Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Software Upgrade in Multinode High Availability

Overview

In a Multinode High Availability setup, you can upgrade your SRX Series Firewalls between two different Junos OS releases with minimal disruption of traffic.

We support a software upgrade method using the CLI as in Junos OS Release 22.3R1.

From Junos OS Release To Junos OS Release Use Software Upgrade Method
20.4 Any release post 20.4 No
22.3 Next version of Junos OS Release Yes

For information about upgrade and downgrade support for Junos OS releases, see Upgrade and Downgrade Support Policy for Junos OS Releases and Extended End-Of-Life Releases in Release Notes.

When you are upgrading SRX Series Firewalls in Multinode High Availability to Junos OS Release 22.4R1 or to a higher release, from an earlier Junos OS release, you can use the Isolated Nodes Upgrade Procedure. Junos OS Release 22.4R1 and higher releases are not compatible with earlier Junos OS releases for synchronizing sessions during a regular upgrade.

CAUTION:

When you are upgrading an SRX Series Firewall from Junos OS Release 22.3 to the next version of the Junos OS release, you may experience some disruption in traffic.

Note:

When you upgrade Junos OS Releases on SRX Series Firewalls in Multinode High Availability setup, the following message is displayed in the show chassis high-availability information command output though the upgrade process completes successfully:

The above message is displayed when you upgrade from Junos OS release 21.4R1 to any Junos OS release post 21.4R1.

You must install the same version of Junos OS on both the SRX Series Firewalls in a Multinode High Availability setup. Therefore, when you upgrade Junos OS on one device, ensure that you upgrade the other device also to the same version.

We support following upgrade methods in Multinode High Availability setup:

  • For Layer 3 deployments: The install-on-failure-route configuration (recommended). In this method, you can divert the traffic by changing the route. Here, traffic can still go through the node and interface remains up. Go to Upgrade Software using install-on-failure-route for details. You can also use the shutdown-on-failure interfaces method for Layer 3 deployments.

  • For Hybrid deployment and Default gateway (Layer 2/switching) deployments: The shutdown-on-failure interfaces method. In this method, you can divert the traffic by closing down interfaces on the node. Here, traffic cannot pass through the nodes. Go to Upgrade Software using shutdown-on-failure interface for details..

In the following procedure, we'll show you how to upgrade two SRX Series Firewalls (SRX-01 and SRX-02) from Junos OS Release 22.3R1.1 to Junos OS Release 22.3R1.3 using CLI. To avoid downtime when upgrading SRX Series Firewalls in Multinode High Availability setup, we'll update one device at a time.

Best Practices for Upgrading Junos OS

Consider the following best practices when you plan your software upgrade:

  • Ensure both nodes are online and have the same version of Junos OS.
  • Prepare your SRX Series Firewalls for an upgrade using the checklist available in Preparing for Software Installation and Upgrade (Junos OS).
  • Check whether both nodes have sufficient storage in the /var file system by using the show system storage command.
  • Check the status of all the cards on both the devices by using the show chassis fpc pic-status command.

  • Verify that there are no major alarms on the devices by using the show chassis alarms command.

  • Ensure that there are no uncommitted changes.
  • Back up the active configuration and license keys.

We recommend that you perform software upgrades during a maintenance window.

Preinstallation Steps

Complete the following tasks before you start the software upgrade.

  • Check the current Junos OS software version on your device.
  • Download the Junos OS image from the Juniper Networks Support page on both SRX Series Firewalls and save it in the /var/tmp location.
  • Use the show chassis high-availability information command to verify that your Multinode High Availability setup is healthy, functional, and that the interchassis link (ICL) is up.

    On SRX-01 Device

    On SRX-02 Device

    These output samples confirm that the two SRX Series Firewalls in the Multinode High Availability setup are in a healthy state and are operating normally.

    You are now ready to proceed with software upgrade.

Upgrade Software using install-on-failure-route

Prerequisite for Diverting Transit Traffic

Check whether your device has the configuration required to divert transit traffic by changing the route as mentioned in Configuring Multinode High Availability In a Layer 3 Network. If you haven't configured, use the following steps:

  1. Create a dedicated custom virtual router for the route used for diverting traffic during the upgrade.

  2. Configure the install-on-failure-route statement for SRG0. Here, you have configured the route with IP address 10.39.1.3 as the route to install when the node fails.

    The routing table installs the route mentioned in the statement when the node fails.

  3. Configure a matching routing policy and define a policy condition based on the existence of routes. Here you include the route 10.39.1.3 as the route match condition for the if-route-exists.

    Create the policy statement to refer the condition as one of the matching term.

Upgrade Multinode High Availability Software

Let's upgrade the device that is acting as the backup node (SRX-02).

  1. Initiate the software upgrade process and commit the configuration.

    This command initiates local failure for SRG0 and transitions SRG1 (if configured) to the INELIGIBLE state on the local device. The peer device now transitions to or stays in active state for SRG1. On the local node, the active and backup signal routes of SRG1 are removed. If you've configured the install-on-failure-route statement, the signal route associated with the install-on-failure-route configuration is installed. With the appropriate routing policies, the local device can advertise higher route metrics and divert the traffic away from the local device and steer the traffic toward the peer device,

  2. Verify the status of Multinode High Availability.

    The output shows Node Status: OFFLINE [ SU ], which indicates that the node is ready for the software upgrade. You can see that the status of the SRG1 has changed to INELIGIBLE.

  3. Confirm that the other device (SRX-01) is in the active role and is functioning normally.

    The command output shows that the status of SRG1 is ACTIVE.

    Also note that under the Peer Information section of the SRG1, the status is INELIGIBLE which indicates that the other node is in ineligible state.

  4. Install the Junos OS software on the SRX-02 device.
  5. After a successful installation, reboot the device using the request system reboot command.
  6. After the reboot, check the Junos OS version using the show version command.

    The output confirms that the device is upgraded to the correct Junos OS version.

  7. Check status of the Multinode High Availability on the device.

    The output continues to display the node status as OFFLINE [ SU ] and SRG1 status as INELIGIBLE.

  8. Remove the software-upgrade statement and commit the configuration.

    When you remove software-upgrade statement, the local failure state and installed routes are removed.

  9. Check the Multinode High Availability status again to confirm that the device is online and the overall status is healthy and functioning.

    The output shows Node Status: ONLINE and SRG1 status as BACKUP, which indicates that the node is back online and is functioning normally in backup role.

  10. Check interfaces, routing protocols, routes advertised and so on to confirm that your setup is operating normally.

Now you can proceed to upgrade the other device (SRX-01) using the same procedure.

Note:

In case if you face any issues and are not able to complete the upgrade, you can roll back the software on the device, and then reboot the system. Use the request system software rollback command to restore the previously installed software version.

Upgrade Software using shutdown-on-failure interface

Prerequisite to Divert Transit Traffic

Check whether your SRX Series includes the configuration required to isolate traffic by shutting down interfaces as mentioned in Configuring Multinode High Availability In a Default Gateway Deployment. if the feature is not configured:

  1. Configure all traffic interfaces under the shutdown-on-failure option. option. Example:
    CAUTION:

    Donot use interfaces assigned for the interchassis link (ICL).

Upgrade Multinode High Availability Software

Let's upgrade the device that is acting as backup node (SRX-02).

  1. Initiate the software upgrade and commit the configuration.

    This command marks interfaces offline and transitions status to ineligible state.

  2. Check the Multinode High Availability status.

    The output shows Node Status: OFFLINE [ SU ], which indicates that the node is ready for the software upgrade. You can also see SRG0 status as ISOLATED [ Node Failure ] and SRG1 status as INELIGIBLE.

  3. Check the status of the interfaces.

    The output shows that interfaces marked for shutdown-on-failure are down.

  4. Confirm that the other device (SRX-01) is in the active role and is functioning normally.

    The output shows that the status of SRG1 is ACTIVE.

    Also note that under the Peer Information section of the SRG1, the status is INELIGIBLE which indicates that the other node is in ineligible state.

  5. Install the Junos OS image on SRX-02.
  6. After the successful upgrade, reboot the device using the request system reboot command.
  7. Check the Junos OS version.

    The output confirms that the device is upgraded to the correct Junos OS version.

  8. Check the status of Multinode High Availability on the device.

    The command output continues to display the node status as OFFLINE [ SU ] and SRG0 status as ISOLATED [ Node Failure ].

  9. Remove the software-upgrade statement and commit the configuration.
  10. Check the Multinode High Availability status again on the device and confirm that the device is online and that the overall status is healthy.

    The output shows Node Status: ONLINE, and SRG0 ONLINE, which indicates that the node is back online and is functioning normally.

  11. Verify the status of interfaces.

    The output shows that interfaces that were previously down are up now.

  12. Check interfaces, routing protocols, routes advertised, and so on to confirm that your setup is operating normally.

Now you can proceed to upgrade the other device (SRX-01) using the same procedure.