Changing MSG-Backbone IP VRFs for HA Appliances

This section describes how to change the IP address used for the msg-backbone of a high-availability (HA) redundant pair of Solace PubSub+ appliances. This allows the HA pair to be migrated to a different IP/subnet.

Assumptions

The example assumes the following:

  • Solace PubSub+ 7.1.1.x or later
  • Active/Active redundancy.
  • Re-using the same message spool with the same LUN.
  • Only one default route is used for the msg-backbone VRF.
  • The hostnames of the appliances are not changed.
  • The IP address/subnet change is done on the same data center and the network administrators can change the network ports to the new subnet.

Although the configuration of your HA pair and your network may differ from that used in the provided example, the general process will be the same.

Before you begin

Perform the following steps to ensure the system is in the correct state before upgrade:

  1. Verify the Solace PubSub+ version used by the appliances you will migrate: 
    solace-primary> show version

  2. Verify that the internal disks are in a redundant state on both the primary and backup appliance:
    solace-primary> show disk

    If the displayed output shows the RAID disk drives to be in a non-­redundant state on either appliance, contact Solace and abort this software upgrade procedure immediately to prevent software corruption on the appliance.

    Some appliances contain slots for disk 3 and disk 4, however, these slots are not presently used, and the redundancy state for disk 3 and disk 4 should be ignored.

  3. Have a list of primary, backup and static IPs and gateway IP address ready.
  4. Take note of the interfaces that you are going to migrate.

    For example, this procedure uses 1/1/lag1:1, 1/1/lag1:2, 1/1/lag1:3.

  5. If required, also have a list of new VRRP-VRIDs and IPs at hand.

    For example, this procedure uses the following:

    Primary Event BrokerBackup Event Broker

    Primary: 192.168.40.115/24

    Primary: 192.168.40.125/24

    Backup: 192.168.40.125/24

    Backup: 192.168.40.115/24

    Static: 192.168.40.116/24

    Static: 192.168.40.126/24

    Gateway: 192.168.40.1

    Gateway: 192.168.40.1

    VRRP-VRID: 15

    VRRP-VRID: 25

  6. Ensure that the primary appliance is in the correct redundancy state:
    solace-primary> show redundancy
  7. Ensure that the backup appliance is in the correct redundancy state:
    solace-backup> show redundancy

Prepare for Message Backbone IP VRF Migration

Once you can confirm that the system is in the correct state, you can begin the process of migrating the message backbone IP VRF.

  1. Make a copy of the current SolOS configuration in the /configs sub-directory on both appliances: 
    solace-primary> enable
    solace-primary# copy current-config /configs/<SolOS-version>_preMigrationConfig

     

    solace-backup> enable
    solace-backup# copy current-config /configs/<SolOS-version>_preMigrationConfig

    Where:

    <SolOS-version> is the version number of current SolOS software as seen in the output of the show version command.

  2. If routing is enabled, shut it down on both appliances:
    solace-primary# configure
    solace-primary(configure)# routing
    solace-primary(configure/routing)# shutdown
    solace-primary(configure/routing)# end

     

    solace-backup# configure
    solace-backup(configure)# routing
    solace-backup(configure/routing)# shutdown
    solace-backup(configure/routing)# end
  3. Shut down the message backbone service on both appliances: 
    solace-primary# configure
    solace-primary(configure)# service msg-backbone
    solace-primary(configure/service/msg-backbone)# shutdown
    All clients will be disconnected.
    Do you want to continue (y/n)? y
    solace-primary(configure/service/msg-backbone)# end

     

    solace-backup# configure
    solace-backup(configure)# service msg-backbone
    solace-backup(configure/service/msg-backbone)# shutdown
    All clients will be disconnected.
    Do you want to continue (y/n)? y
    solace-backup(configure/service/msg-backbone)# end
  4. Ensure both appliances do not have auto­-revert enabled: 
    solace-primary# configure
    solace-primary(configure)# redundancy
    solace-primary(configure/redundancy)# no auto-revert
    solace-primary(configure/redundancy)# end

     

    solace-backup# configure
    solace-backup(configure)# redundancy
    solace-backup(configure/redundancy)# no auto-revert
    solace-backup(configure/redundancy)# end
  5. If the paired appliances are using transacted sessions, wait until all transacted sessions time out and the count drops to 0 on the primary appliance.

    This may take up to three minutes.

  6. Shut down the message spool on primary. Then shut down the message spool on the backup. 
    solace-primary# configure
    solace-primary(configure)# hardware message-spool
    solace-primary(configure/hardware/message-spool)# shutdown
    All message spooling will be stopped.
    Do you want to continue (y/n)? y
    solace-primary(configure/hardware/message-spool)# end

     

    solace-backup# configure
    solace-backup(configure)# hardware message-spool
    solace-backup(configure/hardware/message-spool)# shutdown
    All message spooling will be stopped.
    Do you want to continue (y/n)? y
    solace-backup(configure/hardware/message-spool)# end
  7. Shutdown redundancy on both appliances: 
    solace-primary# configure
    solace-primary(configure)# redundancy
    solace-primary(configure/redundancy)# shutdown
    solace-primary(configure/redundancy)# end

     

    solace-backup# configure
    solace-backup(configure)# redundancy
    solace-backup(configure/redundancy)# shutdown
    solace-backup(configure/redundancy)# end

Migrating Message Backbone IP VRF

You can now begin migrating the message backbone IP VRF.

For this step, it must be assumed that the network operations team have switched the network to a different subnet.

  1. View the currently configured interfaces, and note what is currently primary, backup and static IP addresses for both the primary and backup appliances: 
    solace-primary# show ip vrf msg-backbone

    You will replace this with their new IP addresses on the same interfaces.

  2. Remove the old default route from the msg-backbone on both appliances: 
    solace-primary# configure
    solace-primary(configure)# ip vrf msg-backbone
    solace-primary(configure/ip/vrf)# no route default
    solace-primary(configure/ip/vrf)# no route default 1/1/lag1
    ERROR:  No route is associated with interface 1/1/lag1
    Command Failed
    solace-primary# end

     

    solace-backup# configure
    solace-backup(configure)# ip vrf msg-backbone
    solace-backup(configure/ip/vrf)# no route default
    solace-backup(configure/ip/vrf)# no route default 1/1/lag1
    ERROR:  No route is associated with interface 1/1/lag1
    Command Failed
    solace-backup# end

    Depending on how the default route is configured, you may get an “ERROR: No route is associated with interface xxxxx.” message on either no route default or the no route default 1/1/lag1 command. This is normal

  3. Shutdown, reconfigure, and enable the currently configured interfaces for the primary.
  4. Shutdown, reconfigure, and enable the currently configured interfaces for the backup.
  5. Configure the default gateway: 
    solace-primary# configure
    solace-primary(configure)# ip vrf msg-backbone
    solace-primary(configure/ip/vrf)# route default  192.168.40.1
    solace-primary(configure/ip/vrf)# end

     

    solace-backup# configure
    solace-backup(configure)# ip vrf msg-backbone
    solace-backup(configure/ip/vrf)# route default  192.168.40.1
    solace-backup(configure/ip/vrf)# end
  6. Check the interfaces on both appliances to ensure that they are correct:
    solace-primary# show ip vrf msg-backbone
    solace-backup# show ip vrf msg-backbone
  7. If you require a change in the VRRP-VRID, change to new VRRP-VRIDs, but ensure that they are unique in the subnet.
  8. Check that both appliances have the correct VRRP VRID set.
    solace-primary# show redundancy
    solace-backup# show redundancy
  9. Because of the IP address change, you must assert disk ownership on the message spool for both appliances: 
    solace-primary# admin
    solace-primary(admin)# system
    solace-primary(admin/system)# message-spool
    solace-primary(admin/system/message-spool)# assert-disk-ownership
    This disk wwn must only be in use by this router and its mate if paired.
    Do you want to continue (y/n)? y
    solace-primary(admin/system/message-spool)# end

     

    solace-backup# admin
    solace-backup(admin)# system
    solace-backup(admin/system)# message-spool
    solace-backup(admin/system/message-spool)# assert-disk-ownership
    This disk wwn must only be in use by this router and its mate if paired.
    Do you want to continue (y/n)? y
    solace-backup(admin/system/message-spool)# end
  10. Enable routing on both appliances: 
    solace-primary# configure
    solace-primary(configure)# routing
    solace-primary(configure/routing)# no shutdown
    solace-primary(configure/routing)# end

     

    solace-backup# configure
    solace-backup(configure)# routing
    solace-backup(configure/routing)# no shutdown
    solace-backup(configure/routing)# end
  11. Enable redundancy on both appliances: 
    solace-primary# configure
    solace-primary(configure)# redundancy
    solace-primary(configure/redundancy)# no shutdown
    solace-primary(configure/redundancy)# end

     

    solace-backup# configure
    solace-backup(configure)# redundancy
    solace-backup(configure/redundancy)# no shutdown
    solace-backup(configure/redundancy)# end
  12. If required, re-enable auto-revert: 
    solace-primary# configure
    solace-primary(configure)# redundancy
    solace-primary(configure/redundancy)# auto-revert
    solace-primary(configure/redundancy)# end

     

    solace-backup# configure
    solace-backup(configure)# redundancy
    solace-backup(configure/redundancy)# auto-revert
    solace-backup(configure/redundancy)# end

    Solace recommends running redundancy without the use of auto­-revert.

  13. Confirm that the primary appliance is active for the primary virtual router and the backup appliance is active for the backup virtual router. The Activity Status line should read “Local Active” for the primary virtual router and “Mate Active” for the backup virtual router.
    solace-primary# show redundancy
  14. Start the message spool that was shut down on the primary, then start the message spool that was shut down on the backup: 
    solace-primary# configure
    solace-primary(configure)# hardware message-spool
    solace-primary(configure/hardware/message-spool)# no shutdown primary
    solace-primary(configure/hardware/message-spool)# end

     

    solace-backup# configure
    solace-backup(configure)# hardware message-spool
    solace-backup(configure/hardware/message-spool)# no shutdown backup
    solace-backup(configure/hardware/message-spool)# end
  15. Resume message backbone service on both appliances:
    solace-primary# configure
    solace-primary(configure)# service msg-backbone
    solace-primary(configure/service/msg-backbone)# no shutdown

     

    solace-backup# configure
    solace-backup(configure)# service msg-backbone
    solace-backup(configure/service/msg-backbone)# no shutdown

Final Checks

  1. Ensure that the message-spool is AD-Active on the primary appliance, and AD-Standby on the backup appliance.
    solace-primary# show message-spool
  2. Ensure that the Redundancy state is correct for both appliances. That is, the Primary Virtual Router should be "Local Active" and the Backup Virtual Router should be “Mate Active”.
    solace-primary# show redundancy
  3. Finally, if you are using Config-Sync for your appliances (recommended), check if the Config-Sync database is in sync, and assert leader on the VPNs that are not in sync on the primary appliance:
    solace-primary# show config-sync database