NimbostratusWe have a pair of LTM's in an Active/Standby deployment. We want to upgrade from version 10.x to 11.x. Can we upgrade the standby unit & then make it active, to do some testing before upgrading the original unit. That would leave the option to back out to the original version in the case of any problems. Also, can anyone tell me how long the upgrade will take (in regards of an outage window)?
Thanks Colin
NimbostratusThere shouldn't be any problem with your plan of action.
Your true outage window should be very small. My team and I just performed several upgrade in the last month, and as long as the upgrade goes smooth, the only outage you should see is during the failover to Active. For us that was a matter of seconds. Just make sure that you validate that items in your config will transfer properly. e.g. iRule syntax
Nimbostratus
CirrocumulusI would review the Manual: BIG-IP Systems: ​Upgrading Active-Standby Systems for the version you are upgrading from. That link is for 11.6.0
Nimbostratus
CirrusMy real world experience - we upgraded from 10.2.4 to 11.2.1 - and it was very rough. The transition from the HA approach for 10.2 to the traffic-group based approach in 11.x didn't go well, and we ended up booting back to 10.2, planning an extended outage window, and then upgrading each as a standalone device, then establishing HA after each device was in standalone mode. We had customer service involved, but were on a closed network, and couldn't have them remote in ... that didn't help. But even with all the diagnostic information we could provide, it was never clear what caused the failure.
It really made me wish we had a 3rd device that we could temporarily co-opt to handle the load, even though that would have been significant work.
That's just one datapoint, of course ... and I haven't done a 10.x to 11.4.x+ (there was a major architectural change in HA at 11.4).
Hi,
Only complementing the information presented above:
If you will Install New Software Images or Hotfixes
Determine version to install
Ensure license service check date is up-to-date
Download software image files and release notes
Read release notes and follow specific upgrade directions!
Import software image files to BIG-IP (iso, md5) Note: Upgrade standby device first
Verify integrity of software image (md5sum -- check)
Install software image to inactive boot location
Activate boot location
Test!
If you will Implement Configuration Changes During a Maintenance Window
Create "before" UCS archive
Run staged tmsh script with configuration changes
Test!
If successful, create "after" UCS archive
If unsuccessful, restore from "before" UCS archive
Note: The install/upgrade time (typical: 30 to 120 minutes per cluster) depends on several factors including the platform used, provisioning, connectivity to download and upload the images, testing time, troubleshoot, etc... If you got the chance to deploy Enterprise Manager VE or BIG-IQ Device, definitely you will improve the all process. The outage would be minimal (typical: less than 30 seconds) because you switch/failover between devices throughout the process.
NimbostratusWell said Pedro!
I didn't think about it earlier, but it is always a good idea to create a backup and store it off the device just in case. Another note to add just because this one threw me off the first time; once you restart the first (Standby) device they will both read as standalone, but your active will still say active, and your standby will still say standby, if you see active/active or standby/standby that is a pretty good indicator that something may have gone wrong.
Nimbostratus
CirrostratusI would highly recommend purchasing a lab license in order to test/practice/validate your documented upgrade process.
Personally, I export an SCF file from all my devices and import them into an isolated lab VM instance. I have to massage a few properties, of course, like commenting out interface configs and what-not in the conf files in order to get them to load. And although I can't run actual traffic through it, I can at least determine what, if anything, will break the upgrade process and document/remediate those things before the real upgrade is performed. This scheme has proved invaluable and saved me a lot of headaches and sleepless nights.
CirrusHi Experts
Will UCS archive work from 10.2 to 11.6? If we take backup in older version 10.2 and then restore after upgrading to 11.6?
This is just in case the documented process of upgrade fails at some point.
CirrusHi Experts
I recently did an upgrade from 10.2.2 to 11.6.0 HF5. The devices were in active/standby HA. After rebooting to new volume, the configuration got wiped out. Only Self IPs, VLANs and interfaces stayed, along with host name and system details.
HA went down as well. I manually configured the F5, referring to the old snapshots, tried to re-sync, but HA never came up at all. Had to revert back due to outage window being limited to 3 hrs only.
Syslog was filled with the below messages:-
01071432:5: CMI peer connection established to 192.168.11.1 port 6699 0107143c:5: Connection to CMI peer 192.168.11.1 has been removed
01071431:5: Attempting to connect to CMI peer 192.168.11.2 port 6699 0107142f:3: Can't connect to CMI peer 192.168.11.2, TMM outbound listener not yet created
All config-sync and peer IPs were working fine, reachable within same network.
Any advice please, maybe it is time for TAC support?
CumulonimbusSumanta,
Off the top of my head, the MGMT IP address cannot be used for Config Sync/CMI Peer in version 11, so can cause issues.
I would take the opportunity to configure an additional VLAN on neighbouring switches for HA + Config Sync.
Cirrus