-
For a device that is running on Cisco Nexus Release 10.1(2), 10.2(1)F,
and 10.2(2)F, ND-ISSU is not supported if L2 sub-interfaces are configured.
-
Beginning with Cisco NX-OS Release 10.2(2)F, Cisco Nexus 9504 and 9508 platform switches, and Cisco Nexus 9508-R, R2, and
RX line cards support Cisco NX-OS 64-bit images. Disruptive upgrade from earlier releases to 10.2(2)F 64-bit NX-OS image is
supported. Cisco NX-OS 32-bit image is not supported on these platform switches anymore.
-
Beginning with Cisco NX-OS Release 10.2(2)F, FCoE/FC NPV is supported on N9K-C9336C-FX2-E platform switches.
ISSU with with FCoE (Fiber Channel over Ethernet)/FC (Fiber Channel) NPV (N-port Virtualization) is supported on some Cisco
Nexus 9000 switches. An ISSU allows you to upgrade the device software while the switch continues to forward traffic. You
can perform an in-service software upgrade (ISSU), also known as a nondisruptive upgrade, for some Cisco Nexus 9000 switches.
The default upgrade process is disruptive. Using the nondisruptive option helps ensure a nondisruptive upgrade.
Fibre Channel N-port Virtualization (NPV) can co-exist with VXLAN on different fabric uplinks but on same or different front
panel ports on the Cisco Nexus 93180YC-FX, N9K-C9336C-FX2-E, and N9k-C93360YC-FX2 switches.
-
Beginning with Cisco NX-OS Release 10.2(2)F, ND ISSU is supported for FEX and you need to re-adjust the BGP graceful-restart restart time command for the upgrade to work non-disruptively. This must be done for each FEX upgrade one-by-one.
The following example shows the time taken to re-adjust bgp-graceful restart-time for each non-disruptive FEX upgrade.
In the Non-disruptive upgrade with FEX, each FEX will upgrade taking about 90 secondss
(1.5 minutess) sequentially (one-by-one and not a parallel upgrade).
Total non-disruptive upgrade time for all FEX = No. of fex * time taken per fex
For 10 FEX = 10 * 90
= 900 seconds or 15 minutes
-
MPLS strip, GRE strip, and any underlying ACL configuration is not ISSU compatible when you perform ND ISSU to Cisco NX-OS
Release 10.2(2)F from a previous release.
After ND ISSU to Cisco NX-OS Release 10.2(2)F or 10.2(3)F from a previous release, post GRE strip dot1q tunnel VLAN_tag might be missing. Workaround for this issue is to remove and
add port ACL from L2 interfaces for GRE strip enabled interface.
-
For ISSU compatibility for all releases, see the Cisco Nexus 9000 and 3000 Upgrade and ISSU Matrix.
-
Beginning from Cisco NX-OS Release 10.2(1), Cisco Nexus 9300 and 9500 platform switches support 64-bit image.
-
Non-disruptive upgrade to 64-bit image is supported from Cisco NX-OS Release 9.3(9) onwards. See supported platforms in Cisco Nexus 9000 and 3000 Upgrade and ISSU Matrix.
-
Beginning from Cisco NX-OS Release 10.2(8)M onwards, Cisco Nexus 9300-FX3 supports non-disruptive upgrade.
-
Beginning with Cisco NX-OS Release 10.1(1), during the disruptive upgrade to the 64-bit image or a downgrade from 64-bit
to 32-bit image, if feature ITD is enabled, refer to Guidelines and Limitations for ITD in the Cisco Nexus 9000 Series NX-OS Intelligent Traffic Director Configuration Guide, Release 10.1(x), if the upgrade or downgrade proceeds with an ASIC reload.
-
When you use install all with no-reload option, the saved configuration cannot be used before you reload the device. Saving configuration in this state can result
in incorrect startup configuration once you reload the device with new version of NX-OS.
-
For switches that are in LXC boot mode, the enhanced LXC upgrade will fall back to standard ND ISSU as the target image kernels are likely be different than the current
image.
-
Beginning with Cisco NX-OS Release 10.2(3)F, for switches that are in LXC mode and for non-destruptive upgrade, a new option
skip-kernel-upgrade is added to install command.
-
The following are the two methods by which the ND ISSU can be performed in LXC mode:
-
ND ISSU in LXC mode - Switchover-based ISSU that is similar to EOR. Second SUP is brought up in new container and switchover
is done. The second SUP now becomes the new active. There is no change to the kernel.
-
Fallback ND LXC ISSU - This is only done when the above switchover-based ISSU cannot be done (SRG Kernel incompatible or less
memory). The kernel is upgraded.
-
skip-kernel-upgrade option will force ND ISSU in LXC mode - Switchover-based ISSU (even in case when running) and target kernels
are incompatible.
-
When upgrading from Cisco NX-OS Release 9.3(3) to Cisco NX-OS Release 9.3(6) or later, if you do not retain configurations
of the TRM enabled VRFs from Cisco NX-OS Release 9.3(3), or if you create new VRFs after the upgrade, the auto-generation
of ip multicast multipath s-g-hash next-hop-based CLI, when feature ngmvpn is enabled, will not happen. You must enable the CLI manually for each TRM enabled VRF. For the configuration instructions,
see the Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 10.1(x).
-
When you upgrade a Cisco Nexus 9000 device to Cisco NX-OS Release 10.1(x), if a QSFP port is configured with the manual breakout
command and is using a QSA, the configuration of the interface Ethernet 1/50/1 is no longer supported and must be removed.
To restore the configuration, you must manually configure the interface Ethernet 1/50 on the device.
-
When redistributing static routes, Cisco NX-OS requires the default-information originate command to successfully redistribute the default static route starting in 7.0(3)I7(6).
-
To perform an EPLD upgrade after an ISSU upgrade from Cisco NX-OS Release 7.x to Cisco NX-OS Release 9.3(x), before starting
the EPLD upgrade, add the copy run start command.
-
When upgrading from Cisco NX-OS Release 9.2(4) or earlier releases to Cisco NX-OS Release 9.3(4) or later, running configuration
contains extra TCAM configuration lines. You can ignore these extra lines as they do not have an effect on the upgrade and
configuration.
-
When performing an ISSU from Cisco NX-OS Release 9.3(1) or 9.3(2) to Cisco NX-OS Release 9.3(3) or later, ensure that the
features with user-defined ports, such as <ssh port>, are within the prescribed port range. If the port range is incorrect, follow the syslog message recommendation. For more
information about the port range, see Cisco Nexus 9000 Series NX-OS IP SLAs Configuration Guide, Release 10.1(x).
-
When upgrading from Cisco NX-OS Release 9.2(2) or earlier releases to Cisco NX-OS Release 10.1(x), you need to make sure that
ingress RACL TCAM region is not more than 50% full. Otherwise, the atomic update feature will be enabled after the upgrade
and interfaces with RACLs that exceed 50% of TCAM allocation will remain down.
-
Beginning with Cisco NX-OS Release 10.1(1), ISSU is supported on FC/FCoE switch mode on Cisco Nexus 93360YC-FX2. For more
information about the FC/FCoE switch mode and supported hardware, see Cisco Nexus 9000 Series NX-OS SAN Switching Configuration Guide, Release 10.1(x).
-
Beginning with Cisco NX-OS Release 10.1(1), Enhanced ISSU is supported on FC/FCoE switch mode for Cisco Nexus 93180YC-FX and
93360YC-FX2 switches. For more information about the FC/FCoE switch mode and supported hardware, see Cisco Nexus 9000 Series NX-OS SAN Switching Configuration Guide, Release 10.1(x).
-
Beginning with Cisco NX-OS Release 10.1(1), Enhanced ISSU is supported on FC/FCoE NPV mode for Cisco Nexus 93180YC-FX and
93360YC-FX2 switches. For more information about the FC/FCoE NPV mode and supported hardware, see Cisco Nexus 9000 Series NX-OS FC-NPV and FCoE NPV Configuration Guide, Release 10.1(x).
-
The compressed image of Cisco Nexus 3000-series is hardware dependent and can only be used on the same device that it got
compressed or downloaded from CCO. Do not use the Nexus 3000-series compressed image on Nexus 9000-series
-
The following limitation applies to software upgrades from 7.0(3)I5 to 10.1(x) or 9.2(3) to 10.1(x):
If you have the same NetFlow configuration in both VLAN and SVI, you must remove the NetFlow flow monitor from the VLAN configuration
prior to the upgrade. Once upgraded, reconfigure NetFlow by creating a new flow monitor and adding it to the VLAN configuration.
Failure to perform these steps results in error messages and the inability to modify the VLAN NetFlow configuration in the
upgraded software.
-
When upgrading from Cisco NX-OS Releases 7.0(3)I4(8), 7.0(3)I5(3), and 7.0(3)I6(1) to Cisco NX-OS Release 10.1(x) results
in a disruptive upgrade. If syncing images to standby SUP failed during the disruptive upgrade from Cisco NX-OS Releases 7.0(3)I4(8),
7.0(3)I5(3,) or 7.0(3)I6(1) to 10.1(x), you should manually copy the image to the standby SUP and perform the disruptive upgrade.
-
When upgrading directly to Cisco NX-OS Release 10.1(x) from any release prior to 7.0(x), the upgrade will be disruptive. For
a non-disruptive upgrade, an intermediate upgrade to Cisco NX-OS Release 9.x is required. We recommend upgrading to the latest
release of Cisco NX-OS Release 9.3(x) as an intermediate hop for the upgrade. For information about the supported upgrade
paths, see the Cisco Nexus 9000 and 3000 Upgrade and ISSU Matrix.
-
When upgrading from Cisco NX-OS Release 7.0(3)I6(1) or 7.0(3)I7(1) to Cisco NX-OS Release 10.1(x), if the Cisco Nexus 9000
Series switches are running vPC and they are connected to an IOS-based switch via Layer 2 vPC, there is a likelihood that
the Layer 2 port channel on the IOS side will become error disabled. The workaround is to disable the spanning-tree etherchannel
guard misconfig command on the IOS switch before starting the upgrade process.
Once both the Cisco Nexus 9000 Series switches are upgraded, you can re-enable the command.
-
If you are upgrading from Cisco NX-OS Release 7.0(3)I5(2) to Cisco NX-OS Release 10.1(x) by using the install all command, BIOS will not be upgraded due to CSCve24965. When the upgrade to Cisco NX-OS Release 10.1(x) is complete, use the
install all command again to complete the BIOS upgrade, if applicable.
-
An upgrade that is performed via the install all command for Cisco NX-OS Release 7.0(3)I2(2b) to Release 10.1(x) might result in the VLANs being unable to be added to the
existing FEX HIF trunk ports. To recover from this, the following steps should be performed after all FEXs have come online
and the HIFs are operationally up:
-
Enter the copy run bootflash:fex_config_restore.cfg command at the prompt.
-
Enter the copy bootflash:fex_config_restore.cfg running-config echo-commands command at the prompt.
-
In Cisco NX-OS Release 7.0(3)I6(1) and earlier, performing an ASCII replay or running the copy file run command on a FEX HIF
configuration requires manually reapplying the FEX configuration after the FEX comes back up.
-
When upgrading to Cisco NX-OS Release 10.1(x) from 7.0(3)I2(x) or before and running EVPN VXLAN configuration, an intermediate
upgrade to 7.0(3)I4(x) or 7.0(3)I5(x) or 7.0(3)I6(x) is required.
-
Before enabling the FHS on the interface, we recommend that you carve the ifacl TCAM region on Cisco Nexus 9300 and 9500 platform
switches. If you carved the ifacl TCAM region in a previous release, you must reload the system after upgrading to Cisco NX-OS
Release 10.1(x). Uploading the system creates the required match qualifiers for the FHS TCAM region, ifacl.
-
Before enabling the FHS, we recommend that you carve the ing-redirect TCAM region on Cisco Nexus 9200 and 9300-EX platform
switches. If you carved the ing-redirect TCAM region in a previous release, you must reload the system after upgrading to
Cisco NX-OS Release 10.1(x). Uploading the system creates the required match qualifiers for the FHS TCAM region, ing-redirect.
-
Upgrading from Cisco NX-OS Release 9.3(1), 9.3(2) or 9.3(3) to a higher release, with Embedded Event Manager (EEM) configurations
that are saved to the running configuration, may cause a DME error to be presented. The error is in the output of the show consistency-checker dme running-config enhanced command, specifically, the event manager commands. If this error occurs, delete all EEM applet configurations after completing
the ISSU, then reapply the EEM configurations.
-
For any prior release version upgrading to Cisco NX-OS Release 9.3(5) using ISSU, if the following logging level commands
are configured, they are missing in the upgraded version and must be reconfigured:
-
For any prior release version upgrading to Cisco NX-OS Release 9.3(6) using ISSU, if the following logging level commands
are configured, they are missing in the upgraded version and must be reconfigured:
-
logging level evmc
value
-
logging level mvsh
value
-
An error occurs when you try to perform an ISSU if you changed the reserved VLAN without entering the copy running-config
save-config and reload commands.
-
The install all command is the recommended method for software upgrades because it performs configuration compatibility checks
and BIOS upgrades automatically. In contrast, changing the boot variables and reloading the device bypasses these checks and
the BIOS upgrade and therefore it is not recommended.
-
Upgrading from Cisco NX-OS Release 7.0(3)I1(2), Release 7.0(3)I1(3), or Release 7.0(3)I1(3a) requires installing a patch for
Cisco Nexus 9500 platform switches only. For more information on the upgrade patch, see Patch Upgrade Instructions.
-
An ISSU can be performed only from a Cisco NX-OS Release 7.0(3)I4(1) to a later image.
-
While performing an ISSU, VRRP and VRRPv3 displays the following messages:
-
If VRRPv3 is enabled:
2015 Dec 29 20:41:44 MDP-N9K-6 %$ VDC-1 %$ %USER-0-SYSTEM_MSG: ISSU ERROR: Service
"vrrpv3" has sent the following message: Feature vrrpv3 is configured. User can change
vrrpv3 timers to 120 seconds or fine tune these timers based on upgrade time on all Vrrp
Peers to avoid Vrrp State transitions. – sysmgr
-
If VRRP is enabled:
2015 Dec 29 20:45:10 MDP-N9K-6 %$ VDC-1 %$ %USER-0-SYSTEM_MSG: ISSU ERROR: Service "vrrp-
eng" has sent the following message: Feature vrrp is configured. User can change vrrp
timers to 120 seconds or fine tune these timers based on upgrade time on all Vrrp Peers to
avoid Vrrp State transitions. – sysmgr
-
Guest Shell is disabled during an ISSU and reactivated after the upgrade. Any application running in the Guest Shell is affected.
-
If you have ITD probes configured, you must disable the ITD service (using the shutdown command) before upgrading to Cisco NX-OS Release 10.1(x). After the upgrade, enter the feature sla sender command to enable IP SLA for ITD probes and then the no shutdown command to re-enable the ITD service. (If you upgrade without shutting down the service, you can enter the feature sla sender command after the upgrade.)
-
Schedule the upgrade when your network is stable and steady.
-
Avoid any power interruption, which could corrupt the software image, during the installation procedure.
-
On devices with dual supervisor modules, both supervisor modules must have connections on the console ports to maintain connectivity
when switchovers occur during a software upgrade. See the Hardware Installation Guide for your specific chassis.
-
Perform the installation on the active supervisor module, not the standby supervisor module.
-
The
install all
command is the recommended method for software upgrades because it performs configuration compatibility checks and BIOS upgrades
automatically. In contrast, changing the boot variables and reloading the device bypasses these checks and the BIOS upgrade
and therefore is not recommended.
Note
|
For Cisco Nexus 9500 platform switches with -R line cards, you must save the configuration and reload the device to upgrade
from Cisco NX-OS Release 7.0(3)F3(5) to 9.3(1). To upgrade from Cisco NX-OS Release 9.2(2) or 9.2(3), we recommend that you
use the
install all
command.
|
-
You can detect an incomplete or corrupt NX-OS software image prior to performing an upgrade by verifying the MD5, SHA256 or
SHA512 checksum of the software image. To verify the MD5 checksum of the software image, run the show file bootflash:<IMAGE-NAME>md5sum command and compare the resulting value to the published MD5 checksum for the software image on Cisco’s Software Download website. To verify the SHA512 checksum of the software image, run the show file bootflash:<IMAGE-NAME>sha512sum command and compare the resulting value to the published SHA512 checksum for the software image on Cisco’s Software Download website.
-
When upgrading from Cisco Nexus 94xx, 95xx, and 96xx line cards to Cisco Nexus 9732C-EX line cards and their fabric modules,
upgrade the Cisco NX-OS software before inserting the line cards and fabric modules. Failure to do so can cause a diagnostic
failure on the line card and no TCAM space to be allocated. You must use the write_erase command followed by the reload command.
-
If you upgrade from a Cisco NX-OS release that supports the CoPP feature to a Cisco NX-OS release that supports the CoPP feature
with additional classes for new protocols, you must either run the setup utility using the setup
command or use the copp profile
command for the new CoPP classes to be available. For more information on these commands, see the "Configuring Control Plane
Policing" chapter in the Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 10.1(x) .
-
For secure POAP, ensure that DHCP snooping is enabled and set firewall rules to block unintended or malicious DHCP servers.
For more information on POAP, see the Cisco Nexus 9000 Series Fundamentals Configuration Guide, Release 10.1(x).
-
When you upgrade from an earlier release to a Cisco NX-OS release that supports switch profiles, you have the option to move
some of the running-configuration commands to a switch profile. For more information, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 10.1(x).
-
By default, the software upgrade process is disruptive.
-
OpenFlow and LACP fast timer rate configurations are not supported for ISSU.
-
Guest Shell is disabled during an ISSU and reactivated after the upgrade.
-
When performing ND ISSU using BGP non-default hold timers, ensure that the BGP graceful-restart timer is reasonably long enough,
for example, 180 seconds.
-
During an ISSU on a Cisco Nexus 9300 Series switch, all First-Hop Redundancy Protocols (FHRPs) will cause the other peer to
become active if the node undergoing the ISSU is active.
-
Make sure that both vPC peers are in the same mode (regular mode or enhanced mode) before performing a nondisruptive upgrade.
Note
|
vPC peering between an enhanced ISSU mode (boot mode lxc) configured switch and a non-enhanced ISSU mode switch is not supported.
|
-
During an ISSU, the software reload process on the first vPC device locks its vPC peer device by using CFS messaging over
the vPC communications channel. Only one device at a time is upgraded. When the first device completes its upgrade, it unlocks
its peer device. The second device then performs the upgrade process, locking the first device as it does so. During the upgrade,
the two vPC devices temporarily run different releases of Cisco NX-OS; however, the system functions correctly because of
its backward compatibility support.
-
ISSU is not supported when onePK is enabled. You can run the show feature | include onep command to verify that this feature is disabled before performing an ISSU or enhanced ISSU.
-
In general, ISSUs are supported for the following:
-
From a major release to any associated maintenance release.
-
From the last two maintenance releases to the next two major releases.
-
From an earlier maintenance release to the next two major releases.
-
Occasionally, while the switch is operationally Up and running, the Device not found logs are displayed on the console. This issue is observed because the switch attempts to find an older ASIC version and the
error messages for the PCI probe failure are enabled in the code. There is no functionality impact or traffic loss due to
this issue.
-
ISSU is not supported if EPLD is not at Cisco NX-OS Release 7.0(3)I3(1) or later.
-
ISSU supports EPLD image upgrades using install all nxos <nxos-image> epld <epld-image> command, during disruptive system (NX-OS) upgrade.
-
A simplified NX-OS numbering format is used for platforms that are supported in Cisco NX-OS 10.1(x) releases. In order to
support a software upgrade from releases prior to Cisco NX-OS Release 7.0(3)I7(4) that have the old release format, an installer
feature supplies an I9(x) label as a suffix to the actual release during the
install all
operation. This label is printed as part of the image during the install operation from any release prior to Cisco NX-OS
Release 7.0(3)I7(4) to 10.1(x), and it can be ignored. See the following example.
switch# install all nxos bootflash:nxos.9.3.1.bin
Installer will perform compatibility check first. Please wait.
Installer is forced disruptive
Verifying image bootflash:/nxos.9.3.1.bin for boot variable "nxos".
[####################] 100% -- SUCCESS
Verifying image type.
[####################] 100% -- SUCCESS
Preparing "nxos" version info using image bootflash:/nxos.9.3.1.bin.
[####################] 100% -- SUCCESS
Preparing "bios" version info using image bootflash:/nxos.9.3.1.bin.
[####################] 100% -- SUCCESS
Performing module support checks.
[####################] 100% -- SUCCESS
Notifying services about system upgrade.
[####################] 100% -- SUCCESS
Compatibility check is done:
Module bootable Impact Install-type Reason
------ -------- ------------ ------------ ------
1 yes disruptive reset Incompatible image for ISSU
Images will be upgraded according to following table:
Module Image Running-Version(pri:alt) New-Version Upg-Required
------ ------- -------------------------------------- -------------------- ------------
1 nxos 7.0(3)I7(3) 9.3(1)I9(1) yes
1 bios v07.61(04/06/2017):v07.61(04/06/2017) v05.33(09/08/2018) yes
Switch will be reloaded for disruptive upgrade.
Do you want to continue with the installation (y/n)? [n] y
-
Beginning with Cisco NX-OS Release 9.3(5), standard, nondisruptive ISSU, on switches that are configured with uRPF, is supported on the following:
-
Cisco Nexus 9300-EX platform switches
-
Cisco Nexus 9300-FX/FX2 platform switches
-
Cisco Nexus 9300-GX platform switches
Note
|
Prior to Cisco NX-OS Release 9.3(5), if any of the above switches were configured with uRPF, standard, nondisruptive ISSU
was not supported.
|
-
ISSU is blocked if
boot poap enable
is configured.
-
When you upgrade from Cisco NX-OS Release 7.0(3)I7(1), 7.0(3)I7(2) or 7.0(3)I7(3) to Cisco NX-OS Release 10.2(x), the upgrade
fails with below error message:
switch(config)# install all nxos bootflash:nxos64-cs.10.2.3.F.bin
Installer will perform compatibility check first. Please wait.
Installer is forced disruptive
Verifying image bootflash:/nxos64-cs.10.2.3.F.bin for boot variable "nxos".
[####################] 100% -- SUCCESS
Verifying image type.
[####################] 100% -- SUCCESS
Preparing "nxos" version info using image bootflash:/nxos64-cs.10.2.3.F.bin.
[####################] 100% -- SUCCESS
Preparing "bios" version info using image bootflash:/nxos64-cs.10.2.3.F.bin.
[####################] 100% -- SUCCESS
Pre-upgrade check failed. Return code 0x40930076 (Parallel downgrade to target version is not supported). <<<<<
-
On performing a non-disruptive ISSU from Cisco NX-OS Release 7.0(3)I6(1) to any higher version, a traffic loss might occur
based on the number of VLANs configured. To avoid traffic loss, it is recommended to increase the routing protocol's graceful
restart timer to higher value. The recommended value of the graceful restart timer is 600 seconds. You can further increase
or decrease this value based on the scale of the configuration.
-
Beginning with Cisco NX-OS Release 10.1(1), Fs_daemon does not support snmpwalk on devices with more than 5000 files. When performing snmpwalk on a device with more than 5000 files, the error resourceUnavailable (This is likely a out-of-memory failure within the agent) is an expected behaviour.
-
Beginning with Cisco NX-OS Release 10.1(2), CoPP is supported on N9K-X9624D-R2 and N9K-C9508-FM-R2 platform switches.
-
Beginning with Cisco NX-OS Release 10.1(2), RACL is supported on N9K-X9624D-R2 and N9K-C9508-FM-R2 platform switches.
-
While performing an ISSU from Cisco NX-OS Release 9.3(5), 9.3(6), 9.3(7), 10.1(1), or 10.1(2) to Cisco NX-OS Release 10.2(1)
or higher release, ISSU will be blocked.
-
ISSU is blocked when the delay config is present in track list Boolean/weight.
-
If the IPv6 ND timeouts during ISSU, then the IPv6 BFD session may flap after the ISSU.
-
Beginning with Cisco NX-OS Release 10.2(3)F, non-disruptive ISSU is supported for VPC fabric peering on all Cisco Nexus 9300-X
TORs. Both standard and enhanced non-disruptive upgrades are supported. Note that ISSU should be started or triggered when
there is no failure. An example for failure would be one of the VPC legs is down.
-
The recommended routing protocol graceful restart timer is 600 seconds and nve source-interface hold-down-time is 400 seconds.
-
It is recommended to set disable-fka on VFC interfaces in E or F mode, when invoking ND native ISSU on switch mode testbed. If not, it can be disruptive.
-
If there is a VRF scale, for a non-disruptive ISSU under each VRF, you must configure graceful restart timer to 300 seconds.
-
For platforms that need to be upgraded from any release to nxos64-cs.10.3(1)F or higher release, use nxos.9.3.10.bin or nxos64-cs.10.2(3)F
or higher release as an interim hop. This restriction is applicable to both disruptive and non-disruptive upgrades. The nxos64-msll.10.3(1)F
does not have this restriction.
-
Loading an unsupported image on Cisco Nexus 9800 platform switches cause the switch to be stuck. Only a power cycle can reset
it.
-
Disruptive upgrade from any version before 9.3(10) or 10.2(3)F may fail due to CSCwb63451. You must upgrade to 9.3(10) or 10.2(3)F first, before upgrading to 10.3(1)F or later.
-
Beginning with Cisco NX-OS Release 10.3(2)F, 2xSFP Eth10/1-2 are not supported on N9K-C9400-SW-GX2A. However, from Cisco NX-OS Release 10.4(2)F onwards, N9K-C9400-SW-GX2A Sup card ports 2xSFP Eth10/1-2 are supported.
-
While performing an ISSU on the L2 switch in a vPC complex or a LAN scenario, the IGMP group timeout must be configured with
higher value as the L2 switch will not be able to forward the reports/queries during the control plane down time. The L2 snooping
querier interval must also be matched to the L3 querier interval.
-
When upgrading from earlier release to Cisco NX-OS Release 10.3(3)F and later, if the hardware rate-limiter span-egress command is configured then it must be removed and reapplied after the upgrade/ISSU is complete.
-
ASIC SFP+ ports Eth10/1-2 are not supported in Cisco NX-OS Releases 10.3(2)F, 10.3(3)F, and 10.4(1)F. Beginning with Cisco NX-OS Release 10.4(2)F, these ports are supported. However, note that after reloading the system, these
ASIC SFP+ Eth10/1-2 ports can take up to 3 minutes to link up.
-
Beginning with Cisco NX-OS Release 10.3(3)F, only the LXC mode is supported on Cisco Nexus 9300-FX3 and 9300-GX switches,
which allows you to perform enhanced non-disruptive ISSU with minimal downtime.
-
While performing multi-hop ND ISSU upgrade to higher releases, use 10.3(5)M or higher release as an intermediate hop.
-
Beginning with Cisco NX-OS Release 10.4(1)F, only the LXC mode is supported on Cisco Nexus 9300-FX and 9300-FX2 switches,
in addition to Cisco Nexus 9300-FX3 and 9300-GX switches. This allows you to perform enhanced non-disruptive ISSU with minimal
downtime. However, on the rest of the Cisco Nexus 9000 switches, you have an option to perform a non-disruptive ISSU in the
enhanced LXC mode with minimal downtime.
-
Beginning with Cisco NX-OS Release 10.4(1)F, only the enhanced LXC mode is supported on Cisco Nexus N9K-C9332D-H2R, N9K-C9348GC-FX3,
and N9K-C9348GC-FX3PH switches by default.
-
Beginning with Cisco NX-OS Release 10.4(2)F, SR ISSU is not supported with underlay ISIS.
-
Beginning with Cisco NX-OS Release 10.4(2)F, nondisruptive ISSU is supported for segment routing traffic engineering (SR-TE)
features with BGP as underlay on Cisco Nexus 9300 and 92348GC-X platform switches; and on 9300-HX platform switches from Cisco NX-OS Release 10.4(3)F. However, the following features are not supported on nondisruptive ISSU:
-
Beginning with Cisco NX-OS Release 10.4(2)F, for Nexus 9300-R platforms, to upgrade bios to the latest version you should
first upgrade to nxos image. This release onwards, the install all nxos command only upgrades the nxos sw to the latest version
but the bios image will be upgraded to the last bios released prior to 10.4(2)F version.
To upgrade to bios released with 10.4(2)F or higher version, first upgrade the nxos image and then use bios-force option to
upgrade the bios. For example,
-
Install all nxos bootflash:nxos64-msll.10.4.2.F.bin.
The system reloads and boots up with 10.4(2)F image.
-
Install all nxos bios-force.
Note
|
The switch reloads twice, once for nxos upgrade and then again for bios upgrade.
|
-
Beginning with Cisco NX-OS Release 10.4(3)F, non-disruptive ISSU is not supported on Cisco Nexus 92348GC-X.
-
While performing ND ISSU, if a router is configured with BGP prefix peers, prefix-peer-timeout (default value - 30s) should
be greater than GR timer (default value - 120s), to allow the prefix peers to resume the connection after ISSU.
-
Beginning with Cisco NX-OS Release 10.5(1)F, s1 image is introduced specifically for Cisco Nexus 9800 switches.
Upgrade of Nexus 9800 switches from earlier releases that have cs image format to the s1 image format in Cisco NX-OS Release
10.5(1)F and later is supported.