What is the In-Service Software Upgrade (ISSU), and why should you use it? In this blog post, we’ll take a look at the basics of high availability and in-service software upgrades on Cisco Catalyst 9800 Series Wireless Controllers.
Businesses today require a highly available wireless network with close to zero downtime, more critically important now that many employees are working from home or at remote locations. IT spends a considerable amount of resources on resilient network architecture design, redundant power planning, and other high availability maintenance technologies.
Specifically, for wireless deployments, resiliency is measured by network availability for clients. This includes minimal or no disruption in the network in the event of controller or access point failures, controller or access point software updates, or the roll-out of network images. Businesses are typically hesitant to upgrade their network because this has traditionally translated to significant downtime.
The Cisco Catalyst 9800 Series Wireless Controller can eliminate or significantly reduce downtimes during updates and upgrades with the power of Cisco IOS-XE. These features are built into the Intent-based networking architecture and provide the ability to have limited to no downtime during a wireless network upgrade. Bug fixes and network updates can be deployed without having to re-qualify a new image or schedule a down time window.
When we refer to network availability, it is across the different phases of the deployment lifecycle from unplanned network events to ongoing software updates in the network. Over the years 
with AireOS, and now most recently with the Cisco Catalyst 9800 Series Wireless Controller, we have tackled resiliency from multiple angles. We have different models of deployments that customers can choose from; standalone, N+1, or SSO depending on the downtime acceptable.
When it comes to tackling controller and network faults, the standalone controller takes a hit of several tens of minutes. With the N+1 HA model, this is reduced in the order of a few minutes, but there is still a noticeable impact on AP’s and clients. SSO or stateful switchover provides a zero-downtime, sub-second switchover allowing zero impact to AP’s and clients if the wireless controller goes down. When it comes to the controller and AP bug fixes, Cisco IOS XE is uniquely designed to accept patches in the form of SMU’s and AP service packs. This solves the problem of the network being down for tens of minutes while a new image is loaded. It also expedites the fix going into the network and contains the impact on an already released and validated code on the controller.
The most disruptive process, however, is the image upgrade, where the entire controller image as well as the associated AP’s have to be upgraded. With standalone controllers, this results in severe network downtime. With the N+1 mode of redundancy, N+1 rolling AP upgrade and Cisco DNA Center automation workflow solution provides a zero-downtime upgrade functionality. However, the SSO pair upgrade meant reloading both controllers at the same time or using N+1 as a way to carry out the upgrade, which is not ideal, as the need for the extra controller could be a deterrent for many customers.
The solution we have all been waiting for is finally here. The in-service software upgrade feature is part of Cisco IOS XE Release 17.3 for the Cisco Catalyst 9800 Series Wireless Controllers. In-Service Software Upgrade (ISSU) is a procedure to accomplish a wireless controller upgrade while packet forwarding continues uninterrupted, which increases the network availability and reduces downtime.
ISSU provides a complete image upgrade from one image to another without network downtime. ISSU is carried out natively from the controller without the need for an external orchestrator and provides a complete image upgrade from one image to another while traffic forwarding continues uninterrupted.
The three big benefits that ISSU offers is to eliminate downtime in the network, eliminate the need to have an additional controller purely for the upgrade process, and elimination of the need for manual intervention during the upgrade process. This is huge because it means customers can upgrade their production networks without waiting several weeks to schedule an upgrade window.
The following is a list of Cisco wireless controllers supporting ISSU:
- Cisco Catalyst 9800-40, 9800-80, 9800-L
- Cisco Catalyst 9800-CL private cloud
In-service software upgrade and other patching features of Cisco IOS XE ensure that the wireless controllers stay up and client traffic flows uninterrupted even when the network is upgraded with new software.
These always-on features are a massive advantage across all verticals as wireless is becoming the primary medium of access, and these technologies are necessary ingredients to construct a wireless network with the most uptime.
Learn more about Cisco Wireless.
Subscribe to the Networking blog
Always-On, WLAN had been a long time dream in Enterprise Wireless until recently – this is fantastic news!