Cisco ACI EoL APIC M2/L2

4 Benefits of upgrading the fabric

Support - Knowing that you can continue to escalate business-impacting issues to the vendor, in this case, Cisco Technical Assistance Centre (TAC), gives you peace of mind that you will have experts on hand to help resolve incidents and outages impacting your organisation's primary business functions with your customer base promptly. In the past, we have seen outages of prolonged durations that have caused a company's customers to move to a competitor.

Features - Keeping your Cisco ACI infrastructure up to date allows you to remain innovative and competitive, enabling your business to bring your products to market faster. The rate of feature introduction through the solution lifecycle has been constant. Leveraging new features can simplify operations and provide flexibility to your business.

Security - Maintaining an up-to-date and secure solution is hugely important to many businesses today, especially for regulatory or accreditation requirements, such as PCI DSS and ISO 27001. You cannot secure your environment against bad actors on an unsupported fabric which is no longer mitigating known CVEs and defects. Don't wait to remediate after an external audit. Performing proactive upgrades will make compliance a breeze.

Performance - Upgrades don't just plug gaps. As solutions mature through a growing customer base, so do the performance enhancements. These come in many different forms. Some might be as simple as bandwidth, others more complex and not always apparent, such as improved scale, policy efficiencies, or interoperability enhancements, which gives confidence that you will not be exposed when provisioning new business applications. Your company will likely require network upgrades to enable its AI strategy.

Now that we understand the benefits of upgrading out-of-date solution components, the next step is to understand what is involved in planning the upgrade/replacement.

5 steps to planning

A typical Cisco ACI upgrade can take, on average, between 2 and 3 hours to complete, but the planning and preparation to perform the upgrade requires significantly more time. As a result, you must consider many factors when upgrading a Cisco ACI fabric and any of its components, which may mean that these times will differ from upgrade to upgrade.

Software - When replacing hardware components, such as the APIC-SERVER-M2/L2 controller, you must ensure that you have read and understood the software recommendations to enable a smooth replacement and upgrade process. Naturally, older software versions do not support new hardware models. Conversely, some newer software versions might not support old hardware models. All vendors can only support a specific compatibility matrix, so choosing the correct software version is essential.

Hardware - As the Cisco ACI solution has evolved, so too has the hardware; in the first instance, there were dedicated switches for each of the leaf and spine roles; fast forward to the present day, where the switching hardware offers dual roles, they can be either a leaf or a spine, offering even greater flexibility.

Business Applications - Why else is your business running Cisco ACI? In simple terms, the business applications are what the Cisco ACI estate is hosting, which translates to happy customers and revenue for the business.

Understanding how and where your business applications are connected is essential. Naturally, most organisations try to enhance application availability by ensuring that servers and appliances have redundant connectivity, which generally allows you to achieve greater application availability during upgrades. Identifying servers and traffic flows which don't comply with connectivity standards before the migration can mitigate against disruption.

 Integrations - We often see this component of upgrades neglected or overlooked. Integrations usually have interdependencies. If you upgrade the fabric to support new hardware, you may risk removing support for the surrounding infrastructure integrations. As the Cisco ACI solution evolves, so does the supportability for eco-system partners; they are also known to announce End-of-Life notifications for their solutions, and as older software is deprecated, you may find that support in Cisco ACI is also removed.

Deployment - When we talk about deployment, we use the term to describe the deployment type, such as Standalone, Multi-Pod, or Multi-Site, and the deployment form factor, e.g. physical or virtual. When planning an upgrade, you also need to be mindful of the Cisco ACI component dependencies; for example, when referring to the deployment type, there was a key change from Multi-Site Orchestrator (MSO) to Nexus Dashboard orchestrator (NDO), which needs to be factored into the plan. Then, on the form-factor topic, specifically when talking about the APIC-SERVER-M2/L2 appliance upgrade, there is now a consideration of whether you would want to leverage the APIC in a virtualised form-factor, which previously was unavailable.

If you have not regularly upgraded your fabric, the plan can become slightly more complex due to compatibility considerations if your plan includes skipping hardware generations. For example, to replace the APIC-SERVER-M2/L2 appliances today, your upgrade path is the APIC-SERVER-M4/L4 (20-day lead time) which comes with a minimum recommended software version which will drive your wider upgrade plan.

6 upgrade execution considerations

Now that you are ready to start implementing your new hardware and software, having a clear plan is crucial to success. It is good practice to prepare this information in advance of the change window. When working with a partner such as BestPath, we either do this for you or validate your plan to ensure a successful outcome. A detailed, planned change gives everyone confidence.

Preparation - This step before the change starts is important. You want to ensure that any new components, such as the APIC-SERVER-M4/L4, are staged and ready to be onboard and that key applications and their stakeholders are isolated so that they are not impacted for the duration of your change. Although upgrading the APIC CIMC version is not essential, we highly recommend it. CIMC upgrade is low-hanging fruit that can be completed without adversely affecting the APIC cluster functionality.

The fabric should also be free of any significant faults before the start of the change. A clean slate makes it easy to identify any new faults generated as part of the upgrade process. This step in itself can be a sizeable investment of time and effort.

Backup - Ensure you have a backup of the Cisco ACI fabric and any surrounding critical infrastructure components. Just because you are upgrading Cisco ACI does not mean that your change may not have a knock-on effect on the surrounding network and security systems within your control; having a backup of critical components allows you to recover from issues faster.

Software—You may be performing a single upgrade or a stepped upgrade. Another often overlooked consideration when upgrading is making sure the software is stored in an accessible location. The last thing you want to do is try to source the right software at the last minute, as this is when mistakes often surface. This step is also critical to enabling new hardware components to be joined to the fabric.

Hardware - Once the correct software versions are installed, you can start on the hardware replacement. When performing this step, your plan should outline what will be impacted and where. This allows you to focus your resourcing effort on the task at hand, which is replacing the APIC-SERVER appliances instead of reacting to benign faults that are raised during the upgrade. All too often, we see the focus shift from the upgrade process to fault finding, which can muddy the water of a change window.

Test - Have application and stakeholders test their connectivity prior to reactivating their services. This testing provides confidence that services can be restored without impacting brand and customer satisfaction.

Documentation—This step is often forgotten. This is where working with a partner such as BestPath brings value. Ensuring documentation is up to date allows the support/operations team to be armed with the correct information when the time comes. There is nothing worse than opening diagrams and design documents only to find the information cannot be trusted. It extends outages and reduces confidence that the fabric has been upgraded with the due diligence it requires.

Next steps