How to expand a VSX_cluster on Crossbeam X series chassisN/A
A customer wants to expand a VSX cluster from 1 to 2 members on each Crossbeam X-Series chassis to process more traffic.
During the original design, the system was not configured to have spare IP addresses for either VSX cluster management or for VSX Checkpoint cluster sync IP addresses between the chassis.
From a technical consideration the systems are not required to use contiguous IP addresses across chassis however the IP address contiguity is enforced within a chassis for a given VAP group due to the increment-per-vap command.
For Cluster management, the IP addresses may be from different subnets across the chassis.
For Cluster sync, the IP addresses across the chassis must be within the same subnet.
This procedure should be performed during a maintenance window and the customer should understand that there are potential risks associated with the migration of firewalls in a production environment.
The following procedure explains how to migrate a VSX cluster member from one chassis to another.
Then apply any required patches on the second vap on the X45-1 chassis.
3) Move the cluster member B onto X45-1 chassis.
vsx_util reconfigure VSX_cluster_B
Please note that if you need to change the mgmt_ip of the VSX_cluster_B member you can
perform the action by doing "
vsx_util change_mgmt_ip" for a given cluster member prior to
execute the vsx_util reconfigure.
4) When the X45-1 newly added cluster member is reconfigured, and it is being rebooted.
Check if the policy and the VS are properly created, state sync is working then enter this command.
Your X45 cluster member should then have the proper policy and should be processing traffic.
Proceed to the X45-2 configuration change.
5) Modify the configuration and add the new clusters:
configure circuit mgmt vap-group vsx ip 18.104.22.168/24 increment-per-vap 22.214.171.124 (second set of IP for the mgmt)
configure circuit sync vap-group vsx ip 10.1.1.8/24 increment-per-vap 10.1.1.9 configure vap-group vsx vap-count 2 configure module x maintenance (where x represents the vap which will boot vsx_1 image) configure vap-group vsx max-load-count 2 When the vap_1 apm is booted rsh to the vsx_1 and executer reset_gw application-update vap-group vsx Then apply any required patches on the second vap on the X45-2 chassis. Configure module x enable (where x represents the vap which will boot vsx_1 image).
6) Add the VSX cluster members of chassis 2.
vsx_util add_member vsx_util add_member_reconf You may need to reload the entire VAP group at the end to ensure proper configuration.
Imported Document ID: 000019730
Subscribing will provide email updates when this Article is updated. Login is required.