Shouldn't take long. Clear XLATE can be done any time but it just knocks
off streaming connections so that they have to reconnect. It will probably
do the same thing if it has to rebuild where all they need to do is
reconnect. No biggie if they're expecting it ;)
----- Original Message -----
From: "Mark Smith"
To: "Allen May"
Cc:
Sent: Friday, June 29, 2001 11:41 AM
Subject: Re: Recommendations on PIX upgrade [7:10380]
> Thanks for the ideas, Allen. I'll probably just give that a try. I just am
still not sure if, once I bring PIX1 back online after doing an upgrade on
it and connect it to PIX2, and now they're at different versions, if the
xlate table will sync back up on PIX1. If not and I make PIX1 hot and take
PIX2 down for an upgrade to it, then it will just take a little while for
that table to rebuild on PIX1 and folks will get timeouts during that
rebuilding time. I'll give it a try though.
> Thanks.
>
> Quoting Allen May :
>
> > I think you're overdoing the solution when you have an
> > almost zero downtime
> > solution ni front of you. Just fail the first unit &
> > let the 2nd take over.
> > Then with the first one offline, upgrade it & let the
> > failover..well...failover ;) When done just make sure
> > the config is correct
> > on the first one and do whatever it takes to get the
> > first one back online.
> > I've never tried just shutting the failover box off to
> > see if it would
> > trigger back to the first box with a different OS but
> > even if that fails
> > just reboot the first one and it should come back up
> > happy. Now your
> > network is back the way it was with only 2 very small
> > windows of downtime.
> > Upgrade 2nd PIX and hook up failover.
> >
> > If you're concerned about the primary taking over
> > again when you're trying
> > to upgrade, don't. Just boot it up hitting ESC so it
> > doesn't load the
> > config so you can manually give it an IP, subnet,
> > gateway, and tftp server
> > address. Without the config loaded it won't be part
> > of the failover.
> >
> > Allen
> >
> > ----- Original Message -----
> > From: "Mark Smith"
> > To:
> > Sent: Friday, June 29, 2001 1:53 AM
> > Subject: Recommendations on PIX upgrade [7:10380]
> >
> >
> > > This may be a stupid question but that's never
> > stopped me from asking
> > before.
> > >
> > > At one site I have 2 UR 515's running in failover
> > config. They are at
> > 5.2(1)
> > > software. I'd like to upgrade them but can only
> > afford an absolute minimum
> > > of down time (measured in seconds, maybe). From what
> > I've read about the
> > PIX
> > > units, for failover to work, I believe each unit
> > must be configured
> > > identically - same hardware, OS version,
> > configuration - or failover
> > doesn't
> > > work.
> > > What my plan currently is to start by taking the
> > standby PIX (PIX2) down
> > and
> > > do a 6.0.1 upgrade. I guess the question that I have
> > is, and here comes
> > the
> > > stupid part, if I reconnect the two with PIX2 at
> > 6.0.1 and PIX1 still at
> > > 5.2(1) will anything bad happen (my hair fall out, I
> > contract an incurable
> > > STD, smoke come from either/both of the boxes)?
> > Assuming that nothing
> > > horrible happens, when I take the PIX1 box down to
> > upgrade it will PIX2
> > (now
> > > on a different OS version) detect that the hot PIX
> > has dropped offline and
> > > come up as in failover? If it won't on it's own can
> > I do a "failover
> > active"
> > > or a similar command to force PIX2 to become active?
> > Will the children
> > play
> > > well together again after I do a 6.0.1 upgrade on
> > PIX1? Or will I have to
> > > bring PIX2 down, upgrade it (while PIX1 is still up)
> > and then bring PIX1
> > > down (leaving PIX2 down), upgrade it and then bring
> > both back up together
> > > once they are on the same OS version level? I
> > realize that with a laptop
> > > that has TFTP server software connected to PIX1 and
> > has the pix601.bin
> > image
> > > on it the upgrade process doesn't take long. But if
> > I choose the last
> > method
> > > of taking both boxes down that, by the time that
> > cables are switched
> > around
> > > as required, box(es) are rebooted, bring the 2nd box
> > up in monitor mode,
> > > copy the image, reboot, reconnect failover cabling
> > (as needed), the
> > process
> > > would probably measured in minutes of total down
> > time before both would be
> > > back online. That might as well be days as far as my
> > bosses are concerned.
> > > Just looking for alternatives.
> > > Thanks for any advice/experience/thoughts. Sorry if
> > this doesn't belong in
> > > studygroup.com. I just know that there's a lot of
> > experience and common
> > > sense here.
> > >
> > > (END stupid questions)
> > [EMAIL PROTECTED]
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10423&t=10380
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
