04-13-2011 02:29 PM - edited 03-11-2019 01:20 PM
Hi all, I need to upgrade the active/standby failover pair of 5510 ASA's to have1 Gig DRAM each, and I am trying to plan out the upgrade process. I'm looking for a zero downtime upgrade process and I am hoping to get some answers to my questions from the community.
I know that the failover pair has to have the same amount of memory, so how do I perform a zero-downtime upgrade process?
Can I power off the standby unit and upgrade it's memory first? Or will it cause a memory mismatch between the active and standby units when it is powered on?
04-13-2011 07:05 PM
It is entirely true that the same RAM is required in failover pairs architecture etc.. but it is not the case failover will stop working if RAM is disimilar.
You can still conduct zero downtime RAM upgrade while still continue firewall traffic I have upgraded a number of ASA5510s RAM with zero downtime but have plan for downtime to be on the safe side, depending on your network environment such as numbers of VPN tunnels and amount of connections etc.. I would personally plan for downtime to conduct such upgrades.
I would like to share the process I have used to upgrade RAMs on ASA5510s with zerodowntime.
1- Lable all firewall network cable connections with proper names and connection points – label state full CAT5 connection
2- Backup ASA firewall configuration both clear text and tftp
3- Power off Standby firewall ( Primary firewall will continue normal traffic )
4- Remove Standby chassis cover
5- Remove 512 MB module
6- Install 1GB RAM
7- Close firewall Chassis
8- Reconnect CAT5 cables to designated switch ports (inside)(DMZ) (outside) etc..
9- Power on
10- Check failover states – wait for synched config on Primary firewall
11- Issue on Primary firewall ( no failover active ) Standby will take Active Role
12- Power off Standby firewall (What used to be Active firewall)
13- Lable all firewall network cable connections with proper names and connection points – label state full CAT5 connection
14- Remove chassis cover
15- Remove 512 MB module
16- Install 1GB RAM
17- Close firewall Chassis
18- Reconnect CAT5 cables to designated switch ports (inside)(DMZ) (outside) etc..
19- Power on firewall
20- Check failover state - wait to synch configuration
21- Issued on Standby firewall-Active (What used to be Standby ) no failover active -
Now ASA Standby firewall-active will go back to Standby and ( Active firewall will resume its role )
Here is additional link for ASA5500 harware installation details in case you do not have it.
04-14-2011 06:56 AM
Thank you Jorge, it helps to know that it is possible to do the upgrade with zero-downtime. But I will plan for downtime just in case.
02-22-2016 06:09 PM
I will do the same activity on our client. As you have posted, is it possible to have zero-downtime on upgrading the memory. Can you site me some references about failover-that this will work though they have dissimilar RAM. I will just forward the reference to our client. Thank you.
02-22-2016 08:36 PM
Not sure if Jorge is still monitoring this thread - his posting is 5 years old.
The process he described is based on experience and is not how it's described in the documentation.
The docs only say that to establish an HA pair in the first place they have to have identical RAM.
They're silent on the issue of adding RAM during or in preparation for an upgrade of an HA pair.
02-22-2016 09:47 PM
Thank you for your reply. If that would be the case, I would just stick on Cisco documentation. :)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: