NX-OS ISSU 5 to latest 5 or 6?

[wintermute000]

Not much Nexus 7k XP and wanting people's thoughts on the following


if you had a customer running a pair of 7ks happily on 5.2(4) with no known stability issues or bugs affecting the environment.
They are only running Sup 1, F1 and M1 cards and will not buy Sup 2, F2 and M2s before EOL (2019). They have plenty of spare 10G ports and redundant M1 blades. They are extremely risk averse and want to change things as absolutely minimally as possible.

Would you upgrade to NX-OS 6.1(5) or latest 5.2(9)? (6.2 and 7.x are too new.) Are there any issues staying on v5 train if there's no possibility of M2/F2/Sup2 cards?
I know 4 years is a long time, but they've lasted the last 3 without changing a thing, and they just bought a stack of M1/F1 blades and are convinced they can ride it out until 2019 with no more HW upgrades.

For those vets who've done ISSU on live 7ks, is there any greater risk in going to 6.x vs staying on same code train?
The upgrade path for both appears valid.

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/release/notes/52_nx-os_release_note.html#pgfId-496973
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/release/notes/61_nx-os_release_note.html#pgfId-608107


customer does not care, they just want the tick box in the 'firmware not 3 years old' column.


disclaimer: I came along later in the piece, keeping the box going as long as possible with gen 1 modules was not my idea

[icecream-guy]

The GHOST vulnerability affects every NX-OS on the 7K prior to 6.2(12)
The 5.2 train is NS-OS is EOL, last day of software support is 10/29/2015. so no software fixes after that.
Software support will end 10/31/2019.
Cisco recommends 5.2(9a) at a minimum with a preference for 6.2.12

Personally I haven't successfully done ISSU, failed a few times and never trusted for it to work correctly without hitches since.

we're loading up on 6.2.12 here.


what firmware are they running?  you might be able to get away with the epld upgrade and a reboot, to check that box.

[wintermute000]

not sure. Do you have more details re: epld etc.?
rookie to Nexus HW stuff so the more info the merrier.

So when you failed ISSU, what happened, what did you have to do? Did you brick one of the sups?
Was what you attempted on the supported matrix?

I got my figures wrong anyway, he's running 5.2(1) so he has no choice but to ISSU to 5.2(9) anyway, whether he stays there or then goes to 6.x can be a separate decision.

[DanC]

I've never run into an EPLD upgrade but I've heard they take an absolute age...

[NetworkGroover]

I've never run into an EPLD upgrade but I've heard they take an absolute age...

I'm not familiar with EPLDs, but they looks similar to FPGAs, and if so, yes they can take a while to upgrade.

[LynK]

We are running two n7k chassis. Have had 0 issues in over a year on this IOS. EPLD upgrade was not required. Upload the new img to your bootflash and issue a:

Code Select Expand

show install all impact epld bootflash:xxxx.img

N7K10-

Code Select Expand


6.2(8a)
Mod  Ports  Module-Type                         Model              Status
---  -----  ----------------------------------- ------------------ ----------
1    48     10/100/1000 Mbps Ethernet XL Module N7K-M148GT-11L     ok
2    32     1/10 Gbps Ethernet Module           N7K-F132XP-15      ok
4    32     10 Gbps Ethernet XL Module          N7K-M132XP-12L     ok
5    0      Supervisor Module-2                 N7K-SUP2           active *
6    0      Supervisor Module-2                 N7K-SUP2           ha-standby
7    32     10 Gbps Ethernet XL Module          N7K-M132XP-12L     ok
9    32     1/10 Gbps Ethernet Module           N7K-F132XP-15      ok
10   48     10/100/1000 Mbps Ethernet XL Module N7K-M148GT-11L     ok

Mod  Sw              Hw
---  --------------  ------
1    6.2(8a)         1.0
2    6.2(8a)         1.2
4    6.2(8a)         1.3
5    6.2(8a)         3.0
6    6.2(8a)         3.0
7    6.2(8a)         1.3
9    6.2(8a)         1.1
10   6.2(8a)         1.0



N7K9-

Code Select Expand


6.2(8a)
Mod  Ports  Module-Type                         Model              Status
---  -----  ----------------------------------- ------------------ ----------
1    0      Supervisor Module-2                 N7K-SUP2           active *
2    0      Supervisor Module-2                 N7K-SUP2           ha-standby
3    32     10 Gbps Ethernet XL Module          N7K-M132XP-12L     ok
4    48     10/100/1000 Mbps Ethernet XL Module N7K-M148GT-11L     ok
5    32     1/10 Gbps Ethernet Module           N7K-F132XP-15      ok
6    32     10 Gbps Ethernet XL Module          N7K-M132XP-12L     ok
7    48     10/100/1000 Mbps Ethernet XL Module N7K-M148GT-11L     ok
8    32     1/10 Gbps Ethernet Module           N7K-F132XP-15      ok

Mod  Sw              Hw
---  --------------  ------
1    6.2(8a)         3.0
2    6.2(8a)         3.0
3    6.2(8a)         2.0
4    6.2(8a)         1.0
5    6.2(8a)         1.1
6    6.2(8a)         3.1
7    6.2(8a)         1.0
8    6.2(8a)         1.2


[wintermute000]

thanks. I don't happen to have the same HW as you (SUP1... F1... M1 etc.) but its a good rough guide esp with a bunch of Gen1 v1.x running fine in 6.2(8a) that's a good sign.

[mmcgurty]

I upgraded a pair of 7010's with a SUP1 and F1/M1 cards in July from 5.1(5) to 6.2(12) stepping from 5.1(5) to 5.2(7), 5.2(7) to 6.2(2a), 6.2(2a) to 6.2(8a), and finally 6.2(8a) to 6.2(12) without incident.  See the output below:

Mod  Ports  Module-Type                         Model              Status
---  -----  ----------------------------------- ------------------ ----------
1    32     1/10 Gbps Ethernet Module           N7K-F132XP-15      ok
2    32     1/10 Gbps Ethernet Module           N7K-F132XP-15      ok
3    48     10/100/1000 Mbps Ethernet Module    N7K-M148GT-11      ok
4    48     10/100/1000 Mbps Ethernet Module    N7K-M148GT-11      ok
5    0      Supervisor Module-1X                N7K-SUP1           active *
6    0      Supervisor Module-1X                N7K-SUP1           ha-standby

Mod  Sw              Hw
---  --------------  ------
1    6.2(12)         1.2     
2    6.2(12)         1.2     
3    6.2(12)         1.9     
4    6.2(12)         1.9     
5    6.2(12)         2.2     
6    6.2(12)         2.2

[icecream-guy]

I upgraded a pair of 7010's with a SUP1 and F1/M1 cards in July from 5.1(5) to 6.2(12) stepping from 5.1(5) to 5.2(7), 5.2(7) to 6.2(2a), 6.2(2a) to 6.2(8a), and finally 6.2(8a) to 6.2(12) without incident.  See the output below:

ow, that's painful . Was that all ISSU upgrades?

[mmcgurty]

I upgraded a pair of 7010's with a SUP1 and F1/M1 cards in July from 5.1(5) to 6.2(12) stepping from 5.1(5) to 5.2(7), 5.2(7) to 6.2(2a), 6.2(2a) to 6.2(8a), and finally 6.2(8a) to 6.2(12) without incident.  See the output below:

ow, that's painful . Was that all ISSU upgrades?

I did the first 7010 all in ISSU without incident, the second 7010 I did from 5.1(5) to 6.2(12) due to timing of the maintenance window which did cause an outage but it was a planned outage.

[icecream-guy]

I upgraded a pair of 7010's with a SUP1 and F1/M1 cards in July from 5.1(5) to 6.2(12) stepping from 5.1(5) to 5.2(7), 5.2(7) to 6.2(2a), 6.2(2a) to 6.2(8a), and finally 6.2(8a) to 6.2(12) without incident.  See the output below:

ow, that's painful . Was that all ISSU upgrades?

wow that's pretty bold, we usually wait a week between upgrading pairs. see if any undocumented issues arise.

I did the first 7010 all in ISSU without incident, the second 7010 I did from 5.1(5) to 6.2(12) due to timing of the maintenance window which did cause an outage but it was a planned outage.

[icecream-guy]

I upgraded a pair of 7010's with a SUP1 and F1/M1 cards in July from 5.1(5) to 6.2(12) stepping from 5.1(5) to 5.2(7), 5.2(7) to 6.2(2a), 6.2(2a) to 6.2(8a), and finally 6.2(8a) to 6.2(12) without incident.  See the output below:

ow, that's painful . Was that all ISSU upgrades?

I did the first 7010 all in ISSU without incident, the second 7010 I did from 5.1(5) to 6.2(12) due to timing of the maintenance window which did cause an outage but it was a planned outage.

wow that's pretty bold, we usually wait a week between upgrading pairs. see if any undocumented issues arise.

[wintermute000]

cool! That's great to know.
From my reading no EPLD is mandated (though 'recommended') - was that the case for you?


My current recommendation based on the release notes is as follows
5.2(1) --> 5.2(9)
5.2(9) --> 6.2(8a)
6.2(8a) --> 6.2(12)


Customer may choose to stop ay any stage lol

[icecream-guy]

cool! That's great to know.
From my reading no EPLD is mandated (though 'recommended') - was that the case for you?

In my case over the past year or so, we'll have brought 3 7010's from  4.2(4) to 6.2(12). so we were advised to perform EPLD.
The scariest part of the migration was to 4.2( to 5.2(9) where we had to install the 8GB memory module.

[mmcgurty]

I upgraded a pair of 7010's with a SUP1 and F1/M1 cards in July from 5.1(5) to 6.2(12) stepping from 5.1(5) to 5.2(7), 5.2(7) to 6.2(2a), 6.2(2a) to 6.2(8a), and finally 6.2(8a) to 6.2(12) without incident.  See the output below:

ow, that's painful . Was that all ISSU upgrades?

I did the first 7010 all in ISSU without incident, the second 7010 I did from 5.1(5) to 6.2(12) due to timing of the maintenance window which did cause an outage but it was a planned outage.

wow that's pretty bold, we usually wait a week between upgrading pairs. see if any undocumented issues arise.

This environment is an Hot/Standby for production.  During this timeframe we rolled over to our backup site for a few months to test that environment as well.  This was still being used but not in the same capacity.  We also do completely redundant connections in this environment with VPC's so we can weather these kinds of upgrades when necessary.