Login
- Table of Contents
-
- 01-Fundamentals Configuration Guide
- 00-Preface
- 01-CLI configuration
- 02-RBAC configuration
- 03-Login management configuration
- 04-License management
- 05-Device management configuration
- 06-FTP and TFTP configuration
- 07-File system management configuration
- 08-Configuration file management configuration
- 09-Software upgrade configuration
- 10-Tcl configuration
- 11-Python configuration
- 12-MAC learning through a Layer 3 device configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 09-Software upgrade configuration | 120.46 KB |
Contents
Security engine startup process
Restrictions and guidelines: Software upgrade
Upgrading device software by using the boot loader method
Software upgrade tasks at a glance
Preloading the BootWare image to BootWare (in standalone mode)
Preloading the BootWare image to BootWare (in IRF mode)
Specifying startup images and completing the upgrade
Synchronizing startup images from the active MPU to the standby MPU (in standalone mode)
Synchronizing startup images from the global active MPU to global standby MPUs (in IRF mode)
Upgrading the security engine on a security card by using the boot loader method
Upgrading software
About software upgrade
Software upgrade enables you to upgrade a software version, add new features, and fix software bugs. This chapter describes software types and release forms, compares software upgrade methods, and provides the procedures for upgrading software from the CLI.
Software types
The following software types are available:
· BootWare image—Also called the Boot ROM image. This image contains a basic segment and an extended segment.
¡ The basic segment is the minimum code that bootstraps the system.
¡ The extended segment enables hardware initialization and provides system management menus. When the device cannot start up correctly, you can use the menus to load software and the startup configuration file or manage files.
Typically, the BootWare image is integrated into the Boot image to avoid software compatibility errors.
· Comware image—Includes the following image subcategories:
¡ Boot image—A .bin file that contains the Linux operating system kernel. It provides process management, memory management, and file system management.
¡ System image—A .bin file that contains the Comware kernel and standard features, including device management, interface management, configuration management, and routing.
¡ Feature image—A .bin file that contains advanced or customized software features. You can purchase feature images as needed.
¡ Patch image—A .bin file that is released for fixing bugs without rebooting the device. A patch image does not add or remove features.
Patch images have the following types:
- Incremental patch images—A new incremental patch image can cover all, part, or none of the functions provided by an old incremental patch image. A new incremental patch image can coexist with an old incremental patch image on the device only when the former covers none of the functions provided by the latter.
- Non-incremental patch images—A new non-incremental patch image covers all functions provided by an old non-incremental patch image. Each of the boot, system, and feature images can have one non-incremental patch image, and these patch images can coexist on the device. The device uninstalls the old non-incremental patch image before installing a new non-incremental patch image.
An incremental patch image and a non-incremental patch image can coexist on the device.
Comware images that have been loaded are called current software images. Comware images specified to load at the next startup are called startup software images.
BootWare image, boot image, and system image are required for the device to operate.
You can install up to 32 .bin files on the device, including one boot image file, one system image file, and up to 30 feature and patch image files.
Software release forms
Software images are released in one of the following forms:
· Separate .bin files. You must verify compatibility between software images.
· As a whole in one .ipe package file. The images in an .ipe package file are compatible. The system decompresses the file automatically, loads the .bin images and sets them as startup software images.
|
|
NOTE: Software image file names use the model-comware version-image type-release format. This document uses boot.bin and system.bin as boot and system image file names. |
Upgrade methods
|
Upgrade method |
Software types |
Remarks |
|
Upgrading from the CLI by using the boot loader method |
· BootWare image · Comware images (excluding patches) |
This method is disruptive. You must reboot the entire device to complete the upgrade. |
|
Upgrading from the BootWare menu |
· BootWare image · Comware images |
Use this method when the device cannot start up correctly. To use this method, first connect to the console port and power cycle the device. Then, press Ctrl+B at prompt to access the BootWare menu. For more information about upgrading software from the BootWare menu, see the release notes for the software version.
Use this method only when you do not have any other choice. |
This chapter covers only upgrading software from the CLI by using the boot loader method.
Software image loading
Startup software images
To upgrade software, you must specify the upgrade files as the startup software images for the device to load at next startup. You can specify two lists of software images: one main and one backup. The device first loads the main startup software images. If the main startup software images are not available, the devices loads the backup startup software images.
Image loading process at startup
At startup, the device performs the following operations after loading and initializing BootWare:
1. Loads main images.
2. If any main image does not exist or is invalid, loads the backup images.
3. If any backup image does not exist or is invalid, checks the main or backup boot image.
4. If both the main and backup boot images do not exist or are invalid, the device cannot start up.
Security engine startup process
Security engine startup software images
The security engine and the device use separate software images. To upgrade a security engine, you must specify the security engine upgrade images as the security engine startup images and restart the security engine. During startup, the security engine loads the security engine startup images.
Security engine startup images are local startup images stored in a file system of the security engine and can be specified as main and backup startup images by using the boot loader method.
Image loading process on a security engine at startup
During startup, the security engine loads software images in the following order:
1. Local main startup images.
2. Local backup startup images.
In each step, the security engine verifies that all startup images exist and are valid and compatible with the startup images running on the parent devices. If any startup image does not pass verification, the security engine does not load the startup images.
Handling image loading failure
If no startup images can be loaded, the security engine cannot start up. You can connect to the console port of the security engine, restart the security engine, and enter the BootWare menu to specify new local startup image.
Restrictions and guidelines: Software upgrade
As a best practice, store the startup images in a fixed storage medium. If you store the startup images in a hot swappable storage medium, do not remove the hot swappable storage medium during the startup process.
Upgrading device software by using the boot loader method
Restrictions and guidelines
When you upgrade software, you do not need to upgrade interface cards separately. The software images for interface cards are integrated in the software images for MPUs. The interface cards are upgraded automatically when you upgrade MPUs.
Software upgrade tasks at a glance
To upgrade software, perform one of the following tasks:
· Synchronizing startup images from the active MPU to standby MPUs
Upgrading the device
1. (Optional.) Preloading the BootWare image to BootWare.
¡ Preloading the BootWare image to BootWare (in standalone mode)
¡ Preloading the BootWare image to BootWare (in IRF mode)
If a BootWare upgrade is required, you can perform this task to shorten the subsequent upgrade time. This task helps reduce upgrade problems caused by unexpected power failure. If you skip this task, the device upgrades the BootWare automatically when it upgrades the startup software images.
2. Specifying startup images and completing the upgrade
Synchronizing startup images from the active MPU to standby MPUs
· Synchronizing startup images from the active MPU to the standby MPU (in standalone mode)
Perform this task when the startup images on the standby MPU are not the same version as those on the active MPU.
· Synchronizing startup images from the global active MPU to global standby MPUs (in IRF mode)
Perform this task when the startup images on a global standby MPU are not the same version as those on the global active MPU.
Prerequisites
1. Use the display version command to verify the current BootWare image version and startup software version.
2. Use the release notes for the upgrade software version to evaluate the upgrade impact on your network and verify the following items:
¡ Software and hardware compatibility.
¡ Version and size of the upgrade software.
¡ Compatibility of the upgrade software with the current BootWare image and startup software image.
3. Use the dir command to verify that all MPUs have sufficient storage space for the upgrade images. If the storage space is not sufficient, delete unused files by using the delete command. For more information, see "Managing file systems."
4. Use FTP or TFTP to transfer the upgrade image file to the root directory of a file system. For more information about FTP and TFTP, see "Configuring FTP" or "Configuring TFTP." For more information about file systems, see "Managing file systems."
Preloading the BootWare image to BootWare (in standalone mode)
1. Enter system view.
system-view
2. (Optional.) Enable BootWare image validity check.
bootrom-update security-check enable
By default, this feature is enabled.
This feature examines BootWare images for file type errors, file corruption, and hardware incompatibility. As a best practice, enable it to ensure a successful upgrade.
3. Return to user view.
quit
4. (Optional.) Back up the image from the Normal area to the Backup area of BootWare:
bootrom backup chassis chassis-number slot slot-number-list [ cpu cpu-number ] [ subslot subslot-number-list ]
If the BootWare image in the Normal area is corrupted or a version rollback is required in the future, you can use the bootrom restore command to restore the BootWare image.
5. Load the upgrade BootWare image to the Normal area of BootWare.
bootrom update file file slot slot-number-list [ cpu cpu-number ] [ subslot subslot-number-list ]
Specify the downloaded software image file for the file argument.
The new BootWare image takes effect at a reboot.
Preloading the BootWare image to BootWare (in IRF mode)
1. Enter system view.
system-view
2. (Optional.) Enable BootWare image validity check.
bootrom-update security-check enable
By default, this feature is enabled.
This feature examines the image for wrong file type, file corruption, and hardware incompatibility. As a best practice, enable it to ensure a successful upgrade.
3. Return to user view.
quit
4. (Optional.) Back up the image from the Normal area to the Backup area of BootWare:
bootrom backup chassis chassis-number slot slot-number-list [ cpu cpu-number ] [ subslot subslot-number-list ]
If the BootWare image in the Normal area is corrupted or a version rollback is required in the future, you can use the bootrom restore command to restore the BootWare image.
5. Load the upgrade BootWare image to the Normal area of BootWare.
bootrom update file file chassis chassis-number slot slot-number-list [ cpu cpu-number ] [ subslot subslot-number-list ]
Specify the downloaded software image file for the file argument.
The new BootWare image takes effect at a reboot.
Specifying startup images and completing the upgrade
Perform the following steps in user view:
1. Specify main or backup startup images for all MPUs.
In standalone mode:
¡ Use an .ipe file:
boot-loader file ipe-filename all { backup | main }
¡ Use .bin files:
boot-loader file boot filename system filename [ feature filename&<1-30> ] { all | slot slot-number [ cpu cpu-number ] } { backup | main }
In IRF mode:
¡ boot-loader file ipe-filename all { backup | main }
¡ boot-loader file boot filename system filename [ feature filename&<1-30> ] { all | chassis chassis-number slot slot-number [ cpu cpu-number ] } { backup | main }
The command copies the specified startup images to the root directory of the default file system on each MPU.
As a best practice in a multichassis IRF fabric, specify the all keyword for the command. If you use the slot slot-number option to upgrade member devices one by one, version inconsistencies occur among the member devices during the upgrade.
2. Save the running configuration.
save
This step ensures that any configuration you have made can survive a reboot.
3. Reboot the device.
reboot
4. (Optional.) Verify the software image settings.
display boot-loader [ slot slot-number ]
Verify that the current software images are the same as the startup software images.
Synchronizing startup images from the active MPU to the standby MPU (in standalone mode)
About this task
Perform this task when the startup images on the standby MPU are not the same version as those on the active MPU.
This task synchronizes startup images that are running on the active MPU to the standby MPU. If any of the startup images does not exist or is invalid, the synchronization fails.
The startup images synchronized to the standby MPU are set as main startup images, regardless of whether the source startup images are main or backup.
Procedure
Perform the following steps in user view:
1. Synchronize startup images from the active MPU to the standby MPU.
boot-loader update { all | slot slot-number }
The command execution results are the same, regardless of whether you specify the all keyword or the slot slot-number option.
2. Reboot the standby MPU.
reboot slot slot-number [ force ]
Synchronizing startup images from the global active MPU to global standby MPUs (in IRF mode)
About this task
Perform this task when the startup images on a global standby MPU are not the same version as those on the global active MPU.
This task synchronizes startup images that are running on the global active MPU to standby MPUs. If any of the startup images does not exist or is invalid, the synchronization fails.
The startup images synchronized to the standby MPUs are set as main startup images, regardless of whether the source startup images are main or backup.
Procedure
Perform the following steps in user view:
1. Synchronize startup images from the global active MPU to global standby MPUs.
boot-loader update { all | chassis chassis-number slot slot-number }
By default, this feature is enabled.
2. Reboot a global standby MPU.
reboot [ chassis chassis-number [ slot slot-number ] ] [ force ]
Restoring the BootWare image
About this task
Use this task to restore the BootWare image when the BootWare image in the Normal area is corrupted or a version rollback is required.
Restrictions and guidelines
Make sure you have used the bootrom backup command to back up the image to the BootWare Backup area.
Procedure
Perform the following steps in user view:
1. Restore the BootWare image in the Normal area of BootWare.
In standalone mode:
bootrom restore slot slot-number-list [ cpu cpu-number ][ subslot subslot-number-list ]
In IRF mode:
bootrom restore chassis chassis-number slot slot-number-list [ cpu cpu-number ] [ subslot subslot-number-list ]
2. Reboot the device.
reboot
At startup, the system runs the new BootWare image to complete the restoration.
Upgrading the security engine on a security card by using the boot loader method
Restrictions and guidelines
· The upgrade file must be stored in the root directory of a file system on the device. The file name must include the file system name.
· The boot-loader blade file command overwrites the entire security engine startup image list. To add new startup feature images, specify all feature image files, including feature image files in the old startup image list. The new startup image list will contain only the feature image files that are specified in the command.
Prerequisites
1. Use the display version command to identify the current BootWare and security engine software versions on the security engine.
2. Use the release notes for the upgrade software version to evaluate the upgrade impact on your network and verify the following items:
¡ Software and hardware compatibility.
¡ Version and size of the upgrade software.
¡ Compatibility of the upgrade software with the current BootWare and security engine software images.
¡ Software compatibility between the security engine and the device.
3. Use the dir command to verify that every MPU has sufficient storage space for the upgrade images. If the storage space is not sufficient, delete unused files by using the delete command. For a security engine to start up from its local file system, you must make sure its local file system has sufficient space for the upgrade images. For more information, see "Managing file systems."
4. Use FTP or TFTP to transfer the upgrade image file to the root directory of any file system on an MPU. For more information about FTP configuration and TFTP configuration, see "Configuring FTP" and "Configuring TFTP."
Upgrading the security engine on a security card (in standalone mode)
Perform the following steps in user view:
1. Specify the local main or backup startup images for the security engine.
¡ Use an .ipe file:
boot-loader file ipe-filename slot slot-number cpu cpu-number { backup | main }
¡ Use .bin files:
boot-loader file boot filename system filename [ feature filename&<1-30> ] slot slot-number cpu cpu-number { backup | main }
The command copies the specified images to the root directory of the default file system on the security engine.
|
Parameter |
Description |
|
slot slot-number |
Specifies the slot number of the security card for the slot-number argument. |
|
cpu cpu-number |
Specifies the CPU number of the security engine for the cpu-number argument. |
2. Save the running configuration.
save
This step ensures that any configuration you have made can survive a reboot.
3. Reboot the security card.
reboot slot slot-number
Specify the slot number of the security card for the slot-number argument.
Upgrading the security engine on a security card (in IRF mode)
Perform the following steps in user view:
1. Specify main or backup local startup images for the security engine.
¡ Use an .ipe file:
boot-loader file ipe-filename chassis chassis-number slot slot-number cpu cpu-number { backup | main }
¡ Use .bin files:
boot-loader file boot filename system filename [ feature filename&<1-30> ] chassis chassis-number slot slot-number cpu cpu-number { backup | main }
The command copies the specified images to the root directory of the default file system on the security engine.
|
Parameter |
Description |
|
chassis-number |
Specifies the IRF member ID of the device that holds the security card for the chassis-number argument. |
|
slot-number |
Specifies the slot number of the security card for the slot-number argument. |
|
cpu-number |
Specifies the CPU number of the security engine for the cpu-number argument. |
2. Save the running configuration.
save
This step ensures that any configuration you have made can survive a reboot.
3. Reboot the security card.
reboot chassis chassis-number slot slot-number
Specify the member device ID of the member device that holds the security card for the chassis-number argument.
Specify the slot number of the security card for the slot-number argument.
Upgrading firmware
About this task
Perform this task to upgrade firmware for components that cannot be upgraded when you upgrade Comware. Examples of these components include complex programmable logical devices (CPLDs), field programmable gate arrays (FPGAs), CPUs, and 3G modems.
Hardware and feature compatibility
|
Hardware platform |
Module type |
Feature compatibility |
|
M9006 M9010 M9014 |
Blade IV firewall module |
No |
|
Blade V firewall module |
No |
|
|
NAT module |
No |
|
|
Application delivery engine (ADE) module |
No |
|
|
Anomaly flow cleaner (AFC) module |
No |
|
|
M9010-GM |
Encyption module |
No |
|
M9016-V |
Blade V firewall module |
No |
|
M9008-S M9012-S |
Blade IV firewall module |
No |
|
Application delivery engine (ADE) module |
No |
|
|
Intrusion prevention service (IPS) module |
No |
|
|
Video network gateway module |
No |
|
|
Anomaly flow cleaner (AFC) module |
No |
|
|
M9008-S-6GW |
IPv6 module |
No |
|
M9008-S-V |
Blade IV firewall module |
Yes |
|
M9000-AI-E8 |
Blade V firewall module |
Yes |
|
Application delivery engine (ADE) module |
No |
|
|
M9000-AI-E16 |
Blade V firewall module |
Yes |
Restrictions and guidelines
After you upgrade firmware for a component, you must power cycle the card where the component resides for the upgrade to take effect.
You can power cycle a card by using one of the following methods:
· Power cycle the device that holds the card.
· Remove and reinstall the card.
· Power cycle the card from the CLI:
¡ power-supply off
¡ power-supply on
Support for these methods depends on the card model.
Procedure
To upgrade firmware, execute the following command in user view:
In standalone mode:
firmware update slot slot-number [ subslot subslot-number ] { cpld cpld-number | cpu cpu-number | fpga fpga-number | module module-number } file filename
In IRF mode:
firmware update chassis chassis-number slot slot-number [ subslot subslot-number ] { cpld cpld-number | cpu cpu-number | fpga fpga-number | module module-number } file filename
Display and maintenance commands for software images
Execute display commands in any view.
|
Task |
Command |
|
Display current software images and startup software images. |
In standalone mode: display boot-loader [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display boot-loader [ chassis chassis-number [ slot slot-number [ cpu cpu-number ] ] ] |
