Migrate Switches in a vPC Topology

This chapter describes how to migrate from one pair of switches to another in a vPC topology. It contains the following sections:

vPC forklift upgrade

In a vPC topology, you can migrate from a pair of Cisco Nexus 9000 Series switches to a different pair of Cisco Nexus 9000 Series switches. For example, you can migrate from a pair of Cisco Nexus 9508 vPC peer nodes to a pair of Cisco Nexus 9516 switches. For more information, see the vPC Forklift Upgrade Scenario section in the Cisco Nexus 9000 Series NX-OS Interfaces Configuration Guide .

vPC upgrade and downgrade procedure for Nexus 9000 -R series switches

In vPC topologies, the two peer switches usually must be upgraded individually. An upgrade on one peer switch does not automatically update the vPC peer switch.

However, Cisco NX-OS Releases 7.0(3)F3(3c) and 7.0(3)F3(4) are not compatible with Cisco NX-OS Release 9.2(x) for vPC peer switches. Both vPC peers must be upgraded simultaneously to Cisco NX-OS Release 9.2(x) to avoid one switch running a 7.0(3)F3(x) release and the other switch running 9.2(x). Optionally, if the switches are being upgraded from Cisco NX-OS Release 7.0(3)F3(4), you can use the following procedure to minimize the traffic impact during upgrade.


Note

This procedure not to be used on Broadcom or Cloudscale-based switches.

Procedure

Step 1

Switch A and B are running a Cisco NX-OS release. Switch A is the primary switch, and switch B is the secondary switch. On both the switches, use the copy r s command to save the running configuration.

Example:


                        primary_switch# show vpc role
                        vPC Role status
                        ----------------------------------------------------
                        vPC role : primary 
                        vPC system-mac : 00:23:04:ee:be:64 
                        vPC system-priority : 32667
                        vPC local system-mac : 70:df:2f:eb:86:1f 
                        vPC local role-priority : 90 
                        vPC peer system-mac : 70:df:2f:eb:1c:ab 
                        vPC peer role-priority : 100 
                        primary_switch#
                        
                        secondary_switch# show vpc role
                        vPC Role status
                        ----------------------------------------------------
                        vPC role : secondary 
                        vPC system-mac : 00:23:04:ee:be:64 
                        vPC system-priority : 32667
                        vPC local system-mac : 70:df:2f:eb:1c:ab 
                        vPC local role-priority : 100 
                        vPC peer system-mac : 70:df:2f:eb:86:1f 
                        vPC peer role-priority : 90 
                        secondary_switch#
                        
                        primary_switch# copy r s v
                        [########################################] 100%
                        Copy complete.
                        
                        secondary_switch# copy r s v
                        [########################################] 100%
                        Copy complete.

Step 2

Bring down the peer link (PL) on the primary switch. The secondary switch brings down its vPC legs.

Example:


                        primary_switch# conf t
                        Enter configuration commands, one per line. End with CNTL/Z.
                        primary_switch(config)# int port-channel 100
                        primary_switch(config-if)# shutdown 
                        
                        Reload the secondary switch with Release 9.2.1 image (change bootvar /reload)
                        
                        secondary_switch(config)# boot nxos nxos.9.2.1.bin
                        Performing image verification and compatibility check, please wait....
                        secondary_switch(config)# 
                        secondary_switch(config)# copy r s v
                        [########################################] 100%
                        Copy complete.
                        
                        
                        secondary_switch# reload
                        This command will reboot the system. (y/n)? [n] y
                        
                        
                        After reload
                        --------------------- 
                        secondary_switch# show vpc
                        Legend:
                        (*) - local vPC is down, forwarding via vPC peer-link
                        vPC domain id : 100 
                        Peer status : peer link is down 
                        vPC keep-alive status : peer is alive 
                        Configuration consistency status : failed 
                        Per-vlan consistency status : success 
                        Configuration inconsistency reason: Consistency Check Not Performed
                        Type-2 inconsistency reason : Consistency Check Not Performed
                        vPC role : none established 
                        Number of vPCs configured : 20 
                        Peer Gateway : Enabled
                        Dual-active excluded VLANs : -
                        Graceful Consistency Check : Disabled (due to peer configuration)
                        Auto-recovery status : Disabled
                        Delay-restore status : Timer is off.(timeout = 90s)
                        Delay-restore SVI status : Timer is off.(timeout = 10s)
                        Operational Layer3 Peer-router : Disabled
                        vPC Peer-link status
                        ---------------------------------------------------------------------
                        id Port Status Active vlans 
                        -- ---- ------ -------------------------------------------------
                        1 Po100 down -
                        
                        secondary_switch#
                        
                        primary_switch(config-if)# show vpc 
                        Legend:
                        (*) - local vPC is down, forwarding via vPC peer-link
                        vPC domain id : 100 
                        Peer status : peer link is down 
                        vPC keep-alive status : peer is alive 
                        Configuration consistency status : success 
                        Per-vlan consistency status : success 
                        Type-2 consistency status : success 
                        vPC role : primary 
                        Number of vPCs configured : 20 
                        Peer Gateway : Enabled
                        Peer gateway excluded VLANs : -
                        Dual-active excluded VLANs and BDs : -
                        Graceful Consistency Check : Enabled
                        Auto-recovery status : Enabled, timer is off.(timeout = 240s)
                        Operational Layer3 Peer-router : Disabled
                        vPC Peer-link status
                        ---------------------------------------------------------------------
                        id Port Status Active vlans 
                        -- ---- ------ --------------------------------------------------
                        1 Po100 down -

Step 3

Configure vPC auto-recovery under the vPC domain on the secondary switch. Enable vpc upgrade (exec command).

Example:


                        secondary_switch(config)# vpc domain 100
                        secondary_switch(config-vpc-domain)# auto-recovery 
                        secondary_switch(config-vpc-domain)# end
                        
                        secondary_switch# show running-config vpc
                        !Command: show running-config vpc
                        !Running configuration last done at: Wed May 16 06:34:10 2018
                        !Time: Wed May 16 06:34:14 2018
                        version 9.2(1) Bios:version 01.11 
                        feature vpc
                        vpc domain 100
                        peer-switch
                        role priority 100
                        peer-keepalive destination 10.1.31.30 source 10.1.31.29
                        delay restore 90
                        peer-gateway
                        auto-recovery
                        ipv6 nd synchronize
                        ip arp synchronize
                        interface port-channel100
                        vpc peer-link
                        interface port-channel2001
                        vpc 101
                        
                        
                        secondary_switch# show vpc upgrade
                        vPC upgrade : TRUE
                        SVI Timer : 0
                        Delay Restore Timer : 0
                        Delay Orphan Port Timer : 0
                        secondary_switch#
                        
                        secondary_switch# show vpc upgrade   >> Hidden command 
                        vPC upgrade : FALSE
                        SVI Timer : 10
                        Delay Restore Timer : 90
                        Delay Orphan Port Timer : 0
                        
                        
                        secondary_switch# vpc upgrade   >> Hidden command

Step 4

After Layer 3 routes are learned on the secondary switch, reload the primary switch with the new release image. The secondary switch takes over the primary role and brings up its vPC legs in approximately 5 seconds.

Example:


                        primary_switch(config)# show boot 
                        Current Boot Variables:
                        sup-1
                        NXOS variable = bootflash:/nxos.9.2.1.bin
                        No module boot variable set
                        Boot Variables on next reload:
                        sup-1
                        NXOS variable = bootflash:/nxos.9.2.1.bin
                        
                        No module boot variable set
                        primary_switch(config)# end
                        
                        primary_switch# show boot 
                        Current Boot Variables:
                        sup-1
                        NXOS variable = bootflash:/nxos.9.2.1.bin
                        No module boot variable set
                        Boot Variables on next reload:
                        sup-1
                        NXOS variable = bootflash:/nxos.9.2.1.bin
                        
                        No module boot variable set
                        primary_switch# reload
                        This command will reboot the system. (y/n)? [n] y
                        
                        secondary_switch# show vpc
                        Legend:
                        (*) - local vPC is down, forwarding via vPC peer-link
                        vPC domain id : 100 
                        Peer status : peer link is down 
                        vPC keep-alive status : peer is not reachable through peer-keepalive
                        Configuration consistency status : failed 
                        Per-vlan consistency status : success 
                        Configuration inconsistency reason: Consistency Check Not Performed
                        Type-2 inconsistency reason : Consistency Check Not Performed
                        vPC role : primary 
                        Number of vPCs configured : 20 
                        Peer Gateway : Enabled
                        Dual-active excluded VLANs : -
                        Graceful Consistency Check : Disabled (due to peer configuration)
                        Auto-recovery status : Enabled, timer is off.(timeout = 240s)
                        Delay-restore status : Timer is off.(timeout = 0s)
                        Delay-restore SVI status : Timer is off.(timeout = 0s)
                        Operational Layer3 Peer-router : Disabled
                        vPC Peer-link status
                        ---------------------------------------------------------------------
                        id Port Status Active vlans 
                        -- ---- ------ -------------------------------------------------
                        1 Po100 down -
                        vPC status

Step 5

When the primary switch comes back up, the peer link on it is operationally up.

Example:


                        primary_switch# show vpc
                        Legend:
                        (*) - local vPC is down, forwarding via vPC peer-link
                        vPC domain id : 100 
                        Peer status : peer adjacency formed ok 
                        vPC keep-alive status : peer is alive 
                        Configuration consistency status : success 
                        Per-vlan consistency status : success 
                        Type-2 consistency status : success 
                        vPC role : primary, operational secondary
                        Number of vPCs configured : 20 
                        Peer Gateway : Enabled
                        Dual-active excluded VLANs : -
                        Graceful Consistency Check : Enabled
                        Auto-recovery status : Disabled
                        Delay-restore status : Timer is off.(timeout = 90s)
                        Delay-restore SVI status : Timer is off.(timeout = 10s)
                        Operational Layer3 Peer-router : Disabled
                        vPC Peer-link status
                        ---------------------------------------------------------------------
                        id Port Status Active vlans 
                        -- ---- ------ -------------------------------------------------
                        1 Po100 up 1,101-400

For downgrade, reload both switches at the same time.