[j-nsp] SRX upgrade procedure -ready for enterprise?

Aaron Dewell aaron.dewell at gmail.com
Fri Mar 8 13:28:27 EST 2013 

I tried ISSU twice, both times on 3 MX routers during a single maintenance window, going from 10.x to 11.x.  It failed spectacularly on the second router, requiring manual recovery via the console (mastership was not assumed by the backup before the primary rebooted), so I completely gave up on the procedure and did the rest of the 50+ routers in the network the old-fashioned way, one RE at a time, with a 2 minute hit for switchover in the middle.

After that, I don't recommend ISSU to anyone.  It's not worth the hassle, at least not yet.  Maybe about 14.x it will be stable enough to use.

On Mar 8, 2013, at 11:10 AM, Tim Eberhard wrote:
> I would never, ever follow that KB. It's just asking for a major outage..
> 
> With that said, you have two options. 1) ISSU and 2) Reboot both close
> to the same time and take the hit. Depending on your hardware it might
> be 4 minutes, it might be 8-10 minutes.
> 
> If option one is the path you choose to go keep in mind the
> limitations and I would suggest you test it in a lab well before you
> ever do it in production. ISSU on the SRX is still *very* new. Here is
> a list of limitations:
> http://kb.juniper.net/InfoCenter/index?page=content&id=KB17946&actp=RSS
> 
> I've seen ISSU fail more than a couple of times when it was supposed
> to be fully supported. This caused us to take a hit, then have to
> reboot both devices anyways. So we ended up expecting a hitless
> upgrade and got 10 minutes of downtime anyways. If you're up for
> running bleeding edge code then maybe ISSU will work properly, but if
> availability is that critical you should have a lab to test this in.
> 
> Good luck,
> -Tim Eberhard
> 
> On Fri, Mar 8, 2013 at 9:50 AM, Andy Litzinger
> <Andy.Litzinger at theplatform.com> wrote:
>> We're evaluating SRX clusters as replacements for our aging ASAs FO pairs in various places in our network including the Datacenter Edge.  I  was reading the upgrade procedure KB: http://kb.juniper.net/InfoCenter/index?page=content&id=KB17947  and started to have some heart palpitations.  It seems a complicated procedure fraught with peril.  Anyone out there have any thoughts (positive/negative) on their experience on upgrading an SRX cluster with minimal downtime?
>> 
>> thanks!
>> -andy
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list