Tuesday, April 30, 2019

Re: Upgrading a CARP firewall cluster

mabi(mabi@protonmail.ch) on 2019.04.30 08:21:43 +0000:
> Hello,
>
> I have an OpenBSD 6.3 firewall cluster made out of two nodes (one master, one backup) using CARP and pfsync. This cluster also makes use of trunk and vlan interfaces.
>
> Now I would first like to upgrade the cluster to 6.4 and then to 6.5 and was wondering if it is possible to operate that cluster for a short amount of time having one node running 6.3 and the other node with 6.4 and then the same for going to 6.4 to 6.5.
>
> Is this safe? or could there be any incompatibilities in carp/pfsync which would prevent me to do that upgrade in two steps while keeping everything online?
>
> Cheers,
> Mabi

This is only a problem when we change the protocols involved, and that would
be mentioned in the upgrade guide.

Since there were no protocol changes to carp(4) or pfsync(4) between 6.3 and
6.5, you should not have a problem with this upgrade. In fact, you could go
63 -> 64 -> 65 on one firewall while the other stays on 63.

/Benno

No comments:

Post a Comment