Policy and Procedure – Upgrading Nexus 9000 NX-OS Operating System with Minimal Downtime

Upgrading Nexus 9000 NX-OS Operating System with Minimal Downtime

Policy Statement

This policy establishes the procedure for upgrading the Nexus 9000 NX-OS Operating System with minimal downtime. It is critical to maintain optimal system performance and security, while also ensuring uninterrupted service for the organization.



This policy applies to all individuals involved in upgrading the Nexus 9000 NX-OS Operating System.



  1. Preparation and Planning
  • Before initiating the upgrade process, backup the current configuration and system files. This will help to prevent data loss and allow a rollback if required.
  • Review Cisco release notes for the new NX-OS version, and confirm that the new version is compatible with your hardware and software environment.
  • Plan the upgrade during the period of lowest network demand, ideally during off-peak hours or scheduled maintenance windows, to minimize disruption.
  1. Redundancy and Fault Tolerance
  • Use Nexus 9000’s ISSU (In-Service Software Upgrade) feature if possible. This feature is designed to allow system upgrades without disrupting network services.
  • Ensure redundancy at all levels (network, power, etc.) to minimize any potential impact of the upgrade process.
  1. Testing
  • If possible, test the upgrade process on a non-production system that closely mirrors your production environment. This can identify potential issues before they affect your live network.
  1. System Upgrade
  • Proceed with the system upgrade following Cisco’s recommended procedure.
  • Monitor the upgrade process and system performance closely throughout.
  1. **Post-Upgrade Testing and Validation**
  • After the upgrade, validate the system is working as expected.
  • Test network performance, services, and functions for any irregularities.
  1. Rollback if Necessary
  • If there are unexpected problems after the upgrade, you may need to rollback to the previously backed-up version.
  1. Documentation
  • Document all aspects of the upgrade process: the pre-upgrade status, steps taken during the upgrade, any issues encountered, and post-upgrade validation.



Failure to follow this policy may lead to service disruptions, degraded performance, or security vulnerabilities. It is essential to adhere to the procedures outlined in this policy for all NX-OS upgrades.


Policy Review

This policy will be reviewed annually to ensure it reflects current best practices and organizational needs.



The IT Director is responsible for the approval and subsequent updates of this policy.


NOTE: The procedures may vary depending on the specific model of Nexus 9000 and the current NX-OS version. Always refer to the appropriate Cisco documentation for specific instructions. This policy is meant as a general guideline and may need adjustment to fit specific operational environments.


Step-by-Step Example:

Step 1: Connect to your device using SSH or console cable and then access the NX-OS CLI.

Step 2: Backup your current configuration.


copy running-config startup-config
copy startup-config sftp://[username]@[sftp server]/[backup filename]


You will be prompted to enter the password for the SFTP server.


Step 3: Verify the current system image that you are running.



show version


Step 4: Pre-download the new image to both supervisors. This does not activate the new software, but only places the image on the device’s storage.


copy sftp://[username]@[sftp server]/[image filename] bootflash:


You will be prompted to enter the password for the SFTP server.


Step 5: Add the new system image to the configuration and verify the configuration. This command will not remove the old image.


conf t

    boot system bootflash:[image filename]


show boot


Step 6: If you want to perform a non-disruptive upgrade using In-Service Software Upgrade (ISSU), verify that your system is ISSU compatible with the new image.


show install all impact nxos bootflash:[image filename]


Step 7: Perform the upgrade. If your system is ISSU compatible, you can use the following command to upgrade with minimal downtime:


install all nxos bootflash:[image filename]


If your system is not ISSU compatible, you need to perform a disruptive upgrade:


install all kickstart bootflash:[kickstart filename] system bootflash:[system filename]


Step 8: After the upgrade, verify the new system image.


show version


Step 9: Validate the system operation.


Perform your routine system checks to validate the operation of the system. Check for any abnormal system logs or error messages, ensure interfaces are up and running, and validate that routing protocols are operational.


Please be sure to replace [username], [sftp server], [backup filename], [image filename], [kickstart filename], and [system filename] with your specific details. Also, ensure you’ve properly configured SFTP and have enough space available in the “bootflash:”. Always follow the specific instructions for your model and configuration.