Cisco IOS 26 - IOS XE upgrade - standalone switch, stack and ISSU

Catalyst 9000 and IOS XE Upgrade

The Catalyst 9000 family uses a common binary image of Cisco IOS XE, meaning the same installation file is used for all models and license versions. For example, for the Cisco IOS 16.12.04 version, the file is cat9k_iosxe.16.12.04.SPA.bin. The IOS upgrade process is the same whether we have a standalone switch, a stack created using StackWise, or a cluster with StackWise Virtual (where we can also use ISSU with a single parameter).

Documentation

• Upgrade Guide for Cisco Catalyst 9000 Switches
• High Availability Configuration Guide, Cisco IOS XE Gibraltar 16.12.x (Catalyst 9500 Switches) - Configuring ISSU
• System Management Configuration Guide, Cisco IOS XE Gibraltar 16.12.x (Catalyst 9500 Switches) - Performing Device Setup Configuration
• In-Service Software Upgrade (ISSU) on Catalyst 3850, Catalyst 9000 series switches

Recommended versions of IOS XE for various models can be found at Recommended Releases for Catalyst 9200/9300/9400/9500/9600 and Catalyst 3650/3850 Platforms.

Software Maintenance Upgrade (SMU)

We can also install patches for the current version. An example is the file cat9k_iosxe.16.12.04.CSCvu95137.SPA.smu.bin. These are referred to as Software Maintenance Upgrades (SMU). The installation process is similar to an upgrade, as described in the System Management Configuration Guide, Cisco IOS XE Gibraltar 16.12.x (Catalyst 9500 Switches) - Software Maintenance Upgrade.

Install Mode

To use the new upgrade method (IOS installation), the device must be booted in Install Mode. The Boot Mode is determined by whether the System image file is a .bin or .conf file.

Catalyst 9000 family switches can operate in one of two modes:

• Bundle Mode - the traditional method, uses a monolithic Cisco IOS image, loads a .bin file into memory, which contains everything needed to run IOS, for example, cat9k_iosxe.16.12.04.SPA.bin
• Install Mode - the new and recommended method, extracts the .bin file into a series of .pkg files, which are loaded into memory independently, during startup a configuration file, typically packages.conf, is loaded, which contains information on which packages to load

Various options for displaying information for a switch in install mode:

SWITCH#show version
...
System image file is "bootflash:packages.conf"

SWITCH#show boot
BOOT variable = bootflash:packages.conf;

For some switches (e.g., Catalyst 9300), the mode is displayed directly.

SWITCH#show version
...
Switch Ports Model              SW Version        SW Image              Mode
------ ----- -----              ----------        ----------            ----
*    1 65    C9300-48P          16.12.4           CAT9K_IOSXE           INSTALL
     2 65    C9300-48P          16.12.4           CAT9K_IOSXE           INSTALL

Upgrade Process

The upgrade consists of three steps, which can be run separately.

• Add - download and copy the image .bin to the switch's Flash memory (for a stack, to all members; for StackWise Virtual, to the active and standby switches), extract the .pkg files (packages)
• Activate - install the packages and restart, for a stack, this occurs simultaneously on all members; when using ISSU, it occurs sequentially (as mentioned below)
  • install on the standby switch (modify the .conf file, start the Rollback Timer), restart (running on the new version)
  • install on the active switch (modify the .conf file), restart (running on the new version)
  • during the active switch restart, the system switches to the standby switch
• Commit - confirm that the upgrade is complete, stop the Rollback Timer

The Rollback Timer is used to count down the time until the upgrade must be confirmed (commit) (default is 120 minutes). If not confirmed, the system reverts to the state before the upgrade when the timer expires. The timer can be stopped with a command.

SWITCH#install auto-abort-timer stop

In-Service Software Upgrades (ISSU)

StackWise Virtual supports In-Service Software Upgrades (ISSU). This is a process of upgrading to a new image while the network continues to forward packets. It helps prevent network outages during software upgrades. The upgrade occurs in install mode, where each package is updated individually. ISSU supports both upgrade and rollback. It is supported from certain versions for various platforms.

To use ISSU, certain prerequisites must be met. The main ones are: switches must be in Install Mode. Cisco Nonstop Forwarding with Stateful Switchover (SSO mode) must be enabled.

Note: I am a bit confused about where ISSU is supported. It is stated that it is supported on Catalyst 3850 and Catalyst 9000, which support StackWise Virtual. Then on standalone boxes that have two supervisors. I have ISSU commands available on the C9300, but the prerequisite check returns an error. It is somewhat misleading that the C9300 supports StackWise Virtual from IOS XE 16.12.1 (none of the commands work for me) - Unleashing the power of Catalyst 9000 Series switches with open Cisco IOS-XE 16.12.1.

Component Status for ISSU

SWITCH#show issu state detail
Current ISSU Status: Enabled
Previous ISSU Operation: N/A
=======================================================
System Check                        Status
-------------------------------------------------------
Platform ISSU Support               Yes
Standby Online                      Yes
Autoboot Enabled                    Yes
SSO Mode                            Yes
Install Boot                        Yes
Valid Boot Media                    Yes
=======================================================
No ISSU operation is in progress

When we try to display the status on the C9300, we get:

SWITCH#show issu state detail
Current ISSU Status: Disabled
Previous ISSU Operation: N/A
=======================================================
System Check                        Status
-------------------------------------------------------
Platform ISSU Support               Yes
Standby Online                      No
Autoboot Enabled                    Yes
SSO Mode                            Yes
Install Boot                        Yes
Valid Boot Media                    Yes
=======================================================
No ISSU operation is in progress

Performing the Upgrade in CLI

Upgrade Execution Options

The upgrade can be performed in one step (one command) or in three steps (three separate commands).

• 1-Step Work Flow - everything happens in one step, rollback is not possible
• 3-Step Work Flow - consists of the steps (commands) add, activate, and commit; until the last step is performed, rollback is possible

Three-Step Upgrade

Download and extract installation files on both switches. We can first copy the .bin file to Flash and then start the installation from it, or start from remote locations (FTP, HTTP, TFTP).

SWITCH#install add file flash:cat9k_iosxe.16.12.04.SPA.bin

SWITCH#install add file ftp://user:password@192.168.0.50/cat9k_iosxe.16.12.04.SPA.bin

Activate the installation. Either traditionally or using ISSU, where it is first performed on the standby switch and then on the active switch (and roles are swapped). If we use the issu parameter, a check is first performed to see if the ISSU method can be used. If the conditions are not met, the installation does not start (and we can restart without this parameter).

SWITCH#install activate

SWITCH#install activate issu

The last command cleans up and stops the Rollback Timer. After this, rollback is no longer possible.

SWITCH#install commit

One-Step Upgrade

With a single combined command, we can perform the entire installation at once. At the end, a commit is performed directly, so rollback is not possible. Otherwise, everything is the same as in the three steps above.

SWITCH#install add file flash:cat9k_iosxe.16.12.04.SPA.bin activate commit

SWITCH#install add file flash:cat9k_iosxe.16.12.04.SPA.bin activate issu commit

Additional Commands

During the upgrade, we can display information about the installation.

SWITCH#show install summary

Display information about installation operations since the last start.

SWITCH#show install log

Delete old files (previous versions, but all unused files are deleted, including all .bin files). A list is displayed, and deletion is confirmed.

SWITCH#install remove inactive

Cancel installation and rollback, various options.

SWITCH#install abort

SWITCH#install rollback to committed

SWITCH#install rollback to id 1

Example of Upgrading a Stack of Two C9300s

SWITCH#show switch
Switch/Stack Mac Address : 0029.c288.e100 - Local Mac Address
Mac persistency wait time: Indefinite
                                             H/W   Current
Switch#   Role    Mac Address     Priority Version  State
-------------------------------------------------------------------------------------
*1       Active   0029.c288.e100     1      V02     Ready
 2       Member   0029.c288.c480     1      V02     Ready

SWITCH#show version
...
Switch Ports Model              SW Version        SW Image              Mode
------ ----- -----              ----------        ----------            ----
*    1 64    C9300-48P          16.8.1a           CAT9K_IOSXE           INSTALL
     2 64    C9300-48P          16.8.1a           CAT9K_IOSXE           INSTALL

SWITCH#install add file ftp://uzivatel:heslo@192.168.0.50/cat9k_iosxe.16.12.04.SPA.bin
install_add: START Tue Nov 10 10:32:34 CET 2020
Downloading file ftp://uzivatel:heslo@192.168.0.50/cat9k_iosxe.16.12.04.SPA.bin
Finished downloading file ftp://uziv:heslo@192.168.0.50/cat9k_iosxe.16.12.04.SPA.bin to flash:cat9k_iosxe.16.12.04.SPA.bin
install_add: Adding PACKAGE

--- Starting initial file syncing ---
[1]: Copying flash:cat9k_iosxe.16.12.04.SPA.bin from switch 1 to switch 2
[2]: Finished copying to switch 2
Info: Finished copying flash:cat9k_iosxe.16.12.04.SPA.bin to the selected switch(es)
Finished initial file syncing

--- Starting Add ---
Performing Add on all members
  [1] Add package(s) on switch 1
  [1] Finished Add on switch 1
  [2] Add package(s) on switch 2
  [2] Finished Add on switch 2
Checking status of Add on [1 2]
Add: Passed on [1 2]
Finished Add

SUCCESS: install_add  Tue Nov 10 10:41:35 CET 2020

SWITCH#show install summary
[ Switch 1 2 ] Installed Package(s) Information:
State (St): I - Inactive, U - Activated & Uncommitted,
            C - Activated & Committed, D - Deactivated & Uncommitted
--------------------------------------------------------------------------------
Type  St   Filename/Version
--------------------------------------------------------------------------------
IMG   I    16.12.4.0.4480
IMG   C    16.8.1a.0.86

--------------------------------------------------------------------------------
Auto abort timer: inactive
--------------------------------------------------------------------------------

SWITCH#install activate
install_activate: START Tue Nov 10 21:01:35 CET 2020
install_activate: Activating PACKAGE
Following packages shall be activated:
/flash/cat9k-wlc.16.12.04.SPA.pkg
/flash/cat9k-webui.16.12.04.SPA.pkg
/flash/cat9k-srdriver.16.12.04.SPA.pkg
/flash/cat9k-sipspa.16.12.04.SPA.pkg
/flash/cat9k-sipbase.16.12.04.SPA.pkg
/flash/cat9k-rpboot.16.12.04.SPA.pkg
/flash/cat9k-rpbase.16.12.04.SPA.pkg
/flash/cat9k-guestshell.16.12.04.SPA.pkg
/flash/cat9k-espbase.16.12.04.SPA.pkg
/flash/cat9k-cc_srdriver.16.12.04.SPA.pkg

This operation requires a reload of the system. Do you want to proceed? [y/n]y
--- Starting Activate ---
Performing Activate on all members
  [1] Activate package(s) on switch 1
    --- Starting list of software package changes ---
    Old files list:
      Removed cat9k-cc_srdriver.16.08.01a.SPA.pkg
      Removed cat9k-espbase.16.08.01a.SPA.pkg
      Removed cat9k-guestshell.16.08.01a.SPA.pkg
      Removed cat9k-rpbase.16.08.01a.SPA.pkg
      Removed cat9k-rpboot.16.08.01a.SPA.pkg
      Removed cat9k-sipbase.16.08.01a.SPA.pkg
      Removed cat9k-sipspa.16.08.01a.SPA.pkg
      Removed cat9k-srdriver.16.08.01a.SPA.pkg
      Removed cat9k-webui.16.08.01a.SPA.pkg
      Removed cat9k-wlc.16.08.01a.SPA.pkg
    New files list:
      Added cat9k-cc_srdriver.16.12.04.SPA.pkg
      Added cat9k-espbase.16.12.04.SPA.pkg
      Added cat9k-guestshell.16.12.04.SPA.pkg
      Added cat9k-rpbase.16.12.04.SPA.pkg
      Added cat9k-rpboot.16.12.04.SPA.pkg
      Added cat9k-sipbase.16.12.04.SPA.pkg
      Added cat9k-sipspa.16.12.04.SPA.pkg
      Added cat9k-srdriver.16.12.04.SPA.pkg
      Added cat9k-webui.16.12.04.SPA.pkg
      Added cat9k-wlc.16.12.04.SPA.pkg
    Finished list of software package changes
  [1] Finished Activate on switch 1
  [2] Activate package(s) on switch 2
    --- Starting list of software package changes ---
    Old files list:
      Removed cat9k-cc_srdriver.16.08.01a.SPA.pkg
      Removed cat9k-espbase.16.08.01a.SPA.pkg
      Removed cat9k-guestshell.16.08.01a.SPA.pkg
      Removed cat9k-rpbase.16.08.01a.SPA.pkg
      Removed cat9k-rpboot.16.08.01a.SPA.pkg
      Removed cat9k-sipbase.16.08.01a.SPA.pkg
      Removed cat9k-sipspa.16.08.01a.SPA.pkg
      Removed cat9k-srdriver.16.08.01a.SPA.pkg
      Removed cat9k-webui.16.08.01a.SPA.pkg
      Removed cat9k-wlc.16.08.01a.SPA.pkg
    New files list:
      Added cat9k-cc_srdriver.16.12.04.SPA.pkg
      Added cat9k-espbase.16.12.04.SPA.pkg
      Added cat9k-guestshell.16.12.04.SPA.pkg
      Added cat9k-rpbase.16.12.04.SPA.pkg
      Added cat9k-rpboot.16.12.04.SPA.pkg
      Added cat9k-sipbase.16.12.04.SPA.pkg
      Added cat9k-sipspa.16.12.04.SPA.pkg
      Added cat9k-srdriver.16.12.04.SPA.pkg
      Added cat9k-webui.16.12.04.SPA.pkg
      Added cat9k-wlc.16.12.04.SPA.pkg
    Finished list of software package changes
  [2] Finished Activate on switch 2
Checking status of Activate on [1 2]
Activate: Passed on [1 2]
Finished Activate

[1 2]: Performing MCU_Upgrade_Service
  SUCCESS: MCU_Upgrade_Service finished
Install will reload the system now!
SUCCESS: install_activate  Tue Nov 10 21:06:26 CET 2020

SWITCH#show install summary
[ Switch 1 2 ] Installed Package(s) Information:
State (St): I - Inactive, U - Activated & Uncommitted,
            C - Activated & Committed, D - Deactivated & Uncommitted
--------------------------------------------------------------------------------
Type  St   Filename/Version
--------------------------------------------------------------------------------
IMG   U    16.12.4.0.4480

--------------------------------------------------------------------------------
Auto abort timer: active on install_activate, time before rollback - 01:49:00
--------------------------------------------------------------------------------

SWITCH#install commit
install_commit: START Tue Nov 10 21:21:38 CET 2020
install_commit: Committing PACKAGE

--- Starting Commit ---
Performing Commit on all members
  [1] Commit package(s) on switch 1
  [1] Finished Commit on switch 1
  [2] Commit package(s) on switch 2
  [2] Finished Commit on switch 2
Checking status of Commit on [1 2]
Commit: Passed on [1 2]
Finished Commit

SUCCESS: install_commit  Tue Nov 10 21:21:49 CET 2020

SWITCH#show install summary
[ Switch 1 2 ] Installed Package(s) Information:
State (St): I - Inactive, U - Activated & Uncommitted,
            C - Activated & Committed, D - Deactivated & Uncommitted
--------------------------------------------------------------------------------
Type  St   Filename/Version
--------------------------------------------------------------------------------
IMG   C    16.12.4.0.4480

--------------------------------------------------------------------------------
Auto abort timer: inactive
--------------------------------------------------------------------------------