- Index
- Preface
- Product Overview
- Command-Line Interfaces
- Smart Port Macros
- Virtual Switching Systems (VSS)
- Enhanced Fast Software Upgrade (eFSU)
- Fast Software Upgrades
- Stateful Switchover (SSO)
- Non-Stop Forwarding (NSF)
- RPR Supervisor Engine Redundancy
- Layer 2 LAN Port Configuration
- Flex Links
- EtherChannels
- IEEE 802.1ak MVRP and MRP
- VLAN Trunking Protocol (VTP)
- VLANs
- Private VLANs (PVLANs)
- Private Hosts
- IEEE 802.1Q Tunneling
- Layer 2 Protocol Tunneling
- Spanning Tree Protocols (STP, MST)
- Optional STP Features
- IP Unicast Layer 3 Switching
- Policy Based Routing (PBR)
- Layer 3 Interface Configuration
- Unidirectional Ethernet (UDE) and unidirectional link routing (UDLR)
- Multiprotocol Label Switching (MPLS)
- MPLS VPN Support
- Ethernet over MPLS (EoMPLS)
- IPv4 Multicast Layer 3 Features
- IPv4 Multicast IGMP Snooping
- IPv4 PIM Snooping
- IPv4 Multicast VLAN Registration (MVR)
- IPv4 IGMP Filtering
- IPv4 Router Guard
- IPv4 Multicast VPN Support
- IPv6 Multicast Layer 3 Features
- IPv6 MLD Snooping
- Netflow
- NetFlow Data Export (NDE)
- Call Home
- System Event Archive (SEA)
- Backplane Platform Monitoring
- Local SPAN, RSPAN, and ERSPAN
- SNMP IfIndex Persistence
- Top-N Reports
- Layer 2 Traceroute Utility
- Mini Protocol Analyzer
- PFC QoS
- AutoQoS
- MPLS QoS
- PFC QoS Statistics Data Export
- Cisco IOS ACL Support
- Cisco TrustSec (CTS)
- AutoSecure
- MAC Address-Based Traffic Blocking
- Port ACLs (PACLs)
- VLAN ACLs (VACLs)
- Policy-Based Forwarding (PBF)
- Denial of Service (DoS) Protection
- Control Plane Policing (CoPP)
- Dynamic Host Configuration Protocol (DHCP) Snooping
- IP Source Guard
- Dynamic ARP Inspection (DAI)
- Traffic Storm Control
- Unknown Unicast and Multicast Flood Control
- IEEE 802.1X Port-Based Authentication
- Configuring Web-Based Authentication
- Port Security
- Lawful Intercept
- Online Diagnostic Tests
- Prerequisites for eFSU
- Restrictions for eFSU
- Information About eFSU
- Default Settings for eFSU
- How to Perform an eFSU
- eFSU Summarized Procedure
- Preparing for the Upgrade
- Copying the New Software Image
- Loading the New Software onto the Standby Supervisor Engine
- Displaying the Maximum Outage Time for Installed Modules (Optional)
- Forcing a Switchover from Active to Standby
- Accepting the New Software Version and Stopping the Rollback Process (Optional)
- Committing the New Software to the Standby
- Verifying the Software Installation
- Aborting the Upgrade Process
- How to Upgrade a Non-eFSU Image to an eFSU Image
Enhanced Fast Software Upgrade
- Prerequisites for eFSU
- Restrictions for eFSU
- Information About eFSU
- Default Settings for eFSU
- How to Perform an eFSU
- How to Upgrade a Non-eFSU Image to an eFSU Image
Note ● For complete syntax and usage information for the commands used in this chapter, see these publications:
http://www.cisco.com/en/US/products/ps11846/prod_command_reference_list.html
- Cisco IOS Release 15.1SY supports only Ethernet interfaces. Cisco IOS Release 15.1SY does not support any WAN features or commands.
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum
Prerequisites for eFSU
Restrictions for eFSU
- SX SY EFSU Compatibility Matrix
- The Release 15.0(1)SY no payload encryption (NPE) images do not support the hitless ACL update feature or the [ no ] platform hardware acl update-mode hitless command.
The Release 15.0(1)SY1 and later no payload encryption (NPE) images support hitless ACL update and the platform hardware acl update-mode hitless command is configured by default (because it is the default, the command does not appear in the configuration file).
In other releases and images that support the hitless ACL update feature, the platform hardware acl update-mode hitless command is configured by default.
With NPE images, to avoid problems when doing a downgrade from Release 15.0(1)SY1 or later to Release 15.0(1)SY, do not disable the hitless ACL update feature (no platform hardware acl update-mode hitless), because the CLI does not exist in the Release 15.0(1)SY NPE images, and configuring the nondefault condition causes the CLI to appear in the Release 15.0(1)SY1 configuration file, which then, as an unsupported command, causes problems with Release 15.0(1)SY.
The hitless ACL update feature consumes TCAM resources. If TCAM utilization is high, enabling the hitless ACL update feature to support a downgrade might cause TCAM conflicts with other configured features.
- eFSU requires two supervisor engines, one active and one standby.
- Both the active and standby supervisor engines must have enough flash memory to store both the old and new software images prior to the upgrade process.
- Images from different features sets, regardless of release, fail the eFSU compatibility check.
- When downgrading with eFSU to an earlier version of Cisco IOS Software, the configuration files fail to synchronize and the standby supervisor engine reloads unless you disable any features or functions that are not supported in the earlier version before you start the process. Remove any configuration commands that are not available in the earlier version.
- During an eFSU upgrade, the modules are restarted.
- The switch examines the old and new software images and automatically performs the appropriate process (eFSU) to upgrade the software image:
– If the module software in the images is different, the modules are restarted or reset during the upgrade process. System downtime depends on whether the modules support eFSU (see the “Outage Time and Support Considerations” section for more information).
- The eFSU upgrade feature works with NSF/SSO. Software features that do not support NSF/SSO stop operating until they come back online after the switchover that occurs during the software upgrade.
- All modules that support eFSU preload must have at least 512 MB of memory, with enough memory free to hold the new software image. If there is insufficient free memory, eFSU does not attempt the preload, but instead resets the modules during the switchover.
- Online insertion and replacement (OIR) is not supported during an eFSU. If you attempt to insert a new module in the switch while the upgrade is active, the switch does not provide power for the module. When the upgrade ends, the switch resets the newly inserted module.
- Do not perform a manual switchover between supervisor engines during the upgrade.
- Make sure that the configuration register is set to allow autoboot (the lowest byte of the register should be set to 2).
- Before you enter the issu abortversion command (to abort a software upgrade), make sure that the standby supervisor engine is Up (STANDBY HOT [in SSO] or COLD [in RPR]).
- The Fast Software Upgrade (FSU) process supports upgrade from earlier releases. During this process, the module software image is also upgraded on those modules that support eFSU.
Information About eFSU
- eFSU Operation
- Outage Time and Support Considerations
- Reserving Module Memory
- Error Handling for eFSU Preload
Note The switch supports eFSU in VSS mode. See the “Restrictions for VSS” section for more information.
eFSU Operation
eFSU is an enhanced software upgrade procedure. Non-eFSU (FSU) software upgrades require system downtime, because a software version mismatch between the active and the standby supervisor engines forces the system to boot in RPR redundancy mode, which is stateless and causes a hard reset of the all modules.
eFSU enables an increase in network availability by reducing the downtime caused by software upgrades. eFSU does this by:
- Bringing up the standby supervisor engine in SSO mode even when the active and the standby supervisor engines have different software versions, or with VSS configured, when the supervisor engines in the two chassis have different software versions.
During an eFSU, new software is loaded onto the standby supervisor engine while the active supervisor engine continues to operate using the previous software. As part of the upgrade, the standby processor reaches the SSO Standby Hot stage, a switchover occurs, and the standby becomes active, running the new software. In previous releases Supervisor Engines running different software versions ran in the Route Processor Redundancy Mode.
You can continue with the upgrade to load the new software onto the other processor, or you can abort the upgrade and resume operation with the old software.
If the new software release contains new module software, eFSU preloads the new module software onto any modules in the switch that support eFSU preload. When the switchover occurs between the active and standby supervisor engines, the modules are restarted with the new software image.
The WS-X67 xx modules modules support eFSU preload. All other modules undergo a hard reset at switchover, and the software image loads after the module restarts.
During a software upgrade, the switch performs the following steps automatically on modules that support eFSU preload:
– Reserves the necessary memory for the new Cisco IOS software image on each module.
– Preloads a new software image onto the modules as part of the issu loadversion command.
– Restarts the modules with the new software image when a switchover occurs (issu runversion).
– During the restart, the software features and routing protocols are not available.
– If a rollback or abort occurs, to minimize disruption, the switch preloads the original software version onto the module. Once the rollback or abort is completed, the module is restarted with the original software version.
Note All modules that support eFSU preload must have at least 512 MB of memory, with enough memory free to hold the new software image. If there is insufficient free memory, eFSU does not attempt the preload, but instead resets the modules during the switchover.
Outage Time and Support Considerations
During an eFSU upgrade, modules are restarted or reset after the switchover that occurs between the supervisor engines. Because the modules are restarted or reset, any links attached to the modules go up and down and traffic processing is disrupted until protocols and software features are brought back online. The length of time that module processing is disrupted (outage time) depends on whether the eFSU process was able to preload a new software image onto the module.
- For modules that support eFSU preload, the outage time for an eFSU module warm reload is faster than an RPR mode module reload.
- For modules that do not support eFSU preload, the outage time for module reload is similar to an RPR mode module reload.
Once the new software is loaded (issu loadversion), you can use the show issu outage slot all command to display the maximum outage time for installed modules. See the “Displaying the Maximum Outage Time for Installed Modules (Optional)” section for a command example.
Reserving Module Memory
On modules that support eFSU, the supervisor engine automatically reserves memory on the module to store the new software image (decompressed format). The amount of memory needed varies according to the module type.
Although we do not recommend it, you can enter the following command to keep the switch from reserving memory for the software preload (where slot-num specifies which slot the module is installed in):
Note All modules that support eFSU preload must have at least 512 MB of memory, with enough memory free to hold the new software image. If there is insufficient free memory, eFSU does not attempt the preload, but instead resets the modules during the switchover.
To display whether or not the memory reservation was successful on a module, use the show issu outage slot all command See the “Displaying the Maximum Outage Time for Installed Modules (Optional)” section for a command example.
Error Handling for eFSU Preload
If problems occur during eFSU preload, the switch takes the following actions:
- Module crash during loadversion—The module is reset when a switchover occurs.
- Module not active when eFSU started—No power is provided to the module during the software upgrade, and the module is reset when the process ends. The same action is applied to a module that is inserted into the switch after the software upgrade process has begun.
- Module crash during run version or during rollback—The module boots with the software image version that corresponds to the software image that is present on the active supervisor engine.
Default Settings for eFSU
How to Perform an eFSU
- eFSU Summarized Procedure
- Preparing for the Upgrade
- Copying the New Software Image
- Loading the New Software onto the Standby Supervisor Engine
- Displaying the Maximum Outage Time for Installed Modules (Optional)
- Forcing a Switchover from Active to Standby
- Accepting the New Software Version and Stopping the Rollback Process (Optional)
- Committing the New Software to the Standby
- Verifying the Software Installation
- Aborting the Upgrade Process
eFSU Summarized Procedure
This task is a summarized procedure for an eFSU:
Preparing for the Upgrade
Note Before attempting to perform a software upgrade, be sure to review the “Restrictions for eFSU” section.
Verifying the Boot Image Version and Boot Variable
Before starting, enter the show version and show bootvar commands to verify the boot image version and BOOT environment variable, as shown in the following examples:
Verifying Redundancy Mode
Verify that redundancy mode is enabled and that NSF and SSO are configured. The following command example shows how to verify redundancy:
Verifying eFSU State
Verify that the the ISSU state is Init, rather than an intermediate eFSU upgrade state. Enter this command:
Copying the New Software Image
Before starting the eFSU process, copy the new software image to flash memory (disk0: and slavedisk0:) on the active and standby supervisor engines.
Loading the New Software onto the Standby Supervisor Engine
Enter the issu loadversion command to start the upgrade process. This command reboots the standby supervisor engine and loads the new software image onto the standby supervisor engine. When the download is complete, you are prompted to enter the runversion command.
Note Do not automatically disable the features that are not common to both images. During the standby initialization, after you enter the issu loadversion command, if there are any enabled features that are not supported on the standby supervisor engine, a message is displayed that states that the standby supervisor engine cannot initialize while this feature is enabled, and the standby supervisor engine is forced to RPR (in the load-version state).
When execution of the issu loadversion command completes, the standby supervisor engine is loaded with the new software image and the supervisor engine is in SSO mode. The issu loadversion command might take several seconds to complete. If you enter the show commands too soon, you might not see the information that you need.
These examples show how to check the status of the upgrade using the show redundancy and show issu state detail commands:
Displaying the Maximum Outage Time for Installed Modules (Optional)
Once the new software is downloaded, you can enter the show issu outage slot all command on the switch processor to display the maximum outage time for the installed modules:
Forcing a Switchover from Active to Standby
Enter the issu runversion command to force a switchover between the active and standby supervisor engines. The standby supervisor engine, which has the new software image loaded, becomes active. The previously active supervisor engine becomes the standby and boots with the old software image (in case the software upgrade needs to be aborted and the old image restored).
A switchover between the supervisor engines occurs now. The previous standby supervisor engine becomes active and is running the new software version. The previous active supervisor engine, now the standby supervisor engine, boots with the old software.
Note At this point, the new active supervisor engine is running the new software image and the standby is running the old software image. You should verify the state of the active and standby supervisor engines as shown in the following examples (show redundancy and show issu state detail).
Note To complete the upgrade process, enter the issu acceptversion (optional) and issu commitversion commands (as described in the following sections).
Accepting the New Software Version and Stopping the Rollback Process (Optional)
You must either accept or commit the new software image, or the rollback timer will expire and stop the upgrade process. If that occurs, the software image reverts to the previous software version. The rollback timer is a safeguard to ensure that the upgrade process does not leave the switch nonoperational.
Note New features that are not supported by the previous image are allowed to be enabled only after you enter the issu commitversion command.
The following command sequence shows how the issu acceptversion command stops the rollback timer to enable you to examine the functionality of the new software image. When you are satisfied that the new image is acceptable, enter the issu commitversion command to end the upgrade process.
View the rollback timer to see that the rollback process has been stopped:
Committing the New Software to the Standby
Enter the issu commitversion command to load the new software image onto the standby supervisor engine and complete the software upgrade process. In the following example, the new image is loaded onto the standby supervisor engine in slot 5:
Note The software upgrade process is now complete. Both the active and standby supervisor engines are running the new software version.
Verifying the Software Installation
You should verify the status of the software upgrade. If the upgrade was successful, both the active and standby supervisor engines are running the new software version.
Aborting the Upgrade Process
You can manually abort the software upgrade at any stage by entering the issu abortversion command. The upgrade process also aborts on its own if the software detects a failure.
If you abort the process after you enter the issu loadversion command, the standby supervisor engine is reset and reloaded with the original software.
The following is an example of the issu abortversion slot image command that shows how to abort the software upgrade process:
Note Before you enter the issu abortversion command, make sure that the standby supervisor engine is Up (STANDBY HOT [in SSO] or COLD [in RPR]).
How to Upgrade a Non-eFSU Image to an eFSU Image
If the new Cisco IOS software image does not support eFSU, you must manually upgrade the software image. To do so, you must upgrade the software image on the standby supervisor engine and then perform a manual switchover so that the standby takes over processing with the new image. You can then upgrade the software image on the previously active, and now standby, supervisor engine. For more information, see the “eFSU Summarized Procedure” section.
http://www.cisco.com/en/US/products/hw/switches/ps708/tsd_products_support_series_home.html
Participate in the Technical Documentation Ideas forum