Issue when upgrading failover pair

Unanswered Question
Jul 21st, 2009
User Badges:

Last week I had to upgrade a pair of PIX 515E's running active/standby failover and it did not go as expected. I was going from 7.24(18) to 7.24(30). I uploaded the image to the flash on each, and set the boot parameter. I then rebooted the secondary/standby and it came back up fine. At that point I made the secondary the active and then rebooted the primary/standby, however it did not come back up correctly. A "show failover" from the secondary/active indicated it was in a failed state. Both firewalls were at a remote location so getting console access was not an option at the time. Users started reporting issues with traffic getting dropped with the connections that flowed through this pair, and it became evident that both firewalls thought they were active. I ended up rebooting the secondary/active, and it cleared the problem.


I've read some vague documentation that says you can upgrade with no downtime if you are moving from a certain code or release to another, but I can't find anything specific. I've got others telling me that I should have rebooted both at the same time, but I've never had to do that in the past, and it seems a little dangerous to me, particularly with most of the firewalls we support are at remote locations.


Any thoughts, experiences with upgrading pix's, or pix's vs asa's? I've gone from 7.24(18) to 7.24(30) on other firewall pairs just fine, maybe this one was just a fluke. But I'd like to get an idea of how other people approach these upgrades.


thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rob.stoop Tue, 07/21/2009 - 10:00
User Badges:

you did the right thing. Never done this on a pix but on a ASA you should do it your way

slug420 Tue, 07/21/2009 - 10:59
User Badges:

i think your mis-step was upgrading from 6.3(5) to 7.x


7.x is crap.


Unexpected behavior should now be expected.



dhalevi Fri, 09/18/2009 - 01:48
User Badges:

Performing Zero Downtime Upgrades for Failover Pairs


The two units in a failover configuration should have the same major (first number) and minor (second number) software version. However, you do not need to maintain version parity on the units during the upgrade process; you can have different versions on the software running on each unit and still maintain failover support. To ensure long-term compatibility and stability, we recommend upgrading both units to the same version as soon as possible.


Table 42-1 shows the supported scenarios for performing zero-downtime upgrades on a failover pair.


Table 42-1 Zero-Downtime Upgrade Support

Type of Upgrade

Support


Maintenance Release


You can upgrade from any maintenance release to any other maintenance release within a minor release.


For example, you can upgrade from 7.0(1) to 7.0(4) without first installing the maintenance releases in between.


Minor Release


You can upgrade from a minor release to the next minor release. You cannot skip a minor release.


For example, you can upgrade from 7.0 to 7.1. Upgrading from 7.0 directly to 7.2 is not supported for zero-downtime upgrades; you must first upgrade to 7.1.


Major Release


You can upgrade from the last minor release of the previous version to the next major release.


For example, you can upgrade from 7.9 to 8.0, assuming that 7.9 is the last minor version in the 7.x release.




http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mswlicfg.html#wp1053398

Actions

This Discussion