Rolling upgrade - Hitless upgrade N+1 for 9800

 Hello guys, feels like it has been a while, work has been crazy lately so I apologize for taking so long to update. 

Today I wanted to show you a cool feature for your upgrades on the 9800 that I have been using a lot lately due the vulnerability from last post, is how to do a hitless code upgrade.Remember this one is used for N+1 deployments.

How it works

This one is recommended to avoid impact an zero down time on service scenario; the rolling upgrade (how it is also called), first keep in mind that to have a zero down time you will need to have a mirror AP as a back up for the one you're upgrading, this means also having the same code version so APs don't have to reboot when joining to the mirror WLC. 

Basically you will install the image on your mirrror WLC, once ready activate, commit and reload the WLC; once ready you will install the new version on your active WLC, remember not to reboot it yet, finally continuing with the AP predownload.

A useful command to review how the predowload is going is 

Show ap image

Ap image predownload

Once the predownload is done you will move the AP from the active WLC in a staggered to the mirror controller that is already upgrade, the way to do it is with an automatic command which will take 3 steps to do it:

Select APs to be moved via RF feedback from RRM and Cleanair.

Client steering

Move of the AP to reload and re-join the mirror WLC 

 

As you migth figure the AP will review the % of APs you ask it to move and check the closer neighbors, depending on the % you  select is how many APs will start moving from one WLC to another.

Before moving to the next WLC the active WLC will do a client steering for the clients so they join other AP to avoid any impact.

Finally the APs will move to the other WLC by rebooting and then joining the new one. It is worth mentioning that once triggered this process will be done automatically by the controller without user intervention, so if you're looking for a less disruptive upgrade even if takes longer I would recommend to go 5% of the AP to move at the time.

There are other factors that can be configure as how many AP per iteration need to join the mirror controller before going to the next one and what to do if the iteration fails.

Configuration

CLI

Keep in mind some of this commands (for the option configuration) might be version dependant event tough this is available from the 16.x versions.

After you upgrade the mirror WLC manually you can go to the main WLC cli and apply

ap image site-filter any-image add <site-tag> (add as manyas needed by repeating the command)

ap image move destination <WLC name>  <WLC IP address>

ap image site-filter fila any-image apply

To remove the filter for site tagas you can use the  

ap image site-filter file any-image clear 

or

ap image site-filter file any-image remove-all

 Optional commands are on the configure terminal mode 

#no ap upgrade staggered client-steering  (disable client steering, will make it faster but more disruptive I don't recommend it)

#ap upgrade staggered iteration completion <min-percent>  (default is 90%)

#ap upgrade staggered iteration error action <stop> (configure what to do when the iteration fail)

#ap upgrade staggered iteration timeout <timeout-duration> (timeout per iteration in minutes)

GUI

From the Controller GUI go to Administration -> Software management

The following screen will appear.

 

 

Click on hitless upgrade and more options should show, fill the option as follows:

Note: You can upload the code to the controller with HTTPS from your PC

 

On Site Filter you can use custom and move only certain site-tags for hitless upgrades or select all sites for every site-tag on the WLC.

Add the WLC IP and Name, on the AP upgrade configuration section set the AP Upgrade per Iteration to 5% for the slowest but less disruptive upgrade; make sure to select the Client Steering option so the WLC suggest the clients to move and avoid any extra impact and leave the rest as default.

Click on Download & Install a new section will appear to the right and you will be able to see the image uploading. 

Wait for the image to install, when it goes to the section AP Image Upgrade and Move you will be able to see the APs start moving between controllers.

Wait for the image to commit and the WLC to reboot, once that is done the APs will start to come back to this WLC.

And that's pretty much it! 

Reference articule: Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide, Cisco IOS XE Cupertino 17.9.x, from cisco.com.

Thanks for reading today

Dan