Upgrading a VSX Cluster

This Procedure is applicable to both High Availability and Load Sharing modes.

Before you upgrade:

Make sure that the cluster has 2 members, one of which is Active and the other is in Standby.

To check the cluster member status:

On each cluster member, run: cphaprob state

To upgrade the cluster:

1. Upgrade the Standby cluster member with CPUSE or a clean install.
2. On the upgraded cluster member, run: cphaprob state

   Make sure the status is Ready.

3. Configure dynamic routing.

   For BGP, you must configure graceful restart, for BGP routes to remain after failover.

4. Run: cphacu start [no_dr]

   If dynamic routing synchronization is not required, use the no_dr option.

   The Connectivity Upgrade runs, and shows this message when it finishes: Connectivity upgrade status: Ready for Failover

5. On the Active cluster member, run these commands:
   1. cphaprob state

      Make sure the local member is in Active or Active Attention state, and the upgraded member is in Down state.

   2. fwaccel off -a

      Turns off SecureXL on all Virtual Systems so that the delayed connections are synchronized to the upgraded member that is now in Ready state.

   3. cpstop

      The connections fail over to the upgraded member.

6. On the upgraded cluster member, run: cphaprob state

   Make sure that it is now in Active state.

7. On the new Active cluster member, run: cphacu stat

   Make sure that it handles the traffic. See cphacu stat.

8. Upgrade the former Active cluster member with a clean install.

   Reboot the gateway after the upgrade.

To make sure all cluster members are up and in VSX High Availability mode:

On each cluster member, run: cphaprob state

If the state of a cluster member is HA not started, run: cphastart