Operations Allowed During Mixed Versions on Cisco ACI Switches

Operations Allowed During Mixed Versions on Cisco ACI Switches

The Cisco Application Centric Infrastructure (ACI) fabric essentially has a requirement that all nodes (Cisco Application Policy Infrastructure Controller (APIC), leaf switches, and spine switches) should have the same software release or have a compatible software release, where the Cisco APIC nodes have the standard release format of x.y(z), and the leaf and spine switches have the switch-specific standard release format of 1x.y(z). For example, if the Cisco APIC nodes are on software release 4.1(1), the leaf switches and spine switches should be on the switch-specific compatible version of 14.1(1).

However, this could be a challenging requirement when attempting to upgrade the software for a huge Cisco ACI fabric with a large number of switch nodes, because you would usually split the switch nodes into several different groups (maintenance groups) in this situation, which would allow you to perform the upgrade one group at a time to avoid any service disruptions. Depending on the number of switch nodes or maintenance groups, and the validation process for network traffic, services, and applications, you would be able to upgrade some maintenance groups on one day, but you might have to wait to upgrade the remaining maintenance groups on another day.

Starting with release 2.2(1), some operations can be performed even when all Cisco ACI switches are not yet on the same version due to a software upgrade. This behavior was enhanced in release 2.3(1) to support even more operations that can be performed in this situation. The following tables describe the operations that can be performed when switches are at mixed releases for releases 2.2(1) and 2.3(1) or later.

Supported Operations with Mixed Versions for Each Upgrade Path

Upgrade Path

Supported Operations

From

To

2.2(x)

Any versions in the supported upgrade path

  • Exporting configuration

  • Collecting techsupport

  • Physical network change (i.e. reboot, cable replacement etc.)

  • Policy changes for features introduced prior to the major release*

2.3(x) or later

Any versions in the supported upgrade path

* This operation is supported only when the upgrade is within the same release train. For example, an upgrade from 3.2(5d) to 3.2(5f), where the releases are still part of the 3.2(5) release train, but the upgrade occurs between the d and the f versions of that release train.

Supported Operations with Mixed Versions for Upgrades from Release 2.3(x) or Later

Starting from release 2.3(1), Cisco APIC supports the following features in addition to the ones listed above for operations allowed during mixed versions on Cisco ACI switches.

Features

Operations

Contracts

  • Creating, updating, and deleting filters, subjects, and contracts.

  • Exporting and importing contracts.

  • Adding and deleting provided and consumed contracts in relationship with EPGs.

  • Adding and deleting provided and consumed contracts in vzAny.

Endpoint group

  • Creating and deleting EPGs.

  • Adding and deleting VMM, physical, Layer 2 external, and Layer 3 external domain association.

  • Adding, deleting, and updating static port assignment and statically linking with the node.

  • Moving an end point from one EPG to another EPG.

  • Moving an end point from uSeg EPG to base EPG.

Microsegmentation

Adding and updating uSeg EPG.

vMotion

vMotion across a leaf switch.

VM operation

On and off of virtual machines.

Bridge domain

Creating, updating, and deleting bridge domains.

VMM Domain

The following operations are supported only in VMware vDS and Cisco AVS.

  • Creating and deleting VMM domains.

  • Adding and updating VLAN pools.

  • Adding and deleting multicast pools.

  • Adding and updating VMware vCenter.

  • Adding and updating vSwitch policies.

Layer 2 or Layer 3 Out

Adding, updating, and deleting Layer 2 external and Layer 3 external domains.

Access Policy

  • Adding, updating, and deleting switch policies, interface policies, policy group, Attached Entity Profiles (AEP).

Troubleshooting

  • Adding, updating, and deleting SPAN configuration.

  • Adding, updating, and deleting syslog server.

Physical network

  • Enabling and disabling port status.

  • On and off of a physical server.

  • Moving physical server within and across leaf switches.

  • Reloading spine switches and leaf switches.

    When the reload is stateless, meaning that it is a clean reload in which the configuration is wiped and pulled again from the Cisco APICs, the switches must have the same release as the Cisco APICs.

  • Reloading a spine switch line card, Fibre Channel card, CS card, and SUP card.

  • Decommissioning spine switches and leaf switches.

  • Removing spine switches and leaf switches using the Remove from Controller option.

  • Registering a new spine switch and leaf switch.

    The new switch must have the same release as the Cisco APICs.

  • Adding and deleting a virtual port channel domain.

  • Flapping primary link, secondary link, and all the links in the virtual port channel.

  • Flapping all the port channel links, flapping one link in the port channel, flapping NIF ports on FEX, and flapping front panel ports on the leaf switch.

Fabric Policy

  • Adding, updating, and deleting NTP server, SNMP, BGP route reflector, Layer 2 MTU policy.

  • Updating Cisco APIC connectivity preferences.

The following definitions are used to describe a Cisco APIC release.

  • A Cisco APIC major release contains support for new software features and additional hardware updates. Examples of major releases include 2.2(1n) and 2.1(1h).

  • A Cisco APIC minor or maintenance release (MR) contains the bugs fixes and patches from the existing release. Examples of minor or maintenance releases include 2.0(1m) and 2.0(2f).

  • A Cisco APIC patch release contains fixes for specific defects. Examples of patch releases include 2.1(1h) and 2.1(1i).

Guidelines and Limitations for Mixed Versions on Cisco ACI-Mode Switches

  • You must first upgrade all Cisco Application Policy Infrastructure Controller (APIC) nodes to the newer version to perform the supported operations described in Supported Operations with Mixed Versions for Each Upgrade Path. Do not perform any operations until all the Cisco APIC nodes have been successfully and completely upgraded.

  • Operations supported with mixed versions do not apply to vPC pair leaf switches running different software versions. vPC pair switches must be running the same software version for any operations.

  • Operations supported with mixed versions are only for upgrade scenarios. Those are not applicable and not supported when downgrading the fabric, that is when APICs are running an older version than the switches.

  • You can perform operations listed in Supported Operations with Mixed Versions for Each Upgrade Path only when it is regarding a feature that was already supported on the older (from) version.

  • Prior to Cisco APIC release 3.0, a red banner warning is displayed, informing you of version differences on the Cisco ACI nodes in the fabric. This banner warning has been removed since Cisco APIC release 3.0.

  • If your Cisco APIC is running the 5.2(4) release or later and your switches are running an Cisco ACI-mode switch software release that is earlier than 15.2(4), a vPC domain's interfaces become suspended/down when its peer node is decommissioned. Graceful insertion (maintenance mode) of the vPC peer node will also lead to the same issue because the switch is automatically decommissioned, rebooted, and recommissioned. In the following example scenarios, you will encounter this issue:

    • Your Cisco APIC is running the 5.2(4), 6.0(1), or later release and your vPC switches are running the Cisco ACI-mode switch 14.2(7u) or earlier release.

    • Your Cisco APIC is running the 5.2(4), 6.0(1), or later release and your vPC switches are running the Cisco ACI-mode switch 15.2(3) or earlier release.

    In the following example scenarios, you will not encounter this issue:

    • Your Cisco APIC is running the 5.2(4), 6.0(1), or later release and your vPC switches are running the Cisco ACI-mode switch 14.2(7v), 15.2(4), 16.0(1), or later release.

    • Cisco APIC is running the 5.2(3) release or earlier.