N+1 Hitless Rolling AP Upgrade

N+1 hitless rolling AP upgrade and version skew

N+1 hitless rolling AP upgrade and version skew are network upgrade strategies that

  • enable wireless network upgrades with minimal or no downtime

  • allow software mismatches between wireless controllers and access points during upgrades, and

  • support staged AP upgrades while maintaining service continuity.

Version skew : A compatibility feature that allows a controller to operate with APs running a different software version.

N+1 Hitless Rolling AP Upgrade : A controller-assisted method that migrates APs to a temporary controller during upgrade, avoiding service disruption.

Understanding N+1 Hitless Rolling AP Upgrade and Version Skew

Traditionally, all APs and the controller needed to be on the same software version to function properly, causing network downtime during upgrades. Version skew removes this limitation by allowing staged upgrades. Combined with the N+1 hitless rolling AP upgrade process, this strategy ensures continuous service by migrating APs to a temporary controller, upgrading the original controller, and then migrating APs back.

This method is especially beneficial in large-scale deployments where network availability is critical.

The following table contrasts the features of a traditional upgrade withvVersion skew + N+1 Upgrade:

Table 1. Comparison of Traditional Upgrade vs. Version Skew + N+1 Upgrade

Feature

Traditional Upgrade

Version Skew + N+1 Upgrade

Requires same version on all devices

Yes

No

Causes downtime

Yes

No

Supports staged AP upgrades

No

Yes

Uses secondary controller

No

Yes (WLC2 as mobility member)

Needs image pre-download

Not applicable

Yes, for ap image upgrade command

Examples of N+1 Hitless Rolling AP Upgrade

  • A network admin can upgrade the controller (WLC1) while APs continue to operate from a mobility member (WLC2).

  • Using the ap image move command after predowloading images avoids downtime even without simultaneous AP upgrades.

Counter-examples for N+1 Hitless Rolling AP Upgrade

  • Upgrading all APs simultaneously without version skew or N+1 support would cause network downtime.

  • Using the ap image upgrade command without pre-downloading the image will fail.

How N+1 hitless rolling AP upgrades work

This process involves upgrading controllers and managing access points using specific commands.

Summary

The N+1 hitless rolling AP upgrade process involves several critical steps: establishing mobility tunnels, upgrading software, moving APs, and activating new software images.

This process ensures a seamless upgrade of APs with minimal service disruption.

Workflow

Workflow for the N+1 hitless rolling AP upgrade feature

  1. Establish a mobility tunnel from the controller (WLC1) to a mobility member (WLC2).
  2. Upgrade the controller software (WLC1) using the install add file bootflash:new_version.bin command.
  3. You can also choose to upgrade the AP image.. For more information, see Predownloading an Image to an Access Point chapter.
  4. Use the ap image upgrade destination controller-name controller-ip report-name privileged EXEC command to upgrade and move all the APs from WLC1 (source) to WLC2 (destination).
  5. Activate the new image in WLC1 using the install activate command.
  6. Commit the changes using the install commit command.
  7. Move the APs back to WLC1 from WLC2 using the ap image move destination controller-name controller-ip report-name command.

    Note

    The ap image upgrade destination command does not work without an image pre-download. If you do not perform an image pre-download, use the ap image move command to move the APs. When APs download the image and join the destination controller, you must set the iteration time as high. Also, you can customize the iteration time by configuring the ap upgrade staggered iteration timeout command.

Result

The process upgrades access points effectively without disrupting service. It maintains optimal network functionality during transition stages.

Configure hitless upgrade

The purpose of this task is to perform a hitless upgrade using a zero downtime network upgrade process in an N+1 deployment. This process ensures that all necessary components are pre-checked for compliance, and the upgrade is carried out smoothly with minimal disruption.

Before you begin

  • Provide the hostname and wireless management IP of the destination controller in the privileged EXEC command.

  • Predownload the image on APs running on the destination controller.

Procedure

Step 1

ap image upgrade destination wlc-name wlc-ip

Example:

Device# ap image upgrade destination wlc2 10.7.8.9

Moves APs to the specified destination controller with the Swap and Reset command. After this, the parent controller activates the new image and reloads with the new image. Establish the mobility tunnel, and then return APs to the parent controller without a swap and reset.

Note

 

Ensure that you establish a mobility tunnel from controller (WLC1) to a mobility member (WLC2) before image upgrade.

Step 2

ap image upgrade destination wlc-name wlc-ip

Example:

Device# ap image upgrade destination wlc2 10.7.8.9

(Optional) Moves APs to the specified destination controller with a swap and reset command.

Note

 

Steps 2 to 4 should only be performed if Step 1 is not being executed.

Step 3

ap image move destination wlc-name wlc-ip

Example:

Device# ap image move destination wlc1 10.7.8.6

Move the APs back to the parent controller.

Step 4

ap image upgrade destination wlc-name wlc-ip [fallback]

Example:

Device# ap image upgrade destination wlc2 10.7.8.9 fallback

(Optional) Moves APs to the specified destination controller with a swap and reset command. After that, APs move back to the parent controller (without a swap and reset) once the new image is manually installed and the parent controller is reloaded.

Step 5

ap image upgrade destination wlc-name wlc-ip [reset]

Example:

Device# ap image upgrade destination wlc2 10.7.8.9 reset

(Optional) Move APs to the specified destination controller using the Swap and Reset command. After this, the parent controller activates the new image and reloads with the new image.

The result of this task is a successful upgrade of the network without any downtime, ensuring the access points (APs) are returned to the parent controller seamlessly after the upgrade is complete. The network continues to function optimally with the new image installed.

Verify hitless upgrade

Use these commands to verify hitless upgrade

These are the commands to verify hitless upgrade

  • To view all the upgrade report names, use these command:

    Device# show ap upgrade summary

Report Name 					Start time
------------------------------------------------------------------------------------------
AP_upgrade_from_VIGK_CSR_2042018171639 05/20/2018 17:16:39 UTC

  • To view AP upgrade information based on the upgrade report name, use these command:

    Device# show ap upgrade name test-report

AP upgrade is complete
From version: 16.10.1.4
To version: 16.10.1.4
Started at: 05/20/2018 17:16:39 UTC
Percentage complete: 100
End time: 05/20/2018 17:25:39 UTC
Progress Report
---------------
Iterations
----------
Iteration Start time End time AP count
------------------------------------------------------------------------------------------------
0 05/20/2018 17:16:39 UTC 05/20/2018 17:16:39 UTC 0
1 05/20/2018 17:16:39 UTC 05/20/2018 17:25:39 UTC 1
Upgraded
--------
Number of APs: 1
AP Name Ethernet MAC Iteration Status
---------------------------------------------------------------------------------------
AP-SIDD-CLICK 70db.9848.8f60 1 Joined
In Progress
-----------
Number of APs: 0
AP Name Ethernet MAC
-------------------------------------------------
Remaining
---------
Number of APs: 0
AP Name Ethernet MAC
-------------------------------------------------