Upgrade Workflow from VSX R67.10

Use the Optimal Service Upgrade to upgrade a VSX cluster from R67.10 to a later version, without loss of connectivity. When you upgrade the cluster, use two cluster members to process the network traffic.

• OLD cluster member - The R67.10 VSX Gateway on which you install the Optimal Service Upgrade Hotfix.
• NEW cluster member - VSX Gateway that is upgraded to R80.10 and processes new connections.

  Step		Diagram of Cluster Members
  	VSX cluster with four R67.10 VSX Gateways (OLD).
  1	Install the Optimal Service Upgrade Hotfix on the cluster member that will stay connected to the network during the upgrade.
  2   2a   2b	Leave the cluster with the Hotfix connected to the network, and disconnect all other cluster members from the network. For upgrades to R77.30, make sure that the cluster ID (the value of the cluster_id parameter) is the same on all cluster members. For upgrades to R77.20 or an earlier version, make sure that the value of the fwha_mac_magic parameter is the same on all cluster members.
  3 3a     3b	Upgrade the cluster members that are disconnected from the network (NEW). For upgrades to R77.30 or a later version, make sure the cluster ID (the value of the cluster_id parameter) is the same on all the upgraded cluster members. Change it, if necessary. For upgrades to R77.20 or an earlier version, make sure that the value of the fwha_mac_magic parameter on all the upgraded cluster members is the same. Change it, if necessary.
  4 5           6	Connect one upgraded (NEW) cluster member to the network. On the active (OLD) cluster member, turn off fwaccel on all Virtual Systems. This allows the active (OLD) cluster member synchronize all delayed connections with the upgraded (NEW) cluster member. Note - If there are a lot of connections on the Virtual Systems, turning off fwaccel will cause all the connections to be forwarded to the firewall. In this case, run the cpstop command to turn off the firewall. On the active (OLD) cluster member, start the Optimal Service Upgrade procedure.
  7	On the upgraded cluster member (NEW) that you connected to the network, start the Optimal Service Upgrade procedure. The upgraded cluster member begins to process new connections.
  8   9	Check the number of active connection on the old cluster member. When this cluster member almost stops processing connections, stop the Optimal Service Upgrade procedure on it. Disconnect the old cluster member from the network.
  10	Reconnect the other upgraded cluster members to the network.
  11 12 13	Upgrade the old cluster member. Connect all the cluster members to the network. Install the policy.

Upgrading the Cluster from VSX R67.10

Two cluster members are used to maintain connectivity, while you upgrade all the other cluster members.

To use the Optimal Service Upgrade to upgrade the VSX cluster members from R67.10:

1. Install the Optimal Service Upgrade Hotfix on a cluster member. This is the old cluster member with Hotfix.

   For instructions and download links, refer to sk74300.

2. Disconnect all old cluster members from the network, except for one cluster member.

   Make sure that the management interfaces are not connected to the network.

3. On the old cluster member, configure kernel parameters:
   • Upgrade to R77.30:

     Run: cphaconf cluster_id get

     If the cluster ID value is not as expected, run: cphaconf cluster_id set <value>

     Make sure all cluster members have the same cluster ID. If a member has a different ID, run this set command to configure the correct value.

   • Upgrade to R77.20 and lower:

     Make sure all cluster members use the same value for the fwha_mac_magic parameter. Run: fw ctl get int fwha_mac_magic

     The default value for the fwha_mac_magic parameter is 254. If your configuration uses a different value, on each member, run: fw ctl set int fwha_mac_magic <value>

   For more about the cluster_id and fwha_mac_magic parameters, see the
   R80.10 ClusterXL Administration Guide
   and sk25977.

4. Install R80.10 on all the cluster members that are not connected to the network.
5. Prepare the old cluster member for synchronization of old connections with the upgraded cluster member:
   1. On the old cluster member, turn off fwaccel - run: fwaccel off -a
   2. On the old cluster member, start the Optimal Serve Upgrade - run: cphaosu start
6. Reconnect the SYNC interface of one new cluster member to the network.
7. Move traffic to the new cluster member that is connected to the network. Do these steps:
   1. Make sure the new cluster member is in ready state.
   2. Connect the other new cluster member interfaces to the network.
   3. On the new cluster member, run cphaosu start
   4. On the old cluster member, run cphaosu stat

      The network traffic statistics are shown.

   5. When the old cluster member does not have many connections, run cphaosu finish
8. On the new cluster member, run cphaosu finish
9. Disconnect the old cluster member from the network.
10. Reconnect the other new cluster members to the network one at a time. Do these steps on each cluster member:
    1. Run cphastop
    2. Connect the new cluster member to the network.
    3. Run cphastart
11. Upgrade the old cluster member and reconnect it to the network.