Wired Intelligent Edge

Hi, after the release of ArubaOS-CX 10.03.0071 (very few days after the previous 10.03.0070 and just for a very specific OSPF related fixes) I start thinking that, considering we are now in 2020, would be nice to see an ArubaOS-CX capable of being Hot Patched without requiring the Switch to reboot [*],[**].

I didn't a deep research about this item but, since ArubaOS-CX has its roots into OpenSwitch (gets its heritage from it), I easily found an interesting thread (started mid October 2015!) around the idea of an OpenSwitch supporting Hot-Patching exactly looking for OpenSwitch and Hot Patching...and, without surprise, most of those posters, plus the OP (Marcelo Magallon), were/still are HPE developers or software engineers...the full read is indeed very interesting (especially because it explains how complex would it be to handle and because it was considered quite a tall challenge). I know ArubaOS-CX is not OpenSwitch (ArubaOS-CX looks totally developed internally and probably OpenSwitch and ArubaOS-CX's code diverged during development of both (nevertheless I suspect some architectural mechanisms could be still the same).

Will there ever be an ArubaOS-CX NOS capable of being Hot-Patched (considering both Standalone and VSX scenarios)?

What do you think?

[*] especially when we refer to code security/network protocol deamons related fixes released within the same software release (say when we see a fix to LACP, STP or to OSFP as examples): those fixes can be applied to a Standalone/VSX deployment and, as of now, those fixes will always require a reboot of involved switches...that, IMHO, is seen quite often as a problematic procedure (nobody is granting it will totally trouble free) and a proper maintenance window must always be planned in advance in case of unexpected troubles...so hot patching could be an interesting approach.

[**] Worth a look (to understand how complex things are behind the scene just considering the Linux Kernel).

Hi,

Thank you for such inquity.

For time being, the focus was (and still is) to deliver best experience with VSX Live Upgrade (vsx update-software), as this provides most the required High-Avilability in the Aggregation Layer or Top-of-Rack

in VSX cluster. Hot patching is an interesting topic especially in the access layer for critical systems that can't be dual-attached. There are lot of software complication, including the ASIC SDK and associated tables structure. Right now this is not supported. For roadmap question, I invite you to contact your local country Aruba representative.

Hi,

There is already VSX Live Upgrade (need a cluster...) but i don't think need a Hot patching...

Hi and thanks you for feedback.

VSX Live Update requires VSX members reboot, Hot Patching should be engineered to avoid that (and should also be intended for very particular fixes)...that will be the difference no matter the level we consider.

I was thinking more from the standpoint of a clever network administrator that want to keep its ArubaOS-CX up-to-date but he/she is always reasonably afraid that this proactive approach means a lot of planned - potentially troublesome - reboots (even for little things like some specific networking protocol fixes)...also consider that, eventually, a VSX member reboot doesn't pass unnoticed to downstream/upstream connected systems.

Say you want to stay updated about any LACP related fixes introduced by ArubaOS-CX within a particular software branch (10.3 or 10.4, doesn't matter) and you don't really care about, example, RIP/OSPF related issues eventually solved (or viceversa)...hot patching for LACP fixes only would be faster than performing a VSX update with reboot.

Anyway, thank you for inputs.

for me, you can restart a device without impact on your infrastructure / network

If not, it is a design issue...

Alexis, me too...no issue in planning a reboot from time to time (and no traffic disruption thanks to VSX or VSF) but it's not so smart rebooting twice a week just because we can (see the case I cited initially 10.03.0070 -> 10.03.0071 -> just one fix OSFP related)...the point is that yes-you-can-do-it-because-VSX-saves-our-backs (pardon ;-) )...the point under discussion - hot-patching related - is if there is a better-way-to-handle-specific-fixes by implementing hot patching instead of necessarily fall to and plan for a VSX manual/automated reboot.

From my standpoint asking if it would be possible (will ever?) doesn't necessarily mean I have a design flaw in my network with my VSX. ;-).

Most people don't have dual NICs in their endpoints to support LACP :) So rebooting the switch causes disruptions for the clients.

Well...on the other hand VSX implementation is intended for deployment at Core/Distribution levels...where LACP is expected on eventually directly connected hosts. Mine was more a question about making day-to-day standalone/VSX software maintenace easier for specific families of fixes.

Edit: The Hot Patching I mean is something that Comware based devices - due to totally different OS architecture - easily have.