cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Firmware upgrade process on warm-spare MX

SOLVED
Highlighted
Here to help

Firmware upgrade process on warm-spare MX

Hello,

 

I wonder how the process looks when a warm spare pair MX devices firmware gets upgraded. Is it something like described in the following sentence?

The spare upgrades it's firmware, followed by it taking over the master role while the primary MX upgrades and once it's done takes back the master role?

 

In addition, I wonder if it is possible to run one of the two MX devices which forms a warm spare pair on the newer firmware for a period of time before upgrading the spare unit? Im guessing no, but I cant seem to find any documentation on the matter.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: Firmware upgrade process on warm-spare MX

@PhilipDAth Docs suggest that ideally the pair members should take turns updating.

 

Appliance Network with Two MXs in an HA Configuration

When MX appliances configured to operate in High Availability (HA) (either in NAT/routed mode or when operating as one-armed VPN concentrators), the dashboard will automatically take steps to minimize downtime when upgrades are performed to ensure a zero-downtime MX upgrade. This is achieved through the following automated process:

 

  1. The Primary MX downloads firmware

  2. The Primary MX stops advertising VRRP

  3. The Secondary MX becomes master

  4. The Primary MX reboots

  5. The Primary MX comes online again

  6. The Primary MX starts advertising VRRP again

  7. The Primary MX becomes Master Again

  8. The Secondary MX downloads firmware (approximately 15 minutes after the original upgrade is scheduled)

  9. The Secondary MX stops advertising VRRP

  10. The Secondary MX reboots and comes back online

View solution in original post

4 REPLIES 4
Highlighted
Head in the Cloud

Re: Firmware upgrade process on warm-spare MX

That‘s exactly the way it goes: secondary gets updated, takes over, afterwards the primary one receives the update and tackes over again when everything is up and running again.

 

As the Dashboard is taking care of the whole process, it isn‘t possible to have only one of the boxes being upgraded.

Highlighted
Kind of a big deal

Re: Firmware upgrade process on warm-spare MX

Are you sure about that?

 

I had the impression that things go offline when you upgrade a warm spare pair, and that shouldn't happen if it only does one at a time.

Highlighted
Kind of a big deal

Re: Firmware upgrade process on warm-spare MX

@PhilipDAth Docs suggest that ideally the pair members should take turns updating.

 

Appliance Network with Two MXs in an HA Configuration

When MX appliances configured to operate in High Availability (HA) (either in NAT/routed mode or when operating as one-armed VPN concentrators), the dashboard will automatically take steps to minimize downtime when upgrades are performed to ensure a zero-downtime MX upgrade. This is achieved through the following automated process:

 

  1. The Primary MX downloads firmware

  2. The Primary MX stops advertising VRRP

  3. The Secondary MX becomes master

  4. The Primary MX reboots

  5. The Primary MX comes online again

  6. The Primary MX starts advertising VRRP again

  7. The Primary MX becomes Master Again

  8. The Secondary MX downloads firmware (approximately 15 minutes after the original upgrade is scheduled)

  9. The Secondary MX stops advertising VRRP

  10. The Secondary MX reboots and comes back online

View solution in original post

Highlighted
Kind of a big deal
Kind of a big deal

Re: Firmware upgrade process on warm-spare MX

See below, first image is reboot of primary, after warm spare has taken over:

Screenshot_20200207-213300_Chrome.jpg

and then the below is the warm spare rebooting once primary has taken over vrrp again

Screenshot_20200207-213344_Chrome.jpg

This is with the 15.x firmware train so 14.x may be different.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.