Monday, December 17, 2012

Upgrading a Juniper SRX Cluster

Upgrading branch SRX's is a quite simple process. However, the steps get a little more convoluted when you need to upgrade a cluster. The steps below have been tested on an SRX 240 cluster running Junos 11.4R5.5. Node 0 is the primary node, and Node 1 is the secondary node.
  1. Ensure that the system time is synchronized, as this has been known to cause issues:
    1. node0> show system uptime
  2. If time is off you can configure time for both nodes via one of the following methods:
    1. node0> set date 201210172200.00
    2. node0> set date ntp 0.north-america.pool.ntp.org 
  3. From configuration mode on the primary node, issue the following commands:
    1. node0# set system services ftp
    2. node0# set system login user ftp-user class super-user uid 2001 authentication plain-text-password
      1. enter a password twice as prompted
    3. node0# commit
  4. Using your favorite FTP program, connect to the IP of your trust interface, and login using the credentials of the user you created above.
  5. Copy the Junos software package you downloaded from the Juniper site to /var/tmp
  6. From the primary node, issue the following commands:
    1. node0# request routing-engine login node 1
    2. node1# file copy file copy /var/tmp/junos-srxsme-11.4R5.5-domestic.tgz node1:/var/tmp/
    3. Check to make sure the copy completed successfully:
      1. node1> show file /var/tmp/?
      2. You should be able to see the file in the directory
    4. node1# request system software add /var/tmp/junos-srxsme-11.4R5.5-domestic.tgz no-copy no-validate unlink
  7. Open a separate terminal window and SSH once again to the primary node and issue the same command we issued on node 1:
    1. node0# request system software add /var/tmp/junos-srxsme-11.4R5.5-domestic.tgz no-copy no-validate unlink
  8. You should have two terminal windows open, one that is monitoring the node0 package installation, and the other that is monitoring the node1 package installation. Once complete, you will see that each SRX is showing that a reboot is required. 
  9. Issue a reboot from node1:
    1. node1> request system software reboot
  10. Issue a reboot from node0:
    1. node0> request system software reboot
Juniper recommends to do it simultaneously. I just enter the command in each window and then hit enter in node1, then alt-tab to node0 and do the same. I always disable FTP after I'm done using it, but you can do what you want. Enjoy!