Unpacking Cisco DNA Center (Part 2 of 3): Base Automation: Intent-based Software Upgrades
4 min read
Note: The following is the second of a three-part technical blog series focusing on some of the main use cases behind Cisco DNA Center – the network management, command center, and analytics platform for Cisco DNA (Digital Network Architecture)
In my first blog, I provided an overview of how Cisco DNA Center Automation can drastically reduce costs, and time spent on provisioning and change management in Day 0 operations. To continue where we left off, I would like to focus on operations, and more specifically the software upgrade process for the network infrastructure.
Usually when I’m presenting this topic to a live audience, I always like to start by asking who really enjoys the process of upgrading code in network devices. I have to admit… I am always a bit surprised when I get even a few hands in the room, since I would expect no one really ‘enjoys’ this process (I know I certainly don’t)!
Upgrading the infrastructure involves a multi-step process and typically goes something like this…
- Plan for an image upgrade
- Select a ‘Golden Image’
- Identify devices that require the upgrade
- Create a change request if using an IT Service Management Tool i.e. ServiceNow – although this is optional.
- Obtain approval for the change request if using an IT Service Management Tool (also optional).
- Perform pre-checks in the devices: i.e. do the devices have enough flash, or RAM? Is your running-config saved? etc.
- Distribute the image to the device (copy image to flash)
- Activate the image in the device, which typically involves having to reload the device
- Perform post-checks: is the device working the same way as before the upgrade?
- Close change request
The process can be daunting and time consuming and for this reason, many of us prefer to postpone this task until there’s no other option. Which brings me to a side topic: one of the main drivers for upgrading code is related to security. With Cisco DNA Center, we can easily identify the PSIRT advisories (which is short for Cisco’s Product Security Incident Response Team) that are affecting the infrastructure, completely eliminating the guessing game.
In the dashboard snapshots below, we can see the number of advisories affecting the devices in my lab, and the specific actions to take:
We can now leverage Cisco DNA Center to find out how vulnerable our network infrastructure is and if a software upgrade is required.
Now let’s go back to that dreaded, multi-step process… With Cisco DNA Center we can greatly simplify the upgrade process by automating most of the steps in the process natively or leveraging the integration with external ITSM (IT Service Management).
Once you decide on the best image for your devices, we can tag this image as ‘golden’. A Golden Image can be specified per device type (Catalyst 9300, Catalyst 9400, etc), per site and per device role (access, distribution, core, etc).
Once the Golden Image is identified and marked, Cisco DNA Center will provide a report on what devices are compliant or non-compliant with that image—that way we don’t need to manually track the devices that require the upgrade. Instead, Cisco DNA Center will perform the corresponding pre-checks for you to ensure a successful upgrade is complete.
The last step of the workflow is the distribution and activation of the image. Distribution means copying the image to the device’s flash. Activation means reloading the device with the new image. During the distribution and activation steps, Cisco DNA Center performs multiple checks. For example, Cisco DNA Center checks that there’s a correct config-register configured in the device.
Seeing is believing, so let’s have a look at how Software and Image Management – aka SWIM – works in real-time.
[click the image to watch my demo]
The second piece of this use case is about automatically upgrading your Cisco Wireless Controllers (WLC) and Access Points with minimal to zero downtime for the clients. The AP’s will be upgraded in a staggered manner using a feature called “N+1 Rolling AP upgrade” feature, supported with the Catalyst 9800 WLC and completely automated by Cisco DNA Center.
With this feature, the WLC will divide the AP’s into groups using the RRM algorithm and will automatically upgrade these groups so that whenever APs in one iteration go for a reboot, the other APs can provide the appropriate network coverage required for the clients.
This capability leverages two concepts: N+1 controller and mobility groups. N+1 controller is typically used for HA and it refers to a standby WLC. With Mobility Groups we can group together wireless controllers for a seamless roaming experience for wireless clients. With the “N+1 Rolling AP upgrade”, we will have the primary and N+1 wireless controllers in the same mobility group. This will allow to move and upgrade AP’s from the primary to the N+1 controller in a staggered way.
Let’s walk through this one in more detail…
[click for demo]
Hope you found this post valuable and informative to help seamlessly upgrade software images across the network. Stay tuned for my next and final blog in the series where we will explore how to quickly remediate and solve network issues using machine learning and advanced analytics with Cisco DNA Assurance.
More to come!
-Lila
See the Top 5 reasons how Cisco DNA Center can help solve your biggest network challenges in our Getting Started Guide