Friday, July 2, 2021

Cisco ASR 920 Router 3.x to 16.12.x IOS-XE Upgrade

The IOS-XE 16.x series was first released in November 2015. It uses code names of famous mountains/places (Fuji, Everest, etc) and covers two minor release trains, i.e. Denali  covers 16.1.x to 16.3.x minor releases. The Cisco IOS XE 16.x and 17.x Software releases are time-based, each with a fixed release date. The schedule specifies 3 individual software releases per year at 4 month intervals.

Each Cisco IOS-XE software release is classified as either a Standard-Support release or an Extended-Support release.


Standard-Support Release
A sustaining support lifetime of 12 months from First Customer Shipment (FCS) with scheduled rebuilds.

Extended-Support release Details
A sustaining support lifetime of 36 months from First Customer Shipment (FCS) with scheduled rebuilds.

Note the Cisco IOS-XE Software Release 16.9 is the first Extended-Support release under the 16.x series to support 36 months and Cisco IOS-XE Software Release 17.3 is the first Extended-Support release under the 17.x series. Every subsequent third release (for example, Cisco IOS-XE Software releases 16.12, 17.6, 17.9 etc.) will also be an Extended Maintenance release.


I had to perform an IOS-XE upgrade on a Cisco ASR 920 router from 3.x to 16.12.x (Gibraltar). I upgraded the ROMMON firmware first to be compatible with the IOS-XE 16.12.x code.

ASR920#upgrade ?

  hw-module        Upgrade hardware module commands

  hw-programmable  Upgrade hw-programmable

  raid             Upgrade RAID1 capacity

  rom-monitor      Upgrade rom-monitor

 

ASR920#upgrade rom-monitor ?

  filename  ROMMON package filename

 

ASR920#upgrade rom-monitor filename ?

  bootflash:  RP-relative ROMMON package name

  flash:      RP-relative ROMMON package name

  tmpfs:      RP-relative ROMMON package name

 

ASR920#upgrade rom-monitor filename bootflash:asr920_15_6_32r_s_rommon.pkg ?

  0    SPA-Inter-Processor slot 0

  F0   Embedded-Service-Processor slot 0

  FP   Embedded-Service-Processor

  R0   Route-Processor slot 0

  RP   Route-Processor

  all  Upgrade ROMMON on all slots

 

ASR920#upgrade rom-monitor filename bootflash:asr920_15_6_32r_s_rommon.pkg all  

 

Upgrade rom-monitor on Route-Processor 0

 

Target copying rom-monitor image file

Checking upgrade image...

1966080+0 records in

3840+0 records out

Upgrade image MD5 signature is 40966c321c22ab1671ab5617c4ce3b79

Burning upgrade partition...

1966080+0 records in

1966080+0 records out

Checking upgrade partition...

1966080+0 records in

1966080+0 records out

Upgrade flash partition MD5 signature is 40966c321c22ab1671ab5617c4ce3b79

ROMMON upgrade complete.

To make the new ROMMON permanent, you must restart the RP.

 

ASR920#reload

 

System configuration has been modified. Save? [yes/no]: yes

Building configuration...

[OK]

Proceed with reload? [confirm]

Jan 28 14:11:01.392 R0/0: %PMAN-5-EXITACTION: Process manager is exiting: process exit with reload chassis code

 

System Bootstrap, Version 15.6(10r)S, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 2016 by cisco Systems, Inc.

Compiled Thu 24-Mar-16 15:38 by alnguyen

Boot ROM1

Last reset cause: RSP-Board

Rommon upgrade requested

Flash upgrade reset 1 in progress

.......

System Bootstrap, Version 15.6(32r)S, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 2018 by cisco Systems, Inc.

Compiled Thu 30-Aug-18 06:23 by pallavik

*Upgrade in progress* Boot ROM0

Last reset cause: BootRomUpgrade

link status 0

link status 0

UEA platform with 3670016 Kbytes of main memory

 

We're coming up from a flash upgrade reset cookie

Located asr920-universalk9_npe.03.16.07.S.155-3.S7-ext.bin

Image size 311284732 inode num 17, bks cnt 75998 blk size 8*512

#################################################################

 

<OUTPUT TRUNCATED>

 

#################################################################

Boot image size = 311284732 (0x128dd3fc) bytes

pid_str[ASR-920-24SZ-M]

 

ROM:RSA Self Test hash Mismatch in long long word No. 0

ROM:Sha512 Self Test

Package header rev 2 structure detected

Calculating SHA-1 hash...

 

You have been idle for 150 seconds. Your session will end in 150 seconds.

 

done

validate_package_cs: SHA-1 hash:

        calculated f756f0e3:ae1eae7c:5742c1a0:5ee42ff4:9fe87a1c

        expected   f756f0e3:ae1eae7c:5742c1a0:5ee42ff4:9fe87a1c

 

RSA Signed RELEASE Image Signature Verification Successful.

Image validated

Passing control to the main image..

%IOSXEBOOT-4-BOOT_ACTIVITY_LONG_TIME: (rp/0): Checking if a ROMMON upgrade is pending after a reboot took: 5 seconds, expected max time 2 seconds

 

 

              Restricted Rights Legend

 

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

 

           cisco Systems, Inc.

           170 West Tasman Drive

           San Jose, California 95134-1706

 

 

Cisco IOS Software, ASR920 Software (PPC_LINUX_IOSD-UNIVERSALK9_NPE-M), Version 15.5(3)S7, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2018 by Cisco Systems, Inc.

Compiled Wed 07-Feb-18 21:52 by mcpre

 

 

It took around 10 minutes for the new ROMMON upgrade to complete (still using  the and old IOS-XE 3.x).

 

ASR920##show platform

Chassis type: ASR-920-24SZ-M

 

Slot      Type                State                 Insert time (ago)

--------- ------------------- --------------------- -----------------

 0/0      24xGE-4x10GE-FIXED-Sok                    07:10:00     

R0        ASR-920-24SZ-M      ok, active            07:14:05     

F0                            ok, active            07:14:05     

P0        ASR920-PSU0         ok                    07:12:09     

P1        ASR920-PSU1         ok                    07:12:11     

P2        ASR920-FAN          ok                    07:11:58     

 

Slot      CPLD Version        Firmware Version                       

--------- ------------------- ---------------------------------------

R0        19062614            15.6(32r)S

F0        19062614            15.6(32r)S

 

 

Change the router's boot varitable to use the new 16.12.4 IOS-XE. Save the config and perform a router reload afterwards.

 

ASR920(config)#no boot system

ASR920(config)#do show run | i boot

boot-start-marker

boot-end-marker

no ip bootp server

license boot level advancedmetroipaccess

 

ASR920(config)#boot system bootflash:asr920-universalk9_npe.16.12.04.SPA.bin

ASR920(config)#boot system bootflash:asr920-universalk9_npe.03.16.07.S.155-3.S7-ext.bin

ASR920(config)#

ASR920(config)#do show run | i boot

boot-start-marker

boot system bootflash:asr920-universalk9_npe.16.12.04.SPA.bin

boot system bootflash:asr920-universalk9_npe.03.16.07.S.155-3.S7-ext.bin

boot-end-marker

no ip bootp server

license boot level advancedmetroipaccess

ASR920(config)#end

ASR920#write memory

Building configuration...

[OK]

ASR920#reload

Proceed with reload? [confirm]

Jan 28 14:24:49.191 R0/0: %PMAN-5-EXITACTION: Process manager is exiting: process exit with reload

System Bootstrap, Version 15.6(32r)S, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 2018 by cisco Systems, Inc.

Compiled Thu 30-Aug-18 06:23 by pallavik

Boot ROM0

Last reset cause: RSP-Board

link status 0

link status 0

UEA platform with 3670016 Kbytes of main memory

 

Located asr920-universalk9_npe.16.12.04.SPA.bin

Image size 467318537 inode num 19, bks cnt 114092 blk size 8*512

#########################################################################################################

 

<OUTPUT TRUNCATED>

 

#########################################################################################################

Boot image size = 467318537 (0x1bdab709) bytes

pid_str[ASR-920-24SZ-M]

 

ROM:RSA Self Test hash Mismatch in long long word No. 0

ROM:Sha512 Self Test

Package header rev 2 structure detected

Calculating SHA-1 hash...done

validate_package_cs: SHA-1 hash:

        calculated 93d52b9c:88da0d2b:8dce19ea:db637a6a:1f59da0e

        expected   93d52b9c:88da0d2b:8dce19ea:db637a6a:1f59da0e

 

RSA Signed RELEASE Image Signature Verification Successful.

Image validated

Passing control to the main image..

Stage2 Bootldr for Polaris-image

 

 

              Restricted Rights Legend

 

Use, duplication, or disclosure by the Government is

subject to restrictions as set forth in subparagraph

(c) of the Commercial Computer Software - Restricted

Rights clause at FAR sec. 52.227-19 and subparagraph

(c) (1) (ii) of the Rights in Technical Data and Computer

Software clause at DFARS sec. 252.227-7013.

 

           Cisco Systems, Inc.

           170 West Tasman Drive

           San Jose, California 95134-1706

 

 

Cisco IOS Software [Gibraltar], ASR920 Software (PPC_LINUX_IOSD-UNIVERSALK9_NPE-M), Version 16.12.4, RELEASE SOFTWARE (fc5)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2020 by Cisco Systems, Inc.

Compiled Thu 09-Jul-20 17:13 by mcpre

 

 

PLEASE READ THE FOLLOWING TERMS CAREFULLY. INSTALLING THE LICENSE OR

LICENSE KEY PROVIDED FOR ANY CISCO SOFTWARE PRODUCT, PRODUCT FEATURE,

AND/OR SUBSEQUENTLY PROVIDED SOFTWARE FEATURES (COLLECTIVELY, THE

"SOFTWARE"), AND/OR USING SUCH SOFTWARE CONSTITUTES YOUR FULL

ACCEPTANCE OF THE FOLLOWING TERMS. YOU MUST NOT PROCEED FURTHER IF YOU

ARE NOT WILLING TO BE BOUND BY ALL THE TERMS SET FORTH HEREIN.

 

Your use of the Software is subject to the Cisco End User License Agreement

(EULA) and any relevant supplemental terms (SEULA) found at

http://www.cisco.com/c/en/us/about/legal/cloud-and-software/software-terms.html.

 

You hereby acknowledge and agree that certain Software and/or features are

licensed for a particular term, that the license to such Software and/or

features is valid only for the applicable term and that such Software and/or

features may be shut down or otherwise terminated by Cisco after expiration

of the applicable license term (e.g., 90-day trial period). Cisco reserves

the right to terminate any such Software feature electronically or by any

other means available. While Cisco may provide alerts, it is your sole

responsibility to monitor your usage of any such term Software feature to

ensure that your systems and networks are prepared for a shutdown of the

Software feature.

 

 

 

All TCP AO KDF Tests Pass

cisco ASR-920-24SZ-M (Freescale P2020) processor (revision 1.2 GHz) with 890398K/6147K bytes of memory.

Processor board ID CAT22041234

24 Gigabit Ethernet interfaces

4 Ten Gigabit Ethernet interfaces

32768K bytes of non-volatile configuration memory.

3670016K bytes of physical memory.

1328927K bytes of eMMC flash at bootflash:.

 

<OUTPUT TRUNCATED>

 

 

FPGA

System Bootstrap, Version 15.6(32r)S, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 2018 by cisco Systems, Inc.

Compiled Thu 30-Aug-18 06:23 by pallavik

Boot ROM0

Last reset cause: PowerOn

link status 0

link status 0

UEA platform with 3670016 Kbytes of main memory

 

Warning: filesystem is not clean

Located asr920-universalk9_npe.16.12.04.SPA.bin

Image size 467318537 inode num 19, bks cnt 114092 blk size 8*512

#############################################################################

 

<OUTPUT TRUNCATED>

 

#############################################################################

Boot image size = 467318537 (0x1bdab709) bytes

pid_str[ASR-920-24SZ-M]

 

ROM:RSA Self Test hash Mismatch in long long word No. 0

ROM:Sha512 Self Test

Package header rev 2 structure detected

Calculating SHA-1 hash...done

validate_package_cs: SHA-1 hash:

        calculated 93d52b9c:88da0d2b:8dce19ea:db637a6a:1f59da0e

        expected   93d52b9c:88da0d2b:8dce19ea:db637a6a:1f59da0e

 

RSA Signed RELEASE Image Signature Verification Successful.

Image validated

Passing control to the main image..

Stage2 Bootldr for Polaris-image

 

 

The IOS-XE 16.12.4 upgrade took around 25 minutes. The license key (port license) remained intact. Note the tacacs-server host <TACACS IP> command was deprecated and replaced by the server-private <TACACS+ IP> key <TACACS+ KEY> under the aaa group server sub-command in IOS-XE 16.12.2

If you've been configuring Cisco devices long enough, you'll always see this log:

Warning: The cli will be deprecated soon
'tacacs-server host 10.1.1.1'
Please move to 'tacacs server <name>' CLI

 

ASR920#show version

Cisco IOS XE Software, Version 16.12.04

Cisco IOS Software [Gibraltar], ASR920 Software (PPC_LINUX_IOSD-UNIVERSALK9_NPE-M), Version 16.12.4, RELEASE SOFTWARE (fc5)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2020 by Cisco Systems, Inc.

Compiled Thu 09-Jul-20 17:13 by mcpre

 

 

Cisco IOS-XE software, Copyright (c) 2005-2020 by cisco Systems, Inc.

All rights reserved.  Certain components of Cisco IOS-XE software are

licensed under the GNU General Public License ("GPL") Version 2.0.  The

software code licensed under GPL Version 2.0 is free software that comes

with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such

GPL code under the terms of GPL Version 2.0.  For more details, see the

documentation or "License Notice" file accompanying the IOS-XE software,

or the applicable URL provided on the flyer accompanying the IOS-XE

software.

 

 

ROM: IOS-XE ROMMON

 

ASR920 uptime is 7 hours, 10 minutes

Uptime for this control processor is 7 hours, 16 minutes

System returned to ROM by reload at 18:25:43 UTC Thu Jan 28 2021

System restarted at 18:35:28 UTC Thu Jan 28 2021

System image file is "bootflash:asr920-universalk9_npe.16.12.04.SPA.bin"

Last reload reason: Reload Command

 

 

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

 

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

 

If you require further assistance please contact us by sending email to

export@cisco.com.

 

License Level: advancedmetroipaccess

License Type: Permanent

Next reload license Level: advancedmetroipaccess

 

 

Smart Licensing Status: Smart Licensing is DISABLED

 

cisco ASR-920-24SZ-M (Freescale P2020) processor (revision 1.2 GHz) with 890398K/6147K bytes of memory.

Processor board ID CAT2201234

24 Gigabit Ethernet interfaces

4 Ten Gigabit Ethernet interfaces

32768K bytes of non-volatile configuration memory.

3670016K bytes of physical memory.

1328927K bytes of eMMC flash at bootflash:.

 

Configuration register is 0x2102