Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Ltrcrs 2090 Issu

Download as pdf or txt
Download as pdf or txt
You are on page 1of 47

LTRCRS-2090

Catalyst 9K High
Availability Lab

Minhaj Uddin – Technical Marketing Engineering


Sai Zeya – Technical Marketing Engineering
The goal of the session is to experience
new high availability features present on
the Catalyst 9k through Hands on Lab
Exercises

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda
• Introduction & Overview

• Lab 1 – Patchability/SMU

• Lab 2 – Graceful Insertion and Removal

• BREAK

• Lab 3 – Enhanced Fast Software Upgrade

• Lab 4 – Stackwise Virtual

• Lab 5 – In Service Software Upgrade

• Conclusion

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Lab 1 – Applying SMU/Patch
Software Maintenance Update ( SMU )
• SMU (Software Maintenance Upgrade) is an emergency point fix positioned for
expedited delivery to a customer in case of a network down or revenue affecting
scenario. SMUs are:
– Quick (able to deliver point fixes much faster than possible in IOS)
– Effective (does not require a monolithic code upgrade)
– Focused (target the specific area of code which has the issue)

• SMU is effectively like a medication:


– It addresses the issue effectively.
– In theory, there is no limit to the number you can take.
– In practice, you want to be selective when SMU’ing

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Why SMUs are needed?
Software Upgrades are Challenging

Cost

• Expensive Upgrades - Business Loss


• Each device upgrade causes Network outage

Time SMU
• Reduced IT staff slows software roll out Point Fixes
Reduces Validation –
• Physical presence required Scope & Time

Scope

• New Code requires bug analysis, certification

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
SMU Types

• Cold Patching (traffic-impacting)


• Install of a SMU will require a system reload

• Hot Patching (non traffic-impacting)


• Install of a SMU does not require a system reload
• This is also supported via Cisco DNAC

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
SMU Lifecycle – CLI
SMU SMU

SMU
Repository
Switch# install add …
Switch# install remove …
show install active
SMU Committed show install committed
Copy to Device
Memory: Process: Memory: Process:
show install inactive

Switch# install commit … Catalyst 9k


show install packages
Switch# install activate …

SMU Removed
Memory: Process: SMU Applied
Memory: Process:

Switch# install deactivate … Switch# install commit …


SMU Committed
Memory: Process:
LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Software Update Creation – Work Flow
Commit
Service NO
Fixed to next
DDTS Impacting
? SW
?
TAC/HTTS release
YES
NO
Investigat
Request Patch
e

DE Engineer Create SW update


SMU Council
approval
...
Create
DT Engineer SW Update

Unit /Dev Test


Documentation
Build Engineer Integration Test

Post on CCO

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
SMU Management Options
Problem: SMU Life Cycle Mgmt. at Scale is a challenge with (1) Device types (2) SW versions

There are three potential solutions

Programmable APIs
CLI Controller (Cisco DNA-C) (3rd Party tools -
Chef/Puppet/Ansible)

 Small Scale Deployments  Mass Scale Deployments  Mass Scale Deployments

 Per Device Access  SMU Analysis


 Standard Programmatic Interfaces
 Full Control  SMU Life Cycle Mgmt • Open Standards APIs
• Consistent across multiple
 SMU Alerts and Notification
platforms
 SMU Orchestration across Geo’s
 Script Support (Shell, Perl,
Python)

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Lab 1 Topology
C9300-SMU Ubuntu SMU Host
IP: 10.1.3.5 IP: 10.1.3.105

C9300-DATA Cisco DNAC Server


IP: 10.1.3.4 IP: 10.1.3.101

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Lab 2 – Graceful Insertion
and Removal
High Availability Architecture in Campus – GIR
Core

Catalyst 9500-24Q Catalyst 9500-24Q

Routed Access

Routing Protocols

Active
SSO
Standby
Stackwise-480
Active SUP Active
Standby SUP SSO
Standby

Catalyst 9400 Catalyst 9300


LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Graceful Insertion and Removal on Catalyst 9000
Isolation of Switch from network Gracefully

Stop Maintenance

Distribution Layer
Start Maintenance

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Graceful Insertion and Removal

Upgrades with no or Minimal Traffic Loss

Simple
Comprehensive Node Isolation Framework Customizable
Non-Traffic
Impacting
Easy Execution with a single command

Highly Customizable workflow

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
L2 and L3 Topology with GIR Isolation
9300#start maintenance
Template default will be applied.
Do you want to continue?[confirm]
*Mar 25 17:43:20.162: %MMODE-6-
MMODE_CLIENT_TRANSITION_START: Maintenance Isolate
start for router isis 1
*Mar 25 17:43:50.213: %MMODE-6-
MMODE_CLIENT_TRANSITION_COMPLETE: Maintenance Isolate
complete for router isis 1
*Mar 25 17:43:50.213: MMODE-6-
MMODE_CLIENT_TRANSITION%_START: Maintenance Isolate
start for shutdown l2
Set-overload-
*Mar 25 17:44:20.214: %MMODE-6-
MMODE_CLIENT_TRANSITION_COMPLETE: Maintenance Isolate Set-overload-
bit ISIS
complete for shutdown l2 bit
Set-overload-bit
*Mar 25 17:44:20.214: %MMODE-6-MMODE_ISOLATED: System
is in Maintenance

Order for Maintenance:

BGP -> IGPs in parallel (ISIS) -> L2

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
L2 and L3 Topology with GIR Isolation
9300#stop maintenance
*Mar 25 19:15:40.235: %MMODE-6-
MMODE_CLIENT_TRANSITION_START: Maintenance
Insert start for shutdown l2
*Mar 25 19:16:10.237: %MMODE-6-
MMODE_CLIENT_TRANSITION_COMPLETE: Maintenance
Insert complete for shutdown l2
*Mar 25 19:16:10.237: %MMODE-6-
MMODE_CLIENT_TRANSITION_START: Maintenance
Insert start for router isis 1
*Mar 25 19:16:40.288: %MMODE-6- No set-overload-
MMODE_CLIENT_TRANSITION_COMPLETE: Maintenance
Insert complete for router isis 1
No set-overload-
bit ISIS
*Mar 25 19:16:40.612: %MMODE-6-MMODE_INSERTED: No set-overload-bitbit
System is in Normal Mode

Order for Maintenance:

L2  IGPs in parallel (ISIS) -> BGP

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Graceful Insertion and Removal
Default and Customizable Templates

• Default Template 9300L#show system mode maintenance template default


System Mode: Normal
• System Generated Profile based on default maintenance-template details:
the switch configuration
router isis 1
shutdown l2
9300L#show system mode maintenance template test
• Customized Template System Mode: Normal
Maintenance Template test details:
• User Configured Profile based on shutdown l2
specific configuration or use case

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Graceful Insertion and Removal
Snapshots
Switch#show system snapshots compare before_maintenance
• Automatic Snapshots after_maintenance
• Snapshots are automatically ================================================================================
Feature Tag .before_maintenance .after_maintenance
generated when entering and ================================================================================
exiting maintenance mode [interface]

--------------------------------------------------------------------------------
[Name:Vlan1]
• Captures operational data packetsinput
[Name:GigabitEthernet1/0/3]
181587 **181589**

from the running system like packetsinput 101531 **101550**

Vlan’s, Routes etc. broadcasts


packetsoutput
80893
211568
**80910**
**211594**
[Name:GigabitEthernet1/0/8]
output 00:00:00, **00:00:04,**
packetsinput 6915 **6918**
packetsoutput 57677 **57706**

• User Configured Snapshots [Name:GigabitEthernet1/0/17]


packetsinput 101528 **101550**
broadcasts 80891 **80910**
packetsoutput 211570 **211600**
• Snapshots can be collected
manually for comparing and
troubleshooting

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Graceful Insertion and Removal
Maintenance Profile Options

• On-Reload 9300(config)#system mode maintenance


• If the switch is reloaded in 9300(config-maintenance)#?
maintenance mode, the
maintenance mode submode configuration commands: default
switch will come back in Set a command to its defaults
maintenance mode
exit Exit from maintenance configuration mode
failsafe Client ack timeout
no Negate a command or set its defaults
• Failsafe
on-reload On reload maintenance mode configuration
• Timeout for Client
template use maintenance-template
Acknowledgement
timeout maintenance duration

• Duration
• The Switch will come out of
maintenance after the
configured duration

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Lab 2 Topology
Loopback0

Core 4503
Switch Core
Ten2/1
ISIS

C9500-Left C9500-Right
Distribution
ISIS

Loopback0 Access
Switch C9300-Data Access

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
Lab 3 – Enhanced Fast Software
Upgrade
Achieving High Availability on Catalyst 9300
Enhanced Fast Software Upgrade
• eFSU provides a mechanism to
Control-Plane
upgrade and downgrade the software
image by segregating the Control plane Prefix
RIB

Next Hop

and Data Plane update 10.0.0.0 10.1.1.1

10.1.0.0 10.1.1.1

• It updates the control plane by leveraging 10.20.0.0 10.1.1.1

the NSF/GR Architecture with Flush and


Re-Learn mechanism to reduce the impact Data Plane
on the data plane FIB Table

Prefix Next HOP

10.1.1.1 aabbcc:ddee32

10.1.1.2 adbb32:d34e43

192.168.0.0 aa25cc:ddeee8

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Enhanced Fast Software Upgrade
Regular Upgrade Vs Enhanced Fast Software Upgrade Process

#Install add file image activate commit Enhanced Fast Software Upgrade

#Install add file image activate reloadfast commit

< 30 seconds of
traffic impact

Traffic is impacted throughout the upgrade cycle


* Limited Controlled Availability in 16.10.1

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Enhanced Fast Software Upgrade
Supported and Unsupported Designs without Stackwise-480

Layer 2/3 Access Layer Designs– eFSU Supported

STP
L2 Only L2 Only L3 connections with
x x Vlan1-10 Routing Protocols

Access Access OSPF


Layer Layer ISIS

Unsupported Designs

L2 Extensions with L2 Only Design with


Access Layer Device LACP and PagP
Port-channels

Access MEC MEC


Access Future
Layer Layer

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Enhanced Fast Software Upgrade
CLI Commands

• eFSU is supported only in install mode


• One step command which activates the fast software upgrade and
commits it

9300# install add file flash:cat9k_iosxe.BLD_V1610 activate reloadfast commit

• Fast Reload without Software upgrade

9300# Reload Fast

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Enhanced Fast Software Upgrade
Restrictions
• Enhanced FSU is not supported on a Stackwise-480
• Enhanced FSU is only supported and tested on Catalyst 9300-48U model
for ( 16.10.1* )
• Enhanced FSU is not supported on the switch configured with
LACP/PAGP Port-channels

* All 9300 models will be supported in 16.11.1 Release

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Lab 3 Topology
Loopback0

Core
Switch 4503
Core
Ten2/1
ISIS

C9500-Left C9500-Right
Distribution
ISIS

Loopback0 Access
Switch Access
C9300-Data LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Lab 4 - Stackwise Virtual
Stackwise Virtual Architecture
Control Plane

• Unified Control Plane Active

• Manage, Configure and


troubleshoot two switches Standby

as a single switch

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Stackwise Virtual Architecture
Data Plane

Catalyst 9500-24Q Catalyst 9500-24

• Active/Active Data Plane


Active Stackwise-Virtual Link Standby

• Both the switches are capable of


forwarding the traffic locally Port-Channel

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Stackwise Virtual Components

• Stackwise Virtual Link Dual-Active Detection Link


• Dedicated Stacking Link facilitating Catalyst 9500-24Q Catalyst 9500-24
communication between the
switches
• Dual Active Detection Link Active Stackwise-Virtual Link Standby

• Dedicated Connection to check and


avoid dual-active scenario
Port-Channel

• Multi-Chassis Ether-channel
• Port-Channel Spanning across
Stackwise virtual switches
• L2 and L3 Port-channels

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
High Availability
Dual-Active Protocols

Fast Hello Enhanced PAGP

Hello Hello
Switch 1 Switch 2 Switch 1 Switch 2
Active Standby Active Standby

 Direct L2 Point-to-Point Connection  Requires ePAGP capable


neighbor:

Sub-Second Convergence
 Sub-Second Convergence
 Typically ~50-100ms
 Typically ~200-250ms

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Lab 4 Topology
Core 4503
Switch Core

OSPF

DAD Link

C9500-Left SVL Link C9500-Right


Distribution
OSPF

Access C9300-Data Access


Switch LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Lab 5 – ISSU
Stackwise Virtual ISSU
ISSU Overview
Dual-Active Detection Link
Catalyst 9500-24Q Catalyst 9500-24Q
• ISSU provides a mechanism 16.9.3
16.9.2
to perform software upgrades and
downgrades without taking the
Stackwise-Virtual Link
switch out of service
• Leverages the capabilities of NSF
and SSO to allow the switch to
forward traffic during Supervisor IOS
upgrade (or downgrade)
• Key technology is the ISSU
Infrastructure
• Allows SSO between different versions

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
C9K ISSU
Stackwise Virtual ISSU and Dual Supervisor ISSU

3 Step Process
• Install add file <tftp/ftp/flash/disk:*.bin>
Granular Control on
the upgrade process
• Install activate ISSU
with ability to rollback
• Install commit

1 Step Process
• Install add file <tftp/ftp/flash/disk:*.bin>activate ISSU commit Single Command
to perform
complete ISSU

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Stackwise Virtual ISSU
ISSU Process

Install ISSU
Dual-Active Detection Link
Catalyst 9500-24Q Catalyst 9500-24Q
Auto-Switchover 1st Sub-second
2nd Sub-second 16.9.3
16.9.2 16.9.3
16.9.2 traffic
traffic convergence
convergence
Stackwise-Virtual Link

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
C9K ISSU Workflow
1. ISSU Started, Image is
expanded on Active and
Standby

V1 S1 Active
If S2 fails to become standby
it will revert back to step 1

V1 S2 Standby Abort Timer


Starts

2. Standby Reloads
with the new V2
Image

5. ISSU V2 S1 Standby
V1 S1 Active
Expired Abort timer will
Complete revert to Step 2 and then
V2 S2 Active Step 1 V1 V2 S2 Standby

Abort Timer
Expired

Abort Timer
Stopped
V1 V2 S1 Standby
3. Auto-Switchover causes S2 to
4. ‘Commit’ Keyword become new active and S1
stops the abort timer
V2 S2 Active
reloads with the new V2 image
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Lab 5 Topology
Core 4503
Switch Core

OSPF

DAD Link

C9500-Left SVL Link C9500-Right


Distribution
OSPF

Access
C9300-Data Access
Switch LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
High Availability on Catalyst 9000

Catalyst 9300 Catalyst 9400 Catalyst 9500


Graceful Insertion & Removal(GIR)
Supported Protocols: ISIS, OSPF,BGP, HSRP,VRRP

Software Maintenance Upgrade


• Cold Patching
• Hot Patching

• Stackwise-480 • Stackwise Virtual – 9500


• Stackwise Virtual*
• Stack Power • Stackwise Virtual – 9500H
• ISSU(Stackwise
• Fast Software
16.9.2
• ISSU with Stackwise
Virtual)
Upgrade Virtual
• ISSU ( Dual 16.9.2

• Enhanced Fast Supervisor)


Software Upgrade
* Sup1 & Sup1 XL with 9404 and 9407

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Cisco Webex Teams

Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session

How
1 Find this session in the Cisco Events Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space

cs.co/ciscolivebot# LTRCRS-2090

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Complete your online
session survey
• Please complete your Online Session
Survey after each session
• Complete 4 Session Surveys & the Overall
Conference Survey (available from
Thursday) to receive your Cisco Live T-
shirt
• All surveys can be completed via the Cisco
Events Mobile App or the Communication
Stations

Don’t forget: Cisco Live sessions will be available for viewing


on demand after the event at ciscolive.cisco.com

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Continue Your Education

Demos in Meet the Related


Walk-in
the Cisco engineer sessions
self-paced
Showcase labs 1:1
meetings

LTRCRS-2090 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Thank you

You might also like