cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2081
Views
5
Helpful
6
Replies

Cisco Expressway Maintenance Question

All,

I was wondering if anyone has any insight in the process for rebooting expressway environment (C & E)

What is the proper proceedure?

What would be your pre- post checks?

 

 

1 Accepted Solution

Accepted Solutions

Through the Web I believe it is System -> Protection -> Current Active Firewall Rules



I'm not sure if xStatus Iptablesacceptedrule shows the active ones or not as there doesn't seem to be a way to turn them off once they are on, via the CLI - I've always used the GUI. There's a "state" column which doesn't usually show "Active" but sometimes does - I don't go by that just the current active rules display.





Adam






View solution in original post

6 Replies 6

Adam Pawlowski
VIP Alumni
VIP Alumni
It sort of outlines it in the guide ... sort of

My notes on how I do this are below. Note I believe there's a caveat where CE endpoints will drop call as soon as maintenance mode is enabled. We don't have any over MRA. MRA clients will notice this, they eventually recover. I run it early hours with little or no usage and I haven't had a problem. YMMV on SSO tokens or any other sort of thing I haven't tested.

Post check is wait for alarms to clear, and on the Expressway E, I make sure the firewall rules have gone active as that have not automatically in the past for me.

In the event that you need to restart the Expressway host:

Note that restart means tearing down and restarting the applications. A full reboot or cold-start will take some time. On an Expressway - E, a restart is ~2 minutes. On an Expressway - C , this seems to be 3 - 4 .

Under Maintenance -> Maintenance Mode , enable Maintenance Mode on the Expressway.

Maintenance mode instructs the Expressway to do the following:

Expire or drop existing registration sessions
Deny admission of new calls
Deny admission of new registrations
Teardown XCP operations

The net effect is that calls in progress will not be dropped, however, for calls attempted to the Expressway they will be rejected. Jabber clients will eventually notice the system is in maintenance and will fail over to another Expressway host, but this can take up to two minutes for registration deltas. Users will see a minor impact as services re-register. This is more or less the same as either stopping the Callmanager service on the UCM, or failing XCP services over on the IM and Presence machines.

Maintenance mode sets an alarm, which will be cleared upon removing the box from maintenance mode, or restarting the appliance.

Under Maintenance -> Restart Options , you'll see the system's report on active calls and sessions.

Wait for the counters to reach 0, if you can, noting as well the above impact you've already caused.

Click restart and wait for the system to restart.

An alarm will be raised on the cluster peer that cluster communications have failed and the configurations are no longer in synchronization. These will clear approximately 2 minutes after the system starts up and comes online.

Wait for the alarm to clear before rebooting the cluster peer.

In general practice, start with the cluster master if you are restarting the whole cluster.

@Adam Pawlowski   Thank You for your detailed write up.  This will be extremely helpful in my maintenance.

We are actually powering the VM's off to move them to a new VM version.

Can shutdown be done via GUI?

Would you start with C or E?

Is there anything other than what you highlighted in your notes that i should check (ie..services, etc..) when the servers are back up?

yes you can shut it down from the Restart Options screen in the GUI if you'd like. The VMWare person will have to power it back on.

I would research and see if there's a need to keep the MAC or machine UUID when moving it so that the machine's serial number doesn't change. That is often the case with Cisco UC VMs.

Doesn't matter which you start with they are two separate elements. In a cluster I start with the master. If you only have one C / E pair then why not just move them both at the same time. The only concern is networking from C -> E to bring up traversal zones, public to -> E interface, and internal peers -> zones on the C. If you're using MRA the Collaboration Edge zones do not run failure check and will report Active no matter what.

I would just make sure the traversal zones are up, firewall is up, and then place needed tests to ensure that networking is working - client can discover and sign in (MRA), B2B calls can route out, B2B call can route in. https://cway.cisco.com/tools/CollaborationSolutionsAnalyzer/ can help with the last case there to verify things are working inbound.

I have never had a problem with things not working after restart, I only had issues once before with per-domain DNS overrides that stopped working after an upgrade, but removing them and putting them back fixed that.

@Adam Pawlowski 

Thanks again for your detailed information!

We have C&E (2 pairs), so i will do the master pair first and then the secondary pair second.

After each come back up - I will check to make sure the traversal zones are up and then the Firewall is up.  Question - I was looking through the configuration and wasn't able to notice a section to tell me if or if not the firewall is up / down.  Do you have a suggestion for where i would check to verify?

Then I will test calls via MRA and B2B as suggested.

 

Thank You,

 

Through the Web I believe it is System -> Protection -> Current Active Firewall Rules



I'm not sure if xStatus Iptablesacceptedrule shows the active ones or not as there doesn't seem to be a way to turn them off once they are on, via the CLI - I've always used the GUI. There's a "state" column which doesn't usually show "Active" but sometimes does - I don't go by that just the current active rules display.





Adam






@Adam Pawlowski  Thats perfect - thank you for all your help!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: