Cisco ASR-1001-X Update

There are at least two pieces of software you can update in a Cisco ASR-1001-X. The ROMMON (firmware) and the IOS itself.

This router uses “Cisco IOS XE Software”. Which is an IOS process on a Linux kernel as far as I know.

Cisco recommends specific ROMMON releases for different generations of software. You can look it up at: https://www.cisco.com/c/en/us/td/docs/routers/asr1000/rommon/asr1000-rommon-upg-guide.html#concept_zdm_2nx_5bb

The software versions for these ASR 1000 series routers had complicated versions numbers like these:

asr1001x-universalk9.03.16.07b.S.155-3.S7b-ext.SPA.bin which is 03.16.07b.S and actually IOS 15.5(3)S7b.

But with IOS 16 it was simplified a current software image looks like this

asr1001x-universalk9_noli.16.09.06.SPA.bin which is IOS 16.9.6.

If you have a cisco account with running service contract, you can download the Cisco software from: https://software.cisco.com/download/home

The IOS XE software, comes with or without “Payload encryption”, and with or without “Lawfull Interception”.

To check the current installed rommon and IOS version enter:

show plattform
show version

To update the rommon copy the rommon image to flash and enter:

upgrade rom-monitor filename bootflash:asr1000-romm... all

To update the IOS software copy the IOS image to the flash and enter (in config mode):

boot system flash bootflash:asr1001x-universalk9_...
no boot system flash bootflash:...old image...
no boot system flash bootflash:...older images...
boot system flash bootflash:...old image...
exit
wr

This changes the boot order to prefer the new image as default but keep the old one as fallback. After the “wr” you can check the bootvar with “show bootvar” and see if the next reboot should use the new image.

Next, reboot the router with “reload”, and check if the software has changed
after the reboot. You also might want to save a new backup of the configuration and check how it differs after the update.

Juniper MX204 Upgrade

1. Check the current version:

show version
Hostname: Router
Model: mx204
Junos: 18.2R1.9
JUNOS OS Kernel 64-bit [20180614.6c3f819_builder_stable_11]
...

2. go to https://support.juniper.net/support/downloads/ and select MX204, and search for newer version
3. Select “Install Package” -> “VMHOST 64-BIT” -> “tgz”
4. After login you will see a URL. Copy this URL
5. Download the file onto your Juniper MX204, with this command

> file copy “URL YOU COPIED”  /var/tmp/image-name.tgz

6. You may validate the image with:

> request vmhost software validate /var/tmp/image-name.tgz

7. Install the software

> request vmhost software add /var/tmp/image-name.tgz
> request vmhost reboot

Source: https://www.juniper.net/documentation/en_US/junos/topics/concept/installation_upgrade.html

Annoyances while updating F5

I had to upgrade several F5 load balancers from 11.5 to 12.1 in the last weeks. Usually updating F5 is quiet easy, but there are bugs or annoyances you should know:

  1. Sometimes F5 asks for re-activating after the first boot into the new version. It seems that you have to install the new version in a specific order to prevent this: BIGIP-Firmware, licence re-activate, BIGIP-Hotfix, Restart.
    Remember the appliance has to be in stand by mode when re-activating the licence.
  2. If the F5 asks for licence re-activation after reboot, it should be easy to re-activate. But even after licence activation, F5 is not working correctly. The SNMP MIB for LTM is not complete. You have to reboot again to activate the LTM SNMP MIB tree again.
  3. When switching from 11.5 to 12.1 the SNMP MIB changed. Serious manufactures that special care to keep the SNMP stable and compatible. F5 doesn’t they changed data types from 11.5 to 12.1 which means you have to update the MIB database. On the other hand if you do, you cannot query those OIDs from older machines. That’s why other manufactures never change data type, The correct way is to add new OIDs wait some years and deprecate the old OID. F5 doesn’t. Here’s a diff part of mibs_f5/F5-BIGIP-LOCAL-MIB.txt:
    - ltmNodeAddrStatCurSessions Gauge,
    - ltmNodeAddrStatCurrentConnsPerSec Gauge,
    - ltmNodeAddrStatDurationRateExceeded Gauge
    + ltmNodeAddrStatCurSessions CounterBasedGauge64,
    + ltmNodeAddrStatCurrentConnsPerSec CounterBasedGauge64,
    + ltmNodeAddrStatDurationRateExceeded CounterBasedGauge64
  4. Beside this breaking incompatibility between 11.5 and 12.1, they also changed some value names, which breaks software that used these names. This is not a bug but still annoying. Remember: an API has to be stable and backward compatible.
     inband(2),
    - forcedUp(3),
    + forced-up(3),
     up(4),
     down(19),
    - forcedDown(20),
    - iruleDown(22),
    - inbandDown(23),
    - downManualResume(24),
    + forced-down(20),
    + irule-down(22),
    + inband-down(23),
    + down-manual-resume(24),
     disabled(25)

Versions: F5 LTM 11.5.1, 11.5.3 and 12.1.1