When to upgrade?

mer · Mar 13, 2023, 4:38 PM

This is probably in the wrong spot, if it is, mods feel free to move it.

Context:
I've got a 2440 that's been chugging along just fine (after the RMA for a red light dead boot) at least 4 yrs from the RMA, original was probably 2-3 yrs before that.

Picked up a 4100, got here yesterday, all configured up, so the question:
Do I keep the 4100 as a cold spare, schedule replacement with the family, wait for the 2440 to die, wait for a power outage or just replace it?

I know first world problems, since it's just SOHO situation it's not a performance issue, it's more when is hardware going to go kaput.

Thanks for any and all opinions.

NollipfSense · Mar 13, 2023, 4:48 PM

@mer Only you can make that judgement call...if it were me, I would take that 4100 (if it's newer) for a spin in you soho environment replacing the older and keeping that for cold spare.

mer · Mar 13, 2023, 4:58 PM

@nollipfsense But if "the internet goes down" family doesn't like it :)

I'm running the 4100 behind the 2440 at the moment (yes I know double NAT) with a couple of systems just to prove out and make sure the config is correct/matches the 2440. But I've been leaning towards just swapping, we've got snow coming in so maybe a power outage gives me the spot.

NollipfSense · Mar 13, 2023, 5:56 PM

@mer said in When to upgrade?:

"the internet goes down" family doesn't like it :)

Promise you, I know what you mean...there seems to be no life without the Internet...

SteveITS · Mar 13, 2023, 7:02 PM

@mer If you wanted to get fancy you could use the 4100 as the primary and set up a high availability failover to the 2440. Advantage: can upgrade them during the day without said family noticing.

mer · Mar 13, 2023, 7:14 PM

@steveits Ooh. There's an idea. Only one cable modem coming in so that implies a switch after...Hmm....

SteveITS · Mar 13, 2023, 7:26 PM

@mer What is your ISP? Here, Comcast provides NAT on their router even if in bridge mode, so the WAN on router1 and router2 are both their 10.1.10.x subnet and the shared IP is the public IP. They also have multiple ports on their hardware so no switch.

mer · Mar 13, 2023, 8:21 PM

@steveits Comcast but I own my cable modem. They stop at my input, everything after that is mine. Moto MB8600, single ethernet output. Not sure what would happen if I put a switch after the CM and hooked up 2 "endpoints".

Now what would be better if I wanted to pay would be bring Fidium in and have true dual wan inputs.

SteveITS · Mar 13, 2023, 8:14 PM

@mer Ah. Yeah in that case the modem might not provide NAT in which case HA is problematic if the router without the public IP can't access the Internet. I was thinking of business accounts not home accounts, sorry. (even though I have my own modem also)

You could try putting in a switch and plugging in a laptop, and see what you get.

AndyRH · Mar 13, 2023, 8:21 PM

What I did when I swapped my new Netgate device in was to get up early, move some cables and make a few last minute config changes. No one noticed...
If you do not like early, send them out for dinner.
These things are so much easier at work.

SteveITS · Mar 13, 2023, 8:23 PM

@andyrh said in When to upgrade?:

send them out for dinner.

Tee hee...IT is so much easier without the people.

mer · Mar 15, 2023, 8:32 PM

@steveits Yes, yes it is.
Well the question of "when" was answered by Mother Nature for me Tues at 930am EDT when power went out.
Took the opportunity to rearrange and label cables and put the 4100 into service. Of course I couldn't test until now when power came back.

But the surgery was a success.

stephenw10 · Mar 15, 2023, 10:27 PM

HA between those would be complex even given available IPs because they don't share any interfaces. There are no igb NICs in the 4100. So you would need to use a few dirty tricks!
Better to avoid that.

Steve

SteveITS · Mar 15, 2023, 10:31 PM

@stephenw10 But...I thought that was no longer an issue?
https://docs.netgate.com/pfsense/en/latest/highavailability/pfsync.html#pfsync-and-physical-interfaces

“This is no longer the case on pfSense Plus software version 22.01 and later and pfSense CE software version 2.6.0 and later. On these versions, the states are no longer bound to interfaces in the way described in this section.”

mer · Mar 15, 2023, 10:46 PM

@steveits The 2440 is running 2.4.4 or something; it was running fine so never updated when it was available and before losing power it said "no updates available", so that likelyu would have needed "dirtier tricks".

I own my cable modem, so comcast is handing out a public IP for WAN not sure what would happen if I tried to hook up 2 on a switch behind it. Probably violate some hidden term somewhere.

But it was an interesting idea I'll have to investigate just for the knowledge.

stephenw10 · Mar 16, 2023, 7:37 AM

@steveits said in When to upgrade?:

@stephenw10 But...I thought that was no longer an issue?
https://docs.netgate.com/pfsense/en/latest/highavailability/pfsync.html#pfsync-and-physical-interfaces

Hmm, that is a good point. It could be I've just been doing it that way too long. It's true that states no longer reference the physical NIC names directly. However I would still not recommend trying to setup an HA pair between anything but identical hardware.

@mer said in When to upgrade?:

The 2440 is running 2.4.4
Be aware that if you had an issue with the 4100 and had to switch back to the 2440 you could not import the 4100 config into it. So any changes you had made to the config since switching would be lost.
I would upgrade the 2440 to 23.01 once you are happy with he 4100 as the primary device.

Steve

mer · Mar 16, 2023, 7:37 AM

@stephenw10 I assume I'll need to contact support for a link to an image for the SG2440?
I've been tweaking the config for a while, the most that changes is DHCP static mappings when we get new phones, so I basically put the 4100 behind it, then walked through my checklist/network diagram and recreated the config on the 4100, compared the two, tweaked, compare. The only difference between the two are the IPs for LAN and LAN2/OPT1.

Thanks for all the ideas.

SteveITS · Mar 16, 2023, 2:16 PM

@mer said in When to upgrade?:

contact support for a link to an image for the SG2440

yes. https://docs.netgate.com/pfsense/en/latest/solutions/sg-2440/reinstall-pfsense.html

alt answer: https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors. Though 2.4 is pretty old and Netgate will usually recommend here to just install new. If you did get it to work I'd personally try upgrading to "previous stable version" first instead of jumping all the way forward, but that still skips multiple versions.

mer · Mar 16, 2023, 2:28 PM

@steveits Thanks. I know my 2440 is old, but it's been a "ain't broke don't fix it but plan an upgrade" The 4100 is running nicely so at the moment the 2440 becomes a test system.

stephenw10 · Mar 16, 2023, 2:47 PM

I would upgrade it to 23.01 now while there's no pressure.