Login
- Table of Contents
-
- 01-Fundamentals Configuration Guide
- 00-Preface
- 01-CLI configuration
- 02-RBAC configuration
- 03-Login management configuration
- 04-FTP and TFTP configuration
- 05-File system management configuration
- 06-Configuration file management configuration
- 07-Software upgrade configuration
- 08-Device management configuration
- 09-Tcl configuration
- 10-Python configuration
- 11-License management
- 12-MAC learning through a Layer 3 device configuration
- 13-Cloud connection configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 07-Software upgrade configuration | 135.29 KB |
Contents
Security engine startup process
Digitally signed software images
Restrictions and guidelines: Software upgrade
Upgrading device software by using the boot loader method
Software upgrade tasks at a glance
Preloading the BootWare image to BootWare (in standalone mode)
Preloading the BootWare image to BootWare (in IRF mode)
Specifying startup images and completing the upgrade
Enabling automatic software synchronization from the active MPU to the standby MPU
Synchronizing startup images from the active MPU to the standby MPU (in standalone mode)
Synchronizing startup images from the global active MPU to global standby MPUs (in IRF mode)
Upgrading the security engine on a security card by using the boot loader method
Upgrading software
About software upgrade
Software upgrade enables you to upgrade a software version, add new features, and fix software bugs. This chapter describes software types and release forms, compares software upgrade methods, and provides the procedures for upgrading software from the CLI.
Software types
The following software types are available:
· BootWare image—Also called the Boot ROM image. This image contains a basic segment and an extended segment.
¡ The basic segment is the minimum code that bootstraps the system.
¡ The extended segment enables hardware initialization and provides system management menus. When the device cannot start up correctly, you can use the menus to load software and the startup configuration file or manage files.
Typically, the BootWare image is integrated into the Boot image to avoid software compatibility errors.
· Comware image—Includes the following image subcategories:
¡ Boot image—A .bin file that contains the Linux operating system kernel. It provides process management, memory management, and file system management.
¡ System image—A .bin file that contains the Comware kernel and standard features, including device management, interface management, configuration management, and routing.
¡ Feature image—A .bin file that contains advanced or customized software features. You can purchase feature images as needed.
¡ Patch image—A .bin file that is released for fixing bugs without rebooting the device. A patch image does not add or remove features.
Patch images have the following types:
- Incremental patch images—A new incremental patch image can cover all, part, or none of the functions provided by an old incremental patch image. A new incremental patch image can coexist with an old incremental patch image on the device only when the former covers none of the functions provided by the latter.
- Non-incremental patch images—A new non-incremental patch image covers all functions provided by an old non-incremental patch image. Each of the boot, system, and feature images can have one non-incremental patch image, and these patch images can coexist on the device. The device uninstalls the old non-incremental patch image before installing a new non-incremental patch image.
An incremental patch image and a non-incremental patch image can coexist on the device.
Comware images that have been loaded are called current software images. Comware images specified to load at the next startup are called startup software images.
BootWare image, boot image, and system image are required for the device to operate.
You can install up to 32 .bin files on the device, including one boot image file, one system image file, and up to 30 feature and patch image files.
Software release forms
Software images are released in one of the following forms:
· Separate .bin files. You must verify compatibility between software images.
· As a whole in one .ipe package file. The images in an .ipe package file are compatible. The system decompresses the file automatically, loads the .bin images and sets them as startup software images.
|
|
NOTE: Software image file names use the model-comware version-image type-release format. This document uses boot.bin and system.bin as boot and system image file names. |
Upgrade methods
|
Upgrade method |
Software types |
Remarks |
|
Upgrading from the CLI by using the boot loader method |
· BootWare image · Comware images (excluding patches) |
This method is disruptive. You must reboot the entire device to complete the upgrade. |
|
Upgrading from the BootWare menu |
· BootWare image · Comware images |
Use this method when the device device cannot start up correctly. To use this method, first connect to the console port and power cycle the device. Then, press Ctrl+B at prompt to access the BootWare menu. For more information about upgrading software from the BootWare menu, see the release notes for the software version.
Use this method only when you do not have any other choice. |
This chapter covers only upgrading software from the CLI by using the boot loader method.
Software image loading
Startup software images
To upgrade software, you must specify the upgrade files as the startup software images for the device to load at next startup. You can specify two lists of software images: one main and one backup. The device first loads the main startup software images. If the main startup software images are not available, the devices loads the backup startup software images.
Image loading process at startup
At startup, the device performs the following operations after loading and initializing BootWare:
1. Loads main images.
2. If any main image does not exist or is invalid, loads the backup images.
3. If any backup image does not exist or is invalid, checks the main or backup boot image.
4. If both the main and backup boot images do not exist or are invalid, the device cannot start up.
Security engine startup process
Security engine startup software images
The security engine and the device use separate software images. To upgrade a security engine, you must specify the security engine upgrade images as the security engine startup images and restart the security engine. During startup, the security engine loads the security engine startup images.
Security engine startup images have the following types depending on the storage location:
· Local startup images—Stored in a file system of the security engine and can be specified as main and backup startup images by using the boot loader method.
· Remote startup images—Stored on the device and loaded from the device. Main/backup redundancy is not supported for remote startup images.
Image loading process on a security engine at startup
During startup, the security engine loads software images in the following order:
1. Local main startup images.
2. Local backup startup images.
3. Remote startup images.
In each step, the security engine verifies that all startup images exist and are valid and compatible with the startup images running on the parent devices. If any startup image does not pass verification, the security engine does not load the startup images.
Handling image loading failure
If no startup images can be loaded, the security engine cannot start up. You can solve the problem by performing one of the following tasks:
· Specify new remote startup images.
· Connect to the console port of the security engine, restart the security engine, and enter the BootWare menu to specify new local startup images.
Digitally signed software images
The software images for the device are digitally signed for authenticity and integrity verification. This mechanism ensures that the software installed on the system is from a trusted source and has not been tampered with in the transfer, storage, or installation phase.
The system performs software digital signature verification for authenticity and integrity in the following situations:
· Before the system loads a software image during startup. If the digital signature verification fails, the system will not load the image and you will receive a digital signature verification failure message.
· When you specify a software image to upgrade the device from the BootWare menu. If the digital signature verification fails, the system will not set the image for upgrade and you will receive a digital signature verification failure message.
· Before the system loads a BootWare image to the Normal area of BootWare. If the digital signature verification fails, the system will not load the image and you will receive a digital signature verification failure message.
· When you specify a software image as a startup image through the boot loader. The system will verify the digital signature of the image before it updates the startup image list with the specified image. If the digital signature verification fails, the system will not update the startup image list and you will receive a digital signature verification failure message.
· When you specify remote startup images for a security engine. The system will verify the digital signatures of the specified images before it copies them to each MPU. If the digital signature verification fails, the system will not copy the images to the MPUs and you will receive a digital signature verification failure message.
· When you upgrade a PEX from the parent IRF fabric. The system will verify the digital signatures of the specified images before it uses them to upgrade the PEX. If the digital signature verification fails, the system will not upgrade the PEX and you will receive a digital signature verification failure message.
· Before the system activates a feature or patch image. If the digital signature verification fails, the system will not activate the image and you will receive a digital signature verification failure message.
Restrictions and guidelines: Software upgrade
As a best practice, store the startup images in a fixed storage medium. If you store the startup images in a hot swappable storage medium, do not remove the hot swappable storage medium during the startup process.
Upgrading device software by using the boot loader method
Restrictions and guidelines
When you upgrade software, you do not need to upgrade interface cards separately. The software images for interface cards are integrated in the software images for MPUs. The interface cards are upgraded automatically when you upgrade MPUs.
Software upgrade tasks at a glance
To upgrade software, perform one of the following tasks:
· Upgrading the device
· Synchronizing startup images from the active MPU to standby MPUs
Upgrading the device
1. (Optional.) Preloading the BootWare image to BootWare.
¡ Preloading the BootWare image to BootWare (in standalone mode)
¡ Preloading the BootWare image to BootWare (in IRF mode)
If a BootWare upgrade is required, you can perform this task to shorten the subsequent upgrade time. This task helps reduce upgrade problems caused by unexpected power failure. If you skip this task, the device upgrades the BootWare automatically when it upgrades the startup software images.
2. Specifying startup images and completing the upgrade
Synchronizing startup images from the active MPU to standby MPUs
· Enabling automatic software synchronization from the active MPU to the standby MPU
This feature enables a newly added MPU to synchronize the software images running on the active MPU. By default, this feature is enabled.
In IRF mode, use the irf auto-update enable command to synchronize software from the global active MPU to the standby MPUs.
· Synchronizing startup images from the active MPU to the standby MPU (in standalone mode)
Perform this task when the startup images on the standby MPU are not the same version as those on the active MPU.
· Synchronizing startup images from the global active MPU to global standby MPUs (in IRF mode)
Perform this task when the startup images on a global standby MPU are not the same version as those on the global active MPU.
Prerequisites
1. Use the display version command to verify the current BootWare image version and startup software version.
2. Use the release notes for the upgrade software version to evaluate the upgrade impact on your network and verify the following items:
¡ Software and hardware compatibility.
¡ Version and size of the upgrade software.
¡ Compatibility of the upgrade software with the current BootWare image and startup software image.
3. Use the dir command to verify that all MPUs have sufficient storage space for the upgrade images. If the storage space is not sufficient, delete unused files by using the delete command. For more information, see "Managing file systems."
4. Use FTP or TFTP to transfer the upgrade image file to the root directory of a file system. For more information about FTP and TFTP, see "Configuring FTP" or "Configuring TFTP." For more information about file systems, see "Managing file systems."
Preloading the BootWare image to BootWare (in standalone mode)
1. Enter system view.
system-view
2. (Optional.) Enable BootWare image validity check.
bootrom-update security-check enable
By default, this feature is enabled.
This feature examines BootWare images for file type errors, file corruption, and hardware incompatibility. As a best practice, enable it to ensure a successful upgrade.
3. Return to user view.
quit
4. (Optional.) Back up the current BootWare image to the Backup area of BootWare.
bootrom backup slot slot-number-list [ cpu cpu-number ] [ subslot subslot-number-list ]
Use this command to back up the BootWare image for a future version rollback or image restoration.
5. Load the upgrade BootWare image to the Normal area of BootWare.
bootrom update file file slot slot-number-list [ cpu cpu-number ] [ subslot subslot-number-list ]
Specify the downloaded software image file for the file argument.
|
|
NOTE: The system will verify the digital signature of a BootWare image before it loads it to the Normal area of BootWare. If the digital signature verification fails, the system will not load the image and you will receive a digital signature verification failure message. |
The new BootWare image takes effect at a reboot.
Preloading the BootWare image to BootWare (in IRF mode)
1. Enter system view.
system-view
2. (Optional.) Enable BootWare image validity check.
bootrom-update security-check enable
By default, this feature is enabled.
This feature examines the image for wrong file type, file corruption, and hardware incompatibility. As a best practice, enable it to ensure a successful upgrade.
3. Return to user view.
quit
4. (Optional.) Back up the current BootWare image to the Backup area of BootWare.
bootrom backup chassis chassis-number slot slot-number-list [ cpu cpu-number ][ subslot subslot-number-list ]
Use this command to back up the BootWare image for a future version rollback or image restoration, depending on the backup location and device operating mode.
5. Load the upgrade BootWare image to the Normal area of BootWare.
bootrom update file file chassis chassis-number slot slot-number-list [ cpu cpu-number ] [ subslot subslot-number-list ]
Specify the downloaded software image file for the file argument.
|
|
NOTE: The system will verify the digital signature of a BootWare image before it loads it to the Normal area of BootWare. If the digital signature verification fails, the system will not load the image and you will receive a digital signature verification failure message. |
The new BootWare image takes effect at a reboot.
Specifying startup images and completing the upgrade
Perform the following steps in user view:
1. Specify main or backup startup images for all MPUs.
In standalone mode:
¡ Use an .ipe file:
boot-loader file ipe-filename all { backup | main }
¡ Use .bin files:
boot-loader file boot filename system filename [ feature filename&<1-30> ] { all | slot slot-number [ cpu cpu-number ] } { backup | main }
In IRF mode:
¡ boot-loader file ipe-filename all { backup | main }
¡ boot-loader file boot filename system filename [ feature filename&<1-30> ] { all | chassis chassis-number slot slot-number [ cpu cpu-number ] } { backup | main }
The command copies the specified startup images to the root directory of the default file system on each MPU.
As a best practice in a multichassis IRF fabric, specify the all keyword for the command. If you use the slot slot-number option to upgrade member devices one by one, version inconsistencies occur among the member devices during the upgrade.
|
|
NOTE: Th system will verify the digital signature of the specified images before it updates the startup image list with the specified images. If the digital signature verification fails, the system will not update the startup image list and you will receive a digital signature verification failure message. |
2. Save the running configuration.
save
This step ensures that any configuration you have made can survive a reboot.
3. Reboot the device.
reboot
4. (Optional.) Verify the software image settings.
display boot-loader [ slot slot-number ]
Verify that the current software images are the same as the startup software images.
Enabling automatic software synchronization from the active MPU to the standby MPU
About this task
To make sure the standby MPU always runs the same software images as the active MPU, enable both startup software version check and automatic software synchronization for the standby MPU.
This task is applicabhle when the device operates in standalone mode. To synchronize software from the global active MPU to other MPUs on an IRF fabric, use the irf auto-update enable command. For more information about software auto-update, see IRF in Virtual Technologies Configuration Guide.
When the standby MPU starts up, this feature examines its startup software images for version inconsistency with the current software images on the active MPU. If the software versions are different, the standby MPU performs the following operations:
1. Copies the current software images of the active MPU.
2. Specifies the images as startup software images.
3. Reboots with these images.
Hardware and feature compatibility
|
Hardware platform |
Module type |
Feature compatibility |
|
M9006 M9010 M9014 |
Blade 4 firewall module |
Yes |
|
Blade 5 firewall module |
Yes |
|
|
NAT module |
Yes |
|
|
M9010-GM |
Encryption module |
Yes |
|
M9016-V |
Blade 5 firewall module |
Yes |
|
M9008-S M9012-S |
Blade 4 firewall module |
No |
|
Intrusion prevention service (IPS) module |
No |
|
|
Video network gateway module |
No |
|
|
M9008-S-6GW |
IPv6 module |
No |
|
M9008-S-V |
Blade 4 firewall module |
No |
|
M9000-AI-E4 M9000-AI-E8 M9000-AI-E16 |
Blade 5 firewall module |
Yes |
|
M9000-X06 M9000-X10 |
Blade 6 firewall module |
Yes |
Restrictions and guidelines
|
|
CAUTION: Use the undo version auto-update enable and version check ignore commands with caution. Configured with these two commands, the system will not examine the standby MPU's startup software images for version inconsistency with the active MPU's current software images. The standby MPU can start up with a different software version than the active MPU. This might cause the device to malfunction. |
For a successful synchronization in a multiuser environment, make sure no other users reboot or swap MPUs during the synchronization process.
To track the synchronization process, configure the information center to output synchronization status logs to configuration terminals. For more information, see Network Management and Monitoring Configuration Guide.
When startup software version check and automatic software synchronization are both enabled, the standby MPU typically starts up with the same software images as the active MPU. However, the standby MPU might fail to synchronize the software images of the active MPU if their software images have critical differences.
If you enable startup software version check but disable automatic software synchronization, the standby MPU cannot start up if it has a different software version than the active MPU.
Procedure
1. Enter system view.
system-view
2. Enable startup software version check for the standby MPU.
undo version check ignore
By default, startup software version check is enabled.
3. Enable automatic software synchronization for the standby MPU.
version auto-update enable
By default, automatic software synchronization is enabled.
Synchronizing startup images from the active MPU to the standby MPU (in standalone mode)
About this task
Perform this task when the startup images on the standby MPU are not the same version as those on the active MPU.
This task synchronizes startup images that are running on the active MPU to the standby MPU. If any of the startup images does not exist or is invalid, the synchronization fails.
The startup images synchronized to the standby MPU are set as main startup images, regardless of whether the source startup images are main or backup.
Procedure
Perform the following steps in user view:
1. Synchronize startup images from the active MPU to the standby MPU.
boot-loader update { all | slot slot-number }
The command execution results are the same, regardless of whether you specify the all keyword or the slot slot-number option.
2. Reboot the standby MPU.
reboot slot slot-number [ force ]
Synchronizing startup images from the global active MPU to global standby MPUs (in IRF mode)
About this task
Perform this task when the startup images on a global standby MPU are not the same version as those on the global active MPU.
This task synchronizes startup images that are running on the global active MPU to standby MPUs. If any of the startup images does not exist or is invalid, the synchronization fails.
The startup images synchronized to the standby MPUs are set as main startup images, regardless of whether the source startup images are main or backup.
Procedure
Perform the following steps in user view:
1. Synchronize startup images from the global active MPU to global standby MPUs.
boot-loader update { all | chassis chassis-number slot slot-number }
By default, this feature is enabled.
2. Reboot a global standby MPU.
reboot [ chassis chassis-number [ slot slot-number ] ] [ force ]
Restoring the BootWare image
About this task
Use this task to restore the BootWare image when the BootWare image in the Normal area is corrupted or a version rollback is required.
Restrictions and guidelines
Make sure you have used the bootrom backup command to back up the image to the BootWare Backup area.
Procedure
Perform the following steps in user view:
1. Restore the BootWare image in the Normal area of BootWare.
In standalone mode:
bootrom restore slot slot-number-list [ cpu cpu-number ][ subslot subslot-number-list ]
In IRF mode:
bootrom restore chassis chassis-number slot slot-number-list [ cpu cpu-number ] [ subslot subslot-number-list ]
2. Reboot the device.
reboot
At startup, the system runs the new BootWare image to complete the restoration.
Upgrading the security engine on a security card by using the boot loader method
Restrictions and guidelines
· The upgrade file must be stored in the root directory of a file system on the device. The file name must include the file system name.
· The boot-loader blade file command overwrites the entire security engine startup image list. To add new startup feature images, specify all feature image files, including feature image files in the old startup image list. The new startup image list will contain only the feature image files that are specified in the command.
Prerequisites
1. Use the display version command to identify the current BootWare and security engine software versions on the security engine.
2. Use the release notes for the upgrade software version to evaluate the upgrade impact on your network and verify the following items:
¡ Software and hardware compatibility.
¡ Version and size of the upgrade software.
¡ Compatibility of the upgrade software with the current BootWare and security engine software images.
¡ Software compatibility between the security engine and the device.
3. Use the dir command to verify that every MPU has sufficient storage space for the upgrade images. If the storage space is not sufficient, delete unused files by using the delete command. For a security engine to start up from its local file system, you must make sure its local file system has sufficient space for the upgrade images. For more information, see "Managing file systems."
4. Use FTP or TFTP to transfer the upgrade image file to the root directory of any file system on an MPU. For more information about FTP configuration and TFTP configuration, see "Configuring FTP" and "Configuring TFTP."
Upgrading the security engine on a security card (in standalone mode)
Perform the following steps in user view:
1. Specify the local main or backup startup images for the security engine.
¡ Use an .ipe file:
boot-loader file ipe-filename slot slot-number cpu cpu-number { backup | main }
¡ Use .bin files:
boot-loader file boot filename system filename [ feature filename&<1-30> ] slot slot-number cpu cpu-number { backup | main }
The command copies the specified images to the root directory of the default file system on the security engine.
|
Parameter |
Description |
|
slot slot-number |
Specifies the slot number of the security card for the slot-number argument. |
|
cpu cpu-number |
Specifies the CPU number of the security engine for the cpu-number argument. |
|
|
NOTE: The system will verify the digital signature of the specified images before it updates the startup image list with the specified images. If the digital signature verification fails, the system will not update the startup image list and you will receive a digital signature verification failure message. |
2. Specify remote startup images for the security engine.
¡ Use an .ipe file:
boot-loader blade blade-model file boot filename system filename [ feature filename&<1-30> ]
¡ Use .bin files:
boot-loader blade blade-model file ipe ipe-filename
The command copies the specified images to the root directory of the default file system on each MPU.
To prevent a security engine startup failure after an active/standby MPU switchover, execute this command after you add a new MPU to the device.
|
|
NOTE: The system will verify the digital signatures of the specified images before it copies them to each MPU. If the digital signature verification fails, the system will not copy the images to the MPUs and you will receive a digital signature verification failure message. |
3. Save the running configuration.
save
This step ensures that any configuration you have made can survive a reboot.
4. Reboot the security card.
reboot slot slot-number
Specify the slot number of the security card for the slot-number argument.
Upgrading the security engine on a security card (in IRF mode)
Perform the following steps in user view:
1. Specify main or backup local startup images for the security engine.
¡ Use an .ipe file:
boot-loader file ipe-filename chassis chassis-number slot slot-number cpu cpu-number { backup | main }
¡ Use .bin files:
boot-loader file boot filename system filename [ feature filename&<1-30> ] chassis chassis-number slot slot-number cpu cpu-number { backup | main }
The command copies the specified images to the root directory of the default file system on the security engine.
|
Parameter |
Description |
|
chassis-number |
Specifies the IRF member ID of the device that holds the security card for the chassis-number argument. |
|
slot-number |
Specifies the slot number of the security card for the slot-number argument. |
|
cpu-number |
Specifies the CPU number of the security engine for the cpu-number argument. |
|
|
NOTE: The system will verify the digital signature of the specified images before it updates the startup image list with the specified images. If the digital signature verification fails, the system will not update the startup image list and you will receive a digital signature verification failure message. |
2. Specify remote startup images for the security engine.
¡ Use an .ipe file:
boot-loader blade blade-model file ipe ipe-filename
¡ Use .bin files:
boot-loader blade blade-model file boot filename system filename [ feature filename&<1-30> ]
The command copies the specified images to the root directory of the default file system on each MPU.
To prevent a security engine startup failure after an active/standby or master/subordinate switchover, execute this command after you add a new MPU or member device to the IRF fabric.
|
|
NOTE: The system will verify the digital signatures of the specified images before it copies them to each MPU. If the digital signature verification fails, the system will not copy the images to the MPUs and you will receive a digital signature verification failure message. |
3. Save the running configuration.
save
This step ensures that any configuration you have made can survive a reboot.
4. Reboot the security card.
reboot chassis chassis-number slot slot-number
Specify the member device ID of the member device that holds the security card for the chassis-number argument.
Specify the slot number of the security card for the slot-number argument.
Display and maintenance commands for software images
Execute display commands in any view and execute reset commands in user view.
|
Task |
Command |
|
Display current software images and startup software images. |
In standalone mode: display boot-loader [ slot slot-number [ cpu cpu-number ] ] In IRF mode: display boot-loader [ chassis chassis-number [ slot slot-number [ cpu cpu-number ] ] ] |
|
Display the security engine startup software images stored on the device. |
display boot-loader blade [ blade-model ] |
|
Clear the security engine startup software image list on the device. |
reset boot-loader blade blade-model |
