EPLD Upgrade on Nexus and MDS switches

Introduction

Switches and directors in the Cisco MDS 9000 and Nexus Series contain several electrical programmable logical devices (EPLDs) that provide hardware functionalities in all of the modules.

The advantage of having EPLDs for some module functions is that when you need to upgrade those functions, you just upgrade their software images instead of replacing their hardware.

NOTE: EPLD image upgrades for a line card disrupt the traffic going through the module because the module must power down briefly during the upgrade. The system performs EPLD upgrades on one module at a time, so at any one time the upgrade disrupts only the traffic going through one module.

I- EPLD Upgrade for Nexus 9000 series switches

When to Upgrade EPLDs

When new EPLD images are available, the upgrades are always recommended if your network environment allows for a maintenance period in which some level of traffic disruption is acceptable. If such a disruption is not acceptable, then consider postponing the upgrade until a better time.

NOTE: The EPLD upgrade operation is a disruptive operation. Execute this operation only at a programmed maintenance time. The system ISSU upgrade is a nondisruptive upgrade.

NOTE: Do not perform an EPLD upgrade during an ISSU system upgrade.

NOTE: EPLD version is backward compatible.

Nexus 9000 Modular chassis with dual supervisor:

1. Copy the EPLD image to bootflash (e.g. used n9000-epld.9.3.5.img).
2. If you have dual supervisor, determine which is the standby Supervisor by doing ‘show module’ and start upgrading it first.
3. Assuming standby supervisor is slot 28. Update the Primary FPGA region of standby supervisor. install epld bootflash:n9000-epld.9.3.5.img module 28

Expected result: Switch will update primary EPLD of standby supervisor and will reload the standby supervisor module automatically. Please don’t interrupt, power cycle or reload when EPLD update is happening. Once standby is booted, it will again come up as standby supervisor. A ‘show version module 28 epld’ will continue to show old version.

switch# show mod | grep SUP

27 0 Supervisor Module N9K-SUP-A active *

28 0 Supervisor Module N9K-SUP-A ha-standby

27 9.3(0.416) 1.0 SUP1

28 9.3(0.416) 0.3011 SUP2

switch# show version module 28 epld

EPLD Device Version

IO FPGA 0x27

This is expected, as the switch would have booted from Golden FPGA which is still not updated. You can verify this from syslog which would say:

%CARDCLIENT-5-MOD_BOOT_GOLDEN: Module 28 IOFPGA booted from GoldenCode language: PHP (php)

4. Update the Golden (also called backup) FPGA region of the standby supervisor.

install epld bootflash:n9000-epld.9.3.1.img module 28 golden

# install epld bootflash:n9000-epld.9.3.1.img module 28 golden

Module 28 : IO FPGA [Programming ] : 100.00% ( 64 of 64 total sectors)

Module 28 EPLD upgrade is successful.

Module Type Upgrade-Result

------ ------------------ -------------
28         SUP         SuccessCode language: CSS (css)

Expected result: Switch will update the golden EPLD of standby supervisor and will reload the standby supervisor module automatically. Please don’t interrupt, power cycle or reload when EPLD update is happening. Once standby is booted, it will again come up as ha-standby supervisor.

Verification:

Once this is done, when you check ‘show version module 28 epld’ you will see FPGA version that is >= to the fixed version for the standby supervisor. Your switch has the fixed version for standby supervisor.

switch# show version module 28 epld

EPLD Device Version

IO FPGA 0x30Code language: PHP (php)

Repeat Step 3 and 4, for the active supervisor. At the end of Step 3, supervisor in slot 27 will reload and hence now will become standby supervisor. The active supervisor will be Supervisor in slot 28.

(considering SUP 27 is active to begin with, for the above activity, such as steps 3 and 4, commands would have 27 in place of 28.)

Log below shows what happens when epld upgrade happens for active supervisor.

Module 27 : IO FPGA [Programming] : 100.00% ( 64 of 64 sectors)

Module 27 EPLD upgrade is successful.

Module Type Upgrade-Result

------ ------------------ --------------
27         SUP         Success

EPLDs upgraded. Performing switchover.Code language: CSS (css)

Once the supervisor in Slot 27 becomes ha-standby complete step 4 for Slot 27, and it will again boot and become ha-standby.

Nexus 9000 Modular chassis with single supervisor:

1.Copy the EPLD image to bootflash (e.g. used n9000-epld.9.3.5.img).

2.Assuming the supervisor is in Slot27. Update the Primary FPGA region.

install epld bootflash:n9000-epld.9.3.5.img module 27

Expected result: Switch will update primary EPLD of the supervisor and will reload the switch automatically. Please don’t interrupt, power cycle or reload when EPLD update is happening. Once the supervisor is booted, the ‘show version module 27 epld’ will continue to show old version:

Switch#show version module 27 epld

Name InstanceNum Version Date

IO FPGA 0 0x27 20160111

BIOS version v08.35(08/31/2018)

Alternate BIOS version v08.32(10/18/2016)

This is expected, as the switch would have booted from Golden FPGA which is still not updated. You can verify this from syslog which would say:

%CARDCLIENT-5-MOD_BOOT_GOLDEN: Module 27 IOFPGA booted from GoldenCode language: PHP (php)

3. Since in this case there is only one supervisor, update the Golden (also called backup) FPGA region.

install epld bootflash:n9000-epld.9.3.5.img module 27 golden

Module 27 : IO FPGA [Programming ] : 100.00% ( 64 of 64 total sectors)

Module 27 EPLD upgrade is successful.

Module Type Upgrade-Result

------ ------------------ --------------
27         SUP         SuccessCode language: CSS (css)

Expected result: Switch will update the golden EPLD of the supervisor and will reload the switch automatically. Please don’t interrupt, power cycle or reload when EPLD update is happening.

Once this is done, when you check ‘show version module 27 epld’ you will see FPGA version that is >= to the fixed version for the supervisor. Your supervisor has the vulnerability fixed version of FPGA.

SWITCH# show version module 27 epld

Name InstanceNum Version Date

IO FPGA 0 0x30 20190625

BIOS version v08.35(08/31/2018)

Alternate BIOS version v08.32(10/18/2016)Code language: PHP (php)

IMPORTANT NOTE:
It is by design, that we don’t allow updating both primary and golden at the same time (to avoid programming errors, that may cause switch to not boot, hence only one region is allowed to be programmed per reload).

Nexus 9000 fixed switches:

1. Copy the EPLD image to bootflash (e.g. used n9000-epld.9.3.5.img).
2. Update the Primary FPGA region. install epld bootflash:n9000-epld.9.3.5.img module 1

    install epld bootflash:n9000-epld.9.3.5.img module 1Code language: JavaScript (javascript)

Expected result: Switch will update EPLD and will reload automatically. Please don’t interrupt, power cycle or reload when EPLD update is happening. Switch would boot up with golden FPGA, ‘show version module 1 epld’ would show the old Fpga version for IO, due to this. This is expected.

Limitations:

■ If a module is not online, you cannot upgrade its EPLD images.

■ If there are two supervisors that are installed in the switch (Cisco Nexus 9504, 9508, and 9516 switches only), you can either upgrade only the standby or upgrade all modules (including both supervisor modules) by using the following commands:

• install epld bootflash: image module standby-supervisor-slot-number (upgrades only the standby supervisor module)

NOTE: After you use this command, you can switchover the active and standby supervisor modules and then upgrade the other supervisor.

• install epld bootflash: image module all (upgrades all of the modules)

■ If there is only one supervisor that are installed in the switch, your upgrading or downgrading of EPLD images is disruptive.

II- EPLD Upgrade for MDS 9000

EPLD images are released as part of a Cisco MDS NX-OS release. Therefore, the EPLD images have a version number that matches the Cisco MDS NX-OS release they are part of.

An EPLD image is a package containing updates for each type of EPLD. Each EPLD update has its own version number, which is independent of the Cisco MDS NX-OS release. As EPLD changes are infrequent, an EPLD image may contain new updates for only some EPLDs. The remaining EPLD updates will be the same version as the previous EPLD image.

Installing a Module EPLD Update:

Installing a module EPLD update includes the updating of both supervisors and switching modules. At the end of this process, the target module is reloaded. For switching modules, this disrupts traffic on all ports of the module for the duration of the reload. 

Example: Updating Module EPLDs on a Cisco MDS 9700 Series Switch

switch# install all epld bootflash:m9000-pkg2.6.2.13.epld parallel module 6Code language: PHP (php)

Use the install module slot epld uri command to update EPLD images for a module in the Cisco MDS switches except the Cisco MDS 9700 series switches.

Example: Updating Module EPLDs on a Cisco MDS 9396S Switch

switch# install module 1 epld bootflash:m9000-pkg2-6.2.13.epldCode language: PHP (php)

Reference:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/epld-rn/nxos_n9K_epldRN_935.html#_Toc42851143

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/6_2/release/notes/epld/epld_rn.html#60016