexus 9516 switches. For more information, see the vPC Forklift Upgrade Scenario section in the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide.

vPC upgrade and downgrade procedure for Nexus 9000 -R series switches

In vPC topologies, the two peer switches usually must be upgraded individually. An upgrade on one peer switch does not automatically update the vPC peer switch.

However, NX-OS Releases 7.0(3)F3(3c) and 7.0(3)F3(4) are not compatible with NX-OS Release 9.2(x) for vPC peer switches. Both vPC peers must be upgraded simultaneously to NX-OS Release 9.2(x) to avoid one switch running a 7.0(3)F3(x) release and the other switch running 9.2(x). Optionally, if the switches are being upgraded from NX-OS Release 7.0(3)F3(4), you can use the following procedure to minimize the traffic impact during upgrade.


Note

This procedure not to be used on Broadcom or Cloudscale-based switches.

Procedure

Step 1

Switch A and B are running a NX-OS release. Switch A is the primary switch, and switch B is the secondary switch. On both the switches, use the copy r s command to save the running configuration.

Example:

primary_switch# show vpc role
vPC Role status
----------------------------------------------------
vPC role : primary 
vPC system-mac : 00:23:04:ee:be:64 
vPC system-priority : 32667
vPC local system-mac : 70:df:2f:eb:86:1f 
vPC local role-priority : 90 
vPC peer system-mac : 70:df:2f:eb:1c:ab 
vPC peer role-priority : 100 
primary_switch#

secondary_switch# show vpc role
vPC Role status
----------------------------------------------------
vPC role : secondary 
vPC system-mac : 00:23:04:ee:be:64 
vPC system-priority : 32667
vPC local system-mac : 70:df:2f:eb:1c:ab 
vPC local role-priority : 100 
vPC peer system-mac : 70:df:2f:eb:86:1f 
vPC peer role-priority : 90 
secondary_switch#

primary_switch# copy r s v
[########################################] 100%
Copy complete.

secondary_switch# copy r s v
[########################################] 100%
Copy complete.

Step 2

Bring down the peer link (PL) on the primary switch. The secondary switch brings down its vPC legs.

Example:

primary_switch# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
primary_switch(config)# int port-channel 100
primary_switch(config-if)# shutdown 

Reload the secondary switch with Release 9.2.1 image (change bootvar /reload)

secondary_switch(config)# boot nxos nxos.9.2.1.bin
Performing image verification and compatibility check, please wait....
secondary_switch(config)# 
secondary_switch(config)# copy r s v
[########################################] 100%
Copy complete.


secondary_switch# reload
This command will reboot the system. (y/n)? [n] y


After reload
--------------------- 
secondary_switch# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 100 
Peer status : peer link is down 
vPC keep-alive status : peer is alive 
Configuration consistency status : failed 
Per-vlan consistency status : success 
Configuration inconsistency reason: Consistency Check Not Performed
Type-2 inconsistency reason : Consistency Check Not Performed
vPC role : none established 
Number of vPCs configured : 20 
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Disabled (due to peer configuration)
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 90s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans 
-- ---- ------ -------------------------------------------------
1 Po100 down -

secondary_switch#

primary_switch(config-if)# show vpc 
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 100 
Peer status : peer link is down 
vPC keep-alive status : peer is alive 
Configuration consistency status : success 
Per-vlan consistency status : success 
Type-2 consistency status : success 
vPC role : primary 
Number of vPCs configured : 20 
Peer Gateway : Enabled
Peer gateway excluded VLANs : -
Dual-active excluded VLANs and BDs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled, timer is off.(timeout = 240s)
Operational Layer3 Peer-router : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans 
-- ---- ------ --------------------------------------------------
1 Po100 down -

Step 3

Configure vPC auto-recovery under the vPC domain on the secondary switch. Enable vpc upgrade (exec command).

Example:

secondary_switch(config)# vpc domain 100
secondary_switch(config-vpc-domain)# auto-recovery 
secondary_switch(config-vpc-domain)# end

secondary_switch# show running-config vpc
!Command: show running-config vpc
!Running configuration last done at: Wed May 16 06:34:10 2018
!Time: Wed May 16 06:34:14 2018
version 9.2(1) Bios:version 01.11 
feature vpc
vpc domain 100
peer-switch
role priority 100
peer-keepalive destination 10.1.31.30 source 10.1.31.29
delay restore 90
peer-gateway
auto-recovery
ipv6 nd synchronize
ip arp synchronize
interface port-channel100
vpc peer-link
interface port-channel2001
vpc 101


secondary_switch# show vpc upgrade
vPC upgrade : TRUE
SVI Timer : 0
Delay Restore Timer : 0
Delay Orphan Port Timer : 0
secondary_switch#

secondary_switch# show vpc upgrade   >> Hidden command 
vPC upgrade : FALSE
SVI Timer : 10
Delay Restore Timer : 90
Delay Orphan Port Timer : 0


secondary_switch# vpc upgrade   >> Hidden command

Step 4

After Layer 3 routes are learned on the secondary switch, reload the primary switch with the new release image. The secondary switch takes over the primary role and brings up its vPC legs in approximately 5 seconds.

Example:

primary_switch(config)# show boot 
Current Boot Variables:
sup-1
NXOS variable = bootflash:/nxos.9.2.1.bin
No module boot variable set
Boot Variables on next reload:
sup-1
NXOS variable = bootflash:/nxos.9.2.1.bin

No module boot variable set
primary_switch(config)# end

primary_switch# show boot 
Current Boot Variables:
sup-1
NXOS variable = bootflash:/nxos.9.2.1.bin
No module boot variable set
Boot Variables on next reload:
sup-1
NXOS variable = bootflash:/nxos.9.2.1.bin

No module boot variable set
primary_switch# reload
This command will reboot the system. (y/n)? [n] y

secondary_switch# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 100 
Peer status : peer link is down 
vPC keep-alive status : peer is not reachable through peer-keepalive
Configuration consistency status : failed 
Per-vlan consistency status : success 
Configuration inconsistency reason: Consistency Check Not Performed
Type-2 inconsistency reason : Consistency Check Not Performed
vPC role : primary 
Number of vPCs configured : 20 
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Disabled (due to peer configuration)
Auto-recovery status : Enabled, timer is off.(timeout = 240s)
Delay-restore status : Timer is off.(timeout = 0s)
Delay-restore SVI status : Timer is off.(timeout = 0s)
Operational Layer3 Peer-router : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans 
-- ---- ------ -------------------------------------------------
1 Po100 down -
vPC status

Step 5

When the primary switch comes back up, the peer link on it is operationally up.

Example:

primary_switch# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 100 
Peer status : peer adjacency formed ok 
vPC keep-alive status : peer is alive 
Configuration consistency status : success 
Per-vlan consistency status : success 
Type-2 consistency status : success 
vPC role : primary, operational secondary
Number of vPCs configured : 20 
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 90s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans 
-- ---- ------ -------------------------------------------------
1 Po100 up 1,101-400

For downgrade, reload both switches at the same time.