Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
iblake1
Explorer

Orchestrator Upgrade

I am planning to upgrade our MHO-140 from R80.20SP to R81.10.

We have two of them that are paired together.

My main question is after I upgrade the first device, will both Orchestrators still route traffic even though they are running different versions? Also, are there any commands I can run that will tell me that traffic is going through the Orchestrator so I know that it is processing traffic before I move on to upgrading the second device.

0 Kudos
3 Replies
_Val_
Admin
Admin

@Anatoly can you please answer?

0 Kudos
pietervs
Participant

Following this with eager eyes, since we need to follow this upgrade path for one of our customers as well.

0 Kudos
Timothy_Hall
Legend Legend
Legend

Orchestrators do not route traffic, they use a hash function to switch frames via the downlinks to the gateway appliances.  Both Orchestrators will still pass traffic even if they are running different code releases, although I don't believe it is supported to leave them that way for any length of time, or to make any Orchestrator configuration changes requiring a config sync while they are in that mismatched state. 

The sync interface between the Orchestrators is only used to sync any config changes should they occur on one side or the other, otherwise the two Orchestrators act pretty much independently in an active/active state.  There is no connection state sync between them as Orchestrators do not even track the connection state of the frames they are passing, nor do they guarantee stickiness or symmetry.  The correction layer on the Security Group members do that.

It is supported to have the Orchestrators running different code from the gateways, so you don't have to upgrade the Orchestrators and gateways all in one go if you don't want to.  orch_stat -a will show counters indicating that traffic is passing, make sure that all gateway and MHO LAGs are showing FORWARD and UP on the upgraded Orchestrator before starting the remaining Orchestrator.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

 
Upcoming Maestro Events