Re: [c-nsp] ASR 9000 Upgrade Expectations
On 15 July 2016 at 09:44, brad dreisbachwrote: > i am beta testing 6.1.1(64b linux) in our lab and was provided a 5.3.3 smu > that enables a new rommon that supports pxe boot over tcp(ive specifically > tested http). If you get a chance, please let us know how that goes. I'm playing with PXE booting in 6.0.1 and its going "ok-ish". I think I'd rather wait until 6.1. Cheers, James. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000 Upgrade Expectations
On Thu, Jul 14, 2016 at 11:10:53AM +0100, Nick Hilliard wrote: James Bensley wrote: Or if you are erasing and installing from fresh on the new version, then the box is down for pretty much the whole 2 hours. turboboot is not necessarily a bad idea if you're doing jumps from one major version to the next or even 4.3 to 6.0. The turboboot process will add 30-40 minutes to the overall time schedule, but at least you end up with a clean slate afterwards. Regardless of what way you go about it, you need to make sure that the tftp server is local. Otherwise the crappy tftp implementation in the bootrom will take ages due to ping-pong and there's no option for doing this over tcp. there is no option to turboboot over tcp currently, that is true. if you are doing inband upgrades you can use ftp. if you use tarballs to install your pie/smu bundle, they added a "mem" option in 5.3.3 that uses ram vs disk to untar. there was also another enhancement in the pipeline to increase the disk write speed. i had tested it using a rommon variable that i cant recall now, but it did seem to improve the speed somewhat. i'm not sure if they have implemented this by default. i am beta testing 6.1.1(64b linux) in our lab and was provided a 5.3.3 smu that enables a new rommon that supports pxe boot over tcp(ive specifically tested http). -b ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000 Upgrade Expectations
Hi Nick The SMU count for 5.3.3 has grown quite rapidly in the last 2 months. 5.3.4 will be released in about 2 months from now and will include the SMU fixes of 5.3.3. On Wed, Jul 13, 2016 at 3:31 PM, Nick Griffinwrote: > Hello, looking for some details in regards to an ASR9000 code upgrade. > Currently running software version 5.1.1 with the following packages: > > Committed Packages: > > disk0:asr9k-mini-px-5.1.1 > > disk0:asr9k-k9sec-px-5.1.1 > > disk0:asr9k-mpls-px-5.1.1 > > disk0:asr9k-mgbl-px-5.1.1 > > disk0:asr9k-optic-px-5.1.1 > > disk0:asr9k-fpd-px-5.1.1 > > disk0:asr9k-li-px-5.1.1 > > > Installed are RSP-440TR's. We are currently looking to upgrade to version > 5.3.3, or perhaps another version if one is recommended, looking for input > here as well, in addition to an estimate as to how long this process is > expected to take, along with perceived customer impact. If further details > are necessary please let me know. I've referenced the following > documentation for installation instructions. If there is something better > or any best practices not covered, please feel free to advise! > > > > http://www.cisco.com/web/Cisco_IOS_XR_Software/pdf/ASR9K_Upgrade_Downgrade_Procedure_IOSXR_Rel_533.pdf > > > Thanks in advance! > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000 Upgrade Expectations
On 14 July 2016 at 11:10, Nick Hilliardwrote: > James Bensley wrote: >> Or if you are erasing and installing from fresh on the new version, >> then the box is down for pretty much the whole 2 hours. > > turboboot is not necessarily a bad idea if you're doing jumps from one > major version to the next or even 4.3 to 6.0. The turboboot process > will add 30-40 minutes to the overall time schedule, but at least you > end up with a clean slate afterwards. Yes this is what we have been doing, we do a fresh install. I don't want upgrades on upgrdes on SMUs on service packs etc. > Regardless of what way you go about it, you need to make sure that the > tftp server is local. Otherwise the crappy tftp implementation in the > bootrom will take ages due to ping-pong and there's no option for doing > this over tcp. This! TFTP service with current and new IOS-XR images and turboboot files on your laptop (if you on site in the DC) or a local TFTP server in the OOB network in the DC (if working remotely). Absolute must, the 2 hour downtime we incurr during an upgrade is about 45+ minutes of the turboboot image copying and booting. Cheers, James. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000 Upgrade Expectations
James Bensley wrote: > Or if you are erasing and installing from fresh on the new version, > then the box is down for pretty much the whole 2 hours. turboboot is not necessarily a bad idea if you're doing jumps from one major version to the next or even 4.3 to 6.0. The turboboot process will add 30-40 minutes to the overall time schedule, but at least you end up with a clean slate afterwards. Regardless of what way you go about it, you need to make sure that the tftp server is local. Otherwise the crappy tftp implementation in the bootrom will take ages due to ping-pong and there's no option for doing this over tcp. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000 Upgrade Expectations
On 14 July 2016 at 10:26, James Bensleywrote: > assuming there are no problems, 2 hours actual time Sorry that wasn't clear. That isn't specifically all down time. If you are upgrading IOS-XR over-the-top of the existing version, downtime might be 45 minutes to 1 hour (you will have to reboot to boot from the new code version at some point, and either reboot again to do FPD upgrades or at least reboot certain line cards, so it's typically two seperate outages that we just communicate out as 1 hour of consant downtime). Or if you are erasing and installing from fresh on the new version, then the box is down for pretty much the whole 2 hours. Cheers, James. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000 Upgrade Expectations
I'd go 5.3.3 with SP2 if you want stability, or wait for 6.1 to drop if you want to be on the forefront (and lab test heavily of course). I'd also schedule like 5 hours for the maintenance window, not 2 or 3. If you get 90% of the way through an have to roll back, you'll need more time. We are doing it in pretty much bang on 2 hours every time (assuming no issues), if you have to roll back (what may involve erasing the box and reinstalling the previous version from scratch) that will take you another 2 hours. Add some checks and stabiliy time either side, it's a 5 to 6 hour window (although assuming there are no problems, 2 hours actual time). Cheers, James. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000 Upgrade Expectations
On 13/07/16 15:13, Jared Mauch wrote: > There were improvements that went in 533+ which should improve your > experience. I haven't checked if 602 hit CCO but you may want to look > at that, or wait for 534. Neither 6.0.2 or 5.3.4 has hit GA yet. 6.0.1 is (oddly) marked as MD rather than ED, too. -- Tom ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000 Upgrade Expectations
On 13/07/16 22:52, Mark Tinka wrote: > > On 13/Jul/16 23:46, Curtis Piehler wrote: > >> > So going from 5.1.X to 6.X.X will likely involve fpd upgrades? > I've, pretty much, found an FPD update in every major release. That has been my expectation - usually at least one component has a new FW version. Saying that, unless you're making quite a large version jump, it doesn't take too long to complete. :) -- Tom ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000 Upgrade Expectations
On 13/Jul/16 23:46, Curtis Piehler wrote: > So going from 5.1.X to 6.X.X will likely involve fpd upgrades? I've, pretty much, found an FPD update in every major release. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000 Upgrade Expectations
So going from 5.1.X to 6.X.X will likely involve fpd upgrades? I've been hit by the SNMP OID bug that consumes memory over time but I can hold out by restarting the SNMP process every once in a while. On Jul 13, 2016 4:39 PM, "Gert Doering"wrote: > Hi, > > On Wed, Jul 13, 2016 at 10:30:11PM +0200, Juergen Marenda wrote: > > Because of > > > https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- > > sa-20160525-ipv6 > > asr9k: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz66542 > > > > it should be 5.3.4.1 or for the brave 6.1.1.16 > > but I cannt see it for download (but 5.3.3 two times ! ) > > > > ... waiting for a fix of severity-2 BUG for more than 6 weeks ... > > The SMU for that bug fix was available fairly quickly for 5.3.3 - unlike > for 4.3.4 (still supported, but that bug did not get an SMU) or IOS (no > word whatsoever)... so you can't really complain here :-) > > > ... nice to read that for oldstyle IOS, it may be fixed in IOS XVI.IV > (will > > arrive A.D. MMXX ?) > > > > Workaround with ACLs reduces the Number of Layer3 (boteh ipv4 and IPv6) > SVI > > interfaces on my cat4900M > > to less than 300 (out of TCAM resources...) just for the basics. > > > > I am desperately disappointed . > > Yay :( > > (We have deployed fairly extensive border ACLs for this, so the "soft > core" is protected against fake & evil ND packets crossing the borders - > and as long as your 4900Ms are not border routers, you could do similar...) > > gert > > -- > USENET is *not* the non-clickable part of WWW! >// > www.muc.de/~gert/ > Gert Doering - Munich, Germany > g...@greenie.muc.de > fax: +49-89-35655025 > g...@net.informatik.tu-muenchen.de > > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000 Upgrade Expectations
Hi, On Wed, Jul 13, 2016 at 10:30:11PM +0200, Juergen Marenda wrote: > Because of > https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- > sa-20160525-ipv6 > asr9k: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz66542 > > it should be 5.3.4.1 or for the brave 6.1.1.16 > but I cannt see it for download (but 5.3.3 two times ! ) > > ... waiting for a fix of severity-2 BUG for more than 6 weeks ... The SMU for that bug fix was available fairly quickly for 5.3.3 - unlike for 4.3.4 (still supported, but that bug did not get an SMU) or IOS (no word whatsoever)... so you can't really complain here :-) > ... nice to read that for oldstyle IOS, it may be fixed in IOS XVI.IV (will > arrive A.D. MMXX ?) > > Workaround with ACLs reduces the Number of Layer3 (boteh ipv4 and IPv6) SVI > interfaces on my cat4900M > to less than 300 (out of TCAM resources...) just for the basics. > > I am desperately disappointed . Yay :( (We have deployed fairly extensive border ACLs for this, so the "soft core" is protected against fake & evil ND packets crossing the borders - and as long as your 4900Ms are not border routers, you could do similar...) gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025g...@net.informatik.tu-muenchen.de signature.asc Description: PGP signature ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000 Upgrade Expectations
Because of https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco- sa-20160525-ipv6 asr9k: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz66542 it should be 5.3.4.1 or for the brave 6.1.1.16 but I cannt see it for download (but 5.3.3 two times ! ) ... waiting for a fix of severity-2 BUG for more than 6 weeks ... ... nice to read that for oldstyle IOS, it may be fixed in IOS XVI.IV (will arrive A.D. MMXX ?) Workaround with ACLs reduces the Number of Layer3 (boteh ipv4 and IPv6) SVI interfaces on my cat4900M to less than 300 (out of TCAM resources...) just for the basics. I am desperately disappointed . Just my 0.01 $, Juergen. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000 Upgrade Expectations
On 13/Jul/16 16:13, Jared Mauch wrote: > We see around 1 hour of traffic loss due to upgrade times before adding in > FPD and others, which can extend to more like 3 hours. Yep, I'd say budget a 3hr window per router for the upgrade. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR 9000 Upgrade Expectations
We see around 1 hour of traffic loss due to upgrade times before adding in FPD and others, which can extend to more like 3 hours. There were improvements that went in 533+ which should improve your experience. I haven't checked if 602 hit CCO but you may want to look at that, or wait for 534. Jared Mauch > On Jul 13, 2016, at 6:31 AM, Nick Griffinwrote: > > Hello, looking for some details in regards to an ASR9000 code upgrade. > Currently running software version 5.1.1 with the following packages: > > Committed Packages: > > disk0:asr9k-mini-px-5.1.1 > > disk0:asr9k-k9sec-px-5.1.1 > > disk0:asr9k-mpls-px-5.1.1 > > disk0:asr9k-mgbl-px-5.1.1 > > disk0:asr9k-optic-px-5.1.1 > > disk0:asr9k-fpd-px-5.1.1 > > disk0:asr9k-li-px-5.1.1 > > > Installed are RSP-440TR's. We are currently looking to upgrade to version > 5.3.3, or perhaps another version if one is recommended, looking for input > here as well, in addition to an estimate as to how long this process is > expected to take, along with perceived customer impact. If further details > are necessary please let me know. I've referenced the following > documentation for installation instructions. If there is something better > or any best practices not covered, please feel free to advise! > > > http://www.cisco.com/web/Cisco_IOS_XR_Software/pdf/ASR9K_Upgrade_Downgrade_Procedure_IOSXR_Rel_533.pdf > > > Thanks in advance! > ___ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/