Who rated this post

I'm firewall team lead for a pretty big company. Five years ago, almost all of our firewalls were running code at least 18 months old. Today, 55% of my environment is on R81.20 jumbo 76 (recommended 2024-07-31) or 84 (recommended 2024-09-18). CDT isn't the only factor in this change, but it's a big one.

Upgrades with cross-version sync (previously called a "full connectivity upgrade", then "connectivity upgrade", now "multi-version cluster upgrade") have several opportunities to cause an outage by forgetting a step. CDT mechanizes the process so there's no chance to forget these steps.

We've had some problems upgrading VSX clusters, but the last several have been successful. Normal clusters upgrades took us a few tries to get down, but they've been perfect since about halfway through taking our environment from R80.40 to R81.10. Now we're mostly on R81.20 and the upgrades have been smooth. I just upgraded three clusters in a single action in August.

We use CDT for jumbos everywhere. Together with a lot of focus on eliminating differences between cluster members, it has been a while since anybody has noticed a problem when we install a jumbo. Two weeks ago, I installed R81.20 jumbo 84 across six clusters at the same time in one CDT action.

Better reliability leads to being able to do more clusters in one window, which leads to vastly less paperwork and fewer meetings required to stay up to date.