>From 11.2 R2 onwards you have ICU for SRX100, SRX210, SRX220, SRX240, and >SRX650
http://www.juniper.net/techpubs/en_US/junos11.4/topics/task/operational/chassis-cluster-upgrading-both-device-with-icu.html This with the "no-tcp-syn-check" option (thanks Craig) might possibly make life easier. I haven't had a chance to try this yet though. On 09/03/2013, at 6:49 AM, Andy Litzinger wrote: > what pieces of the KB do you think contribute to the possibility of major > outages? Not having tested anything it already makes me nervous that > failover is initiated solely by shutting down the interfaces on the active > node... > >> -----Original Message----- >> From: Tim Eberhard [mailto:xmi...@gmail.com] >> Sent: Friday, March 08, 2013 10:11 AM >> To: Andy Litzinger >> Cc: juniper-nsp@puck.nether.net >> Subject: Re: [j-nsp] SRX upgrade procedure -ready for enterprise? >> >> I would never, ever follow that KB. It's just asking for a major outage.. >> >> With that said, you have two options. 1) ISSU and 2) Reboot both close >> to the same time and take the hit. Depending on your hardware it might >> be 4 minutes, it might be 8-10 minutes. >> >> If option one is the path you choose to go keep in mind the >> limitations and I would suggest you test it in a lab well before you >> ever do it in production. ISSU on the SRX is still *very* new. Here is >> a list of limitations: >> http://kb.juniper.net/InfoCenter/index?page=content&id=KB17946&actp=R >> SS >> >> I've seen ISSU fail more than a couple of times when it was supposed >> to be fully supported. This caused us to take a hit, then have to >> reboot both devices anyways. So we ended up expecting a hitless >> upgrade and got 10 minutes of downtime anyways. If you're up for >> running bleeding edge code then maybe ISSU will work properly, but if >> availability is that critical you should have a lab to test this in. >> >> Good luck, >> -Tim Eberhard >> >> On Fri, Mar 8, 2013 at 9:50 AM, Andy Litzinger >> <andy.litzin...@theplatform.com> wrote: >>> We're evaluating SRX clusters as replacements for our aging ASAs FO pairs >> in various places in our network including the Datacenter Edge. I was >> reading >> the upgrade procedure KB: >> http://kb.juniper.net/InfoCenter/index?page=content&id=KB17947 and >> started to have some heart palpitations. It seems a complicated procedure >> fraught with peril. Anyone out there have any thoughts (positive/negative) >> on their experience on upgrading an SRX cluster with minimal downtime? >>> >>> thanks! >>> -andy >>> _______________________________________________ >>> juniper-nsp mailing list juniper-nsp@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/juniper-nsp > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
