Active/Standby upgrade - interface question

Disabling interfaces is recommended when using network failover because it keeps a unit from answering traffic while it thinks it's active. Since it takes a bit of time for the device to see its peer, it will assume it's active and immediately start responding to traffic. By keeping the management interface enabled, you're able to access the device to upgrade it and to validate it's 100% up before sending traffic to it.

 

 

In your case, you'd want to disable all interfaces except the mgmt interface on your standby device, upgrade it, wait until it was up, and then bring the other interfaces up. Unfortunately, because you're going from 9.4.7 to 10.1 where the network failover changes significantly, the two boxes will go active-active. So, you'll have to bring the other box down, bring the newly-upgraded one's interfaces up, and then clear ARP unless you're using MAC Masquerade.

I'd also go an extra step and disable all the upstream switch(es) ports which connect to TMM switch ports for the unit you're upgrading. I've seen ports which were disabled in the LTM config come up during (or immediately after?) an upgrade. Disabling the upstream switch ports eliminates any potential issues.

 

 

Aaron

That all makes sense, thanks for the quick answer Chris.

 

 

Aaron, from my understanding of the interface configuration I believe the physical TMM ports on the F5s are used both for F5 failover and as the ports to the trunked VLANS, so that wouldn't be possible if I wanted to retain service during upgrade.

 

 

I could disable the ports on the switch the standby unit being upgraded physically connects to though.

Thanks Aaron.