Skip to content

DOCS-468 and DOCS-498/I95-58622 #919

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Chr1st0ph3rTurn3r wants to merge 4 commits into
base: master
Choose a base branch
from
Open

DOCS-468 and DOCS-498/I95-58622 #919

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e3a5d79
for DOCS-468
Chr1st0ph3rTurn3r Feb 2, 2026
3403c00
updates per DOCS498/I95-58622
Chr1st0ph3rTurn3r Feb 3, 2026
4783f11
Merge branch 'master' into various-docs-jira-items
Chr1st0ph3rTurn3r Feb 3, 2026
0f74ca7
updates per James' first comment. No change made for second one.
Chr1st0ph3rTurn3r Feb 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions docs/concepts_ssr_idp.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,14 @@ When the router is configured with `forwarding-core-mode` as manual, the adminis
The system requires a reboot for the IDP core allocation; after upgrading to SSR 6.x for the first time, an additional reboot is required to enable the IDP engine.
:::

Software version 6.3.3-R2 introduces the support of multi-core capabilities for IDP for image-based routers. For customers running IDP on older image-based firmware versions (6.3.0-R1 and under) on the SSR1300, SSR1400, and SSR1500, IDP multicore will be automatically enabled when upgrading to 6.3.3-R2. In some cases, after an upgrade the IDP engine can fail to start as it transitions from single-core to multi-core mode. When the IDP engine fails to start, the following alarm will be generated on the system: `IDP engine unable to start; reboot-required`. In this situation, it is required to reboot the system post-upgrade allocate system resources with IDP multi-core enabled. A reboot is required for any subsequent disable/enable actions.

For legacy package-based routers, multi-core IDP capability is not supported, and those systems will continue to operate in the single-core mode.

:::note
Multi-core IDP is not supported on the following SSR devices: SSR120, SSR130, and SSR1200.
Copy link
Contributor

@jamesesilvia jamesesilvia Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now that we support AV, and soon SSL Proxy and other features we might want to start calling this advanced L7-Security features or something vs IDP. Not needed for this PR

:::

## Limitations

The following is a list of the current limitations of the IDP solution.
Expand Down
7 changes: 6 additions & 1 deletion docs/release_notes_128t_6.3.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -393,7 +393,12 @@ Beginning with SSR-6.3.5, conductor-managed **routers** running SSR-6.3.5 must b

### Caveats

- **I95-58622 IDP Engine Intermittent Start-up:** 6.3.3-R2 introduces the support of multi-core capabilities for IDP for image-based routers. For legacy package-based routers, multi-core IDP capability is not supported, and those systems will continue to operate in the single-core mode. For customers running IDP on older image-based firmware versions (6.3.0-R1 and under) on the SSR1300, SSR1400, and SSR1500, IDP multicore will be automatically enabled when upgrading to 6.3.3-R2. In some cases, after an upgrade the IDP engine can fail to start as it transitions from single-core to multi-core mode. When the IDP engine fails to start, the following alarm will be generated on the system: `IDP engine unable to start; reboot-required`. In this situation, it is recommended to reboot the system post-upgrade to ensure future reliable reboots with IDP multi-core enabled.
- **I95-58622 IDP Engine Intermittent Start-up:** 6.3.3-R2 introduces the support of multi-core capabilities for IDP for image-based routers. For legacy package-based routers, multi-core IDP capability is not supported, and those systems will continue to operate in the single-core mode. For customers running IDP on older image-based firmware versions (6.3.0-R1 and under) on the SSR1300, SSR1400, and SSR1500, IDP multicore will be automatically enabled when upgrading to 6.3.3-R2. In some cases, after an upgrade the IDP engine can fail to start as it transitions from single-core to multi-core mode. When the IDP engine fails to start, the following alarm will be generated on the system: `IDP engine unable to start; reboot-required`. In this situation, it is required to reboot the system post-upgrade allocate system resources with IDP multi-core enabled. A reboot is required for any subsequent disable/enable actions.

:::note
Multi-core IDP is not supported on the following SSR devices: SSR120, SSR130, and SSR1200.
:::

------
- **I95-58782 `node.js` process may crash on SSR120, SSR130, and other branch router devices while generating Swagger documentation:** The `node.js` process may crash on SSR120, SSR130, and other branch router devices during SSR application startup while generating Swagger documentation. This is due to an internal error, and will generate a `node.js` coredump, but has **no impact** on the SSR. Swagger documentation is generated on a subsequent restart of the SSR. This is not service impacting.
------
Expand Down
38 changes: 14 additions & 24 deletions docs/upgrade_restricted_access.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,21 +84,17 @@ When using the `import iso` and `import rpm` commands to install plugins necessa
The following process is used to upgrade a Conductor and Conductor-managed Routers to **version 6.3.0** of the SSR software. Beginning with SSR software version 6.3.0, a conductor can manage routers running image-based software installations.

<!-- markdown-link-check-disable -->
1. On a system that has internet access, use the [ISO Download procedure](intro_downloading_iso.md#downloading-an-iso) to download the `128T-6.3.0-107.r1.el7.OTP.v1.x86_64.iso` from the [6.3 Package Based ISO Download](https://software.128technology.com/artifactory/list/generic-128t-isos-release-local/6.3/) page.
1. On a system that has internet access, use the [ISO Download procedure](intro_downloading_iso.md#downloading-an-iso) to download the `128T-6.3.0-107.r1.el7.OTP.v1.x86_64.iso` from the [6.3 Package Based ISO Download](https://software.128technology.com/artifactory/list/generic-128t-isos-release-local/6.3/) page to your device.
Copy link
Contributor

@MichaelBaj MichaelBaj Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since other changes to this document explain the benefits of using 6.3.3 for multi-core L7 security features, this step-by-step guide should be updated to a more recent version of 6.3, specifically 6.3.7.

Copy link

@laneshields-jnpr laneshields-jnpr Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the addition of "to your device" here is a bit confusing and or does not add much new context. Really the steps are this:

  1. From outside the air gapped environment where download the ISO from our Internet facing repos
  2. Get the ISO from that laptop/device into the air gapped environment and copy it onto the conductor. This is a step that the customer should understand how to do, we should not provide additional context for how to do this. But it needs to be done.
  3. Once the ISO is on the conductor in the air gapped environment, they use the import command to load the software.


2. [Create a bootable USB](intro_creating_bootable_usb.md) drive from the downloaded ISO.
2. Import the `128T-6.3.0-107.r1.el7.OTP.v1.x86_64.iso` ISO onto the conductor using the [`import iso`](#import-iso) command.

3. Import the `128T-6.3.0-107.r1.el7.OTP.v1.x86_64.iso` ISO onto the conductor using the [`import iso`](#import-iso) command.
3. Upgrade the conductor using the [Conductor Upgrade procedure](upgrade_ibu_conductor.md).

4. Upgrade the conductor using the [Conductor Upgrade procedure](upgrade_ibu_conductor.md).
4. Download the `SSR-6.3.0-107.r1.el7.x86_64.ibu-v1.iso` from the [SSR Software Images](https://software.128technology.com/artifactory/list/generic-128t-install-images-release-local) page to your device. <!-- markdown-link-check-enable -->
Copy link
Contributor

@MichaelBaj MichaelBaj Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does download need to happen twice? Step 1 is also a download.

Copy link

@laneshields-jnpr laneshields-jnpr Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The download probably does not need to happen twice. But I'm almost positive that after the conductor is upgraded the ISO needs to be copied onto the conductor again and imported again (on the new partition post-upgrade) in order to make it available to the routers for upgrade.

Copy link
Contributor Author

@Chr1st0ph3rTurn3r Chr1st0ph3rTurn3r Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Step 1 is downloading the package based install for 6.3.x that has to happen for the conductor to manage image based routers. Step 4 downloads the image based install for the routers.


5. Download the `SSR-6.3.0-107.r1.el7.x86_64.ibu-v1.iso` from the [SSR Software Images](https://software.128technology.com/artifactory/list/generic-128t-install-images-release-local) page. <!-- markdown-link-check-enable -->
5. Import the `SSR-6.3.0-xx.r1.el7.x86_64.ibu-v1.iso` ISO onto the conductor. The conductor will act as the software repository for the subsequent router upgrades. Do **not** install this package onto the conductor, only import it.

6. [Create a bootable USB](intro_creating_bootable_usb.md) drive from the SSR ISO.

7. Import the `SSR-6.3.0-xx.r1.el7.x86_64.ibu-v1.iso` ISO onto the conductor. The conductor will act as the software repository for the subsequent router upgrades. Do **not** install this package onto the conductor, only import it.

8. Upgrade individual routers using the [Router Upgrade](upgrade_router.md) procedure.
6. Upgrade individual routers using the [Router Upgrade](upgrade_router.md) procedure.

:::note
The process to upgrade a **conductor from a version less than 6.3.0 to 6.3.0 or greater** requires the use of the `128T-6.3.X-XX.r1.el7.OTP.v1.x86_64.iso` package based 128T ISO. After the initial upgrade to 6.3.X, all future upgrades will only require the import of the image-based SSR ISO; for example, `SSR-6.3.3-1.r1.el7.x86_64.ibu-v1.iso`.
Expand All @@ -115,25 +111,21 @@ The process to upgrade a **conductor to 6.3.0** requires the use of the `128T-6.
:::

<!-- markdown-link-check-disable -->
1. On a system that has internet access, use the [ISO Download procedure](intro_downloading_iso.md#downloading-an-iso) to download the `128T-6.3.0-107.r1.el7.OTP.v1.x86_64.iso` from the [SSR ISO Download](https://software.128technology.com/artifactory/list/generic-128t-isos-release-local) page.
1. On a system that has internet access, use the [ISO Download procedure](intro_downloading_iso.md#downloading-an-iso) to download the `128T-6.3.0-107.r1.el7.OTP.v1.x86_64.iso` from the [SSR ISO Download](https://software.128technology.com/artifactory/list/generic-128t-isos-release-local) page to your device.
Copy link
Contributor

@MichaelBaj MichaelBaj Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same comment as above


2. [Create a bootable USB](intro_creating_bootable_usb.md) drive from the SSR ISO.
2. Import the `128T-6.3.0-107.r1.el7.OTP.v1.x86_64.iso` ISO onto the conductor using the [`import iso`](#import-iso) command.

3. Import the `128T-6.3.0-107.r1.el7.OTP.v1.x86_64.iso` ISO onto the conductor using the [`import iso`](#import-iso) command.
3. Upgrade the conductor using the [Conductor Upgrade procedure](upgrade_ibu_conductor.md).

4. Upgrade the conductor using the [Conductor Upgrade procedure](upgrade_ibu_conductor.md).

5. Navigate to the [SSR Software Images](https://software.128technology.com/artifactory/list/generic-128t-install-images-release-local) page, identify the software image version you will use to upgrade the target router or routers, and download it. <!-- markdown-link-check-enable -->
5. Navigate to the [SSR Software Images](https://software.128technology.com/artifactory/list/generic-128t-install-images-release-local) page, identify the software image version you will use to upgrade the target router or routers, and download it to your device. <!-- markdown-link-check-enable -->

For example, if you are upgrading a router to SSR Version 6.1.10, you will need to download the following files:

- `SSR-6.1.10-8.lts.el7.x86_64.ibu-v1.iso`

6. [Create a bootable USB](intro_creating_bootable_usb.md) drive from the SSR ISO.

7. Import the `SSR-6.1.10-8.lts.el7.x86_64.ibu-v1.iso` ISO onto the conductor. The conductor will act as the software repository for the subsequent router upgrades. Do **not** install this package onto the conductor, only import it.
6. Import the `SSR-6.1.10-8.lts.el7.x86_64.ibu-v1.iso` ISO onto the conductor. The conductor will act as the software repository for the subsequent router upgrades. Do **not** install this package onto the conductor, only import it.
Copy link
Contributor

@MichaelBaj MichaelBaj Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks like it was based on a guide with 6.1 being the latest version at the time. 6.1 is EoS, so this should be updated to 6.3.7 as well.


8. Upgrade individual routers using the [Router Upgrade](upgrade_router.md) procedure.
7. Upgrade individual routers using the [Router Upgrade](upgrade_router.md) procedure.

:::note
In an HA setup, when using offline-mode for routers to access the software from the conductors, the ISO must be imported to both conductors before performing the upgrade.
Expand All @@ -145,17 +137,15 @@ For upgrades of Conductor and Conductor-managed routers to software versions pri

In this example workflow, the conductor will be upgraded to 6.2.6, and the routers to 6.1.10.
Copy link
Contributor

@MichaelBaj MichaelBaj Feb 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should switch to more recent versions of software for the examples.

<!-- markdown-link-check-disable -->
1. On a system that has internet access, use the [ISO Download procedure](intro_downloading_iso.md#downloading-an-iso) to download the `128T-6.2.6-15.sts.el7.OTP.v1.x86_64.iso` software package from the [128T package-based ISO Download](https://software.128technology.com/artifactory/list/generic-128t-isos-release-local) page.

2. [Create a bootable USB](intro_creating_bootable_usb.md) drive from the SSR ISO.
1. On a system that has internet access, use the [ISO Download procedure](intro_downloading_iso.md#downloading-an-iso) to download the `128T-6.2.6-15.sts.el7.OTP.v1.x86_64.iso` software package from the [128T package-based ISO Download](https://software.128technology.com/artifactory/list/generic-128t-isos-release-local) page to your device.

3. Plug the USB into your device.

4. Import the `128T-6.2.6-15.sts.el7.OTP.v1.x86_64.iso` package onto the conductor using the [`import iso`](#import-iso) command.

5. Upgrade the conductor using the [Conductor Upgrade procedure](upgrade_ibu_conductor.md).

6. Download the `128T-6.1.10-8.lts.el7.OTP.v1.x86_64.iso` software package from the [SSR ISO Download](https://software.128technology.com/artifactory/list/generic-128t-isos-release-local) page. <!-- markdown-link-check-enable -->
6. Download the `128T-6.1.10-8.lts.el7.OTP.v1.x86_64.iso` software package from the [SSR ISO Download](https://software.128technology.com/artifactory/list/generic-128t-isos-release-local) page to your device. <!-- markdown-link-check-enable -->

7. Import the `128T-6.1.10-8.lts.el7.OTP.v1.x86_64.iso` package onto the conductor using the [`import iso`](#import-iso) command. The conductor will act as the software repository for the subsequent router upgrades. You do **not** install this package onto the conductor, only import it.

Expand Down