Download - Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)
![Page 1: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/1.jpg)
Live Demo:
Zero Interruption Upgrade of Nokia VRRP ClusterYasushi Kono (ComputerLinks Germany)
![Page 2: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/2.jpg)
Scenario:Two Nokia boxes (IP 260) with IPSO 4.1and Check Point version NGX R61 ina VRRP cluster configuration.
![Page 3: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/3.jpg)
SmartConsole R60
SmartCenter Server R60
Gateway A IPSO 4.1/ NGX R60
Gateway B IPSO 4.1/ NGX R60 Which component do we
have to upgrade first?
![Page 4: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/4.jpg)
• First: Install SmartConsole R62• Then: Upgrade SmartCenter to R62• Upgrade the Standby Gateway to R62
But which one is the Standby Gateway?
![Page 5: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/5.jpg)
• Command to identify the standby gateway:• iclid> show vrrpor• echo show vrrp | iclid
![Page 6: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/6.jpg)
• What to do prior to upgrading….• Set the Cluster Control Protocol into
broadcast mode:cphaconf set_ccp broadcast
• Check, whether the CCP mode is broadcast or multicast:cphaprob –a if
![Page 7: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/7.jpg)
• Should you have to upgrade IPSO first, the command therefor is:
newimage –i –k-i: interactive mode-k: keep previously installed packages activated!
![Page 8: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/8.jpg)
Do you know other upgrade options to upgrade IPSO?
![Page 9: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/9.jpg)
Prior to upgrading to NGX R62 our environment is as follows….
![Page 10: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/10.jpg)
SmartConsole R62
SmartCenter Server R62
Gateway A IPSO 4.1/ NGX R60 (Active)
Gateway B IPSO 4.1/ NGX R60 (Standby)
![Page 11: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/11.jpg)
You have to alter the cluster configuration in the following ways:
![Page 12: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/12.jpg)
• Don‘t forget another important setting:
This option is to be activated, otherwise existing connections will be disconnected during upgrade!!!!
Not mentioned in the Upgrade Guide of Check Point!
![Page 13: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/13.jpg)
Gateway B:
IPSO 4.1/ NGX R60 (Standby)
Command to Upgrade Check Point:
[gatewayB]# newpkg
! Don‘t use the –i switch here, unless you want to use it explicitly!
![Page 14: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/14.jpg)
After upgrading GateB:1. Reboot it2. Check the Install Policy option „For Gateway
Cluster install on all members, if it fails do not install at all“
3. Change the Cluster version in SmartDashboard to NGX R62 and install the Policy
![Page 15: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/15.jpg)
At this stage, GateA is still the active node. • You have to transfer the State Table to
GateB (to be shown in the next slide)• You have to disable the cluster service of
GateA• GateB shall take over almost all
connections!If not, you don‘t have a second chance!
![Page 16: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/16.jpg)
Transferring the State Table of GateA to GateB:[GateB]# fw fcu <IP Address GateA>
Before disabling cluster service from GateA, wait until the following message is being displayed:[GateB]# Full sync connection finished successfully
![Page 17: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/17.jpg)
Disabling Cluster Service from GateA:
[GateA]# cphastop
After that, GateB should have taken over almost all connections.
![Page 18: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/18.jpg)
Now, you can upgrade GateA with the commands already used.GateB will process all requests. After upgrading, reboot GateA and install the last policy on both cluster members!
![Page 19: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/19.jpg)
Important information for you:There are some connections which will be disrupted anyway:– User Authentication Connections– Connections with Resources (SMTP, URI,
FTP)– Client Authentication (partially automatic and
fully automatic for HTTP, FTP, Telnet, rlogin)
![Page 20: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/20.jpg)
But what if….?What do you need in the case of failing upgrade procedure?
If you would like to escape from your customer‘s site
![Page 21: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/21.jpg)
Thus, my recommendation is:
Plan for downtime!
![Page 22: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/22.jpg)
• DISCLAIMER:
I am not responsible for sponsoring you a race car should your attempt to upgrade the cluster failing!
![Page 23: Live Demo: Zero Interruption Upgrade of Nokia VRRP Cluster Yasushi Kono (ComputerLinks Germany)](https://reader035.vdocument.in/reader035/viewer/2022062414/5a4d1c0a7f8b9ab0599f3588/html5/thumbnails/23.jpg)
Thank you for attending this presentation!