Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
DR_74
Collaborator

VSX hardware upgrade from 5600 to 7000

Hello

We are planning to change a VSX cluster running r81.10 on 2x5600 gateway with a new 7000 cluster running r81.20.

The actual cluster has only 3 VS (some IPSEC vpn) and some virtual switches.

The management server is already in r81 20.

We were thinking of building a new cluster in parallel with different IPs.

Then provisionning new VS with different names and dummy IPs the time to create them and to avoid conflict.

Finally attaching the existing policies to these new VS.

The migration would be to shutdown the interfaces on the legacy cluster, modify the IP addresses on the new VS with the ones of the older VS.

When migration is done, deleting the old cluster from the management

Does this look possible?

Thanks

7 Replies
the_rock
Legend
Legend

Im sure one of the VSX experts will confirm it for you, but to me, that all sounds logical.

Best,

Andy

0 Kudos
Mattias_Jansson
Collaborator

I have been using that method too. Works fine. I use the real ip adresses on the new vs’s but have all interfaces in shutdown on the switch. Then I shutdown the old vsx gateways for gratuitous arp to work. (Sometimes it dont). Then enable the interfaces on the new machines

Ruan_Kotze
Advisor

Just a quick note - you can "force" an arp update through the following commands:

arping -c 4 -A -I eth1 1.2.3.4

For Proxy ARP addresses you do it like so:

Expert# echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
Expert# arping -c 4 -A -I eth1 1.2.3.4

For every address the gateway is proxy arping for:

Expert# fw ctl arp | cut -d\( -f2 | cut -d\) -f1 | xargs -i -t arping -c 4 -A -I eth1 {}

Bob_Zimmerman
Authority
Authority

If you add '-P 256' to the xargs invocation, it can run multiple instances (up to 256 with that exact string) of the called tool in parallel. In environments with a lot of proxy ARP entries, this can speed things up substantially.

0 Kudos
Vincent_Bacher
Advisor
Advisor

Both provided solutions should do it.
We usually first setup hardware with different management IPs, configure them without VSes and then we prepare scripts to remove the VSes from one device and add them to the other devices.
But that effort would not be feasible running just few VSes.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
emmap
Employee
Employee

That's the long way, but it'll work. Alternatively, you can look at using 'vsx_util reconfigure' to reuse all the existing stuff and push it out to the new gateways.

0 Kudos
Vincent_Bacher
Advisor
Advisor

This is what we usually do in our scripts 👍

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events