Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Upgrading OS for Cluster Devices ?

Hi everyone,

We have two C160 Devices in cluster mode. Now we would like to Update the OS to 7. Please Let me know how to Update the Same.

what are the steps to do that?.

Regards,

Bala Krishna G

7 REPLIES
New Member

Re: Upgrading OS for Cluster Devices ?

Check supported upgrade paths in Release Notes.

When doing such supported upgrades, check 'Upgrading Machines in Cluster' section in C-series documentation 'Advanced Configuration Guide'.

New Member

Re: Upgrading OS for Cluster Devices ?

First disconnect both servers from the cluster. After that perform an upgrade (follow the upgrade instructions) on both machines. After the upgrade of BOTH machines connect the machines to the cluster again.

New Member

Re: Upgrading OS for Cluster Devices ?

Hi Krishna,

Login to one of the C160 via ssh

run below commands

clusterconfig

    disconnect

suspendlistener

Now login to same c160 via web.

go to administration -->system upgrade

after the rebboot reconnect to same box via ssh

Run the below command

clusterconfig

     resume

Repeat the above steps for the other box.

after both the boxes get upgraded then run below comand via ssh via any of the boxes

clusterconfig

     reconnect

it will give you both the boxes option (1,2,............n) (as per the number of boxes in cluster)

choose all the options one by one

there is no need to run commit.

regards,

homesh

New Member

Re: Upgrading OS for Cluster Devices ?

When upgrading here AsyncOS 7.1.0 for our C160 cluster, we noticed that TLS certificate settings were reseted. TLS certs are managed different way in the new rekease. After the upgrade, you must go to GUI menu Network -> Certificates, and see that they are ok. Perhaps Submit and Commit afterwards. After that, you must select proper certificate for your listener via Network -> Listeners -> MailInterface -> Certificate.

New Member

Re: Upgrading OS for Cluster Devices ?

Hi,

Thanks For your Reply.

Box1 : 192.168.1.1

Box2 : 192.168.1.2

Cluster : 192.168.1.3

This Is My Box IP Address. Now All Mail are routed trough Cluster IP Address:192.168.1.3.

As per your above steps.

First i am connecting to Cluster IP Address and Disconnecting the Box1:192.168.1.1

After Disconnecting we have to Update the OS.

Now All Mails are Routed trough Box2:192.168.1.2

After Updating the Box1:192.168.1.1 i cant join it into the Cluster.

Again i am Doing the same steps to my Box2:192.168.1.2

Now my Both Box are not in Cluster what about my incoming mails.

There is no devices to receive the mails.

Please Clarifiy me on this

Doubt:

if i disconnect one box from the Cluster did that box have the same configuration are it becomes like a Dummy Box.

I mean configuration information.

Regards,

Bala Krishna G

New Member

Re: Upgrading OS for Cluster Devices ?

HI Krishna,

Ironport cluster is only for configuration sync and not for load balancing.

when you remove the box from cluster during that time do not add /remove any settings to the cluster.

suspend all listeners so that Ironport will not even process any new mails, upgrade the box then resume all the listeners so that ironport will start

processing the new mails. Now repeat the procedure for the other box and join both the boxes to the cluster. Now you can add /remove any

config setting it will get replicated on to each box in cluster.

dont use cluster IP. you can connect to any of the box IP and do your work.

regarding the mail routing it has to be done by MX prioriy or any external load balancer you may have.

Doubt:

if i disconnect one box from the Cluster did that box have the same configuration are it becomes like a Dummy Box.

I mean configuration information.

Ans: if you disconnect the box from the cluster it will still have all the settings.

Please go through the advance user guide for detail explaination about Ironport clustering.

Regards,

HOmesh

New Member

Re: Upgrading OS for Cluster Devices ?

homesh2009 wrote:

Ironport cluster is only for configuration sync and not for load balancing.

DNS round-robin helps making C-series HA cluster somehow load balanced as well. So you have C-series cluster, say mxnode1 and mxnode2.

@ IN MX 10 mxcluster.corp.local.

mxcluster IN A 192.168.0.1

               IN A 192.168.0.2

mxnode1 IN A 192.168.0.1

mxnode2 IN A 192.168.0.2

In TLS certificate, use CN=mxcluster.corp.local and subjectAltName=DNS:mxnode1.corp.local,DNS:mxnode2.corp.local

For SMTP smarthost relay clients, use mxcluster.corp.local.

Now, both incoming internet mail traffic and outgoing relayed mail traffic is being equally distributed along those two C-series node servers. Been here in service provider like production environment for almost an year without any problems. Sure using dirfferent ip addressing, domain namespace and TLS certificate properties, but the idea is above. Using openssl pressend self-signed TLS certificates.

Regards,

Jussi

957
Views
10
Helpful
7
Replies
CreatePlease to create content