Menu
Article General Networking

[How To] Upgrade a Cisco SD-WAN Network

Matt Schmitz

Matt Schmitz

• 7 min read

I have a local Cisco SD-WAN lab environment running at home, which was built in EVE-NG. It's what I use whenever I need to test something for a customer, or just play around with the templates or APIs.

I'm planning on spending some hands-on time with new features soon, along with working on some automation projects - so it's well past time to upgrade my lab.

Currently I'm running on version 18.4.302, but my intent is to upgrade to 20.3.2 - which is the latest version available today.

In this blog post, we'll walk through how to upgrade a Cisco SD-WAN / Viptela network, including:

  • Control Plane:
    • vManage
    • vBond
    • vSmart(s)
  • Data Plane:
    • vEdge / vEdge Cloud

While my lab is using the on-prem controllers, these steps will work just the same if you're using Cisco's cloud-hosted controllers.

Downloading the Software Images

First thing's first - in order to upgrade our environment, we need the correct software images!

Head over to Cisco Software Downloads, and search for SD-WAN (or click here!).

03---software-download-pt2---cropped

Once on this page, I just want to call out that we will need to click on the SD-WAN Software Update link. This may seem simple enough, but the other links for vManage Software or vSmart Software only contain images for a new install.

After that - just select the image version that you would like to upgrade to, and download both images.

In my case, since I'm downloading version 20.3.2, I'll be using the following images:

  • vSmart, vEdge Cloud, vEdge 5000, ISR1100 series and vBond upgrade image
    • File name: viptela-20.3.2-x86_64.tar.gz
  • vManage upgrade image
    • File name: vmanage-20.3.2-x86_64.tar.gz

Adding Images to the Software Repository

The process for upgrading a Cisco SD-WAN environment is pretty straightforward.

The control plane can be upgraded independently of the edge devices, so long as everything stays within the bounds of the compatability matrix. In my case, I'll be upgrading to 20.3.2 - and the controllers could still support edge devices as far back as 17.2. So no issues here!

Alright - let's get started!

First, we'll need to upload our images into our local vManage software repository. This is the file storage for all upgrade images, and it's where the controllers & edge devices will go to pull their images from.

In the vManage dashboard, we'll go to the Maintenance tab and select Software Repository.

Then, click on Add New Software.

06---vmanage-software-repo---cropped

In here we'll see a few options: vManage and Remote Server / Remote Server - vManage.

We'll use vManage if we want to upload & distribute images from the local vManage server we're logged into currently.

Alternatively, we could use a remote file storage server by using the Remote Server option. If you choose to go this route, don't forget to ensure that ALL controllers & WAN edge devices have access to this storage location.

After you select an option, it's an easy drag & drop to upload the software images.

Planning the Upgrade

So before we get into actually applying our image upgrades - let's address the questions of "What order do I upgrade things in?" and "What's the impact?".

Since this is a lab environment for me, I'll be upgrading everything all at once - since uptime / outages aren't a factor here.

If you're doing this in a production environment, I highly recommend performing these upgrades in an outage / maintenance window - or at least an off-peak time.

Yes, you can upgrade the controllers at any time without causing any issue. Yes, you can upgrade a redundant pair of vEdge devices and keep a branch online. However, I would advise you to try these out off-hours first - and get your own understanding of how this works & what to expect before doing it in production.

As for the upgrade order, we're going to start at the top of the food chain and work our way down:

  • Upgrade vManage first
  • Then vBond
  • Upgrade ONE vSmart controller & wait for it to come online / re-establish control connections
  • Then upgrade the second / redundant vSmart controller
  • After the control plane is upgraded & stable - move onto the edge devices

These steps can also be found under the Best Practices section of the Cisco SD-WAN Getting Started Guide. Cisco's official recommendation is to wait 24 hours in between a few of those steps, to ensure platform stability - but for my lab that won't be necessary

Upgrading vManage

Once we have uploaded our images & we have our upgrade plan - we can move forward with actually performing the image upgrades.

Starting with vManage - we'll go to Maintenance > Software Upgrades > vManage.

Then we'll click on Upgrade and select our version - in my case 20.3.2. After that, just click Upgrade

vmange-upgrade-dialog

Now, what this does in the background is just pre-stage the vManage image for an upgrade. The actual software upgrade is not occurring just yet.

Think of this step like you might prepare an IOS/IOS-XE router: Copying the image to the device flash. The image is there and ready - but we haven't booted to it yet.

Once that's all done, we'll go back to the vManage upgrade page and click Activate, select our image again, then click Activate.

Now this step is where vManage will reboot, apply the upgrade, and come back online with the new image.

Again, back to the IOS/IOS-XE analogy: this is the equivalent of setting out boot system flash:<image name> to the new image, then rebooting our router.

vManage may take a short while to complete & reinitialize. In my lab, about 10-15 minutes.

Upgrading vBond & vSmart

After vManage is done, it's time to work on the real heart of our control plane: vBond & vSmart.

Similar to vManage, we'll start by going to Maintenance > Software Upgrades > Controller.

Here we will need to select the devices we want to upgrade. As I mentioned earlier, you may want to do these one at a time & in a phased approach. However, in my lab I'll select all of them to upgrade at once.

Now in this case, vManage will still follow the proper order (vBond, then vSmart), and even perform a rolling upgrade one device at a time. This may be suitable for you in production, but again I would urge you to test it for yourself first!

controller-upgrade-dialog

The other big difference here, as you can see in the screenshot above, is the presence of the Activate & Reboot checkbox.

This does exactly as you would anticipate. Instead of doing the two-step process with vManage where we staged the image, then performed the activation/reboot - this checkbox will do all of that in one step.

In my lab environment, I did check this box & allowed everything to reboot automatically.

Why is there a separation between uploading the image & rebooting / activating it? To allow better granularity over the process.

For example, maybe you have a poor internet connection at a branch site & the image upload may take a long time. This separation of tasks allows you to stage all of the images independently of applying them. If you have a short outage window, this could help you save time by pre-staging the images ahead of time.

Back to the upgrade - just like vManage we'll select the version we're applying then click Upgrade

Again - Depending on the resources available to your controllers, the image upload / activation process may take a short while...

Upgrading the WAN Edge Appliances

In my lab, I'm currently using a handful of vEdge Cloud VMs as branch office routers. The upgrade process here should apply to other edge devices as well.

After we're confident our controller upgrades have been successful & all control connections have been re-established - we can move to upgrading our edge devices.

It's also worth mentioning that my lab currently has no redundant deployments of WAN edge appliances. All of my test 'branch offices' are single-homed to one vEdge Cloud - so an outage will be required to apply the images.

If you're using a redundant configuration at a remote site, ideally you would upgrade ONE edge device first. Then only upgrade the second after control connections & routing adjacencies had been re-established on the first device. This should allow for an upgrade with minimal downtime.

The process for upgrading the edge devices mirrors what we saw for vBond / vSmart.

We'll go to Maintenance > Software Upgrade > WAN Edge, then select the edge devices we want to upgrade.

Click Upgrade, select the target version from the drop-down, then click Upgrade. Again, in my case, I also selected the Activate & Reboot checkbox

vedge-upgrade-dialog

NOTE: It's worth mentioning that for the WAN Edge upgrade, vManage will push the upgrade to all devices simultaneously. If you would like to perform a rolling upgrade here, you'll have to manage it yourself. In the case of a site where a redundant vEdge is deployed & they share the same site ID, vManage automatically will handle upgrading only one at a time to maintain uptime (Thanks Tim McConnaughy for clarifying this!).

Once again, we'll give the edge devices a few minutes to download & apply their software upgrades. Then we'll check to ensure all of the control connections re-established & traffic is flowing.

Wrap up

Once your edge devices are back online, it's all done! The network has been upgraded to the new version.

There are a handful of ways to check this, but one easy way is via the device monitor page: Monitor > Network

This page will list a summary of everything in the network, including the current software version & number of established control connections. For me, it's an easy way to get a one-page summary of the network.

monitor-networkpng

From the screenshot above - we can see that all of my lab devices are back online & running software version 20.3.2.

That's it! Hope this post was helpful to you.

Thanks for reading!

Share