SRX Services Gateway
SRX Services Gateway

SRX3400 non-KB software upgrade procedure

‎04-24-2019 08:56 AM

Upgrading SRX3400 cluster from 12.1X46-D25.7 to 12.3X48-D75.  


We have concerns/issues with standard upgrade procedures:

KB20959 - ISSU.  Not recommended for current version.

KB17947 - Minimal downtime procedure.  Concerned about complexity and risk.

KB17235 - Upgrade both nodes simultaneously.  Concerned about downtime and risk.

 

If you've done some version of the steps listed below, can you pass on recommendations?

  1. Failover to current standby (node1)
  2. Remove node0 from the network and cluster
  3. Upgrade node0 offline (node1 continues to operate)
  4. Remove node1 from the network (START OF DOWNTIME)
  5. Reconnect node0 to the network (END OF DOWNTIME)
  6. Upgrade node1 offline
  7. Reconnect node1 to cluster
  8. Confirm cluster reestablishes
  9. Reconnect node1 to network
2 REPLIES 2
SRX Services Gateway

Re: SRX3400 non-KB software upgrade procedure

‎04-24-2019 11:07 AM

Hi,

 

Procedure you mentioned is close to LICU (low Impact Chassis Upgrade):-

Note :- Syn-check/Seq-check disabling would be even recommended in this NON-KB procedure

  1. Failover to current standby (node1)  [Not Required, you may start with disconnecting secondary and upgrading the same to 12.3]
  2. Remove node0 from the network and cluster [Hence, after all RG's are failed over to node0, remove node1 by disconnecting fab, control links and revenue interfaces]
  3. Upgrade node0 offline (node1 continues to operate) [Upgrade node1]
  4. Remove node1 from the network (START OF DOWNTIME) [Upgrade node0 and the moment you hit reboot, connect revenue cables in STEP 5]
  5. Reconnect node0 to the network (END OF DOWNTIME) [Connect revenue cables and traffic should be re-established(syn-check/seq-chek disabled in config would come handy here)]
  6. Upgrade node1 offline [upgrade node0]
  7. Reconnect node1 to cluster [upon node0 upgrade and all cards online, halt the box and connect only the control and fabric links and reboot. [IMPORTANR NOTE] :- If you reconnect node0 while it is primary, you are in a risk to push cluster nodes into re-election which would result into both nodes PFE re-initializing]
  8. Confirm cluster reestablishes [Once node0 comes UP, confirm cluster builds up.]
  9. Reconnect node1 to network [Upon node0 taking secondary role and all cards online. You may connect the revenue cables on the fly.]

Regards,

 

Rahul

Regards,
Rahul
SRX Services Gateway

Re: SRX3400 non-KB software upgrade procedure

‎04-24-2019 11:57 AM

Hello there,

 

Rahul has already described the process in good detail. No-syn-check and No-Seq-check are must. 

 

The standard procedures mentioned in the "Minimal Downtime Upgrade" procedure should be good for your case too.

 

I prefer enabling/disabling of ports on the switch to bring a device in/out of network as opposite to physically disconnecting them.

 

With 3K devies, control-link would definitely need be manually disconnected.

 

If you have any concerns regarding any specific step , let us know.

 

Thanks!