Product Documentation

Remove and Replace a Citrix ADC in a High Availability Setup

This topic helps you to address RMA replacements. Also, this topic has instructions on how to backup configurations, upgrade or downgrade shipped software version, and setup of RPC password on ADC.

Points to Consider

The following configurations are not synchronized or propagated in a high availability configuration in INC (Independent Network Configuration) or non-INC mode:

  • All node specific HA configuration commands. For example, add ha node, set ha node, and bind ha node.
  • All Interface related configuration commands. For example, set interface and unset interface.
  • All channel related configuration commands. For example, add channel, set channel, and bind channel.
  • All Interface HA Monitoring configuration commands.

The following configurations are not synced nor propagated in an HA configuration in INC mode (Independent Network Configuration):

  • SNIPs
  • VLANs
  • Routes (except LLB routes)
  • Route monitors
  • RNAT rules (except any RNAT rule with VIP as the NAT IP)
  • Dynamic routing configurations

Instructions

Complete the following steps to replace a Citrix ADC in high availability setup:

  • Remove an Active Citrix ADC secondary node
  • Configure Replacement secondary node
  • Verify and Update the Software Build on Replacement ADC
  • Set Password on New secondary to Match primary
  • Add Licenses to Replacement ADC
  • Creating HA Pair between primary and New secondary node

Remove an Active Secondary Node

  1. Log on to both ADCs and run the following command to confirm which node is primary and which node is secondary:

    show ha node
    
  2. Log on to the primary ADC, backup the configurations on the primary node, and copy the files off of the ADC prior to the changes. These files are located under “/var /ns_sys_backup/” directory.

    The steps are as follows:

    1. Save the ADC running configurations to memory:

      save ns config
      
    2. Create the full backup file package:

      create system backup -level full
      
    3. Create the basic backup file package:

      create system backup -level basic
      
  3. After all backup files have been generated, be sure to copy them off of the device before proceeding.

    From a windows terminal, open a Command Prompt and copy the backup files off of the ADC and onto your local hard drive. This can be done using the following command:

    pscp <username>@<NSIP>:<Target file source>  <Target file destination>
    

    Example:

    pscp nsroot@10.125.245.78:/var/ns_sys_backup/backup_basic_10.125.245.78_2016_09_14_15_08.tgz c:\nsbackup\backup_basic_10.125.245.78_2016_09_14_15_08.tgz
    

    When prompted, enter the password for the specified administrator account, then hit Enter. Repeat these steps until all backup bundles are copied to the local PC before proceeding.

  4. SSH into the secondary ADC, and set the unit to the “STAYSECONDARY” status. This will force the unit to not attempt to assume the primary role in the event of a detected failure during the swap. Confirm that you are connected to the secondary ADC before executing this step

    set ha node –haStatus <state>
    set ha node –haStatus STAYSECONDARY
    
  5. Once the secondary ADC’s Node State successfully displays STAYSECONDARY, switch to the primary ADC and delete the secondary node and run the following command:

    save ns config
    

    While logged into the primary ADC, run the following commands

    1. Run the following command to identify which numerical value represents the secondary HA node:

      show ha node
      
    2. Run the following command to remove the secondary ADC from the primary HA pair;

      rm ha node <node ID>
      
    3. Run the following command to save the configuration:

      save ns config
      
    4. With the secondary ADC now removed, shutdown, disconnect, and remove the secondary ADC from the network.

      Note. Be sure to label all connections before disconnecting.

Configure Replacement Secondary Node

  1. With the replacement ADC in place, power up the new device. DO NOT CONNECT the network connections at this point.

  2. With boot-up complete, use the console port to connect to the ADC and configure the NSIP that you will use to connect to the unit.

  3. When prompted, select 4.

    Note. In this example, we are using a different NSIP for the replacement ADC. If you wish to use the original secondary unit’s IP, You may change it on the replacement before binding the new ADC to the primary HA unit.

  4. The ADC should now be booted. Now connect the network interface that will be used for Management traffic, and confirm that the IP address is reachable from your network.

Verify and Update the Software Build on Replacement ADC

Before syncing the new unit to the primary ADC, we need to ensure that both ADCs are running the same build.

  1. To verify the version on ADC run the following command:

    show version
    
  2. While on the new secondary ADC, create a subfolder in /var to be used for the upgrade.

  3. Go to Citrix Downloads and download the appropriate package that matches the build version running on the primary ADC.

  4. Download and extract the .tgz file:

    tar -xvzf "file.tgz"
    
  5. Copy the extracted files to the secondary ADC. On your windows terminal, open a “Command Prompt” and navigate to the directory containing the extracted .tgz build package and run the following pscp command:

    pscp <Target file source>  <username>@<NSIP>:<Target file destination>
    

    Example:

    C:\inetpub>pscp c:\inetpub\build-12.1-47.14_nc.tgz nsroot@10.20.245.80:/var/NS_upg_12.1_47.14/build-12.1-47.14_nc.tgz
    
  6. After the file has been transferred, return to the secondary ADC and upgrade. For detailed instructions, see Upgrading a Citrix ADX Standalone Appliance.

  7. Once the new secondary has rebooted, SSH back into the unit and confirm that the upgrade is successful and the build matches that of the primary.

Set Password on Replacement Secondary Node to Match Primary

Note: If at this point you want to change the management IP (NSIP) address of the new secondary ADC, you may do so before moving forward.

Change the password on the new secondary ADC to match the password that is currently on the primary ADC.

  1. Make that the default administrator (nsroot) account password is the same as the primary ADC. This is accomplished using the following command while logged in through SSH into the new secondary unit:

    set system user <user> <password>
    

    This command set/resets the password for the specified user.

  2. SSH into the primary and new secondary ADC and confirm that passwords match.

Add Licenses to Replacement Secondary Node

With the new ADC updated and ready for pairing, download and install the appropriate licensing for the replacement node.

  1. Navigate to https://www.mycitrix.com to request and download licenses for the new replacement unit.

  2. Once you have all appropriate licenses downloaded, SSH into the new secondary ADC and type the following command to see the current state of licensing:

    show license
    
  3. From the Windows terminal command prompt you must now upload the license files to the new secondary ADC using the following command:

    Note. If you have multiple licenses, repeat this step until all licenses are uploaded.

    pscp <Target file source>  <username>@<NSIP>:<Target file destination>
    

    Example:

    C:\inetpub>pscp c:\inetpub\NS-VPX-3K-LIC-020030ad0024.lic nsroot@10.125.245.80:/nsconfig/license/NS-VPX-3K-LIC-020030ad0024.lic
    
  4. SSH into the new secondary ADC and perform a warm reboot using the following command:

    reboot –w
    

    After the unit is restarted, SSH into the unit and run show license command once again. At this point, the licenses should be applied.

Set up High Availability between primary and New Secondary Node

At this point, we are now ready to join the Citrix ADC units into a high availability pair. For more information, see Configuring high availability.