Firmware upgrade process on warm-spare MX

Solved
Toby
Getting noticed

Firmware upgrade process on warm-spare MX

Hello,

 

I wonder how the process looks when a warm spare pair MX devices firmware gets upgraded. Is it something like described in the following sentence?

The spare upgrades it's firmware, followed by it taking over the master role while the primary MX upgrades and once it's done takes back the master role?

 

In addition, I wonder if it is possible to run one of the two MX devices which forms a warm spare pair on the newer firmware for a period of time before upgrading the spare unit? Im guessing no, but I cant seem to find any documentation on the matter.

1 Accepted Solution
Nash
Kind of a big deal

@PhilipDAth Docs suggest that ideally the pair members should take turns updating.

 

Appliance Network with Two MXs in an HA Configuration

When MX appliances configured to operate in High Availability (HA) (either in NAT/routed mode or when operating as one-armed VPN concentrators), the dashboard will automatically take steps to minimize downtime when upgrades are performed to ensure a zero-downtime MX upgrade. This is achieved through the following automated process:

 

  1. The Primary MX downloads firmware

  2. The Primary MX stops advertising VRRP

  3. The Secondary MX becomes master

  4. The Primary MX reboots

  5. The Primary MX comes online again

  6. The Primary MX starts advertising VRRP again

  7. The Primary MX becomes Master Again

  8. The Secondary MX downloads firmware (approximately 15 minutes after the original upgrade is scheduled)

  9. The Secondary MX stops advertising VRRP

  10. The Secondary MX reboots and comes back online

View solution in original post

6 Replies 6
CptnCrnch
Kind of a big deal
Kind of a big deal

That‘s exactly the way it goes: secondary gets updated, takes over, afterwards the primary one receives the update and tackes over again when everything is up and running again.

 

As the Dashboard is taking care of the whole process, it isn‘t possible to have only one of the boxes being upgraded.

PhilipDAth
Kind of a big deal
Kind of a big deal

Are you sure about that?

 

I had the impression that things go offline when you upgrade a warm spare pair, and that shouldn't happen if it only does one at a time.

Nash
Kind of a big deal

@PhilipDAth Docs suggest that ideally the pair members should take turns updating.

 

Appliance Network with Two MXs in an HA Configuration

When MX appliances configured to operate in High Availability (HA) (either in NAT/routed mode or when operating as one-armed VPN concentrators), the dashboard will automatically take steps to minimize downtime when upgrades are performed to ensure a zero-downtime MX upgrade. This is achieved through the following automated process:

 

  1. The Primary MX downloads firmware

  2. The Primary MX stops advertising VRRP

  3. The Secondary MX becomes master

  4. The Primary MX reboots

  5. The Primary MX comes online again

  6. The Primary MX starts advertising VRRP again

  7. The Primary MX becomes Master Again

  8. The Secondary MX downloads firmware (approximately 15 minutes after the original upgrade is scheduled)

  9. The Secondary MX stops advertising VRRP

  10. The Secondary MX reboots and comes back online

cmr
Kind of a big deal
Kind of a big deal

See below, first image is reboot of primary, after warm spare has taken over:

Screenshot_20200207-213300_Chrome.jpg

and then the below is the warm spare rebooting once primary has taken over vrrp again

Screenshot_20200207-213344_Chrome.jpg

This is with the 15.x firmware train so 14.x may be different.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
swifty
Getting noticed

hi
Is this documented anywhere ?
I had assumed that would be the process but cannot find it in Meraki documentation.

Bruce
Kind of a big deal
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels