Cisco ACI – Upgrade your ACI Fabric (1.0(2j) to 1.0(3f))

I did a upgrade of our ACI Lab Fabric last week and documented all the steps. The upgrade is really straightforward, but hopefully this guide still helps you 🙂

First you have to catch the desired Software, get them directly from cisco. You need APIC Release image for 1.0(3f) release (aci-apic-dk9.1.0.3f.iso) and the Cisco Nexus 9000 Series ACI Mode Switch Software Release 11.0(3f) (aci-n9000-dk9.11.0.3f.bin). Get them here:
Cisco ACI Version 1.0(3f)

I always check the MD5 sum, just to be sure that everything went right with my download.

$ md5 aci-apic-dk9.1.0.3f.iso
MD5 (aci-apic-dk9.1.0.3f.iso) = 6e747378ec4225ead0f27cb23aa54f02
Cisco ACI 1.0(3f) MD5 Hash

Cisco ACI 1.0(3f) MD5 Hash

The MD5 hash looks right. Check the same for the Nexus 9000 Image!

Upgrade of the APIC Controllers

We start with the upgrade of the APIC Controller, all APIC Controllers of your Fabric have to be upgraded first.
I did the whole upgrade through CLI, it’s also possible with the GUI but i prefer the CLI way.

  • Copy the Software to the APIC Controller
admin@aci-lab-apic01:~> scp richy@10.32.32.179:Downloads/aci-apic-dk9.1.0.3f.iso .
Password:
aci-apic-dk9.1.0.3f.iso 100% 3175MB 102.4MB/s 00:31

Hint: Maybe you need an additional ‘/’ after the ‘:’ like ‘user@host:/path’
Thanks @Jonas Walker for the information!

  • Add the new firmware to the repository
admin@aci-lab-apic01:~> firmware add aci-apic-dk9.1.0.3f.iso
Firmware Image aci-apic-dk9.1.0.3f.iso is added to the repository
  • After adding the new firmware, it’s “removed” from the upload directory
admin@aci-lab-apic01:~> ls
aci debug mit
  • Wait a couple of seconds and you can now see the new added firmware in the repository
admin@aci-lab-apic01:~> firmware list
Name : aci-apic-dk9.1.0.3f.bin
Type : controller
Version : 1.0(3f)
Size(Bytes) : 3329372160
Release-Date : 2015-02-10T03:46:53.000+02:00
Download-Date : 2015-02-18T16:37:29.580+02:00

Name : aci-catalog-dk9.1.0.3f.bin
Type : catalog
Version : 1.0(3f)
Size(Bytes) : 18064
Release-Date : 2015-02-10T02:27:12.000+02:00
Download-Date : 2015-02-18T16:37:31.554+02:00

Name : aci-catalog-dk9.1.0.2j.bin
Type : catalog
Version : 1.0(2j)
Size(Bytes) : 17493
Release-Date : 2014-11-11T18:58:18.000+02:00
Download-Date : 2015-01-31T05:57:47.354+02:00
  • Now you can start the controller upgrade, it’s automatically done on all APIC Controllers, one at a time
admin@aci-lab-apic01:~> firmware upgrade controllers aci-apic-dk9.1.0.3f.bin
Firmware Upgrade on Controllers has been scheduled.
The upgrade will be performed on one controller at a time in the background.
To check the upgrade status, use 'firmware upgrade status node <node-id>'
  • Then you can check the status of the upgrade
admin@aci-lab-apic01:~> firmware upgrade status
Node-Id Role Current-Firmware Target-Firmware Upgrade-Status Progress-Percent(if inprogress)
----------------------------------------------------------------------------------------------------------------------
<strong>1 controller 1.0(2j) apic-1.0(3f) inqueue 0</strong>
101 spine n9000-11.0(2j) notscheduled 0
111 leaf n9000-11.0(2j) notscheduled 0
112 leaf n9000-11.0(2j) notscheduled 0

Legend:
notscheduled - Upgrade has NOT been scheduled
scheduled - Upgrade has been scheduled at a future time
queued - Node is waiting for token from scheduler(permission to upgrade)
inprogress - Image installation is currently in progress on node
completeok - Upgrade successful
completenok - Upgrade failed
unknown - Node unreachable
  • After some minutes
admin@aci-lab-apic01:~> firmware upgrade status
Node-Id Role Current-Firmware Target-Firmware Upgrade-Status Progress-Percent(if inprogress)
----------------------------------------------------------------------------------------------------------------------
<strong>1 controller 1.0(2j) apic-1.0(3f) inprogress 75
</strong>101 spine n9000-11.0(2j) notscheduled 0
111 leaf n9000-11.0(2j) notscheduled 0
112 leaf n9000-11.0(2j) notscheduled 0
  • The Controllers do an automatic reboot, so if you just have one APIC in your Fabric, you definitely will be kicked off
admin@aci-lab-apic01:~>
Broadcast message from root@aci-lab-apic01
(unknown) at 15:47 ...

The system is going down for reboot NOW!
  • As soon as the APIC Controller is back up you can check the firmware upgrade status
admin@aci-lab-apic01:~> firmware upgrade status node 1
Node-Id Role Current-Firmware Target-Firmware Upgrade-Status Progress-Percent(if inprogress)
----------------------------------------------------------------------------------------------------------------------
1 controller apic-1.0(3f) apic-1.0(3f) completeok 100

 

Upgrade of the Nexus 9000 Spine and Leaf switches

After all the Fabric Controllers are updated, you can proceed to upgrade your Nexus 9000 Spine and Leaf Switches.

  • Copy the Nexus 9000 Software to the APIC Controller
admin@aci-lab-apic01:~> scp richy@10.32.32.179:Downloads/aci-n9000-dk9.11.0.3f.bin .
Password:
aci-n9000-dk9.11.0.3f.bin 100% 495MB 99.1MB/s 00:05
  • Also add the Nexus 9000 Software to the Firmware Repository
admin@aci-lab-apic01:~> firmware add aci-n9000-dk9.11.0.3f.bin
Firmware Image aci-n9000-dk9.11.0.3f.bin is added to the repository
  • Check that the software was added succesfully to the repository
admin@aci-lab-apic01:~> firmware list
Name : aci-n9000-dk9.11.0.3f.bin
Type : switch
Version : 11.0(3f)
Size(Bytes) : 519376842
Release-Date : 2015-02-10T02:47:47.000+01:00
Download-Date : 2015-02-18T15:53:28.874+01:00
  • You now can start the upgrade on the switches, in a production environment you should split the upgrade to make it undisruptive. As this is just my lab, i booted all the switches at the same time
admin@aci-lab-apic01:~> firmware upgrade switch node 101 aci-n9000-dk9.11.0.3f.bin
Firmware Installation on Switch Scheduled
To check the upgrade status, use 'firmware upgrade status node <node-id>'

admin@aci-lab-apic01:~> firmware upgrade switch node 111 aci-n9000-dk9.11.0.3f.bin
Firmware Installation on Switch Scheduled
To check the upgrade status, use 'firmware upgrade status node <node-id>'

admin@aci-lab-apic01:~> firmware upgrade switch node 112 aci-n9000-dk9.11.0.3f.bin
Firmware Installation on Switch Scheduled
To check the upgrade status, use 'firmware upgrade status node <node-id>'
  • You can check the upgrade status with the same command here
admin@aci-lab-apic01:~> firmware upgrade status
Node-Id Role Current-Firmware Target-Firmware Upgrade-Status Progress-Percent(if inprogress)
----------------------------------------------------------------------------------------------------------------------
1 controller apic-1.0(3f) apic-1.0(3f) completeok 100
101 spine n9000-11.0(2j) n9000-11.0(3f) inprogress 5
111 leaf n9000-11.0(2j) n9000-11.0(3f) inprogress 5
112 leaf n9000-11.0(2j) n9000-11.0(3f) inprogress 5
  • The switches also do an automatic reboot after the upgrade
admin@aci-lab-apic01:~> firmware upgrade status
Node-Id Role Current-Firmware Target-Firmware Upgrade-Status Progress-Percent(if inprogress)
----------------------------------------------------------------------------------------------------------------------
1 controller apic-1.0(3f) apic-1.0(3f) completeok 100
101 spine unknown unknown unknown unknown
111 leaf unknown unknown unknown unknown
112 leaf unknown unknown unknown unknown
  • After all the switches booted, you should see them all with a status of “completeok”
admin@aci-lab-apic01:~> firmware upgrade status
Node-Id Role Current-Firmware Target-Firmware Upgrade-Status Progress-Percent(if inprogress)
----------------------------------------------------------------------------------------------------------------------
1 controller apic-1.0(3f) apic-1.0(3f) completeok 100
101 spine n9000-11.0(3f) n9000-11.0(3f) completeok 100
111 leaf n9000-11.0(3f) n9000-11.0(3f) completeok 100
112 leaf n9000-11.0(3f) n9000-11.0(3f) completeok 100
  • Final check of the current software version
admin@aci-lab-apic01:~> show version
# Executing command: 'version'
node type node id node name version
---------- ------- --------------- --------------
controller 1 aci-lab-apic01 1.0(3f)
spine 101 aci-lab-spine01 n9000-11.0(3f)
leaf 111 aci-lab-leaf01 n9000-11.0(3f)
leaf 112 aci-lab-leaf02 n9000-11.0(3f)

 

That’s it! You just upgraded your ACI Fabric with success.

Related Posts

8 thoughts on “Cisco ACI – Upgrade your ACI Fabric (1.0(2j) to 1.0(3f))

  1. Great tutorial. Worked perfect.

    FYI: there is ” / ” missing after the “:” in the first command:

    “scp richy@10.32.32.179:Downloads/aci-apic-dk9.1.0.3f.iso “

    • Hi Jonas,

      Awesome to see someone from cisco reading the blog 🙂
      Thanks for your input, i just double checked it on my setup, and for me it works only without the slash.

      I think this is related to your home directory, and ‘Downloads’ is a subdirectory of my ‘~’. Maybe this is different in your setup?

      Regards
      Richard

  2. We are trying to download the exact same image, but are getting a “stalled” result.
    What SCP server are you using?

    • Hi Daniel,

      I used my Mac as SCP, worked without a problem.
      Where you able to find a solution?

      Cheers
      Richard

  3. Hi Richard,

    I am getting the below error.
    admin@APIC1:~> firmware upgrade status node 101
    Node-Id Role Current-Firmware Target-Firmware Upgrade-Status Progress-Percent(if inprogress)
    ———————————————————————————————————————-
    101 leaf n9000-11.0(2j) n9000-11.0(4h) inretryqueue 0

    • Hi Subash,

      Does the switch stuck in this state?
      Did the APIC Upgrade itself work without a problem?

      Regards
      Richard

Leave a Reply to richardstrnad Cancel reply

Your email address will not be published. Required fields are marked *