Perform an MDS 9000 Series Switch Non-Disruptive Upgrade

Introduction

This document describes how to upgrade the firmware on a Cisco MDS 9000 Series Multilayer Director Switch (MDS).

Background Information

Tip: For more detailed information about the procedure that is described in this document, refer to the appropriate Cisco MDS 9000 NX-OS and SAN-OS Software Install and Upgrade Guide.

Non-Disruptive Upgrades Overview

All MDS switches support non-disruptive upgrades and downgrades subject to limitations listed in the MDS release notes.

On 97xx Series MDS with dual supervisors, during the firmware upgrade, the new code is loaded on the standby supervisor. A switchover then occurs in order to make the standby supervisor that runs the new code active. The code is then loaded on the previously active supervisor, and it becomes the new standby supervisor. The data plane continues to pass fiber channel traffic. The modules then non-disruptively start the upgrade process at the lowest numbered module and proceed to the highest.

On a 91xx, 92xx, or 93xx Series MDS, which has only one supervisor, the supervisor (control plane) is reloaded non-disruptively after the upgrade is completed. The data plane continues to pass fiber channel traffic.

If you intend to upgrade via Telnet, Secure Shell (SSH), or Simple Network Management Protocol (SNMP) (Fabric Manager/Device Manager), ensure that you have an Ethernet connection to both of the supervisors. When the supervisor non-disruptively restarts, your terminal session is lost.  You must reconnect to the switch. You connect to the previous standby supervisor now.

Note: Cisco recommends that firmware upgrades be completed from the local console.

Upgrade Firmware

Complete these steps in order to upgrade the firmware:

1. Read the MDS Release Notes for the version to which you intend to upgrade. Optionally, review the Release Notes between the old and new firmware levels so that you can learn about the changes. There is a table in the Release Notes that provides the non-disruptive upgrade path. Be sure to read the caveats and notifications in the Release Notes.
2. Copy the running configuration and the startup configuration so that you have a backup in the event that you have made a change that you did not save:
   

   MDS9148V# copy running-config startup-config
   

3. Enter this command in order to copy the running configuration to the bootflash, which ensures that there is a copy that can be used for backup and in order to check that the bootflash is not read-only (This is rare, but an error against the flash can cause this.):
   

   MDS9148V# copy running-config bootflash:$(SWITCHNAME)-$(TIMESTAMP).bkup

   
   Here is an example of the output on the bootflash:
   

   MDS9148V-2023-03-23-04.27.00.bkup

4. Save a copy of a Show Tech-Support Detail. This contains the current switch configuration, log files, and state of all interfaces. If there was an issue during or after an upgrade, having the state of the switch prior to the upgrade helps in troubleshooting, and reduces the time to diagnose an issue.
   

   MDS9148V# term redirect zip
   MDS9148V# show tech-support details > $(SWITCHNAME)-$(TIMESTAMP)-sh_ts_det-log.gz

   Tip: For more information about collecting show tech-support details, you can refer to this whitepaper.

5. Copy the configuration that you just saved to your TFTP server. This accomplishes three things: it verifies that you have an operational TFTP server, it verifies that you can reach the server over the IP network, and it places a copy of the configuration in a location that is external to the switch so that you have a backup in the event of a switch failure.
   

   Tip: There are many free TFTP servers available on the Internet. FTP, SFTP, and SCP can also be used. You can push or pull files from the switch if using the local admin user and enable switch features sftp-server or scp-server.

   
   Enter the copy bootflash: tftp:  command in order to copy the configuration to the TFTP server. Here is an example:
   

   MDS9148V# copy bootflash: tftp:
   <prompts for file name> MDS9148V-2023-03-23-04.27.00.bkup
   <prompt for tftp server name or ip address> 192.168.1.1

6. Copy the show tech-support detail to your TFTP server. Here is an example:
   

   MDS9148V# copy bootflash: tftp:
   <prompts for file name> MDS9148V-2023-03-23-04.27.59-sh_ts_det-log.gz
   <prompt for tftp server name or ip address> 192.168.1.1

7. Verify that you have a copy of the current firmware on your TFTP server so that you have a backup in the event that you must return to the original version. If you do not, copy it from the switch to the TFTP server at this time.
   Here are some examples:
   

   MDS9148V# copy bootflash: tftp:
   <prompts for file name> m9148v-s8ek9-kickstart-mz.9.3.1.bin
   <prompt for tftp server name or ip address> 192.168.1.1
   
   MDS9148V# copy bootflash: tftp:
   <prompts for file name> m9148v-s8ek9-mz.9.3.1.bin
   <prompt for tftp server name or ip address> 192.168.1.1

   Note: For the prompts for file name entries, use your actual current version.

8. Download the new NX-OS version from the Cisco Download Software page. You need both a kickstart and a system image. Place them on the TFTP server in the default TFTP directory.
   
   Cisco provides two types of firmware. Payload Non-Crypto, also known as Non-Payload Encryption (NPE), releases are for countries or governments that the United States Department of Commerce have listed as on a non-export list of software that includes encryption. Certain advanced troubleshooting abilities are not included in NPE releases. NPE releases can also limit the ability for Cisco to provide workarounds or hot fixes. Only customers that fall under the export restrictions are to be running NPE releases.
   
   You can use this table in order to choose your switch series, and then you can choose the switch model:
   
   

   Cisco MDS Series Switch Type	Naming Convention
   MDS 9132T Series	File name begins with m9100-s6ek9
   MDS 9148S Series	File name begins with m9100-s5ek9
   MDS 9148T Series	File name begins with m9148-s6ek9
   MDS 9148V Series	File name begins with m9148v-s8ek9
   MDS 9220i Series	File name begins with m9220-s7ek9
   MDS 9250i Series	File name begins with m9250-s5ek9
   MDS 9396S Series	FIle name begins with m9300-s1ek9
   MDS 9396T Series	FIle name begins with m9300-s2ek9
   MDS 9710, 9706, and 9718 Series                                   Supervisor Module-3	File name begins with m9700-sf3ek9
   MDS 9710, 9706, and 9718 Series                                   Supervisor Module-4	File name begins with m9700-sf4ek9

   
   Here is an example that uses the MDS 9148V Series firmware kickstart and system software Version 9.3(2a):
   

   m9148v-s8ek9-kickstart-mz.9.3.2a.bin
   m9148v-s8ek9-mz.9.3.2a.bin

   Note: On the Cisco download page, hover the filename in order to get the Message Digest5 (MD5)

   

   .

9. Verify that there is enough free space on the bootflash in order for the new images to be added. If not, you must erase at least the system image file. Keep the kickstart image so that in the event of a malfunction, you can get the switch to a point where you can load (TFTP) a new image. Once you have upgraded, you can delete the old version.
   
   Enter this command in order to check the bootflash free space:
   

   MDS9148V# dir bootflash:

   Additionally, if you run a dual-supervisor switch, enter this command in order to check that there is enough free space on the standby supervisor as well:
   

   MDS9148V# dir bootflash://sup-standby/

10. Download the new images to the bootflash on the switch from TFTP server:
    

    MDS9148V# copy tftp: bootflash:
    <prompts for file name> m9148v-s8ek9-kickstart-mz.9.3.2a.bin
    <prompt for tftp server name or ip address> 192.168.1.1
    
    MDS9148V# copy tftp: bootflash:
    <prompts for file name> m9148v-s8ek9-mz.9.3.2a.bin
    <prompt for tftp server name or ip address> 192.168.1.1

    Enter this command into the CLI in order to verify the checksum and the MD5 checksum:
    Valid MD5 checksum example:
    

    MDS9148V# show version image m9148v-s8ek9-mz.9.3.2a.bin
    MD5 Verification Passed
      image name: m9148v-s8ek9-mz.9.3.2a.bin
      bios: v1.05.0(05/14/2022)
      system: version 9.3(2a)
      compiled: 4/25/2023 12:00:00 [05/12/2023 18:58:57]

    Example of MD5 checksum that is invalid, and needs to be re-downloaded.
    

    MDS9148V# show version image m9148v-s8ek9-mz.9.3.2a.bin
    MD5 Verification Failed
    Image integrity check failed
    

11. Enter this command into the CLI in order to view the impact of this new code installation, check the images, and ensure that they are compatible with the switch:
    

    MDS9148V# show install all impact kickstart bootflash:m9148v-s8ek9-kickstart-mz.9.3.2a.bin
     system bootflash:m9148v-s8ek9-mz.9.3.2a.bin

    Tip: This command must be entered as a single line, not two seperate lines.  This command is not used for the installation, but it can be used in order to verify the installation process and provide a report showing the versions coming from and going to.  It also displays if this upgrade is disruptive or non-disruptive when time comes to execute the upgrade.

    Note: All file transfer sessions (like SFTP/SCP) to the switch must be closed before beginning the upgrade/downgrade process. Any open file transfer sessions can cause the switch to disruptively reload at the time of ISSU/D. See Cisco bug ID CSCvo22269 and Cisco bug ID CSCvu52058 for more information.  Clients have complained that MobaXterm opens a SFTP session when opening a SSH session, and can prevent the upgrade from occuring.

12. As an optional step, you can enter the show incompatibility system bootflash:m9148v-s8ek9-mz.9.3.2a.bin command into the CLI to check for incompatabilities betwNX-OS releases, and any switch switch events that would prevent the upgrade from upgrading. Here is an example:
    

    MDS9148V# show incompatibility system bootflash:m9148v-s8ek9-mz.9.3.2a.bin
    
    Cisco Fabric Services (CFS)
    
    The following configurations on active are incompatible with the system image:
    1) Service : cfs , Capability : CAP_FEATURE_CFS_ENABLED_DEVICE_ALIAS
    Description : CFS - Distribution is enabled for DEVICE-ALIAS
    Capability requirement : STRICT
    Disable command : no device-alias distribute

13. Enter this command into the CLI in order to install the firmware:
    

    MDS9148V# install all kickstart bootflash:m9148v-s8ek9-kickstart-mz.9.3.2a.bin
     system bootflash:m9148v-s8ek9-mz.9.3.2a.bin 

    Tip: The previous command is to be entered on a single command line.  Ensure that you monitor the impact table closely.

14. If having to upgrade through multiple hops to get to your target firmware version, repeat the whole process from Step 1.  It is important to always read the Release Notes, Save backups of the running config, and Collect show tech-support details between reach MDS release when making multiple hops.