Re: [c-nsp] ASR 9000 Upgrade Expectations

[James Bensley]

On 15 July 2016 at 09:44, brad dreisbach  wrote:
> i am beta testing 6.1.1(64b linux) in our lab and was provided a 5.3.3 smu
> that enables a new rommon that supports pxe boot over tcp(ive specifically
> tested http).

If you get a chance, please let us know how that goes. I'm playing
with PXE booting in 6.0.1 and its going "ok-ish". I think I'd rather
wait until 6.1.

Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

[brad dreisbach]

On Thu, Jul 14, 2016 at 11:10:53AM +0100, Nick Hilliard wrote:

James Bensley wrote:

Or if you are erasing and installing from fresh on the new version,
then the box is down for pretty much the whole 2 hours.


turboboot is not necessarily a bad idea if you're doing jumps from one
major version to the next or even 4.3 to 6.0.  The turboboot process
will add 30-40 minutes to the overall time schedule, but at least you
end up with a clean slate afterwards.

Regardless of what way you go about it, you need to make sure that the
tftp server is local.  Otherwise the crappy tftp implementation in the
bootrom will take ages due to ping-pong and there's no option for doing
this over tcp.


there is no option to turboboot over tcp currently, that is true. if you are 
doing inband upgrades you can use ftp. if you use tarballs to install your 
pie/smu bundle, they added a "mem" option in 5.3.3 that uses ram vs disk to 
untar. there was also another enhancement in the pipeline to increase the disk

write speed. i had tested it using a rommon variable that i cant recall now,
but it did seem to improve the speed somewhat. i'm not sure if they have 
implemented this by default. 

i am beta testing 6.1.1(64b linux) in our lab and was provided a 5.3.3 smu 
that enables a new rommon that supports pxe boot over tcp(ive specifically 
tested http).


-b
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

[Werner le Grange]

Hi Nick

The SMU count for 5.3.3 has grown quite rapidly in the last 2 months. 5.3.4
will be released in about 2 months from now and will include the SMU fixes
of 5.3.3.



On Wed, Jul 13, 2016 at 3:31 PM, Nick Griffin 
wrote:

> Hello, looking for some details in regards to an ASR9000 code upgrade.
> Currently running software version 5.1.1 with the following packages:
>
> Committed Packages:
>
> disk0:asr9k-mini-px-5.1.1
>
> disk0:asr9k-k9sec-px-5.1.1
>
> disk0:asr9k-mpls-px-5.1.1
>
> disk0:asr9k-mgbl-px-5.1.1
>
> disk0:asr9k-optic-px-5.1.1
>
> disk0:asr9k-fpd-px-5.1.1
>
> disk0:asr9k-li-px-5.1.1
>
>
> Installed are RSP-440TR's. We are currently looking to upgrade to version
> 5.3.3, or perhaps another version if one is recommended, looking for input
> here as well, in addition to an estimate as to how long this process is
> expected to take, along with perceived customer impact. If further details
> are necessary please let me know. I've referenced the following
> documentation for installation instructions. If there is something better
> or any best practices not covered, please feel free to advise!
>
>
>
> http://www.cisco.com/web/Cisco_IOS_XR_Software/pdf/ASR9K_Upgrade_Downgrade_Procedure_IOSXR_Rel_533.pdf
>
>
> Thanks in advance!
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

[James Bensley]

On 14 July 2016 at 11:10, Nick Hilliard  wrote:
> James Bensley wrote:
>> Or if you are erasing and installing from fresh on the new version,
>> then the box is down for pretty much the whole 2 hours.
>
> turboboot is not necessarily a bad idea if you're doing jumps from one
> major version to the next or even 4.3 to 6.0.  The turboboot process
> will add 30-40 minutes to the overall time schedule, but at least you
> end up with a clean slate afterwards.

Yes this is what we have been doing, we do a fresh install. I don't
want upgrades on upgrdes on SMUs on service packs etc.

> Regardless of what way you go about it, you need to make sure that the
> tftp server is local.  Otherwise the crappy tftp implementation in the
> bootrom will take ages due to ping-pong and there's no option for doing
> this over tcp.


This!

TFTP service with current and new IOS-XR images and turboboot files on
your laptop (if you on site in the DC) or a local TFTP server in the
OOB network in the DC (if working remotely). Absolute must, the 2 hour
downtime we incurr during an upgrade is about 45+ minutes of the
turboboot image copying and booting.


Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

[Nick Hilliard]

James Bensley wrote:
> Or if you are erasing and installing from fresh on the new version,
> then the box is down for pretty much the whole 2 hours.

turboboot is not necessarily a bad idea if you're doing jumps from one
major version to the next or even 4.3 to 6.0.  The turboboot process
will add 30-40 minutes to the overall time schedule, but at least you
end up with a clean slate afterwards.

Regardless of what way you go about it, you need to make sure that the
tftp server is local.  Otherwise the crappy tftp implementation in the
bootrom will take ages due to ping-pong and there's no option for doing
this over tcp.

Nick
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

[James Bensley]

On 14 July 2016 at 10:26, James Bensley  wrote:
> assuming there are no problems, 2 hours actual time

Sorry that wasn't clear.

That isn't specifically all down time. If you are upgrading IOS-XR
over-the-top of the existing version, downtime might be 45 minutes to
1 hour (you will have to reboot to boot from the new code version at
some point, and either reboot again to do FPD upgrades or at least
reboot certain line cards, so it's typically two seperate outages that
we just communicate out as 1 hour of consant downtime).

Or if you are erasing and installing from fresh on the new version,
then the box is down for pretty much the whole 2 hours.


Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

[James Bensley]

I'd go 5.3.3 with SP2 if you want stability, or wait for 6.1 to drop
if you want to be on the forefront (and lab test heavily of course).

I'd also schedule like 5 hours for the maintenance window, not 2 or 3.
If you get 90% of the way through an have to roll back, you'll need
more time. We are doing it in pretty much bang on 2 hours every time
(assuming no issues), if you have to roll back (what may involve
erasing the box and reinstalling the previous version from scratch)
that will take you another 2 hours. Add some checks and stabiliy time
either side, it's a 5 to 6 hour window (although assuming there are no
problems, 2 hours actual time).


Cheers,
James.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

[Tom Hill]

On 13/07/16 15:13, Jared Mauch wrote:
> There were improvements that went in 533+ which should improve your
> experience. I haven't checked if 602 hit CCO but you may want to look
> at that, or wait for 534.

Neither 6.0.2 or 5.3.4 has hit GA yet. 6.0.1 is (oddly) marked as MD
rather than ED, too.

-- 
Tom
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

[Tom Hill]

On 13/07/16 22:52, Mark Tinka wrote:
> 
> On 13/Jul/16 23:46, Curtis Piehler wrote:
> 
>> > So going from 5.1.X to 6.X.X will likely involve fpd upgrades?
> I've, pretty much, found an FPD update in every major release.

That has been my expectation - usually at least one component has a new
FW version.

Saying that, unless you're making quite a large version jump, it doesn't
take too long to complete. :)

-- 
Tom
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

[Mark Tinka]

On 13/Jul/16 23:46, Curtis Piehler wrote:

> So going from 5.1.X to 6.X.X will likely involve fpd upgrades?

I've, pretty much, found an FPD update in every major release.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

[Curtis Piehler]

So going from 5.1.X to 6.X.X will likely involve fpd upgrades?   I've been
hit by the SNMP OID bug that consumes memory over time but I can hold out
by restarting the SNMP process every once in a while.
On Jul 13, 2016 4:39 PM, "Gert Doering"  wrote:

> Hi,
>
> On Wed, Jul 13, 2016 at 10:30:11PM +0200, Juergen Marenda wrote:
> > Because of
> >
> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
> > sa-20160525-ipv6
> > asr9k: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz66542
> >
> > it should be 5.3.4.1 or for the brave 6.1.1.16
> > but I cannt see it for download (but 5.3.3 two times ! )
> >
> > ... waiting for a fix of severity-2 BUG for more than 6 weeks ...
>
> The SMU for that bug fix was available fairly quickly for 5.3.3 - unlike
> for 4.3.4 (still supported, but that bug did not get an SMU) or IOS (no
> word whatsoever)...  so you can't really complain here :-)
>
> > ... nice to read that for oldstyle IOS, it may be fixed in IOS XVI.IV
> (will
> > arrive A.D. MMXX ?)
> >
> > Workaround with ACLs reduces the Number of Layer3 (boteh ipv4 and IPv6)
> SVI
> > interfaces on my cat4900M
> > to less than 300 (out of TCAM resources...) just for the basics.
> >
> > I am desperately disappointed .
>
> Yay :(
>
> (We have deployed fairly extensive border ACLs for this, so the "soft
> core" is protected against fake & evil ND packets crossing the borders -
> and as long as your 4900Ms are not border routers, you could do similar...)
>
> gert
>
> --
> USENET is *not* the non-clickable part of WWW!
>//
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025
> g...@net.informatik.tu-muenchen.de
>
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

[Gert Doering]

Hi,

On Wed, Jul 13, 2016 at 10:30:11PM +0200, Juergen Marenda wrote:
> Because of 
> https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
> sa-20160525-ipv6
> asr9k: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz66542
> 
> it should be 5.3.4.1 or for the brave 6.1.1.16 
> but I cannt see it for download (but 5.3.3 two times ! )
> 
> ... waiting for a fix of severity-2 BUG for more than 6 weeks ...

The SMU for that bug fix was available fairly quickly for 5.3.3 - unlike
for 4.3.4 (still supported, but that bug did not get an SMU) or IOS (no
word whatsoever)...  so you can't really complain here :-)

> ... nice to read that for oldstyle IOS, it may be fixed in IOS XVI.IV (will
> arrive A.D. MMXX ?)
> 
> Workaround with ACLs reduces the Number of Layer3 (boteh ipv4 and IPv6) SVI
> interfaces on my cat4900M
> to less than 300 (out of TCAM resources...) just for the basics.
> 
> I am desperately disappointed .

Yay :(

(We have deployed fairly extensive border ACLs for this, so the "soft
core" is protected against fake & evil ND packets crossing the borders -
and as long as your 4900Ms are not border routers, you could do similar...)

gert

-- 
USENET is *not* the non-clickable part of WWW!
   //www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025g...@net.informatik.tu-muenchen.de


signature.asc
Description: PGP signature
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

[Juergen Marenda]

Because of 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-
sa-20160525-ipv6
asr9k: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz66542

it should be 5.3.4.1 or for the brave 6.1.1.16 
but I cannt see it for download (but 5.3.3 two times ! )

... waiting for a fix of severity-2 BUG for more than 6 weeks ...
... nice to read that for oldstyle IOS, it may be fixed in IOS XVI.IV (will
arrive A.D. MMXX ?)

Workaround with ACLs reduces the Number of Layer3 (boteh ipv4 and IPv6) SVI
interfaces on my cat4900M
to less than 300 (out of TCAM resources...) just for the basics.

I am desperately disappointed .

Just my 0.01 $,

Juergen.


___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

[Mark Tinka]

On 13/Jul/16 16:13, Jared Mauch wrote:

> We see around 1 hour of traffic loss due to upgrade times before adding in 
> FPD and others, which can extend to more like 3 hours. 

Yep, I'd say budget a 3hr window per router for the upgrade.

Mark.
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Re: [c-nsp] ASR 9000 Upgrade Expectations

[Jared Mauch]

We see around 1 hour of traffic loss due to upgrade times before adding in FPD 
and others, which can extend to more like 3 hours. 

There were improvements that went in 533+ which should improve your experience. 
I haven't checked if 602 hit CCO but you may want to look at that, or wait for 
534. 

Jared Mauch

> On Jul 13, 2016, at 6:31 AM, Nick Griffin  wrote:
> 
> Hello, looking for some details in regards to an ASR9000 code upgrade.
> Currently running software version 5.1.1 with the following packages:
> 
> Committed Packages:
> 
> disk0:asr9k-mini-px-5.1.1
> 
> disk0:asr9k-k9sec-px-5.1.1
> 
> disk0:asr9k-mpls-px-5.1.1
> 
> disk0:asr9k-mgbl-px-5.1.1
> 
> disk0:asr9k-optic-px-5.1.1
> 
> disk0:asr9k-fpd-px-5.1.1
> 
> disk0:asr9k-li-px-5.1.1
> 
> 
> Installed are RSP-440TR's. We are currently looking to upgrade to version
> 5.3.3, or perhaps another version if one is recommended, looking for input
> here as well, in addition to an estimate as to how long this process is
> expected to take, along with perceived customer impact. If further details
> are necessary please let me know. I've referenced the following
> documentation for installation instructions. If there is something better
> or any best practices not covered, please feel free to advise!
> 
> 
> http://www.cisco.com/web/Cisco_IOS_XR_Software/pdf/ASR9K_Upgrade_Downgrade_Procedure_IOSXR_Rel_533.pdf
> 
> 
> Thanks in advance!
> ___
> cisco-nsp mailing list  cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

[c-nsp] ASR 9000 Upgrade Expectations

[Nick Griffin]

Hello, looking for some details in regards to an ASR9000 code upgrade.
Currently running software version 5.1.1 with the following packages:

Committed Packages:

disk0:asr9k-mini-px-5.1.1

disk0:asr9k-k9sec-px-5.1.1

disk0:asr9k-mpls-px-5.1.1

disk0:asr9k-mgbl-px-5.1.1

disk0:asr9k-optic-px-5.1.1

disk0:asr9k-fpd-px-5.1.1

disk0:asr9k-li-px-5.1.1


Installed are RSP-440TR's. We are currently looking to upgrade to version
5.3.3, or perhaps another version if one is recommended, looking for input
here as well, in addition to an estimate as to how long this process is
expected to take, along with perceived customer impact. If further details
are necessary please let me know. I've referenced the following
documentation for installation instructions. If there is something better
or any best practices not covered, please feel free to advise!


http://www.cisco.com/web/Cisco_IOS_XR_Software/pdf/ASR9K_Upgrade_Downgrade_Procedure_IOSXR_Rel_533.pdf


Thanks in advance!
___
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/