White Paper
Upgrade Your Cisco DFA
Deployment
Cisco Prime Data Center Network Manager
7.0(2) to 7.1(2)
Cisco NX-OS Software 7.0(0)N1(1) to 7.1(1)N1(1)
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 1 of 27
Contents
Introduction .............................................................................................................................................................. 3
Topology................................................................................................................................................................... 4
Step 1: Upgrade Cisco Prime DCNM from Release 7.0(2) to 7.1(2) ..................................................................... 5
Step 2: Import the Migration POAP Template to Cisco Prime DCNM and Publish........................................... 10
Step 3: Copy the Migration Script and Leaf Switch Release 7.1 Software to Cisco Prime DCNM .................. 12
Step 4: Complete the POAP Definitions for Leaf Switches Using the New Migration Template and Software
................................................................................................................................................................................. 12
Step 5: Run the Migration Script (Two-Step Process) ........................................................................................ 20
Step 6: Regenerate POAP Leaf Switches ............................................................................................................ 24
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 2 of 27
Introduction
Cisco® DFA (Dynamic Fabric Automation) optimizes data centers through integration. DFA architecture eliminates
the need for overlay networks that can hinder traffic visibility and optimization and reduce scalability when physical
server and virtual machine environments are integrated. This architecture enables zero-touch provisioning and
greater orchestration, while delivering more predictable performance and latency for large cloud networks. The
following building blocks are the foundation of DFA
●
Fabric management: Fabric management simplifies workload visibility, optimizes troubleshooting, and
automates fabric component configuration.
●
Workload automation: The automation mechanism integrates with automation and orchestration tools
through northbound APIs. It provides control for the provisioning of fabric components by automatically
applying templates that use southbound APIs and standards-based protocols. These automation
mechanisms can also be extended to network services.
●
Optimized networking: A simple distributed gateway mechanism is used to support any subnet, anywhere,
concurrently. Existing redundancy models are also used to provide N+ redundancy across the entire fabric.
●
Virtual fabric: Virtual fabric extends the boundaries of segmented environments to different routing and
switching instances by using logical fabric isolation and segmentation within the fabric. All these
technologies can be combined to support hosting, cloud, and multitenancy environments.
Newer versions of software releases for Cisco DFA deployments have several enhancements. Autoconfiguration
profiles are among the main elements of the fabric that have been modernized, moving from individual to universal
profiles.
Universal profiles have been available since Cisco NX-OS Software Release 7.1(0)N1(1) for Cisco Nexus® 6000
Series Switches and the Cisco Nexus 5600 platform, and since NX-OS 7.2(0)D1(1) for Cisco Nexus 7000 Series
Switches and Cisco Prime Data Center Network Manager (DCNM) Release 7.1(1).
Universal profiles are enhanced configuration profiles that can support optional parameters and nondisruptive
profile refreshes. Support is also extended to Virtual Routing and Forwarding (VRF) profiles through the use of the
include profile any command in the network’s individual VRF profiles. VRF profiles (vrf-common) need not be
statically defined using Power On Auto Provisioning (POAP); instead, you can select any universal VRF profile in
Cisco Prime DCNM while creating a partition (vrf-common-universal, vrf-common, and so on). During the
instantiation of the network, the system downloads the selected VRF profile for the partition and performs the
necessary VRF, VLAN and switch virtual interface (SVI), bridge domain and bridge domain interface (BDI), and
Border Gateway Protocol (BGP) configurations.
In addition, Cisco Prime DCNM, also known as the central point of management and monitoring (CPOM), now has
new leaf switch templates (Fabric_N5600_N6K_Leaf_migration) to accommodate these changes.
This document helps customers who are planning to migrate their existing Cisco data center DFA deployments.
In this document, Cisco Prime DCNM will be migrated from Release 7.0(2) to Release 7.1(2). Hence, individual
profiles packaged in Release 7.0(0) will be upgraded to prepackaged universal profiles in Release 7.1(2).
Note:
When migrating from any other DCNM version, such as Release 7.0(1), the procedure is the same as the
procedure described here.
Switches that use NX-OS will be migrated from Release 7.0(0).N1(1) to Release 7.1(1).N1(1).
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 3 of 27
The step-by-step procedure is presented here.
The topology shown in the next section shows the current running software versions before the migration described
in this document.
Cisco Prime DCNM Release 7.0(2) is used.
The leaf switches (Cisco Nexus 6000 Series and 5600 platform switches) use NX-OS Release 7.0(2).N1(1).
The focus of this document is the upgrading and migration of leaf switches. Border leaf and spine switches need to
be upgraded as well using the new templates. Because hosts are connected to leaf switches, this document
discusses the migration of profiles only for leaf switches.
Note:
The migration process is disruptive. Hence, you must have a maintenance window when starting this
implementation. Make sure that you do not make any new changes during the entire migration process.
Topology
Figure 1 shows a typical Clos topology in which each leaf switch connects to all spine switches, and each spine
switch also connects to every leaf switch.
Figure 1.
Typical Clos Topology
To demonstrate a practical migration scenario, a simplified testbed was used (Figure 2). This testbed includes two
virtual PortChannel (vPC) paired leaf switches, one spine switch, and a dual-attached fabric extender (FEX)
connected to a hypervisor. Two VMs are spawned [[PLS REWRITE TO CLARIFY]] on the server connecting to
FEX 103 on host interface (HIF) port e103/1/23.
The hardware consists of:
●
Spine: Cisco Nexus 6004 Switch
●
Leaf: Cisco Nexus 6001 Switch
●
FEX: Cisco Nexus 2232TM 10GE Fabric Extender
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 4 of 27
Figure 2.
Testbed
Step 1: Upgrade Cisco Prime DCNM from Release 7.0(2) to 7.1(2)
As part of upgrade process, back up the current DCNM release. For step-by-step details of the upgrade process,
see the following link:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/7_x/dcnm/installation/master_files/OVA_Installation_
Guide/installing_DCNM_OVA.html - pgfId-747883
The testbed here uses DCNM without high availability, so you can use the steps that follow.
1.
Log in to DCNM as the root user.
2.
Enter the command appmgr backup all to back up DCNM.
[root@xxx ~]# appmgr backup all
Backing up all Process...
*********************************************************************************
Backup is available at /root/backup.05_07_2015__09_50_27.tar.gz
*********************************************************************************
3.
Copy the backup file you just created to a network server or TFTP server.
[root@xxx ~]# scp backup.05_07_2015__09_50_27.tar.gz <tftp_server>:/<path>/
4.
Power off DCNM 7.0(2).
5.
Deploy the DCNM Open Virtualization Archive (OVA) file for Release 7.1(2). Use exactly the same deployment
settings as for Release 7.0(2), such as network parameters (IP address, subnet, gateway, and Domain Name
System [DNS]), password, and VMware vCenter port groups for both network interfaces, and disable autopower-on.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 5 of 27
You can find the OVA file on Cisco.com at:
https://software.cisco.com/download/release.html?mdfid=281722751&flowid=&softwareid=282088134&release
=7.1(2)&relind=AVAILABLE&rellifecycle=&reltype=latest
6.
After DCNM 7.1(2) has been upgraded, right-click the virtual machine and choose Edit Settings > Hardware.
For both network adapters, update the MAC addresses so that they are the same as in DCNM 7.0(2). This
step is required to avoid problems Cisco Prime DCNM licensing.
7.
Power on the DCNM 7.1(2) virtual machine.
8.
Copy the backup file from old DCNM 7.0(2) in the external repository to the new DCNM 7.1(2). The file is
copied under the root in the following location in the new DCNM 7.1(2):
[root@xxx ~]# pwd
/root
[root@xxx ~]# ls *backup*
backup.06_04_2015__13_33_45.tar.gz
[root@xxx ~]#
[root@xxx ~]# appmgr status all
DCNM Status
PID
USER
===
=====
1637 root
PR
NI VIRT RES
SHR
S
%CPU %MEM
===
== ==== ===
===
=
==== ===== ======
20
0 3932m 1.2g
PR
NI VIRT RES
SHR
===
== ==== ===
===
27m S
TIME+
COMMAND
=======
2.0 15.9
1:01.11 java
S
%CPU %MEM
TIME+
=
==== ===== ======
LDAP Status
PID
USER
===
=====
2671 ldap
20
0
314m
19m 2508 S
0.0
0.2
COMMAND
=======
0:00.02 slapd
TFTP Status
PID
USER
===
=====
1431 root
PR
NI VIRT RES
SHR
S
%CPU %MEM
===
== ==== ===
===
=
==== ===== ======
20
0 21716 1004
PR
NI VIRT RES
SHR
S
%CPU %MEM
===
=
==== ===== ======
768 S
0.0
0.0
TIME+
COMMAND
=======
0:00.00 xinetd
DHCP Status
PID
USER
===
=====
===
== ==== ===
1444 dhcpd
20
0 45776 1184
212 S
0.0
0.0
TIME+
COMMAND
=======
0:00.01 dhcpd
XMPP Status
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 6 of 27
PID
USER
===
=====
PR
NI VIRT RES
SHR
S
%CPU %MEM
===
== ==== ===
===
=
==== ===== ======
2469 root
16m 6744 S
0.0
0.2
TIME+
COMMAND
=======
20
0 1389m
0:00.17 jabberd
PR
NI VIRT RES
SHR
S
%CPU %MEM
===
== ==== ===
===
=
==== ===== ======
AMQP Status
PID
USER
===
=====
2759 rabbitmq
9.
20
0 1102m
65m 2708 S
0.0
0.8
TIME+
COMMAND
=======
0:01.78 beam.smp
Use appmgr stop all to shut down all applications on Release 7.1(2).
[root@xxx ~]# appmgr stop all
Stopping SANServer ...
[
OK
]
...........................................................[
OK
]
Stopping slapd:
[
OK
]
[
OK
]
[
OK
]
Stopping Cisco SMI-S Agent...
Stopping LANServer... Stopped Cisco SMI-S Agent.
Stopping rabbitmq-server: rabbitmq-server.
Stopping xinetd:
Now stopping Jabber XCP:
\
Shutting down dhcpd:
10. To restore the file, use appmgr upgrade <backup_file_name>.
[root@xxx ~]# appmgr upgrade backup.05_07_2015__09_50_27.tar.gz
PLEASE SHUT DOWN ALL APPLICATIONS BEFORE CONTINUING..
Press 'y' to continue [y/n] [n]
y
Select an option for upgrading this appliance [] :
[1] Standalone DCNM with Local PostgreSQL database
[2] Standalone DCNM with External Oracle database
[3] High Availability
Choice [1|2|3]
1
Restoring DCNM...
/root
Restoring complete.
****************** STARTING all Applications. Please check status using
appmgr status all. ********************
**** Check /root/upgrade.log for details...****
[root@xxx ~]# appmgr status all
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 7 of 27
DCNM Status
PID
USER
===
=====
9438 root
PR
NI VIRT RES
SHR
S
%CPU %MEM
===
== ==== ===
===
=
==== ===== ======
20
0 4039m 1.2g
PR
NI VIRT RES
SHR
S
== ==== ===
===
=
27m S
TIME+
COMMAND
=======
0.0 15.0
1:06.02 java
%CPU %MEM
TIME+
LDAP Status
PID
USER
===
=====
12889 ldap
===
20
0
360m
62m 3092 S
PR
NI VIRT RES
SHR
S
===
== ==== ===
===
=
20
0 21720 1016
==== ===== ======
0.0
0.8
COMMAND
=======
0:00.09 slapd
TFTP Status
PID
USER
===
=====
13415 root
776 S
%CPU %MEM
TIME+
==== ===== ======
0.0
0.0
COMMAND
=======
0:00.00 xinetd
DHCP Status
PID
USER
PR
NI VIRT RES
SHR
S
%CPU %MEM
===
=====
===
== ==== ===
===
=
==== ===== ======
13466 dhcpd
20
0 48128 3992
PR
NI VIRT RES
SHR
S
%CPU %MEM
===
== ==== ===
===
=
==== ===== ======
628 S
0.0
0.0
TIME+
COMMAND
=======
0:00.00 dhcpd
XMPP Status
PID
USER
===
=====
13513 root
20
0 1389m
16m 6608 S
PR
NI VIRT RES
SHR
S
== ==== ===
===
=
0.0
0.2
TIME+
COMMAND
=======
0:00.15 jabberd
AMQP Status
PID
USER
===
=====
13286 rabbitmq
Note:
===
20
0 1102m
64m 2712 S
%CPU %MEM
TIME+
==== ===== ======
0.0
0.8
COMMAND
=======
0:01.33 beam.smp
If your deployment is a DCNM high-availability deployment, follow steps in the upgrade guide at the URL
listed at the beginning of Step 1.
11. Clear your browser cache. Log in to the new DCNM 7.1(2): https://<DCNM-MGMT-IP>.
12. The new version of DCNM requires some changes, so you need to modify General Settings. Choose Admin >
Fabric > General Settings.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 8 of 27
13. Scroll down to Other Configs. Change the global mobility domain from the default md0 to your own mobility
domain. In this example, the mobility domain is md-global. Click Apply.
Note:
The Global Mobility Domain Detectable VLAN Range shown here is the default range, which is 1-1000.
Change the VLAN values to match your environment. Otherwise, autoconfiguration of workloads will not be
possible.
14. Choose Admin > Fabric > POAP Settings.
Note that the Lightweight Directory Access Protocol (LDAP) host name and server name on the Manageability
tab for each leaf POAP definition is now mandatory, which differs from the previous release, so make sure that
you have it set as shown here under POAP Settings one time so that it autopopulates on each leaf template.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 9 of 27
Note:
If custom profiles are used in DCNM, the customer or user needs to manually add them to the new
DCNM 7.1(2). Doing so will be helpful in the next steps.
Step 2: Import the Migration POAP Template to Cisco Prime DCNM and Publish
The migration POAP template consists of new universal profiles such as the one shown here. It includes the
include profile any specification, unlike the previous individual profiles. In addition, the vrf-common-universal
configuration profile is now added as part of workload instantiation and no longer needs to be present on the
switch. Customers thus no longer need to have it configured on the switch. The template shown here works for
both old and new profiles.
configure profile defaultNetworkUniversalEfProfile
vlan $vlanId
vn-segment $segmentId
mode fabricpath
interface vlan $vlanId
vrf member $vrfName
ip address $gatewayIpAddress/$netMaskLength tag 12345
ip dhcp relay address $dhcpServerAddr use-vrf $vrfDhcp
ipv6 address $gatewayIpv6Address/$prefixLength tag 12345
fabric forwarding mode proxy-gateway
no ip redirects
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 10 of 27
no ipv6 redirects
mtu $mtuValue
no shutdown
include profile any
1.
Download the POAP migration template from the following link to your desktop and import it into DCNM and
publish it: https://communities.cisco.com/docs/DOC-58672.
2.
Log in to DCNM and navigate to Config > Templates.
3.
Import the template. Click on the downward-pointing arrow as shown here.
4.
Point to the template file that you saved before on your desktop. The template content is displayed.
5.
Select Published. A warning dialog box appears. Click OK.
6.
Click the Save and Exit button.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 11 of 27
Step 3: Copy the Migration Script and Leaf Switch Release 7.1 Software to Cisco Prime
DCNM
The migration script will help in converting the individual profiles that are currently used to newer universal profiles.
1.
Download the migration script from the Cisco community page at
https://communities.cisco.com/docs/DOC-58668 to your new DCNM.
2.
Copy the script to the root folder in DCNM. The script will look like this:
[root@xxx ~]# pwd
/root
[root@xxx ~]# ls *ldap*
ldapprofilesmigration.zip
[root@xxx ~]#
3.
Download the leaf switch software version from Cisco.com and copy it into your DCNM /var/lib/dcnm/ folder.
Download the kickstart image from the link shown here; then select 7.1(1)N1(1).
https://software.cisco.com/download/release.html?mdfid=284599508&flowid=39362&softwareid=282088130&r
elease=6.0(2)N2(7)&relind=AVAILABLE&rellifecycle=&reltype=latest
4.
Download the system image from the link shown here; then select 7.1(1)N1(1).
https://software.cisco.com/download/release.html?mdfid=284599508&flowid=39362&softwareid=282088129&r
elease=7.0(5)N1(1)&relind=AVAILABLE&rellifecycle=&reltype=latest
5.
Verify that your DCNM has the images at specified location.
[root@xxx dcnm]# cd /var/lib/dcnm/
[root@xxx dcnm]# ls *n6000-uk9*
n6000-uk9.7.1.1.N1.1.bin
n6000-uk9-kickstart.7.1.1.N1.1.bin
Step 4: Complete the POAP Definitions for Leaf Switches Using the New Migration Template
and Software
1.
Choose Config > Power on Auto Provisioning (POAP).
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 12 of 27
2.
Click POAP Definitions. You would see your switches listed under POAP Switch Definitions.
3.
Before you edit the definition to point to the migration template that you imported in Step 2, follow the next
steps to work around an issue. See the appendix for more information.
a.
Under POAP Switch Definitions, click Add.
b.
Select Generate Definition. Click on Next
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 13 of 27
c.
Click Next. Don’t enter anything yet.
d.
From the Fabric drop-down list, choose Template as Fabric_N5600_N6K_Leaf_migration.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 14 of 27
e.
Click Cancel. Now you will be returned to the POAP Switch Definitions page.
4.
Select one leaf switch at a time and click Edit to edit the POAP definition.
5.
Select Generate Definition and click Next.
6.
On the Enter Switch Details page, select the kickstart and system NX-OS 7.1(1)N1(1) images. Then click Next.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 15 of 27
7.
Point to the migration template that you downloaded from the Cisco Community page.
8.
Fill in the mandatory details, marked with red asterisks (*), on each tab.
Note:
9.
The test setup shown in this document uses an active-active, or dual-homed, FEX.
The pattern of the FEX has changed from the old release. Follow the steps shown here to correct your FEX
configuration in the new migration template. These steps apply for both dual- and single-connected fabric
extenders. For more information, see the appendix.
a.
Click Manage.
b.
Click Add and name the settings test as shown here.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 16 of 27
c.
Click Save and then OK.
d.
Scroll down to the FEX_ARRAY field.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 17 of 27
e.
If you have two or more fabric extenders, you need to add, true after the port numbers or before the two
curly braces as shown here. Then add this value for each and every FEX.
For example, if you have two fabric extenders, your settings should look like this:
f.
Return to Saved Settings and select the desired name. In the example here, the name is test.
Then click Apply.
10. Click Next.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 18 of 27
11. Check the configuration that would be pushed by selecting Preview CLI (optional) and finally click Publish.
12. Repeat the same steps for the other leaf switches in the fabric.
13. Enter a write erase command and reload both vPC pair leaf switches to update them with the POAP migration
template. This step is disruptive. You will notice traffic drops during this process.
vpc-vl1# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n)
[n] y
reload
vpc-vl1# reload
WARNING: This command will reboot the system
Do you want to continue? (y/n) [n] y
vpc-vl2# write erase
Warning: This command will erase the startup-configuration.
Do you wish to proceed anyway? (y/n)
[n] y
reload
2015 Jun 5 06:36:09 vpc-vl2 %$ VDC-1 %$ %VPC-2-PEER_KEEP_ALIVE_RECV_FAIL: In
domain 1000, VPC peer keep-alive receive has failed
y
vpc-vl2# reload
WARNING: This command will reboot the system
Do you want to continue? (y/n) [n] y
Note:
The preceding approach is the recommended one; however, you can also perform this step from the
DCNM GUI. Navigate to > Power on Auto Provisioning (POAP) > POAP Definitions. Select the leaf switch as show
here and click the Write Erase and Reload option next to Publish.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 19 of 27
Verify the new software on the leaf switches.
vpc-vl1# sh ver |i image
kickstart image file is: bootflash:///n6000-uk9-kickstart.7.1.1.N1.1.bin
system image file is:
bootflash:///n6000-uk9.7.1.1.N1.1.bin
vpc-vl2# sh ver |i image
kickstart image file is: bootflash:///n6000-uk9-kickstart.7.1.1.N1.1.bin
system image file is:
bootflash:///n6000-uk9.7.1.1.N1.1.bin
As you can see, differences are detected, which is expected because the new template has additional
configurations.
For spine switches and border leaf switches, upgrade to the new packaged templates in DCNM so that your
software versions are consistent across the fabric and to get the benefits of the improved POAP templates. As a
best practice, upgrade in sequence rather than in parallel. After you upgrade the spine switches and the border leaf
switches, verify that the configuration is set up according to your requirements.
Step 5: Run the Migration Script (Two-Step Process)
The migration script maps the current existing individual profiles to universal profiles.
1.
Unzip the migration script that you downloaded in Step 3 and place it in DCNM. This process will extract the
directory ldapprofilesmigration. Go to the ldapprofilesmigration directory.
[root@xxx ~]# unzip ldapprofilesmigration.zip
Archive:
ldapprofilesmigration.zip
creating: ldapprofilesmigration/
inflating: ldapprofilesmigration/Partition.class
inflating: ldapprofilesmigration/ldap_upgrade.sh
inflating: ldapprofilesmigration/LDAPUpgrade.class
[root@xxx-b31 ~]# cd ldapprofilesmigration
[root@xxx-b31 ldapprofilesmigration]# pwd
/root/ldapprofilesmigration
[root@xxx ldapprofilesmigration]# ls
LDAPUpgrade.class
ldap_upgrade.sh
Partition.class
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 20 of 27
2.
Run the script the first time as shown here in DCNM to generate the configuration file in the current path.
[root@xxx ldapprofilesmigration]# sh ldap_upgrade.sh generate-config -p cisco123
Generating Config file...
*********************************************************************************
Config file is available at
/root/ldapprofilesmigration/individualProfilesMapping.cfg
*********************************************************************************
As you can see here, the profiles are remapped after the script is run.
[root@xxx ldapprofilesmigration]# cat individualProfilesMapping.cfg
###individualProfile Mapping for Network Migration. Adjust custom template
mapping as needed
defaultNetworkIpv4EfProfile=defaultNetworkUniversalEfProfile
defaultNetworkIpv6EfProfile=defaultNetworkUniversalEfProfile
defaultNetworkIpv6TfProfile=defaultNetworkUniversalTfProfile
defaultNetworkIpv4v6EfProfile=defaultNetworkUniversalEfProfile
defaultNetworkIpv4v6TfProfile=defaultNetworkUniversalTfProfile
defaultNetworkdefaultPartitionIpv4EfProfile=defaultNetworkUniversalEfProfile
defaultNetworkdefaultPartitionIpv4TfProfile=defaultNetworkUniversalTfProfile
defaultNetworkdefaultPartitionIpv4v6EfProfile=defaultNetworkUniversalEfProfile
defaultNetworkdefaultPartitionIpv4v6TfProfile=defaultNetworkUniversalTfProfile
defaultNetworkdefaultPartitionIpv6EfProfile=defaultNetworkUniversalEfProfile
defaultNetworkdefaultPartitionIpv6TfProfile=defaultNetworkUniversalTfProfile
defaultNetworkIpv4TfProfile=defaultNetworkUniversalTfProfile
defaultNetworkIpv4EfESProfile=defaultNetworkUniversalEfProfile
defaultNetworkIpv4TfESProfile=defaultNetworkUniversalTfProfile
externalNetworkIpv4TfStaticRoutingESProfile=externalNetworkUniversalTfStaticRouti
ngESProfile
serviceNetworkIpv4TfStaticRoutingESProfile=serviceNetworkUniversalTfStaticRouting
Profile
serviceNetworkIpv4DynamicRoutingESProfile=serviceNetworkUniversalDynamicRoutingES
Profile
externalNetworkIpv4DynamicRoutingESProfile=externalNetworkUniversalDynamicRouting
ESProfile
serviceNetworkIpv4TfL3VpathServiceNodeProfile=serviceNetworkUniversalTfL3VpathSer
viceNodeProfile
serviceNetworkIpv4EfL3VpathServiceClassifierProfile=serviceNetworkUniversalEfL3Vp
athServiceClassifierProfile
defaultNetworkIpv4TfGblVlanProfile=defaultNetworkUniversalTfGblVlanProfile
defaultNetworkIpv6TfGblVlanProfile=defaultNetworkUniversalTfGblVlanProfile
defaultNetworkIpv4v6TfGblVlanProfile=defaultNetworkUniversalTfGblVlanProfile
defaultNetworkdefaultPartitionIpv4TfGblVlanProfile=defaultNetworkUniversalTfGblVl
anProfile
defaultNetworkdefaultPartitionIpv6TfGblVlanProfile=defaultNetworkUniversalTfGblVl
anProfile
defaultNetworkdefaultPartitionIpv4v6TfGblVlanProfile=defaultNetworkUniversalTfGbl
VlanProfile
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 21 of 27
serviceNetworkIpv4DynamicRoutingLBProfile=serviceNetworkUniversalDynamicRoutingLB
Profile
defaultNetworkIpv4EfDynamicRoutingLBProfile=defaultNetworkUniversalEfProfile
defaultNetworkIpv4TfDynamicRoutingLBProfile=defaultNetworkUniversalTfProfile
serviceNetworkIpv4LBChainLBESProfile=serviceNetworkUniversalDynamicRoutingLBProfi
le
serviceNetworkIpv4ESChainLBESProfile=serviceNetworkUniversalESChainLBESProfile
defaultNetworkIpv4EfChainLBESProfile=defaultNetworkUniversalEfProfile
defaultNetworkIpv4TfChainLBESProfile=defaultNetworkUniversalTfProfile
serviceNetworkIpv4TfLBStaticRoutingProfile=serviceNetworkUniversalTfStaticRouting
Profile
defaultNetworkIpv4EfLBStaticRoutingProfile=defaultNetworkUniversalEfProfile
defaultNetworkIpv4TfLBStaticRoutingProfile=defaultNetworkUniversalTfProfile
##Below profile(s) are not in mapping list, so assigned default profile
### Partition Migration settings
### vrfName will be set consistently on a partition as well as all its
corresponding child networks.
### Leave vrfName empty if you don't want to specify a vrf for a given partition.
This means that all networks in that partition will be part of the default vrf.
orgName=tenant
partitionName=vpn
vrfName=tenant:vpn
vrfProfileName=vrf-common-universal
-orgName=tenant
partitionName=default
vrfName=tenant:default
vrfProfileName=vrf-common-universal
-3.
If you have virtual machines or workloads in the default VRF instance and they are being autoconfigured, then
edit the vrfName configuration file parameter to make it blank. Don’t change the format of the file.
orgName=tenant
partitionName=default
vrfName=
vrfProfileName=vrf-common-universal
4.
If you are using custom autoconfiguration profiles, make sure that you validate them and map them to the
desired new universal autoconfiguration profiles.
5.
Run script a second time as shown here in DCNM to update the workload autoconfiguration profiles and VRF
names in LDAP. When a border leaf is present in the fabric, it advertises the default route to other leaf nodes
in the same fabric. To install the default route, on each leaf you need to define the import the route-target (RT)
value to make it the same as that used for the border leaf BGP update. In the following example, you must
specify the RT value such as AS:RT. If you don’t want to update any value, you can leave it empty.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 22 of 27
Usage: sh ldap_upgrade.sh update-config -p <ldap-password> -blRt <value-ofBorderLeafRt>
-blRt <value-of-BorderLeafRt> : Lookup the value from BGP_RT_VNI variable in POAP
ex: 65000:9999 (AS:RT)
If you don’t want to update any value, leave the -blRt value empty.
sh ldap_upgrade.sh update-config -p <ldap-password> -blRt
[root@xxx ldapprofilesmigration]# sh ldap_upgrade.sh update-config -p cisco123 blRt 65000:9999
Please wait... Migrating from Individual Profiles to Universal Profiles...
Migration done successfully...
6.
Verify that the profiles have been migrated in DCNM to universal profiles. Navigate to Config > AutoConfiguration (under Fabric).
As you can see, the profiles have now been migrated to the new profiles: vrf-common-universal and
defaultNetworkUniversalEfProfile.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 23 of 27
Step 6: Regenerate POAP Leaf Switches
To be consistent from now on and use only universal profiles, you should select the new packaged templates
instead of using the POAP migration template.
1.
Navigate to > Power on Auto Provisioning (POAP) > POAP Definitions. Select the leaf switch and click Edit.
Then select Generate Definition. Click Next.
2.
Select the new default leaf templates (Fabric_N5600_N6K_Leaf_v2) that are bundled into DCNM instead of
the migration template previously used in Step 4.
3.
Repeat this process on the remaining leaf switches.
4.
Enter a write erase command and reload all the leaf switches one more time to get the updated profiles and
LDAP configurations. The new templates are now listed.
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 24 of 27
Note:
Some additional commands will be needed as part of the upgrade. However, all these are complementary
to the previous versions of the configuration. The only the obvious new global command included on the leaf
templates as part of this migration is system default trunk allocate vlan dynamic. For more information about
this feature, refer to the configuration guide at
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/dfa/configuration/b-dfa-configuration/b-dfaconfiguration_chapter_011.html.
5.
Verify the configuration on the switch.
vpc-vl1# sh config-pr
config-profile defaultNetworkUniversalEfProfile
vlan $vlanId
vn-segment $segmentId
mode fabricpath
interface vlan $vlanId
vrf member $vrfName
ip address $gatewayIpAddress/$netMaskLength tag 12345
ip dhcp relay address $dhcpServerAddr use-vrf $vrfDhcp
ipv6 address $gatewayIpv6Address/$prefixLength tag 12345
fabric forwarding mode proxy-gateway
no ip redirects
no ipv6 redirects
mtu $mtuValue
no shutdown
include profile any
applied: instance_vni_32001_1
applied: <instance_vni_41000_2, tenant:vpn_1(vrf-common-universal)>
config-profile vrf-common-universal
vrf context $vrfName
vni $include_vrfSegmentId
rd auto
ip route 0.0.0.0/0 $include_serviceNodeIpAddress
address-family ipv4 unicast
route-target import $include_borderLeafRt
route-target both auto
address-family ipv6 unicast
route-target import $include_borderLeafRt
route-target both auto
router bgp $asn
vrf $vrfName
address-family ipv4 unicast
redistribute hmm route-map FABRIC-RMAP-REDIST-HOST
redistribute direct route-map FABRIC-RMAP-REDIST-SUBNET
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 25 of 27
maximum-paths ibgp 2
address-family ipv6 unicast
redistribute hmm route-map FABRIC-RMAP-REDIST-V6HOST
redistribute direct route-map FABRIC-RMAP-REDIST-SUBNET
maximum-paths ibgp 2
applied:
config-profile vrf-tenant-profile
vlan $vrfVlanId
vn-segment $vrfSegmentId
mode fabricpath
interface vlan $vrfVlanId
vrf member $vrfName
ip forward
no ip redirects
ipv6 forward
no ipv6 redirects
mtu 9192
no shutdown
applied: <param_inst_50000>
vpc-vl1# sh fabric database host
Active Host Entries
flags: L - Locally inserted, V - vPC+ inserted, R - Recovered, X - xlated Vlan
VNI
VLAN
STATE
FLAGS PROFILE(INSTANCE)
32001
3000 Profile Active V
defaultNetworkUniversalEfProfile(instance_vni_32001_1)
41000
3001 Profile Active V
defaultNetworkUniversalEfProfile(instance_vni_41000_2
Appendix: Workarounds
CSCuu29072
At the time of writing of this document,
a workaround was used.
CSCut87903
At the time of writing of this document,
a workaround was used.
Cisco Prime DCNM 7.1.2 migration from 7.0.2: Fabric extenders need
to be edited again.
Status: Assigned
Cisco Prime DCNM 711(106): Migration template is not selected on
the first edit.
Status: Resolved
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 26 of 27
Printed in USA
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
C11-735101-01
01/16
Page 27 of 27