CISCO 8000 – How to install SMU under XR7

2024-02-08 | No comments

Prerequisites

I have several posts regarding CISCO 8000 software installation shown below:

The most important is to understand how to use a local repository or remote repository.

This article also applies to other products using XR7, such as some NCS540.

SMU install (Use local repository)

Copy all SMU file to the local folder, in this case, i create a folder named “repo” under harddisk:

[node0_RP0_CPU0:/harddisk:/repo]$ls
8000-7.3.15.CSCvw58830.tar  8000-7.3.15.CSCvy35867.tar
8000-7.3.15.CSCvx48017.tar  8000-7.3.15.CSCvy42027.tar
8000-7.3.15.CSCvx50864.tar  8000-7.3.15.CSCvy43997.tar
8000-7.3.15.CSCvx68887.tar  8000-7.3.15.CSCvy52710.tar
8000-7.3.15.CSCvx76463.tar  8000-7.3.15.CSCvy53516.tar
8000-7.3.15.CSCvx84404.tar  8000-7.3.15.CSCvy55726.tar
8000-7.3.15.CSCvx99992.tar  8000-7.3.15.CSCvy61939.tar
8000-7.3.15.CSCvy06576.tar  8000-7.3.15.CSCvy66996.tar
8000-7.3.15.CSCvy12145.tar  8000-7.3.15.CSCvy67283.tar
8000-7.3.15.CSCvy14896.tar  8000-7.3.15.CSCvy72415.tar
8000-7.3.15.CSCvy16526.tar  8000-7.3.15.CSCvy73299.tar
8000-7.3.15.CSCvy16725.tar  8000-7.3.15.CSCvy77182.tar
8000-7.3.15.CSCvy17864.tar  8000-7.3.15.CSCvz04661.tar
8000-7.3.15.CSCvy24941.tar  8000-7.3.15.CSCvz25325.tar
8000-7.3.15.CSCvy26732.tar  8000-7.3.15.CSCvz45349.tar
8000-7.3.15.CSCvy33251.tar  8000-7.3.15.CSCvz67583.tar
8000-7.3.15.CSCvy33657.tar

then try unzip all the smu file buy use two simple shell script:

[node0_RP0_CPU0:/harddisk:/repo]$for tar in *.tar; do tar -xvf $tar; done
8000-7.3.15.CSCvw58830.txt
8000-x86_64-7.3.15-CSCvw58830.tgz
8000-7.3.15.CSCvx48017.txt
8000-x86_64-7.3.15-CSCvx48017.tgz
8000-7.3.15.CSCvx50864.txt
8000-x86_64-7.3.15-CSCvx50864.tgz

[node0_RP0_CPU0:/harddisk:/repo]$for tar in *.tgz; do tar -xvf $tar; done
8000-x86_64-7.3.15-CSCvw58830/
8000-x86_64-7.3.15-CSCvw58830/xr-rpl-8608-rp1-7.3.15v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.15-CSCvw58830/xr-rpl-88-lc0-34h14fh-7.3.15v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.15-CSCvw58830/xr-rpl-8102-64h-7.3.15v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.15-CSCvw58830/primary.xml.gz
8000-x86_64-7.3.15-CSCvw58830/xr-rpl-8201-7.3.15v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.15-CSCvw58830/xr-rpl-d17f630e9aaec8a3-7.3.15v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.15-CSCvw58830/xr-rpl-7.3.15v1.0.1-1.x86_64.rpm

Config the local repository with the path “file:///harddisk:/repo/”

RP/0/RP0/CPU0:8201-01#conf 
Thu Oct  7 06:36:45.111 UTC
RP/0/RP0/CPU0:8201-01(config)#
RP/0/RP0/CPU0:8201-01(config)#
RP/0/RP0/CPU0:8201-01(config)#install 
RP/0/RP0/CPU0:8201-01(config-install)#no repository remo-repo
RP/0/RP0/CPU0:8201-01(config-install)#
RP/0/RP0/CPU0:8201-01(config-install)#repository local-repo
RP/0/RP0/CPU0:8201-01(config-repository)#url file:///harddisk:/repo/
RP/0/RP0/CPU0:8201-01(config-repository)#commit 
Thu Oct  7 06:38:04.997 UTC
RP/0/RP0/CPU0:8201-01(config-repository)#

We have two command to check the SMU in the local repository:

RP/0/RP0/CPU0:MXC.TAC.L.08-8201-01#show install available 
Thu Oct  7 06:38:10.721 UTC
Trying to access repositories...

Package                                              Architecture                         Version Repository                          Cached
---------------------------------------------------- ---------------- --------------------------- ----------------------------------- ------
xr-8000-bmc                                          x86_64                        7.3.15v1.0.1-1 local-repo                                
xr-8000-bmc                                          x86_64                        7.3.15v1.0.2-1 local-repo                                
xr-8000-bmc                                          x86_64                        7.3.15v1.0.3-1 local-repo                                
xr-8000-bmc                                          x86_64                        7.3.15v1.0.4-1 local-repo                                
xr-8000-core                                         x86_64                        7.3.15v1.0.1-1 local-repo                                

RP/0/RP0/CPU0:MXC.TAC.L.08-8201-01#show install fixes available                
Thu Oct  7 06:38:31.839 UTC
Trying to access repositories...

Available Fixes (count: 33):
Bug Id      Packages                                                    Repository                               Cached
----------- ----------------------------------------------------------- ---------------------------------------- ------
CSCvw58830  xr-rpl-7.3.15v1.0.1-1                                       local-repo                                     
CSCvx48017  xr-security-7.3.15v1.0.2-1                                  local-repo                                     
CSCvx50864  xr-bundles-7.3.15v1.0.1-1                                   local-repo                                     
CSCvx68887  xr-8000-core-7.3.15v1.0.3-1                                 local-repo                                     
            xr-8000-core-7.3.15v1.0.4-1                                 local-repo                                     
            xr-8000-core-7.3.15v1.0.5-1                                 local-repo                                     
            xr-spi-core-7.3.15v1.0.1-1                                  local-repo                                     
            xr-spi-core-7.3.15v1.0.2-1                                  local-repo

We have there way to install the smu we want:

install package add cisco-CSCab12345install a special SMU
install package upgrade xr-coreinstall cups of smu to fix special component
install package upgradeinstall all the smu under your repository

Here is an example to install all the smu under repository:

RP/0/RP0/CPU0:MXC.TAC.L.08-8201-01#install package upgrade 
Thu Oct  7 06:38:50.536 UTC
Install upgrade operation 38.1.1 has started
Install operation will continue in the background
RP/0/RP0/CPU0:MXC.TAC.L.08-8201-01#show install request  
Thu Oct  7 06:39:01.467 UTC

User request: install package upgrade
Operation ID: 38.1.1
State:        In progress since 2021-10-07 06:38:50 UTC

Current activity:    Begin transaction
Next activity:       Begin atomic operation
Time started:        2021-10-07 06:38:54

No per-location information.

RP/0/RP0/CPU0:MXC.TAC.L.08-8201-01#show install request 
Thu Oct  7 06:41:43.859 UTC

User request: install package upgrade
Operation ID: 38.1.1
State:        In progress since 2021-10-07 06:38:50 UTC

Current activity:    Package add or other package operation
Next activity:       Await user input
Time started:        2021-10-07 06:40:45
Timeout in:          39m 0s
Locations responded: 0/1

Location          Packaging operation stage Notification Phase Clients responded
----------------- ------------------------- ------------------ -----------------
0/RP0/CPU0        Package operations        None in progress                 N/A
RP/0/RP0/CPU0:MXC.TAC.L.08-8201-01#
RP/0/RP0/CPU0:MXC.TAC.L.08-8201-01#
RP/0/RP0/CPU0:MXC.TAC.L.08-8201-01#
RP/0/RP0/CPU0:MXC.TAC.L.08-8201-01#show install request 
Thu Oct  7 06:43:07.645 UTC

User request: install package upgrade
Operation ID: 38.1.1
State:        Success since 2021-10-07 06:42:51 UTC

Current activity:    Await user input
Time started:        2021-10-07 06:42:52

The following actions are available:
    install package add
    install package remove
    install package upgrade
    install package downgrade
    install package replace
    install package rollback
    install package abort latest
    install package abort all-since-apply
    install apply reload

SMU apply and commit

after install, use “install apply” to active the SMU , this action may need reload the router.

RP/0/RP0/CPU0:MXC.TAC.L.08-8201-01#install apply synchronous         ins
Thu Oct  7 06:46:54.637 UTC
Once the packaging dependencies have been determined, the install operation may have to reload the system.
If you want more control of the operation, then explicitly use 'install apply restart' or 'install apply reload' as reported by 'show install request'.
Continue? [yes/no]:[yes] yes
Starting:
  install apply reload
Atomic change 38.1
Press Ctrl-C to return to the exec prompt. This will not cancel the install operation

Current activity: Initializing
Current activity: Apply by reloadRP/0/RP0/CPU0:Oct  7 06:47:01.971 UTC: instorch[154]: %INFRA-INSTALL-2-SYSTEM_RELOAD : As part of an install operation, a full system reload will take place in order to apply the installed software. 
 .
Preparing system for backup. This may take a few minutes especially for large configurations.
        Status report: node0_RP0_CPU0: START TO BACKUP 
        Status report: node0_RP0_CPU0: BACKUP HAS COMPLETED SUCCESSFULLY 
[Done]
......[13068.510009] do_IRQ: 0.196 No irq handler for vector

Don’t forgot “install commit” after router reload:

RP/0/RP0/CPU0:MXC.TAC.L.08-8201-01#install commit 
Thu Oct  7 06:55:51.414 UTC
Install commit operation 38 has started
Install operation will continue in the background

A Simple EEM to Collect log Trigger by Syslog in IOX

2024-02-02 | No comments

Background

In 64-bit XR system, we have a easy way to monitor syslog and trigger a collection action. (EDCD + PAM EEM agent)

In 32-bit XR system, we may only can use the EEM script.

But the EEM script is hard for us to write. there are cups of articles that show some examples, we can reference and do some modify.

Reference

Read the rest of this entry »

A Simple Test for IOS XR ABF

2024-01-11 | No comments

Prerequisites

  • The topology shows as above , the DUT ASR9000B has 3 sub-interface to ASR9000C
  • we has a route for 8.8.8.8/32 was through port Ten0/0/2/1.30 next-hop 10.102.12.2
  • We will has ABF apply at ASR9000B and match DA 8.8.8.8 and set next-hop to 10.100.12.2 port Ten0/0/2/1.10
  • We also have a default route and destination to 10.101.12.2 port Ten0/0/2/1.20
  • ASR9000B LC was tyohon base card and run at 6.2.3
Read the rest of this entry »

eibgp maximum-paths + label mode per-vrf 环路

2023-11-06 | No comments

环境介绍

一个简单的CE双上连的VPN环境,客户路由8.8.8.8/32 将送到r1。

r1 配置maximum-path,使去往ce的流量可以在r2/r3 之间负载。

r2/r3 我们都配置了eibgp maximum-paths,那么r2/r3 都会存在两条路由负载(一条是从ibgp学了vpn路由, 一条是从vrf下的ebgp学来的路由)。

RP/0/0/CPU0:R2-AS56704#show route vrf 1

B    8.8.8.8/32 [20/0] via 10.1.3.3 (nexthop in vrf default), 00:21:10 
                [20/0] via 10.1.24.4, 00:21:10
Read the rest of this entry »

Automating Update AWS Security Group

2023-08-15 | No comments

最近在AWS上弄了一个EC2主机用来放一些比较杂的东西,开放了某个端口,由于我并不想放开所有的IP的访问权限, 就写了一个脚本用来获取我本机的公网地址然后用AWS CLI获取,撤销、更新 AWS 安全组规则中的 IP 地址。

请确保你已经配置好 AWS CLI 并拥有适当的权限来执行相关操作。

获取当前允许访问端口 xx 的 IP 地址

#!/usr/bin/env fish

# 获取当前 IP
set current_cidr (aws ec2 describe-security-groups --group-ids sg-xxxxx --query "SecurityGroups[0].IpPermissions[?FromPort=='xx'].IpRanges[0].CidrIp" --output text)

echo "当前端口 xx 的 CIDR: $current_cidr"

撤销旧的 IP 权限

if [ -n "$current_cidr" ]
    aws ec2 revoke-security-group-ingress --group-id sg-xxxxx --protocol tcp --port xx --cidr "$current_cidr"
    echo "从端口 xx 撤销了 CIDR $current_cidr"
else
    echo "未找到端口 xx 的 CIDR"
end

获取本机的公共 IP 地址

set local_ip (curl -s ifconfig.me)
echo "本机公共 IP 地址: $local_ip"

添加新的 IP 权限

if [ -n "$local_ip" ]
    aws ec2 authorize-security-group-ingress --group-id sg-xxxxx --protocol tcp --port xx --cidr "$local_ip/32"
    echo "将新的 CIDR $local_ip/32 添加到端口 xx"
else
    echo "无法获取本机公共 IP 地址"
end

以上脚本中的 sg-xxxxx 需要替换为实际的安全组 ID。此脚本会按照上述步骤执行操作,以管理安全组规则

eXR filesystem

2023-07-07 | No comments

研究了下eXR的file system, 记录下权当了解下系统的内部情况。

本文的演示事例使用的硬件A9K-RSP5-SE 和 eXR 742作为案例,使用的硬件不同,升级方式不同,磁盘的大小和分区是略微存在出入的。

如果你需要一个干净的,完全纯净的分区请采用以下方式升级或安装系统:

  • USB/PXE
  • 正常install command 升级,升级完成后re-image 所有的板卡 (re-image的操作,类似于PXE安装)

eXR 系统简介

如上图,eXR是在硬件的基础上有一个host 系统, host 系统里再run 两个vm (XR VM和sysadmin VM)。
[host:~]$ virsh list --all
 Id    Name                           State
----------------------------------------------------
 2     sysadmin                       running
 3     default-sdr--1                 running

关于不同VM之间如何访问可以参考另一篇文章

Read the rest of this entry »

关于iox上“show interface”和“show policy -map”计数的一些解释

2023-02-14 | No comments

comments by ‘zhihua’

对于ASR9000来说 :
“show interfaces” and “show policy-map interfaces” show L2 frame size.
“show interfaces” does not include FCS bytes, but “show policy-map interfaces” includes FCS bytes(SIP700是个例外)

L1 frame size 和 L2 frame size

如上图就是一个以太网帧的物理层具体所包含的内容。

  • Preamble: 前同步码 7 bytes
  • SFD: start frame delimiter 1 byte 帧开始定界符
  • Dst MAC: 6 bytes
  • Src MAC: 6 bytes
  • EtherType: 2 bytes
  • FCS(CRC): 4 bytes
Read the rest of this entry »

MAC  常用软件

2023-01-08 | No comments

  • 2017.12-2019.05 ThinkPad X1 Carbon 4th Gen
  • 2019.05-2022.11 ThinkPad X1 Carbon 6th Gen
  • 2022.11-Now MacBook Pro 16 2019

工作5年了,公司给换了2次电脑,本来打算今年申请个M1的MBP,奈何不给审批,退而其次选择了2019款 intel芯片的,预计这款还得在手里用三年,也不知道能不能用这款3年前的设备再撑个3年。

这也算是我第一次真正使用的MAC(之前装过黑苹果尝过鲜,奈何太卡,没什么使用体验),Win上面的很多软件没有对应的MAC版,经过一个月的磨合,算是把工作上会用到的一些软件设置完毕,记录一下,未来换机也好快速设置:

软件包管理软件

Homebrew是 MacOS上的软件包管理工具,是setup一台新MAC首要需要设置的,安装方式也很简单,使用以下命令或者参考官网

/bin/bash -c "$(curl -fsSL <https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh>)"

后续我们需要安装的软件绝大部分可以通过brew命令快速安装,而不需要访问app store或者软件官网下载。

如下:

~ ❯ brew install wget

~ ❯ brew -h                                                                                                                       
Example usage:
  brew search TEXT|/REGEX/
  brew info [FORMULA|CASK...]
  brew install FORMULA|CASK...
  brew update
  brew upgrade [FORMULA|CASK...]
  brew uninstall FORMULA|CASK...
  brew list [FORMULA|CASK...]

Troubleshooting:
  brew config
  brew doctor
  brew install --verbose --debug FORMULA|CASK

Contributing:
  brew create URL [--no-fetch]
  brew edit [FORMULA|CASK...]

Further help:
  brew commands
  brew help [COMMAND]
  man brew
  <https://docs.brew.sh>
Read the rest of this entry »

« Older entries