Cluster Upgrade. SRX Series Services Gateways for the Branch Upgrade Junos OS with Minimal Traffic Disruption and a Single Command APPLICATION NOTE

Similar documents
Juniper Sky Enterprise

CONFIGURING WEBAPP SECURE TO PROTECT AGAINST CREDENTIAL ATTACKS

JUNIPER NETWORKS PRODUCT BULLETIN

Topology-Independent In-Service Software Upgrades on the QFX5100

Juniper Care Plus Advanced Services Credits

QUICKSTART GUIDE FOR BRANCH SRX SERIES SERVICES GATEWAYS

CONFIGURING THE CX111 FOR THE SSG SERIES

JUNIPER OPTIMUM CARE SERVICE

CONFIGURING THE CX111 FOR THE SSG SERIES

Junos Genius FAQs. What is Junos Genius? How can I access the Junos Genius platform? What learning assets are available on Junos Genius?

JUNOS SCOPE SOFTWARE IP SERVICE MANAGER

Network Configuration Example

Transit VPC Deployment Using AWS CloudFormation Templates. White Paper

Network and Security Manager (NSM) Release Notes DMI Schema

Implementing AutoVPN Network Design Using the SRX Series with ibgp as the Dynamic Routing Protocol

Network and Security Manager (NSM) Release Notes DMI Schema

Juniper Networks Live-Live Technology

J-Care Agility Services Advanced Options

SRX Chassis Cluster Upgrade with Minimal Downtime (v0.7)

Contrail Networking: Evolve your cloud with Containers

Network and Security Manager (NSM) Release Notes DMI Schema

Juniper Networks and Aerohive Networks: Cloud-Enabled Solutions for the Enterprise

JUNIPER NETWORKS AND AEROHIVE NETWORKS: CLOUD- ENABLED SOLUTIONS FOR THE ENTERPRISE

Juniper Solutions for Turnkey, Managed Cloud Services

Deploying Data Center Switching Solutions

Juniper Sky Advanced Threat Prevention

Juniper Networks M Series and J Series Routers

Junos Security. Chapter 11: High Availability Clustering Implementation

Network and Security Manager (NSM) Release Notes DMI Schema & NSM Schema

Extending Enterprise Security to Public and Hybrid Clouds

Cloud-Enable the Enterprise with Junos Fusion

J-series High Availability

JUNOS SPACE ROUTE INSIGHT

SDSN: Dynamic, Adaptive Multicloud Security

Open Cloud Interconnect: Use Cases for the QFX10000 Coherent DWDM Line Card

Network Configuration Example

Service Automation Made Easy

Product Description. Product Overview. Architecture and Key Components of the MAG Series Junos Pulse Gateways

Network and Security Manager (NSM) Release Notes DMI Schema & NSM Schema

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

JUNIPER SKY ADVANCED THREAT PREVENTION

Juniper Networks Certification Program

Product Description. Product Overview. Architecture and Key Components of the MAG Series Junos Pulse Gateways

FIREFLY HOST. Product Description. Product Overview DATASHEET

Intrusion Detection and Prevention Release Notes

Product Description. Architecture and Key Components of the MAG Series Junos Pulse Gateways. Product Overview DATASHEET

WX CENTRAL MANAGEMENT SYSTEM

Network and Security Manager (NSM) Release Notes DMI Schema

Secure Remote Access with Comprehensive Client Certificate Management

Juniper Advanced Services: Which Offsite Program Is Right for You?

Network and Security Manager (NSM) Release Notes DMI Schema & NSM Schema

Extending Enterprise Security to Public and Hybrid Clouds

Software-Defined Secure Networks in Action

JUNOS SPACE. Product Description. Product Overview

SOLUTION BROCHURE. Mobility Changes Everything

Juniper Secure Analytics

Product Description. Product Overview DATASHEET

JUNOS SPACE SERVICES ACTIVATION DIRECTOR

Network Configuration Example

Juniper Networks M-series and J-series Routers. M10i. Solution Brochure J4350. Internet. Regional Office/ Medium Central Site. Branch Office J2320

BRANCH SRX SERIES AND J SERIES CHASSIS CLUSTERING

JUNIPER NETWORKS VIRTUAL CHASSIS FABRIC TECHNOLOGY

Network Configuration Example

One Release. One Architecture. One OS. High-Performance Networking for the Enterprise with JUNOS Software

UPGRADING STRM TO R1 PATCH

Juniper Networks Champion Program

Network Configuration Example

JUNIPER CARE SERVICES

M120 Class-of-Service Behavior Analysis

Juniper Unite Cloud-Enabled Enterprise Reference Architecture

Introduction to IGMP for IPTV Networks

Table 1 List of Common Ports Used by STRM Components. Port Direction Reason. components. your SMTP gateway

MX Series 3D Universal Edge Routers for the. Midrange. Product Description. Architecture and Key Components. Your ideas. Connected.

Network Configuration Example

Instant evolution in the age of digitization. Turn technology into your competitive advantage

Optimizing CloudEnabled Branch with. Juniper Services and Support. Protect and Ensure the Operational Success of Your Juniper Cloud-Enabled Branch

SRX 5600 and SRX 5800 Services Gateway Routing Engine Installation Instructions

Policy Enforcer. Product Description. Data Sheet. Product Overview

Juniper Care Plus Services

Web Device Manager Guide

WHITE PAPER. Copyright 2010, Juniper Networks, Inc. 1

Optimised redundancy for Security Gateway deployments

IMPLEMENTING A LAYER 2 ENTERPRISE INFRASTRUCTURE WITH VIRTUAL CHASSIS TECHNOLOGY

Junos Security (JSEC)

Technical Configuration Example

Network Configuration Example

WX Client. Product Description. Product Overview DATASHEET

Network Configuration Example

Technology Overview. Frequently Asked Questions: MX Series 3D Universal Edge Routers Quality of Service. Published:

StarWind iscsi SAN Software: Using StarWind to provide Cluster Shared Disk resources for Hyper-V Failover Clusters

Junos Security. Rob Cameron, Brad Woodberg, Patricio Giecco, O'REILLY. Tim Eberhard, andjames Quinn INFORMATIQNSBIBLIOTHEK UNIVERSITATSBIBLIOTHEK

Network Configuration Example

Building a Software-Defined Secure Network for Healthcare

Integrating WX WAN Optimization with Netscreen Firewall/VPN

Junos OS Release 12.1X47 Feature Guide

Juniper Networks Universal Edge and Access Network for Residential Services

Juniper Networks QFX3500

Network Configuration Example

Technology Overview. Frequently Asked Questions: Routing Protocol Process Memory. Published: Copyright 2014, Juniper Networks, Inc.

Network Configuration Example

Transcription:

APPLICATION NOTE Simple Chassis Cluster Upgrade SRX Series Services Gateways for the Branch Upgrade Junos OS with Minimal Traffic Disruption and a Single Command Copyright 2013, Juniper Networks, Inc. 1

Table of Contents Introduction...3 Scope...3 Design Considerations...3 Hardware Requirements...3 Software Requirements...3 Description and Deployment Scenario...3 Simple Cluster Upgrade Process...3 CLI Command and Syntax... 4 Simple Cluster Upgrade Example... 4 Before Chassis Cluster Upgrade... 4 Simple Cluster Upgrade Process... 4 After Completion of Simple Cluster Upgrade... 5 Error Handling and Recovery from Failure During SCU... 5 Limitations in Simple Cluster Upgrade (SCU)... 5 Conclusion... 5 About Juniper Networks... 5 2 Copyright 2013, Juniper Networks, Inc.

Introduction Juniper Networks SRX Series Services Gateways for the branch integrate carrier-class routing, comprehensive security, and feature rich Ethernet switching features in a single device. These platforms provide different high availability (HA) options to deploy in mission critical networks. SRX Series gateways also support a chassis cluster feature which provides HA for security features like firewall, IPsec VPN, intrusion prevention system (IPS), and unified threat management (UTM). With this chassis cluster capability, the SRX Series can enable active/backup or active/active redundancy through session and configuration synchronization between two cluster nodes. Upgrading software on a branch SRX Series chassis cluster can be very tedious, however. To upgrade software, one must break up the cluster, upgrade nodes separately, and then recreate the chassis cluster again. This process requires considerable downtime, and there is no single command to complete the entire process. In Juniper Networks Junos operating system 11.2R2, branch SRX Series gateways introduce a feature called Simple Cluster Upgrade (SCU), which simplifies the chassis cluster upgrade process with a single command and with minimal traffic disruption. As a significant added benefit, this process does not require breaking of the cluster. Scope As of Junos OS 11.2R2, only branch SRX Series platforms support this feature. All information discussed in this document is limited to SRX Series for the branch platforms. SRX Series for the high end supports unified in-service software upgrade (unified ISSU), which is more comprehensive than SCU and does not require any traffic disruption. Design Considerations Hardware Requirements Juniper Networks SRX210, SRX210E, SRX220, SRX240, SRX550 and SRX650 Services Gateways Software Requirements Junos OS 11.2R2 or greater Description and Deployment Scenario Simple Cluster Upgrade (SCU) simplifies the software upgrade process of chassis cluster nodes. This feature introduces a single command-line interface (CLI) command (or management interface) to upgrade/downgrade both cluster nodes with minimal traffic disruption (around 30 seconds). This process can be initiated remotely through a CLI, Junos Web, or Juniper Networks Network and Security Manager, without breaking up the chassis cluster. During this process, the SRX Series device will experience redundant group failovers. It validates the package and checks version compatibility before doing the upgrade. If the system finds that the new package is not compatible with the currently installed version, the device will refuse the upgrade and ask the user to take corrective action. Copyright 2013, Juniper Networks, Inc. 3

Simple Cluster Upgrade Process This flow diagram explains different states in the SCU process. 0 1 Initial state primary and secondary are with Junos OS 11.2R2. Node 0 is primary and is secondary. request system software in-serviceupgrade <11.2R3.tar.gz> command executed to upgrade cluster to 11.2R3 2 3 MGD daemon copy image to /var/tmp of primary Primary copies image to /var/tmp of secondary 4 5 Upgrade secondary node with unlink and verify option. In case of error SCU is aborted and image is deleted Upgrade primary node with options supplied by user. Skip verify option as verification already done on secondary 6 7 Set SCU bit in EEPROM of secondary and failover all redundant groups (RGs) on to Reboot secondary node () and primary enters SCU window state 8 9 After reboot reads EEPROM and enters SCU window state and block data traffic and continues forwarding Both node exchange SCU hear beat. Though both nodes are primary but only 1 node () is forwarding traffic 10 11 11.2R3 11.2R3 Reboot older primary (). New primary () stopped receiving SCU heart beats. Once new primary stopped SCU heart beats, it comes out SCU window, clears EEPROM and start forwarding data traffic. 12 11.2R3 11.2R3 13 11.2R3 11.2R3 After reboots and it became secondary as is already primary Once process is completed both nodes upgraded to new image and swapped RG0 states 4 Copyright 2013, Juniper Networks, Inc.

CLI Command and Syntax With a single CLI command, SCU upgrades/downgrades both nodes of a cluster with minimal impact: request system software in-service-upgrade <path of software image> no-sync [unlink] The SCU process can be stopped by issuing the command shown below: request system software abort in-service-upgrade Simple Cluster Upgrade Example Before Chassis Cluster Upgrade root@srx650-1> show version node0: JUNOS Software Release [11.4-20111021.0] node1: JUNOS Software Release [11.4-20111021.0] {primary:node0} Simple Cluster Upgrade Process root@srx650-1> request system software in-service-upgrade /b/junos-srxsme- 11.2R3.3-domestic.tgz no-sync no-validate ISSU: Validating package Saving state for rollback... ISSU: finished upgrading on secondary node node1 ISSU: start upgrading software package on primary node ISSU: failover all redundancy-groups 1...n to primary node Successfully reset all redundancy-groups priority back to configured ones. Redundancy-groups-0 will not be reset and the primaryship remains unchanged. Successfully reset all redundancy-groups priority back to configured ones. ISSU: rebooting Secondary Node Shutdown NOW! [pid 2114] ISSU: Waiting for secondary node node1 to reboot. ISSU: went down ISSU: Waiting for to come up ISSU: came up ISSU: secondary node node1 booted up. Shutdown NOW! [pid 1857] *** FINAL System shutdown message from root@srx650-1 *** System going down IMMEDIATELY Copyright 2013, Juniper Networks, Inc. 5

After Completion of Simple Cluster Upgrade root@srx650-1> show version node0: JUNOS Software Release [11.2R3.3] node1: JUNOS Software Release [11.2R3.3] {primary:node1} root@srx650-1> Error Handling and Recovery from Failure During SCU 1. In the case of failure or successful completion of SCU, the software image from the secondary node is deleted to ensure that there is no wastage in secondary disk space. 2. Abort command clears the SCU state on both nodes to resume normal operation. 3. In the case of secondary boots with a backup image, the old primary will detect this and abort the SCU process. The old primary will continue forwarding data traffic, but console access will be needed to roll back the software image on the secondary. 4. If secondary fails to boot, then the primary will time out and abort the SCU process. Primary will continue forwarding data traffic, and the failed secondary can be recovered through the console. 5. If upgrade of the primary fails, the secondary image is rolled back and the SCU process is aborted. 6. If primary fails to reboot with the new image or comes up with a backup image, secondary (new primary) will start forwarding the packets; however, console access will be needed to recover old primary. 7. Finally, an error will occur if the SCU process is started from an SCU-supported Junos OS version to a non supported version. Limitations in Simple Cluster Upgrade (SCU) 1. This is not ISSU, and a downtime of 30 seconds is expected during this SCU process. Also, sessions and route tables need to be recreated in a new primary node. 2. As of Junos OS 11.2R2, SCU is not supported through Junos Web and NSM. 3. Only one SCU session can be active at a time; an error occurs if multiple SCU processes are started simultaneously. Conclusion Simple Cluster Upgrade (SCU) on the SRX Series Services Gateways greatly simplifies the software upgrade process of chassis cluster nodes. With a single command, both nodes of a chassis cluster can be upgraded or downgraded with minimal traffic disruption and without breaking up the cluster. 6 Copyright 2013, Juniper Networks, Inc.

About Juniper Networks Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. The company serves customers and partners worldwide. Additional information can be found at www.juniper.net. Corporate and Sales Headquarters Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.2100 www.juniper.net APAC and EMEA Headquarters Juniper Networks International B.V. Boeing Avenue 240 1119 PZ Schiphol-Rijk Amsterdam, The Netherlands Phone: 31.0.207.125.700 Fax: 31.0.207.125.701 To purchase Juniper Networks solutions, please contact your Juniper Networks representative at 1-866-298-6428 or authorized reseller. Copyright 2013 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 3500211-001-EN Jan 2013 Printed on recycled paper Copyright 2013, Juniper Networks, Inc. 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback