Auto update process overview – Cisco ASA 5505 User Manual
Page 1300
61-12
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 61 Information About High Availability
Auto Update Server Support in Failover Configurations
Auto Update Server Support in Failover Configurations
You can use the Auto Update Server to deploy software images and configuration files to ASAs in an
Active/Standby failover configuration. To enable Auto Update on an Active/Standby failover
configuration, enter the Auto Update Server configuration on the primary unit in the failover pair. See
the
“Configuring Auto Update Support” section on page 81-16
, for more information.
The following restrictions and behaviors apply to Auto Update Server support in failover configurations:
•
Only single mode, Active/Standby configurations are supported.
•
When loading a new platform software image, the failover pair stops passing traffic.
•
When using LAN-based failover, new configurations must not change the failover link
configuration. If they do, communication between the units will fail.
•
Only the primary unit will perform the call home to the Auto Update Server. The primary unit must
be in the active state to call home. If it is not, the ASA automatically fails over to the primary unit.
•
Only the primary unit downloads the software image or configuration file. The software image or
configuration is then copied to the secondary unit.
•
The interface MAC address and hardware-serial ID is from the primary unit.
•
The configuration file stored on the Auto Update Server or HTTP server is for the primary unit only.
Auto Update Process Overview
The following is an overview of the Auto Update process in failover configurations. This process
assumes that failover is enabled and operational. The Auto Update process cannot occur if the units are
synchronizing configurations, if the standby unit is in the failed state for any reason other than SSM card
failure, or if the failover link is down.
1.
Both units exchange the platform and ASDM software checksum and version information.
2.
The primary unit contacts the Auto Update Server. If the primary unit is not in the active state, the
ASA first fails over to the primary unit and then contacts the Auto Update Server.
3.
The Auto Update Server replies with software checksum and URL information.
4.
If the primary unit determines that the platform image file needs to be updated for either the active
or standby unit, the following occurs:
a.
The primary unit retrieves the appropriate files from the HTTP server using the URL from the
Auto Update Server.
b.
The primary unit copies the image to the standby unit and then updates the image on itself.
c.
If both units have new image, the secondary (standby) unit is reloaded first.
–
If hitless upgrade can be performed when secondary unit boots, then the secondary unit becomes
the active unit and the primary unit reloads. The primary unit becomes the active unit when it
has finished loading.
–
If hitless upgrade cannot be performed when the standby unit boots, then both units reload at
the same time.
d.
If only the secondary (standby) unit has new image, then only the secondary unit reloads. The
primary unit waits until the secondary unit finishes reloading.
e.
If only the primary (active) unit has new image, the secondary unit becomes the active unit, and
the primary unit reloads.