Wired Intelligent Edge

 View Only
Expand all | Collapse all

Howto: VSX Live-Update with Central

This thread has been viewed 26 times
  • 1.  Howto: VSX Live-Update with Central

    Posted Jun 20, 2024 11:50 AM

    Howto: VSX Live-Update with Central

    Overview

    Central doesn't have a built-in process to initiate a live-update of a pair of VSX switches.

    In this post, I show you how to combine Central and CLI console access to enable a live-upgrade.

    Quick summary:

    • Use Central to push out the new firmware to the CX switch, but do not enable the reboot (now or scheduled).
    • Then from the CLI, initiate the live-update, pointing to the existing firmware

    Prerequisites

    Switch pair that supports VSX, including:

    • CX 6400
    • And the DCN switches CX 8xxx, 9xxx, 10000

    Central account 

    • The VSX switch pair subscribed and activated in a site. In this example, a VSX pair of CX 8320 switches that have been in Central since they were first supported there. (These are currently in monitor-only mode.)
    • New firmware available in Central for deployment to the switches
    • (Custom, pre-release, special TAC support versions, etc can usually be deployed using the same process.)

    Initial Checks

    1. Confirm VSX is running properly
      sh vsx status
       
    2. Check firmware image files, and default boot image
       

    Firmware Deployment

    Use Central to push out the new firmware version to each VSX member.

    • Choose one members and select Upgrade; or choose both and upgrade from the 2 item(s) selected at the bottom of the screen.
    • Select the firmware version, the primary or secondary partition, and make sure the reboot option is not selected. Click Upgrade.

    Live-Update from CLI

    Check that the new firmware has been deployed to the correct partition on each VSX member

    sh images

    sh images vsx-peer
     
    New firmware sometimes comes with additional low-level updates that need to be applied from the service-os. Run this command to check if any service-os components need to be updated:
    show needed-updates
    However, in this situation, the default boot image will still be pointing to the current firmware, and even the command sh needed-updates next-boot will not indicate changes.

    I therefore always enable unsafe updates to ensure that any new low-level updates are applied. Run this command on both VSX members:
    allow-unsafe-updates 30
    (If the switches are fully managed by Central, you will need to run aruba-central support-mode first.)

    Initiate the live-update:
    vsx update-software boot-bank secondary
     

    The whole process will usually take a few minutes, depending on the switch type, number of modules and components to be updated from service-os.

    Completion

    The live-update with the latest FW is now complete! The system should be running normally, and dual-connected devices should not have had any impact (other than reduced available bandwidth).

    It is worth checking that the system has come up normally - run through the same post-upgrade checks that you always use. For instance, run through these commands and check for any irregularities:

    show vsx status
    show event -r
    sh mac-address-table count
    sh ip route summary
    

    Central will now show the updated firmware version.



    ------------------------------
    Richard Litchfield
    Airheads MVP 2020, 2021, 2022
    ------------------------------


  • 2.  RE: Howto: VSX Live-Update with Central

    Posted Jun 26, 2024 08:22 AM

    Thanks Richard ! and good to known...

    and thanks for show needed-updates command !



    ------------------------------
    PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

    PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

    PowerArubaCL: Powershell Module to use Aruba Central

    PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

    ACEP / ACMX #107 / ACDX #1281
    ------------------------------