Brocade Fibre Channel Networking Community

Expand all | Collapse all

SAN Ficon Director FOS Upgrade

  • 1.  SAN Ficon Director FOS Upgrade

    Posted 03-29-2019 06:42 AM

    Hello,

     

    We tried to upgrade FOS level of DCX 8510-8 from v7.4.2a to v8.2.0a via BNA but unfortunately got following error below:

     

    Queued for Firmware download

    Downloading ...

    The server is inaccessible or firmware path is invalid. Please make sure the server name or IP address, the user/password and the firmware path are valid.

     

    However, we can successfully take supportsave and configupload via PuTTY but we can not upgrade the FOS level via BNA. By the way, we tried another way (I mean we used ssh connection) other than BNA in order to upgrade the FOS level of the SAN and successfully done it. 

     

    But, I want to learn why we hit this error message. On the other hand, we controlled all firewall port requirement and everything was fine.

     

    Any help is greatly appreciated.

     

    Thanks.

    Caglar


    #BrocadeFibreChannelNetworkingCommunity


  • 2.  Re: SAN Ficon Director FOS Upgrade

    Posted 04-01-2019 12:39 AM

    Hello,

     

    do you have all of these ports allowed on FW ?

     

    20/tcp, 21/tcp, 22/tcp, 80/tcp, 443/tcp, 24600/tcp, 24603/tcp,24604/tcp,24605/tcp,24608/tcp,24609/tcp,24610/tc

     

    Be aware that with FIRMWARE DOWNLOAD session is initiated from SAN SWITCH to the SERVER. 

     

    So for example:

     

    You are able to log with ssh to switch but firmware download via SCP failed (ssh/22 allowed from server to switch but not vice versa)

    You need to check if the 22/tcp is opened from switch to server side.

     

    I guess that BNA is ussing FTP ports for firmwaredownload, so please check if the ports are oppened.

    As there is no proper tool like TELNET on switch side there is no official way to check if the port is open from switch.

     

    Of course there is possibility to login as ROOT and use /dev/tcp with hostname and port....but i've not recommended this if you don't know what are you doing.


    #BrocadeFibreChannelNetworkingCommunity


  • 3.  Re: SAN Ficon Director FOS Upgrade

    Posted 04-03-2019 04:41 AM
      |   view attached

    Hi,

     

    Not all of them. As I read from documentation that 24608/tcp, 24609/tcp, 24610/tcp ports are reserved for future use. And we do not have to open these ports on firewall side. I am sending the firewall requirements from documentation also. Please correct me if I am wrong.

     

    On the other hand, you can be right because all ports except for '24608/tcp, 24609/tcp, 24610/tcp' were allowed only from server to switch on firewall side. So, as you said we have to open these ports also from switch to server.

     

    I will try again and share the result.

     

    Thanks in advance.

    Caglar.


    #BrocadeFibreChannelNetworkingCommunity

    Attachment(s)



  • 4.  Re: SAN Ficon Director FOS Upgrade

    Posted 04-03-2019 05:08 AM

    Hello,

     

    to be honest i guess that FTP or SSH port from switch to server is enough. 

    I've shared all ports for BNA which are needed for client, sorry.

     

     


    #BrocadeFibreChannelNetworkingCommunity


  • 5.  Re: SAN Ficon Director FOS Upgrade

    Posted 04-03-2019 06:37 AM

    @Caglar 

     

    --->>>We tried to upgrade FOS level of DCX 8510-8 from v7.4.2a to v8.2.0a 

     

    in one Step from 7.4 to 8.2 ?

     

     


    #BrocadeFibreChannelNetworkingCommunity


  • 6.  Re: SAN Ficon Director FOS Upgrade

    Posted 04-03-2019 06:50 AM

    @Antonio Bongiorno
    No, the official upgrade path which is written on documentation is 7.4.2a1 --> 8.0.2b2 --> 8.1.2a --> 8.2.0a

     


    #BrocadeFibreChannelNetworkingCommunity


  • 7.  Re: SAN Ficon Director FOS Upgrade

    Posted 04-04-2019 03:33 AM

    Hello,

     

    under root account via TCP UDP binaries you may chech if the port is open or not.

     

    https://superuser.com/questions/621870/test-if-a-port-on-a-remote-system-is-reachable-without-telnet

     

    /dev/tcp/host/port
        If host is a valid hostname or Internet address, and port is an integer port number
        or service name, bash attempts to open a TCP connection to the corresponding socket.
    /dev/udp/host/port
        If host is a valid hostname or Internet address, and port is an integer port number
        or service name, bash attempts to open a UDP connection to the corresponding socket.
    So you could use something like this: xenon-lornix:~> cat < /dev/tcp/127.0.0.1/22 SSH-2.0-OpenSSH_6.2p2 Debian-6 ^C pressed here

    But of course be aware that if somethig will messed up under root account, the warrany of switch will gone.


    #BrocadeFibreChannelNetworkingCommunity


  • 8.  Re: SAN Ficon Director FOS Upgrade

    Posted 04-18-2019 05:01 AM

    Hello Again,

     

    Although the ports that are written in documentation were opened in firewall side; we got the same error by using BNA unfortunately.

     

    Queued for Firmware download

    Downloading ...

    The server is inaccessible or firmware path is invalid. Please make sure the server name or IP address, the user/password and the firmware path are valid.

     

    Do you have any other suggestion or advise ?

     

    Thanks in advance.

    Caglar.


    #BrocadeFibreChannelNetworkingCommunity


  • 9.  Re: SAN Ficon Director FOS Upgrade

    Posted 05-21-2019 02:55 AM

    Be aware that with FIRMWARE DOWNLOAD session is initiated from SAN SWITCH to the SERVER. 

     

    So for example:

     

    You are able to log with ssh to switch but firmware download via SCP failed (ssh/22 9apps allowed from server to switch but not vice versa)

    You need to check if the 22/tcp is opened from switch to server side.

     

    I guess that BNA is ussing FTP ports for firmwaredownload, so please check if the ports are oppened.

    As there is no proper tool like TELNET on switch side there is no official way to check if the port is open from switch.

     

    Of course there is possibility to login as ROOT and use /dev/tcp with hostname and port....but i've not recommended this if you don't know what are you doing. 


    #BrocadeFibreChannelNetworkingCommunity