How to Upgrade safely & with minimal interruption ?



  • Hi,

    I'm running 10+ important VMs behind a pfsense VM (pf2_2), running 2.2.6 and pound at the moment. The server receives traffic on 4 IPs, each one with a MAC given by our provider.

    I plan to upgrade to version 2.3.1 and to replace pound by squid3 as a reverse proxy (pf2_3). But I just can't stop the current Pfsense more than 5 minutes, nor afford to take the risk of breaking the whole thing. I guess that with my current workload I'll need about 1 week to test everything and new functions as well…

    So I'm more or less thinking about having a front VM, running pfsense with all the public IPs to forward incoming connections either to the legacy 2.2 server (for our clients), or to the new 2.3 server to test new functions (for our testers), then simply telling front_fw to route to pf2_3 when everything is ok.

    Does this make sense, or is there an easier way to perform this upgrade in a safe way?

    Thanks in advance for your tips !

    Fred



  • Well one thing that comes to mind, is a failover setup (carp)? That would take away lots of your worries, and as it is already a vm the added cost is minimal.
    Maybe one caveat; Not sure though on the "MAC given by our provider" thing? I seem to remember there was some limitation of spoofing a MAC for a CARP IP… that would be worth a question or search in the CARP forum.