Upgrade Catalyst 9000 series

In the past, upgrade a switch was very easy: upload the IOS file (a .bin file), change the bootvar and reload the switch; then Cisco introduced the tar file using the “archive download-sw” command.

The archive download algorithm checked that the image was appropriate for the switch model, that enough DRAM was present and that md5 was correct. Then if all tests were ok, it started the unpacking of the tar file on all switches (in case of a stack) and changed the bootvar.

In the last years, Cisco introduced a new type of IOS: IOS XE.

The benefits are:
Open: Standards-based capabilities on Cisco network devices accelerate business and network innovation.
Programmable: Programmable interface enables process and orkflow automation.
Secure: End-to-end security and trust are built in.
Modular: Modular software independently upgrades individual software modules.

What is IOS XE?

While Cisco IOS is a monolithic operating system running directly on the hardware, the IOS XE series is a combination of a linux kernel and a (monolithic) application (IOSd) that runs on top of this kernel.

Cisco IOS XE Software Release Versioning

IOS XE has two modes of operation, Install and Bundle.

Install Mode

The Install mode uses a package-provisioning file named packages.conf in order to boot a switch. In addition, there are a number of .pkg files in the flash drive.

Bundle Mode

The Bundle mode uses monolithic Cisco IOS images to boot a switch. The Bundle mode consumes more memory than the Install mode because the packages are extracted from the bundle and copied to RAM.

To see what type of installation you have, type “show version”:

Ciscozine-9200#sh ver
Cisco IOS XE Software, Version 16.09.04
Cisco IOS Software [Fuji], Catalyst L3 Switch Software (CAT9K_LITE_IOSXE), Version 16.9.4, RELEASE SOFTWARE (fc2)
[…]
Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
1 52 C9200L-48P-4X 16.9.4 CAT9K_LITE_IOSXE INSTALL
2 52 C9200L-48T-4X 16.9.4 CAT9K_LITE_IOSXE INSTALL
[…]
Configuration register is 0x102
Ciscozine-9200#

Upgrade process

Remove unused files

This is necessary to free space:

install remove inactive

Note: If you have a stack, the command is executed on all switches.

Ciscozine-9200#install remove inactive
install_remove: START Thu Sep 24 12:07:28 UTC 2020
Cleaning up unnecessary package files
No path specified, will use booted path flash:packages.conf
Cleaning flash:
Scanning boot directory for packages … done.
Preparing packages list to delete …
[...]
The following files will be deleted:
/flash/cat9k_lite-rpboot.16.09.03.SPA.pkg
/flash/cat9k_lite-srdriver.16.09.03.SPA.pkg
/flash/cat9k_lite-webui.16.09.03.SPA.pkg
/flash/cat9k_lite_iosxe.16.09.04.SPA.bin
/flash/cat9k_lite_iosxe.16.09.04.SPA.conf
Do you want to remove the above files? [y/n]y
switch 1:
Deleting file flash:cat9k_lite_iosxe.16.09.04.SPA.bin … done.
SUCCESS: Files deleted.
switch 2:
Deleting file flash:cat9k_lite-rpbase.16.09.03.SPA.pkg … done.
Deleting file flash:cat9k_lite-rpboot.16.09.03.SPA.pkg … done.
Deleting file flash:cat9k_lite-srdriver.16.09.03.SPA.pkg … done.
Deleting file flash:cat9k_lite-webui.16.09.03.SPA.pkg … done.
Deleting file flash:cat9k_lite_iosxe.16.09.04.SPA.bin … done.
Deleting file flash:cat9k_lite_iosxe.16.09.04.SPA.conf … done.
SUCCESS: Files deleted.
--- Starting Post_Remove_Cleanup ---
Performing Post_Remove_Cleanup on all members
[...]
Finished Post_Remove_Cleanup
SUCCESS: install_remove Thu Sep 24 12:09:01 UTC 2020
Ciscozine-9200#
Copy the new image

copy usbflash0:cat9k_lite_iosxe.zz.xx.yy.SPA.bin flash:

Check md5 (optional)

Check the integrity file with the md5 signature presents on the Cisco download Center.

Cisco download software
Ciscozine-9200#verify /md5 flash:cat9k_lite_iosxe.16.12.04.SPA.bin 008101d12e11f1f5c8b8cf5627ff0c43
[…]
Done!
Verified (flash:cat9k_lite_iosxe.16.xx.yy.SPA.bin) = 008101d12e11f1f5c8b8cf5627ff0c43
Ciscozine-9200#

Note: The IOS-XE consistency is verified during installation, but my suggestion is to verify it before.

Change to install mode (optional)

To change a device running in bundle mode to install mode, set the boot variable to flash:packages.conf, and execute the install.

Ciscozine-9200#conf t
Ciscozine-9200(config)#boot system flash:packages.conf
Ciscozine-9200(config)#^Z
Ciscozine-9200#wr

Note: This step is not required if you are already in install mode.
Remember: Save your configuration!

Check the boot system

Ciscozine-9200#show boot
Switch 1
Current Boot Variables:
BOOT variable = flash:packages.conf;
Boot Variables on next reload:
BOOT variable = flash:packages.conf;
Manual Boot = no
Enable Break = no
Boot Mode = DEVICE
iPXE Timeout = 0
Ciscozine-9200#
Install the new image

Use this command to install the target image. You can point to the source image on your TFTP server or in flash if you have it copied to flash. My suggestion is to copy the .bin file to the flash.

Once this operation completes you’ll get prompted to reboot the switch stack.

Ciscozine-9200#install add file flash:cat9k_lite_iosxe.16.12.04.SPA.bin activate commit
install_add_activate_commit: START Thu Sep 24 12:15:58 UTC 2020
install_add_activate_commit: Adding PACKAGE
--- Starting initial file syncing ---
[1]: Copying flash:cat9k_lite_iosxe.16.12.04.SPA.bin from switch 1 to switch 2
[2]: Finished copying to switch 2
Info: Finished copying flash:cat9k_lite_iosxe.16.12.04.SPA.bin to the selected switch(es)
Finished initial file syncing
--- Starting Add ---
Performing Add on all members
[1] Add package(s) on switch 1
[1] Finished Add on switch 1
[2] Add package(s) on switch 2
[2] Finished Add on switch 2
Checking status of Add on [1 2]
Add: Passed on [1 2]
Finished Add
install_add_activate_commit: Activating PACKAGE
[…]
This operation requires a reload of the system. Do you want to proceed? [y/n]
[y/n]y
--- Starting Activate ---
Performing Activate on all members
[…]
Checking status of Activate on [1 2]
Activate: Passed on [1 2]
Finished Activate
--- Starting Commit ---
Performing Commit on all members
[1] Commit package(s) on switch 1
[1] Finished Commit on switch 1
[2] Commit package(s) on switch 2
[2] Finished Commit on switch 2
Checking status of Commit on [1 2]
Commit: Passed on [1 2]
Finished Commit
Install will reload the system now!
SUCCESS: install_add_activate_commit Thu Sep 24 12:29:27 UTC 2020
Ciscozine-9200#

Another approach, it is to copy the new release, activate and commit it:

install add file flash:cat9k_lite_iosxe.16.12.04.SPA.bin

Note: Install add takes the file and copies it to bootflash on all of the switches in the switch stack.

Unnpack the bin files and add them to the boot config:

install activate

Commit the new release:

install commit

Note: You can use the command “show install summary” to display information about the installation status of packages.

Note: after upgrading a switch/step, remember to free space with “install remove inactive”

Enable auto-upgrade

The feature will automatically upgrade a new switch to the same IOS XE version as the active switch, without any manual intervention. To automatically download consistent software versions to newly joined switches, you can use the following command from the global configuration mode:

Ciscozine-9200(config)# software auto-upgrade enable

This is what occurs when switch #4 (IOS XE 16.10.01) is added to a stack switch (IOS XE 16.12.04):

Ciscozine-9200#
*Sep 24 12:10:20.696: %STACKMGR-6-SWITCH_ADDED: Switch 2 R0/0: stack_mgr: Switch 4 has been added to the stack.
*Sep 24 12:10:20.697: %STACKMGR-6-SWITCH_ADDED: Switch 1 R0/0: stack_mgr: Switch 4 has been added to the stack.
*Sep 24 12:10:20.740: %STACKMGR-6-SWITCH_ADDED: Switch 3 R0/0: stack_mgr: Switch 4 has been added to the stack.
*Sep 24 12:10:21.172: %BOOT-3-BOOTTIME_INCOMPATIBLE_SW_DETECTED: Switch 1 R0/0: issu_stack: Incompatible software detected. Details: Chassis 4 is detected INCOMPATIBLE with software version of Active: FAILED: Version '16.10.01' mismatch with Active's running version '16.12.04' for package: 'guestshell'
*Sep 24 12:10:21.298: %AUTO_UPGRADE-5-AUTO_UPGRADE_START_CHECK: Switch 1 R0/0: auto_upgrade_client: Auto upgrade start checking for incompatible switches.
*Sep 24 12:10:24.452: %IOSXE_INFRA-6-PROCPATH_CLIENT_HOG: IOS shim client 'chasfs' has taken 3168 msec (runtime: 0 msec) to process a 'stack chasfs fd' message
*Sep 24 12:10:25.476: %AUTO_UPGRADE-5-AUTO_UPGRADE_INITIATED: Switch 1 R0/0: auto_upgrade_client: Auto upgrade initiated for switch 4.
[…]
*Sep 24 12:13:05.904: %AUTO_UPGRADE-5-AUTO_UPGRADE_FINISH: Switch 1 R0/0: auto_upgrade_client: Finished installing software on switch 4. A upgrade complete
*Sep 24 12:13:09.625: %AUTO_UPGRADE-5-AUTO_UPGRADE_RELOAD: Switch 1 R0/0: auto_upgrade_client: Reloading switch 4 to complete the auto upgrade. A reload after upgrade
[…]
*Sep 24 12:18:07.066: %STACKMGR-6-SWITCH_ADDED: Switch 4 R0/0: stack_mgr: Switch 4 has been added to the stack.
*Sep 24 12:18:07.066: %STACKMGR-6-SWITCH_ADDED: Switch 4 R0/0: stack_mgr: Switch 4 has been added to the stack.
*Sep 24 12:18:07.736: %HMANRP-6-HMAN_IOS_CHANNEL_INFO: HMAN-IOS channel event for switch 4: EMP_RELAY: Channel UP

Note: The auto-upgrade feature is not supported in bundled mode.

Moreover, the install command permits:

  • to install IOS XE in ISSU mode (In Service Software Upgrade).
  • to install SMU (Software Maintenance Upgrade) package.

but these features will be explained in the next post :)

References: