Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Arthur_DENIS1
Collaborator

VSX hardware replacment

Hi,

I need you advise about one of my coming migration.

I have currently 1 VSX cluster running version R80.20 under 12600 appliance, and we planned to replace the hardware with 7000.
Current interfaces used 10Gb directly on the config, and now we want to use 2Gb under bond interface for each VS.

My idea is this:
- deploy new boxes with GAIA settings (interfaces, bond, users, DNS, routing for VS0, backups, licenses etc)
- integrate into management
- create all VS/vlan with other unused IP
- assign same policy package for actual and new VS

Day of the migration:
- unplug actual box
- use VSX provisionning tool to replace all temporary IP on new boxes by actual one

Could you please give me you're thinking about this plan? Any better ideas?

 

Thanks,
Arthur

0 Kudos
Reply
5 Replies
G_W_Albrecht
Champion
Champion

I would ask TAC, backed by the local CP SE you should receive any help you need from there. VSX is a complicated product so i would be extreme carefull here...

0 Kudos
Reply
Arthur_DENIS1
Collaborator

Indeed, I'm already in liase with my local SE, but get another idea and feedback from previous migration is already great to have 🙂

0 Kudos
Reply
Magnus-Holmberg
Advisor

First of all we connect the new VSX to MAIN01 so all the configuration can be done and box is up and ready for production.

When we do hardware replacement we more or less copy paste with help of VSX provisioning.
We create the VS the same with all IP and everything but we dont allow the VLAN on the bond interfaces in the switches.
Communicate with the VSX over VS0 so you are able to push policys etc.
(We have VS0 on dedicated interface)

Before cut over we normally turn off statefull inspection.
2-3 hours before the cutover we "freeze" the mgmt station and move all VPN communities etc.
The only as we see it is that we need to generate a massive amount of eval licenses to put on the CMA as we use DMN VSX licens in all CMA.
During migration its "only" to remove the VLAN on the trunks to old boxes and add the VLAN on the trunk to the new boxes.

Regards,
Magnus

https://www.youtube.com/c/MagnusHolmberg-NetSec
Michal_Gans
Contributor

I would suggest to designate new IPs for new VSX mng inf and configured whole boxes before migration day (all inf expect mng unpluged). 

So whole migration take only to unplug old box and plug new ones.

 

We used this scenario many times and it make around 2 mins of downtime.

Arthur_DENIS1
Collaborator

Thanks, seems great !

Only 2 min of downtime would be amazing 🙂

0 Kudos
Reply