Optimal Service Upgrade Limitations
- Implement the Optimal Service Upgrade procedure when there is minimal network traffic.
- The Optimal Service Upgrade procedure does not provide redundancy, if a Cluster Member fails during the upgrade.
- Do not make configuration changes during the upgrade process.
- Optimal Service Upgrade does not support:
- VPN connections
- Dynamic Routing connections
- Complex connections
For example: DHCP, DCE RPC, SUN RPC, Back Web, IIOP, FreeTel, WinFrame, NCP
- Bridge mode (Layer 2) configuration
Upgrade Workflow from R75.40VS and above
Use the Optimal Service Upgrade to upgrade a cluster from R75.40VS and above to R80.10, with a minimal loss of connectivity.
Two cluster members are used to maintain connectivity, while you upgrade all the other cluster members.
- cluster member - Cluster member before the upgrade.
- cluster member - Cluster member that has been upgraded.
Step
|
Diagram of Cluster Members
|
Summary
|
|
|
Cluster with four members (OLD).
|
1
1a
1b
|
|
- Leave one cluster member (OLD) connected to the network and disconnect all other cluster members from the network. The connected cluster member continues to process the current connections.
- For upgrades from R77.30, make sure that the cluster ID (the value of the
cluster_id parameter) is the same on all cluster members. - For upgrades from R77.20 or an earlier version, make sure that the value of the
fwha_mac_magic parameter is the same on all cluster members.
|
2
2a
2b
|
|
- Upgrade the cluster members that are disconnected from the network (NEW).
- For upgrades to R77.30 or a later version, make sure that the cluster ID (the value of the
cluster_id parameter) is the same on all the upgraded cluster members. Change it, if necessary. - For upgrades to R77.20 or an earlier version, make sure that the value of the
fwha_mac_magic parameter on all the upgraded cluster members is the same. Change it, if necessary.
|
3
4
5
|
|
- Connect one upgraded (NEW) cluster member to the network.
- On the active (OLD) cluster member, turn off fwaccel on all Virtual Systems. This allows the active (OLD) cluster member synchronize all delayed connections with the upgraded (NEW) cluster member.
Note - If there are a lot of connections on the Virtual Systems, turning off fwaccel will cause all the connections to be forwarded to the firewall. In this case, run the cpstop command to turn off the firewall. - On the active (OLD) cluster member, start the Optimal Service Upgrade procedure.
|
6
|
|
- On the upgraded cluster member (NEW) that you connected to the network, start the Optimal Service Upgrade procedure. The upgraded cluster member begins to process new connections.
|
7
8
|
|
- Check the number of active connection on the old cluster member. When this cluster member almost stops processing connections, stop the Optimal Service Upgrade procedure on it.
- Disconnect the old cluster member from the network.
|
9
|
|
- Reconnect the other upgraded cluster members to the network.
|
10
11
12
|
|
- Upgrade the old cluster member.
- Connect all the cluster members to the network.
- Install the Access Control Policy.
|
