FortiADC HA-Cluster Upgrade:

FortiADC HA-Cluster Firmware version upgrade process is streamlined, which helps to eliminate or minimize the downtime requirements.

With the HA Cluster Upgrade option, the primary appliance will transmit the firmware file to the standby appliance over its HA link. The standby appliance will upgrade its firmware first, and then on the primary. After the upgrade process is completed, the system determines whether the original node becomes the primary node, according to the HA Override setting.

Possible Downtime:

When operating in a high availability (HA) cluster, FortiADC includes a built-in upgrade timer set to 10 minutes. During the firmware upgrade process, the primary appliance pushes the firmware file to the standby unit and initiates the timer countdown.

If the standby appliance does not complete the upgrade and boot-up within this 10-minute window, the primary unit will proceed with its upgrade and reboot, regardless of the standby unit's status.

In certain scenarios, FortiADC may experience prolonged boot-up times. This behavior has been observed on specific hardware models and virtual machine (VM) instances, often due to system resource constraints or performance limitations.

Additionally, it may be associated with certain firmware versions.

A notable case occurs when upgrading to FortiADC firmware v7.6.2, which includes a data partition size expansion.

This process involves resizing system partitions and contributes to a significantly longer upgrade time compared to a standard firmware update.

If the standby unit takes more than 10 minutes to complete the upgrade and boot-up, the primary appliance will continue with its upgrade and reboot after the timer expires. This can result in temporary service disruption, as both units may be unavailable simultaneously until the standby unit finishes booting and assumes the primary role.

Example of events observed in hasyncd.log of FortiADC:

01.01 00:03:16 _upgrade_timer_process:1257 upgrade timer: Waiting for 1 peer, Checking count left 120

...

01.01 00:13:01 _upgrade_timer_process:1257 upgrade timer: Waiting for 1 peer, Checking count left 3

01.01 00:13:06 _upgrade_timer_process:1257 upgrade timer: Waiting for 1 peer, Checking count left 2

01.01 00:13:11 _upgrade_timer_process:1257 upgrade timer: Waiting for 1 peer, Checking count left 1

01.01 00:13:16 _upgrade_timer_process:1265 Wait upgrade ack time out, device upgrade is about to start.

Conclusions:

Though the process is streamlined, it is still recommended to schedule downtime in case of unexpected failure.

Related documents:

Upgrading an HA cluster