Cisco Exams

Nondisruptive Downgrade on a Cisco MDS Fabric Switch

Next, let’s look at the process for a nondisruptive downgrade on a Cisco MDS fabric switch.

Step 1. Verify that the system image files for the downgrade are present in the active supervisor module bootflash:

switch# dir bootflash:

26126848 May 07 11:51:20 2019 m9250-s5ek9-kickstart-mz.8.4.1.bin
20090368 Apr 06 05:25:31 2001 m9250-s5ek9-kickstart-mz.7.3.1.DY.1.bin
20044800 Mar 30 15:42:05 2014 m9250-s5ek9-kickstart-mz.6.2.7.bin
107197681 Apr 06 05:26:53 2001 m9250-s5ek9-mz.6.2.5.bin.S68
107587249 Mar 30 15:42:52 2014 m9250-s5ek9-mz.6.2.7.bin

Step 2. If the software image file is not present, download it from an FTP or TFTP server to the active supervisor module bootflash. You can obtain the software image file from the Cisco.com Software Download Center: http://www.cisco.com/cisco/software/navigator.html.

switch# copy tftp://tftpserver.cisco.com/MDS/m9250-s5ek9-
kickstart-mz.7.3.1.DY.1.bin
bootflash:m9250-s5ek9-kickstart-mz.7.3.1.DY.1.bin
switch# copy tftp://tftpserver.cisco.com/MDS/m9250-s5ek9-
kickstart-mz.7.3.1.DY.1.bin
bootflash:m9250-s5ek9-kickstart-mz.7.3.1.DY.1.bin

Step 3. Ensure that the required space is available in the active supervisor:

switch# dir bootflash:

26126848 May 07 11:51:20 2019 m9250-s5ek9-kickstart-mz.8.4.1.bin
12288 Aug 26 19:06:14 2011 lost+found/
18939904 Jul 01 10:54:49 2011 m9250-s5ek9-kickstart-mz.6.2.5.bin
101756072 Jul 01 10:33:52 2011 m9250-s5ek9-mz.6.2.5.bin

Usage for bootflash://sup-local
120695976 bytes used
63863640 bytes free
184559616 bytes total

Step 4. If you need more space in the active supervisor module bootflash, delete the files that are not required, to make space available:

switch# delete bootflash: m9250-s5ek9-kickstart-mz.6.2.5.bin
switch# delete bootflash: m9250-s5ek9-kickstart-mz.6.2.5.bin

Step 5. Run the show incompatibility system image-filename command to determine whether you must disable the features not supported by a release earlier than the release that is installed.

switch# show incompatibility system bootflash:m9250-s5ek9-kickstart-
mz.7.3.1.DY.1.bin
no incompatible configuration

Step 6. Save the configuration using the copy running-config startup-config command:

switch# copy running-config startup-config

Step 7. Run the install all command to downgrade the software:

switch(config)# install all kickstart
m9250-s5ek9-kickstart-mz.7.3.1.DY.1.bin system
m9250-s5ek9-mz.7.3.1.DY.1.bin
Installer will perform compatibility check first. Please wait.

Verifying image bootflash:/m9250-s5ek9-kickstart-mz.7.3.1.DY.1.bin for
boot variable “kickstart”.
[####################] 100% — SUCCESS

Verifying image bootflash:/m9250-s5ek9-mz.7.3.1.DY.1.bin for boot
variable “system”.
[####################] 100% — SUCCESS

Performing module support checks.
[####################] 100% — SUCCESS

Verifying image type.
[####################] 100% — SUCCESS

Extracting “system” version from image
bootflash:/m9250-s5ek9-mz.7.3.1.DY.1.bin.
[####################] 100% — SUCCESS

Extracting “kickstart” version from image
bootflash:/m9250-s5ek9-kickstart-mz.7.3.1.DY.1.bin.
[####################] 100% — SUCCESS

Extracting “bios” version from image
bootflash:/m9250-s5ek9-mz.7.3.1.DY.1.bin.
[####################] 100% — SUCCESS

Performing Compact Flash and TCAM sanity test.
[####################] 100% — SUCCESS

Notifying services about system upgrade.
[####################] 100% — SUCCESS



Compatibility check is done:

Module bootable Impact Install-type Reason
——   ——–    ——    ————–    ——
1 yes    non-disruptive reset
Other miscellaneous information for installation:

Module info
—— ———————————-
1      FC ports 1-40 and FCoE ports 1-8 are hitless, IPS 1-2 are hitful,
and
       Intelligent Applications running are hitful

Images will be upgraded according to following table:
Module Image       Running-Version     New-Version   Upg-Required
—— ———   ——————  ————  ————-
1      system      8.1(1b)             7.3(1)DY(1)             yes
1      kickstart   8.1(1b)             7.3(1)DY(1)             yes
1      bios v2.1.17(01/08/14):v2.1.17(01/08/14) v2.1.17(01/08/14)  no

Do you want to continue with the installation (y/n)?  [n] y

Install is in progress, please wait.

Performing runtime checks.
[####################] 100% — SUCCESS

Notifying services about the upgrade.
[####################] 100% — SUCCESS

Setting boot variables.
[####################] 100% — SUCCESS

Performing configuration copy.
[####################] 100% — SUCCESS

Module 1: Refreshing compact flash and Upgrading
bios/loader/bootrom/power-seq.
Warning: please do not remove or power off the module at this time.
[####################] 100% — SUCCESS

Converting startup config.
[####################] 100% — SUCCESS

Upgrade can no longer be aborted, any failure will result in a disruptive
upgrade.

Freeing memory in the file system.
[####################] 100% — SUCCESS

Loading images into memory.
[####################] 100% — SUCCESS
Saving linecard runtime state.
[####################] 100% — SUCCESS

Saving supervisor runtime state.
[####################] 100% — SUCCESS

Saving mts state.
[####################] 100% — SUCCESS

Reloading the kernel to proceed with the upgrade.
All telnet and ssh connections will now be temporarily terminated.
<output omitted>

Status for linecard upgrade.
[####################] 100% — SUCCESS

Performing supervisor state verification.
[####################] 100% — SUCCESS

Install has been successful.

Step 8. Run the show version command to verify the successful downgrade:

switch# show version

Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/
tsd_products_support_series_home.html
Copyright (c) 2002-2016, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.

Software
BIOS: version 2.1.17
loader: version N/A
kickstart: version 7.3(1)DY(1)
system: version 7.3(1)DY(1)
BIOS compile time: 01/08/14
kickstart image file is:
bootflash:///m9250-s5ek9-kickstart-mz.7.3.1.DY.1.bin.S21
kickstart compile time: 1/11/2016 16:00:00 [02/11/2016 10:35:42]
system image file is: bootflash:///m9250-s5ek9-mz.7.3.1.DY.1. bin.S21
system compile time: 1/11/2016 16:00:00 [02/11/2016 13:08:53]


Hardware
cisco MDS 9250i 40 FC 2 IPS 8 FCoE (2 RU) Chassis (“40FC+8FCoE+2IPS
Supervisor”)
Motorola, e500v2, core 0 with 4155752 kB of memory.
Processor Board ID JAF1626BCQH

Device name: alishan-dr
bootflash: 4013856 kB

Kernel uptime is 0 day(s), 17 hour(s), 18 minute(s), 58 second(s)

Last reset at 443194 usecs after Wed Aug 31 10:58:41 2016

Reason: Reset due to upgrade
System version: 7.3(1)DY(1)
Service:

plugin
Core Plugin
switch#

Step 9. Verify the status of the modules in the switch, using the show module command:

switch# show module

Mod  Ports  Module-Type                   Model
Status
—  —–  ————————–    ——————-
———
1    50     40FC+8FCoE+2IPS Supervisor    DS-C9250i-22PK9-SUP    active
*

Mod  Sw          Hw World-Wide-Name(s) (WWN)
—  ———-  — ————————————————
1   7.3(1)DY(1)  0.9 20:01:54:7f:ee:1b:14:a0 to 20:28:54:7f:ee:1b:14:a0


Mod  MAC-Address(es)                            Serial-Num
—  ————————————–     ———-
1    f0-f7-55-29-50-60 to f0-f7-55-29-50-6f     JAF1626BCQH

* this terminal session

switch#

Cisco Exams

Nondisruptive Upgrade on a Cisco MDS Fabric Switch

Let’s first look at the process for a nondisruptive upgrade on a Cisco MDS fabric switch.

Before performing an upgrade, use the show install all impact command to view the effect of updating the system from the running image to another specified image.

Step 1. Verify that the system image files for the upgrade are present on the active supervisor module bootflash:

switch# dir bootflash:

25863680 Sep 23 12:02:16 2017 m9250-s5ek9-kickstart-mz.8.2.1.bin
25864704 Sep 05 12:21:26 2018 m9250-s5ek9-kickstart-mz.8.2.1.bin
25869312 Apr 01 12:29:34 2018 m9250-s5ek9-kickstart-mz.8.2.2.bin
25869312 Apr 12 01:55:22 2018 m9250-s5ek9-kickstart-mz.8.2.2.bin
25947136 Nov 09 13:41:43 2018 m9250-s5ek9-kickstart-mz.8.3.1.bin
25970176 Jan 17 14:10:47 2019 m9250-s5ek9-kickstart-mz.8.3.2.bin
26126848 May 07 11:51:20 2019 m9250-s5ek9-kickstart-mz.8.4.1.bin

Usage for bootflash://sup-local

2838728704 bytes used
520916992 bytes free
3359645696 bytes total

Step 2. If the software image file is not present, download it from an FTP or TFTP server to bootflash. You can obtain the software image file from the Cisco.com Software Download Center at http://www.cisco.com/cisco/software/navigator.html.

switch# copy
tftp://tftpserver.cisco.com/MDS/m9250-s5ek9-kickstart-mz.8.4.1.bin
bootflash:m9250-s5ek9-kickstart-mz.8.4.1.bin
switch# copy tftp://tftpserver.cisco.com/MDS/m9250-s5ek9-mz.8.4.1.bin
bootflash:m9250-s5ek9-mz.8.4.1.bin

Step 3. Ensure that the required space is available on the switch:

switch# dir bootflash:
25863680 Sep 23 12:02:16 2017 m9250-s5ek9-kickstart-mz.8.2.1.bin
25864704 Sep 05 12:21:26 2018 m9250-s5ek9-kickstart-mz.8.2.1.bin
25869312 Apr 01 12:29:34 2018 m9250-s5ek9-kickstart-mz.8.2.2.bin
25869312 Apr 12 01:55:22 2018 m9250-s5ek9-kickstart-mz.8.2.2.bin
25947136 Nov 09 13:41:43 2018 m9250-s5ek9-kickstart-mz.8.3.1.bin
25970176 Jan 17 14:10:47 2019 m9250-s5ek9-kickstart-mz.8.3.2.bin
26126848 May 07 11:51:20 2019 m9250-s5ek9-kickstart-mz.8.4.1.bin

Usage for bootflash://sup-local
120695976 bytes used
63863640 bytes free
184559616 bytes total

Step 4. If you need more space on the switch, delete the files that are not required:

switch# delete bootflash: m9250-s5ek9-kickstart-mz.8.2.1.bin
switch# delete bootflash: m9250-s5ek9-kickstart-mz.8.2.1.bin

Step 5. Save the configuration using the copy running-config startup-config command:

switch# copy running-config startup-config

You can also back up your existing configuration to a file, using the copy running-config bootflash:backup_config.txt command. You can add a date reference to the .txt filename to identify the file later.

Step 6. Perform the upgrade by running the install all command:

switch# install all kickstart m9250-s5ek9-kickstart-mz.8.4.1.bin system
m9250-s5ek9-mz.8.4.1.bin
Installer will perform compatibility check first. Please wait.
y
Verifying image bootflash:/m9250-s5ek9-kickstart-mz.8.4.1.bin for boot
variable “kickstart”.
[# ] 0%
[####################] 100% — SUCCESS
Verifying image bootflash:/m9250-s5ek9-mz.8.4.1.bin for boot variable
“system”.
[####################] 100% — SUCCESS
Performing module support checks.
[####################] 100% — SUCCESS
Verifying image type.
[####################] 100% — SUCCESS
Extracting “system” version from image
bootflash:/m9250-s5ek9-mz.8.4.1.bin
[####################] 100% — SUCCESS
Extracting “kickstart” version from image
bootflash:/m9250-s5ek9-kickstart-mz.8.4.1.bin
[####################] 100% — SUCCESS
Extracting “bios” version from image bootflash:/m9250-s5ek9-mz.8.4.1.bin
[####################] 100% — SUCCESS
Performing Compact Flash and TCAM sanity test.
[####################] 100% — SUCCESS
Notifying services about system upgrade.
[####################] 100% — SUCCESS
Compatibility check is done:
Module bootable Impact Install-type   Reason
        ——  ——–  ——  ————–  ——
        1                yes    non-disruptive reset

        Other miscellaneous information for installation:
        Module info
        —— ———————————-
        1      FC ports 1-40 and FCoE ports 1-8 are hitless, IPS 1-2 are
hitful,
               and Intelligent Applications running are hitful

        Images will be upgraded according to following table:
        Module Image      Running-Version             New-Version
Upg-Required
        —— —–      —————             ————
———–
        1      system     8.1(1)                      8.4(1)       yes
        1      kickstart  8.1(1)                      8.4(1)       yes
        1      bios       v2.1.17(01/08/14):v2.1.17(01/08/14)
v2.1.17(01/08/14) no


Do you want to continue with the installation (y/n)? [n] y
Install is in progress, please wait.
Performing runtime checks.
[####################] 100% — SUCCESS
Notifying services about the upgrade.
[####################] 100% — SUCCESS
Setting boot variables.
[####################] 100% — SUCCESS
Performing configuration copy.
[####################] 100% — SUCCESS
Module 1: Refreshing compact flash and Upgrading bios/loader/bootrom/power-seq.
Warning: please do not remove or power off the module at this time.
[####################] 100% — SUCCESS
Upgrade can no longer be aborted, any failure will result in a disruptive
upgrade.
Freeing memory in the file system.
[####################] 100% — SUCCESS
Loading images into memory.
[####################] 100% — SUCCESS
Saving linecard runtime state.
[####################] 100% — SUCCESS
Saving supervisor runtime state.
[####################] 100% — SUCCESS
Saving mts state.
[####################] 100% — SUCCESS
Reloading the kernel to proceed with the upgrade.
<output omitted>
Loading system software
Uncompressing system image: bootflash:///m9250-s5ek9-mz.8.4.1.bin
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
Load plugins that defined in image conf: /isan/plugin_img/img.conf
<output omitted>Continuing with installation process, please wait.
The login will be disabled until the installation is completed.
Status for linecard upgrade.
[####################] 100% — SUCCESS
Performing supervisor state verification.
[####################] 100% — SUCCESS
Supervisor non-disruptive upgrade successful.
Install has been successful.

Step 7. Log in to the switch:

MDS Switch
x.x.x.x login: admin
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under
license. Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or the GNU
Lesser General Public License (LGPL) Version 2.1. A copy of each
such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://www.opensource.org/licenses/lgpl-2.1.php

Step 8. Run the show version command to verify the upgraded image version:

switch# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/
tsd_products_support_series_home.html
Copyright (c) 2002-2019, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
BIOS: version 2.1.17
loader: version N/A
kickstart: version 8.4(1) [build 8.4(1)]
system: version 8.4(1) [build 8.4(1)]
BIOS compile time: 01/08/14
kickstart image file is: bootflash:///m9250-s5ek9-kickstart-mz.8.4.1.bin
kickstart compile time: 6/1/2019 23:00:00 [05/07/2019 04:18:10]
486system image file is: bootflash:///m9250-s5ek9-mz.8.4.1.bin
system compile time: 6/1/2019 23:00:00 [05/07/2019 07:09:57]
Hardware
cisco MDS 9250i 40 FC 2 IPS 8 FCoE (2 RU) Chassis (“40FC+8FCoE+2IPS
Supervisor”)
Motorola, e500v2 with 4088636 kB of memory.
Processor Board ID JAF1804AAFG
Device name: MDS9250i
bootflash: 4001760 kB
Kernel uptime is 0 day(s), 0 hour(s), 7 minute(s), 42 second(s)
Last reset at 288238 usecs after Thu May 9 11:40:56 2019
Reason: Reset due to upgrade
System version: 8.1(1)
Service:
plugin
Core Plugin

Step 9. Verify the status of the modules on the switch, using the show module command:

switch# show module

Mod Ports Module-Type                Model            Status
— —– ————————– —————  ———
1   50    40FC+8FCoE+2IPS Supervisor DS-C9250I-K9-SUP  active *
Mod Sw     Hw    World-Wide-Name(s) (WWN)
— —–  —-  —————————————————
1   8.4(1) 1.0   20:01:00:2a:6a:1b:64:d0 to 20:28:00:2a:6a:1b:64:d0
Mod MAC-Address(es)                          Serial-Num
— ————————————–   ————
1   b8-38-61-4a-25-c0 to b8-38-61-4a-25-cf   JAF1804AAFG

Step 10. To display the status of a nondisruptive upgrade on a fabric switch, use the show install all status command. The command output displays the status only after the switch has rebooted with the new image. All the actions preceding the reboot are not captured in this output because when you enter the install all command using a Telnet session, the session is disconnected when the switch reboots. When you reconnect to the switch through a Telnet session, the upgrade may already be complete, in which case, the output displays the status of the upgrade.

switch# show install all status

This is the log of last installation.

Continuing with installation process, please wait.
The login will be disabled until the installation is completed.

Status for linecard upgrade.
— SUCCESS

Performing supervisor state verification.
— SUCCESS

Install has been successful

Cisco Exams

Cisco MDS NX-OS Software Upgrade and Downgrade

A Cisco MDS switch is shipped with the Cisco MDS NX-OS operating system for the Cisco MDS 9000 Series multilayer directors and fabric switches. The Cisco MDS NX-OS software consists of two images: the kickstart image and the system image.

The software image install procedure depends on the following factors:

Software images: The kickstart and system image files reside in directories or folders that can be accessed from the Cisco MDS 9000 Series multilayer switch prompt.

Image version: Each image file has a version.

Flash disks on the switch: The bootflash: resides on the supervisor module, and the CompactFlash disk is inserted into the slot0: device.

Supervisor modules: Either single or dual supervisor modules are present. To realize the benefits of a nondisruptive upgrade on the Cisco MDS 9700 Series multilayer directors, you should install dual supervisor modules per the Cisco recommendation.

To determine the version of the Cisco MDS NX-OS software that is currently running on a Cisco MDS 9000 switch using the CLI, log in to the switch and run the show version command in privileged EXEC mode.

Use the show incompatibility-all system bootflash: system image filename command to determine which features are incompatible with the destination upgrade release, as follows:

switch(config)# show incompatibility-all system
bootflash:m9700-sf4ek9-mz.8.4.1.bin

Checking incompatible configuration(s):
No incompatible configurations


Checking dynamic incompatibilities:
No incompatible configurations

No payload encryption (NPE) images are also available with the Cisco MDS NX-OS software. The NPE images are intended for countries that have import restrictions on products that encrypt payload data. To differentiate an NPE image from a standard software image, the letters NPE are included in the image. Nondisruptive software upgrades or downgrades between NPE images and non-NPE images are not supported.

You can upgrade any switch in the Cisco MDS 9000 Family using one of the following methods:

Automated, one-step upgrade using the install all command: This upgrade is nondisruptive. The install all command upgrades all modules in any Cisco MDS 9000 Family switch. Cisco recommends having dual supervisors installed on the MDS switch while performing a nondisruptive upgrade. Although a nondisruptive update doesn’t require a switch reload, it disrupts the control plane for about 80 seconds.

Quick, one-step upgrade using the reload command: This upgrade is disruptive and requires a switch reload. Before running the reload command, copy the correct kickstart and system images to the correct location in bootflash and change the boot commands in your configuration.

Note

An upgrade or downgrade of control plane software that results in the data plane going down for any period of time is called a disruptive (or hitful) upgrade or downgrade, respectively. This includes a stateless restart. An upgrade or downgrade of control plane software that does not take down the data plane for any period of time is called a nondisruptive (or hitless) upgrade or downgrade, respectively. This includes a stateful restart.

When the Cisco MDS Series switch is first switched on or during reboot, the switch follows the boot sequence shown in Figure 11-2.

Figure 11-2 Boot Sequence

The BIOS on the supervisor module first runs power-on self-test (POST) diagnostics and then runs the loader bootstrap function. The boot parameters are held in NVRAM and point to the location and name of both the kickstart and system images. The loader obtains the location of the kickstart file, usually on bootflash, and verifies the kickstart image before loading it.

The kickstart loads the Linux kernel and device drivers and then needs to load the system image. Again, the boot parameters in NVRAM should point to the location and name of the system image, usually on bootflash. The kickstart then verifies the system image and loads it.

Finally, the system image loads the Cisco NX-OS software, checks the file systems, and proceeds to load the startup configuration, containing the switch configuration, from NVRAM.

If the boot parameters are missing or have an incorrect name or location, the boot process fails at the last stage. If this happens, the administrator must recover from the error and reload the switch. The install all command is a script that greatly simplifies the boot procedure and checks for errors and the upgrade impact before proceeding.

We discuss the disruptive and nondisruptive upgrade and downgrade procedures in detail in the following sections.

Cisco Exams

Cisco MDS NX-OS Setup Utility

The Cisco MDS NX-OS Setup Utility is an interactive command-line interface (CLI) mode that guides you through a basic (also called a startup) configuration of the system. The setup utility allows you to configure only enough connectivity for system management. The setup utility allows you to build an initial configuration file using the System Configuration dialog. The setup starts automatically when a device has no configuration file in NVRAM. The dialog guides you through initial configuration. After the file is created, you can use the CLI to perform additional configuration.

You can press Ctrl+C at any prompt to skip the remaining configuration options and proceed with what you have configured up to that point, except for the administrator password. If you want to skip answers to any questions, press Enter. If a default answer is not available (for example, the device host name), the device uses what was previously configured and skips to the next question. Figure 11-1 shows how to enter and exit the setup script.

You use the setup utility mainly for configuring the system initially, when no configuration is present. However, you can use the setup utility at any time for basic device configuration. The setup utility keeps the configured values when you skip steps in the script. For example, if you have already configured the mgmt0 interface, the setup utility does not change that configuration if you skip that step. However, if there is a default value for the step, the setup utility changes to the configuration using that default, not the configured value. Be sure to carefully check the configuration changes before you save the configuration.

Figure 11-1 Setup Script Flow

Before starting the setup utility, make sure you perform the following steps:

Step 1. Connect the console port on the supervisor module to the network. If you have dual supervisor modules, connect the console ports on both supervisor modules to the network.

Step 2. Connect the Ethernet management (mgmt) port on the supervisor module to the network. If you have dual supervisor modules, connect the Ethernet management ports on both supervisor modules to the network.

The first time that you access a switch in the Cisco MDS 9000 Family, it runs a setup program that prompts you for the IP address and other configuration information necessary for the switch to communicate over the supervisor module Ethernet interface (mgmt). This information is required to configure and manage the switch. The IP address can only be configured from the CLI. You can configure out-of-band management on the mgmt0 interface.

The in-band management logical interface is VSAN 1. This management interface uses the Fibre Channel infrastructure to transport IP traffic. An interface for VSAN 1 is created on every switch in the fabric. Each switch should have its VSAN 1 interface configured with either an IPv4 address or an IPv6 address in the same subnetwork. A default route that points to the switch providing access to the IP network should be configured on every switch in the Fibre Channel fabric.

Cisco Exams

Describe Software Management and Infrastructure Monitoring – Cisco CCNP and CCIE

The Cisco MDS 9000 Series of multilayer directors and fabric switches provides best-in-class high availability, scalability, security, and management, allowing you to deploy high-performance storage-area networks (SANs). Layering a rich set of intelligent features onto a high-performance switch fabric, the Cisco MDS 9000 Series addresses the stringent requirements of large data center storage environments: high availability, security, scalability, ease of management, and seamless integration of new technologies.

This chapter discusses the following key topics:

Cisco MDS NX-OS Setup Utility: This section discusses the Cisco MDS NX-OS Setup Utility and shows how it allows you to build an initial configuration file using the System Configuration dialog.

Cisco MDS NX-OS Software Upgrade and Downgrade: This section discusses the Cisco MDS NX-OS software disruptive and nondisruptive upgrade and downgrade procedures along with the electrical programmable logical device (EPLD) upgrade procedure.

Infrastructure Monitoring: This section discusses various system management features used to monitor and manage a switch using Cisco MDS NX-OS software including system messages, Call Home, Embedded Event Manager, RMON, SPAN, and RSPAN features.

“Do I Know This Already?” Quiz

The “Do I Know This Already?” quiz enables you to assess whether you should read this entire chapter thoroughly or jump to the “Exam Preparation Tasks” section. If you are in doubt about your answers to these questions or your own assessment of your knowledge of the topics, read the entire chapter. Table 11-1 lists the major headings in this chapter and their corresponding “Do I Know This Already?” quiz questions. You can find the answers in Appendix A, “Answers to the ‘Do I Know This Already?’ Quizzes.”

Table 11-1 “Do I Know This Already?” Section-to-Question Mapping

Caution

The goal of self-assessment is to gauge your mastery of the topics in this chapter. If you do not know the answer to a question or are only partially sure of the answer, you should mark that question as wrong for purposes of the self-assessment. Giving yourself credit for an answer you correctly guess skews your self-assessment results and might provide you with a false sense of security.

Cisco Exams

Cisco UCS S-Series Storage Servers

Cisco offers Cisco UCS S3260 Storage Server, which can be used as Network-attached storage (NAS) or SAN storage. The Cisco UCS S3260 Storage Server is a modular, high-density, high-availability, dual-node storage-optimized server well suited for service providers, enterprises, and industry-specific environments. It provides dense, cost-effective storage to address ever-growing data needs. It is optimized for large datasets used in environments such as big data, cloud, object storage, video surveillance, and content delivery.

The Cisco UCS S3260 server helps you achieve the highest levels of data availability and performance. With dual-node capability that is based on the 2nd Gen Intel Xeon Scalable processors, the server features up to 1080 TB of local storage in a compact 4-Rack-Unit (4RU) form factor. The drives can be configured with enterprise-class Redundant Array of Independent Disks (RAID) redundancy or with a pass-through Host Bus Adapter (HBA) controller. Network connectivity is provided up to 100G using Cisco VIC or third-party adapters, with expanded unified I/O capabilities for data migration between Network-Attached Storage (NAS) and SAN environments.

Figure 10-3 and 10-4 show the front view and rear view of Cisco UCS S3260 Storage Server respectively.

Figure 10-3 Front view of Cisco UCS S3260 Storage Server

Figure 10-4 Rear view of Cisco UCS S3260 Storage Server

Exam Preparation Tasks

As mentioned in the section “How to Use This Book” in the Introduction, you have a couple of choices for exam preparation: the exercises here, Chapter 21, “Final Preparation,” and the exam simulation questions in the Pearson Test Prep software online.

Cisco Exams

Describe NAS Concepts – Cisco CCNP and CCIE

Network-attached storage (NAS) is a centralized file-level (as opposed to block-level) external data storage server connected to a network providing data access to a heterogeneous group of clients such as Microsoft Windows, Apple, Macintosh, UNIX, and Linux platforms. NAS typically uses the existing network infrastructure based on IP and Ethernet. The management of the file system resides with the NAS storage system. With NAS, you can access data that might be stored across different platforms as if it were on your own computer. NAS can be used for public, private, and hybrid cloud storage for big data, virtual desktop infrastructure (VDI), high-performance computing (HPC), and so on. NAS systems contain one or more hard drives, often arranged into logical redundant storage containers or Redundant Array of Independent Disks (RAID).

NAS storage appliances provides terabytes of additional storage capacity, while providing automated, redundant data backups. Today’s NAS storage systems require minimal maintenance, reduce data storage costs, and provide fast file access from a centralized, secure data repository.

Figure 10-2 shows typical NAS server connectivity to a network infrastructure.

Figure 10-2 Typical NAS Server Connectivity

NAS supports two file- and data-sharing protocols—Common Internet File System (CIFS) and Network File System (NFS). CIFS is a version of the Server Message Block (SMB) protocol and was developed by Microsoft for Windows-based clients. SMB allows UNIX-based clients to access CIFS shared. CIFS and SMB are often used interchangeably because CIFS is a form of SMB. CIFS uses a client/server model where servers “share” and clients “use” or “map” the share. NFS was developed by Sun Microsystems for UNIX-based clients. Windows-based clients can also access NFS exports. NFS also uses a client/server model where servers “export” and clients “mount” the export. NFS is not compatible with CIFS/SMB; therefore, NFS clients cannot communicate directly with the SMB servers. However, UNIX and Linux clients can access CIFS shares by using SAMBA, which provides name resolution, file serving, and so on.

The top features to look for in an NAS storage appliance include

Redundant data backup: Ideally, one should be able to set up the NAS storage appliance as a RAID system. For example, in a RAID1 configuration, the same data is simultaneously stored on two hard drives. If one drive crashes, the data is still accessible from the second.

Fast data backup/restoration: For maximum performance, the NAS storage appliance should support the Gigabit Ethernet interface.

Lockability: For extra data security, most NAS storage appliances have a lockable front panel to prevent theft or tampering.

Small size and quiet operation: Some network storage appliances are small enough to fit on a shelf. Ideally, you should look for a quiet appliance that will not disturb nearby workers.

Support for Microsoft Distributed File System (MDFS): This feature allows you to map multiple storage devices, so users see them as one drive. Users do not have to remember which drive their data is stored on.

Cisco Exams

Describe NFS Concepts – Cisco CCNP and CCIE

Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems in 1984. NFS allows remote hosts to mount file systems over a network and interact with those file systems as though they are mounted locally. NFS uses a client/server model, in which a server makes directories on its storage accessible to one or more clients; and clients mount the directories to access the files in them. NFS uses remote procedure calls (RPCs) to route requests between clients and server, and TCP/IP as a transport protocol. NFS is hierarchical in nature, where directories (a special type of file) can contain further directories and files.

NFS (unlike Server Message Block, or SMB, which is a proprietary protocol) is an industry standard, defined by the IETF, and has several versions defined in different Requests for Comments (RFCs). Sun Microsystems used version 1 only for in-house experimental purposes. When the NFS protocol was released for general use, it was called NFS version 2. NFS version 2 supports both UDP and TCP. NFS version 2 with UDP as its transport protocol provides a stateless network connection between the server and the client. In the stateless condition, a server need not maintain any protocol state information about any of its clients in order to function correctly. Stateless servers have a distinct advantage over stateful servers in the event of a failure. With stateless servers, a client only needs to retry a request until the server responds; it does not even need to know that the server has crashed or that the network temporarily went down. The client of a stateful server, on the other hand, needs to either detect a server failure and rebuild the server’s state when it comes back up, or cause client operations to fail. NFS version 3 supports both UDP and TCP. NFS version 3 introduces support for larger files and file systems such as 64-bit file sizes and offsets, support for asynchronous writes on the server to improve write performance, and additional file attributes in many replies to avoid the need to refetch them. NFS version 3 provides backward compatibility with the existing installed base of NFS version 2 protocol implementations.

NFS version 4 uses the TCP protocol to communicate with the server. NFS version 4 offers advanced file caching for performance improvements and strong authentication, and it introduces a stateful protocol where client usage information of an object is maintained by the server. NFS version 4.1 provides protocol support to take advantage of clustered server deployments, including the ability to provide scalable parallel access to files distributed among multiple servers (pNFS extension). Version 4.1 also includes a session trunking mechanism (also known as NFS Multipathing) and is available in some enterprise solutions such as VMware ESXi. When the trunking is available, you can use multiple IP addresses to access a single NFS volume. NFS version 4.2 introduces new features including server-side clone and copy, application I/O advise, sparse files, space reservation, application data block (ADB), labeled NFS with sec_label that accommodates any MAC security system, and two new operations for pNFS (LAYOUTERROR and LAYOUTSTATS). A traditional file copy of a remotely accessed file, whether from one server to another or between locations in the same server, results in the data being put on the network twice—from the source to the client and then from the client to the destination. NFS version 4.2 allows unnecessary traffic to be eliminated, and a file can be copied between servers without copying it to the client first, as shown in Figure 10-1. Applications and clients want to advise the server to expected I/O behavior. Using IO_ADVISE to communicate future I/O behavior—such as whether a file will be accessed sequentially or randomly and whether a file will be accessed in the near future—allows servers to optimize future I/O requests for a file by, for example, prefetching or evicting data. Sparse files are those that have unallocated or uninitialized data blocks as holes in the file. Such holes are typically transferred as zeros when read from the file. Sparse files are very efficient because they do not store the zeros on disk; instead, they hold enough data describing how many zeros need to be generated while reading the file. To read more about the other features on NFS version 4.2, refer to RFC 7862 (https://tools.ietf.org/html/rfc7862).

Figure 10-1 NFS v4.2 Server-to-Server Copy

The advantage of NFSv4 over its predecessors is that only one IP port, 2049, is used to run the service, which simplifies using the protocol across firewalls. NFS is supported in a heterogenous environment: Windows, Linux, and even VMware clients support NFS shares (exports) of directories and files.

300-170, 300-175, 300-180, 300-206, 300-208, Cisco Exams

UCS Identity Pools – Cisco Unified Computing Systems Overview

The Cisco UCS Manager can classify servers into resource pools based on criteria including physical attributes (such as processor, memory, and disk capacity) and location (for example, blade chassis slot). Server pools can help automate configuration by identifying servers that can be configured to assume a particular role (such as web server or database server) and automatically configuring them when they are added to a pool.

Resource pools are collections of logical resources that can be accessed when configuring a server. These resources include universally unique IDs (UUIDs), MAC addresses, and WWNs.

The Cisco UCS platform utilizes a dynamic identity instead of hardware burned-in identities. A unique identity is assigned from identity and resource pools. Computers and peripherals extract these identities from service profiles. A service profile has all the server identities including UUIDs, MACs, WWNNs, firmware versions, BIOS settings, policies, and other server settings. A service profile is associated with the physical server that assigns all the settings in a service profile to the physical server.

In case of server failure, the failed server needs to be removed and the replacement server needs to be associated with the existing service profile of the failed server. In this service profile association process, the new server automatically picks up all the identities of the failed server, and the operating system or applications that depend on these identities do not observe any change in the hardware. In case of peripheral failure, the replacement peripheral automatically acquires the identities of the failed components. This significantly improves the system recovery time in case of a failure. Server profiles include many identity pools:

UUID suffix pools

MAC pools

IP pools

Server pools

Universally Unique Identifier Suffix Pools

A universally unique identifier suffix pool is a collection of System Management BIOS (SMBIOS) UUIDs that are available to be assigned to servers. The first number of digits that constitute the prefix of the UUID is fixed. The remaining digits, the UUID suffix, are variable. A UUID suffix pool ensures that these variable values are unique for each server associated with a service profile which uses that particular pool to avoid conflicts.

If you use UUID suffix pools in service profiles, you do not have to manually configure the UUID of the server associated with the service profile.

An example of creating UUID pools is as follows:

Step 1. In the Navigation pane, click Servers.

Step 2. Expand Servers > Pools.

Step 3. Expand the node for the organization where you want to create the pool. If the system does not include multitenancy, expand the root node.

Step 4. Right-click UUID Suffix Pools and select Create UUID Suffix Pool.

Step 5. In the Define Name and Description page of the Create UUID Suffix Pool wizard, complete the following fields (see Figure 12-46):

Figure 12-46 Creating UUID Suffix Pool

Step 6. Click Next.

Step 7. In the Add UUID Blocks page of the Create UUID Suffix Pool wizard, click Add.

Step 8. In the Create a Block of UUID Suffixes dialog box, complete the following fields:

Step 9. Click OK.

Step 10. Click Finish to complete the wizard.

You need to assign the UUID suffix pool to a service profile and/or template.

300-170, Cisco Exams

Shut down or not shut down – Cisco Unified Computing Systems Overview

When you delete a specified VLAN, the ports associated with that VLAN are shut down and no traffic flows. However, the system retains all of the VLAN-to-port mappings for that VLAN. When you re-enable or re-create the specified VLAN, the system automatically reinstates all of the original ports to that VLAN.

If a VLAN group is used on a vNIC and also on a port channel assigned to an uplink, you cannot delete and add VLANs in the same transaction. The act of deleting and adding VLANs in the same transaction causes ENM pinning failure on the vNIC. vNIC configurations are done first, so the VLAN is deleted from the vNIC and a new VLAN is added, but this VLAN is not yet configured on the uplink. Hence, the transaction causes a pinning failure. You must add and delete a VLAN from a VLAN group in separate transactions.

Access ports only send untagged frames and belong to and carry the traffic of only one VLAN. Traffic is received and sent in native formats with no VLAN tagging. Anything arriving on an access port is assumed to belong to the VLAN assigned to the port.

You can configure a port in access mode and specify the VLAN to carry the traffic for that interface. If you do not configure the VLAN for a port in access mode or an access port, the interface carries the traffic for the default VLAN, which is VLAN 1.

You can change the access port membership in a VLAN by configuring it. You must create the VLAN before you can assign it as an access VLAN for an access port. If you change the access VLAN on an access port to a VLAN that is not yet created, the Cisco UCS Manager shuts down that access port.

If an access port receives a packet with an 802.1Q tag in the header other than the access VLAN value, that port drops the packet without learning its MAC source address. If you assign an access VLAN that is also a primary VLAN for a private VLAN, all access ports with that access VLAN receive all the broadcast traffic for the primary VLAN in the private VLAN mode.

Trunk ports allow multiple VLANs to transport between switches over that trunk link. A trunk port can carry untagged packets simultaneously with the 802.1Q tagged packets. When you assign a default port VLAN ID to the trunk port, all untagged traffic travels on the default port VLAN ID for the trunk port, and all untagged traffic is assumed to belong to this VLAN. This VLAN is referred to as the native VLAN ID for a trunk port. The native VLAN ID is the VLAN that carries untagged traffic on trunk ports.

The trunk port sends an egressing packet with a VLAN that is equal to the default port VLAN ID as untagged; all the other egressing packets are tagged by the trunk port. If you do not configure a native VLAN ID, the trunk port uses the default VLAN.

Note

Changing the native VLAN on a trunk port or an access VLAN of an access port flaps the switch interface.