Upgrading Gateway Image
A gateway image is a virtual resource or template that contains all the information required to launch, backup, or restore a gateway in your cloud network. Aviatrix periodically releases new gateway images that include updates, enhancements, and security improvements. A best practice is to plan to upgrade your gateways at least once a quarter.
For major security issues or software issues, Aviatrix sends out a field notice to notify you to upgrade to the newest image. You can review past Field Notices and Aviatrix Controller and Gateway Image Release Notes. |
You may need to upgrade your gateway image outside of a periodic upgrade in the following situations:
-
Aviatrix has released a new gateway image as part of a security update or product enhancement.
-
A gateway requires significant repair.
This document shows you how to upgrade an Aviatrix Gateway to a new image.
A gateway image upgrade is also known as a gateway replacement. |
Prerequisites
-
Check the current software version of your Controller. You cannot upgrade your gateways to a newer version than your Controller.
-
Schedule the gateway image upgrade every quarter or if you receive a field notice about a new image.
-
Schedule the gateway image upgrade for an off-peak time on your network or during a maintenance window. These upgrades do require some downtime, but they have minimal impact.
-
Consider enabling HA (High Availability) on the Transit and Spoke Gateways that require an image upgrade, if you have not done so. HA helps minimize downtime.
-
If you do not have HA configured, a gateway image upgrade requires downtime.
-
If you have HA configured, when you perform a gateway image upgrade, your Controller routes all traffic to the gateway that is not being replaced. Performance during the upgrade depends on the size of the gateway and the amount of traffic.
Before upgrading, consider increasing the size of your gateway, if the traffic load is high. Even with HA configured, if you have high traffic during a gateway image upgrade, the gateway that remains up could receive too much traffic. Schedule gateway image upgrades during a low-traffic period.
-
-
Before upgrading any gateway images, upgrade your Controller to the latest software version. This software upgrade ensures that you can update to the latest gateway image and reduce downtime for gateway image upgrades.
Image Upgrades by Gateway Type
The process and best practices for upgrading a gateway image can differ based on the type of gateway. Review this list to decide how to structure and schedule your gateway image upgrades.
Gateway Type | Image Upgrade Notes |
---|---|
OpenVPN Gateway |
|
FQDN Gateways with HA |
The Controller does not reroute all traffic for these gateways. |
Public Subnet Filtering (PSF) Gateway |
This gateway type does not have HA. |
Transit and Spoke Gateways |
If your network has many Spoke Gateways, replacing the Transit primary or HA Gateways takes more time. Wait for one group of image upgrades to complete before beginning another. |
Site2Cloud Gateways |
A best practice is to upgrade one gateway at a time. |
Edge Gateways |
|
Upgrade Gateway Image
-
In your Controller, go to Settings > Maintenance.
-
In the Selective Gateway Upgrade window, select the gateways that require an upgrade. The system automatically selects the platform controller current software version and the compatible gateway image version for that software version.
-
Your Controller can replace up to 15 gateways in parallel. Try to group your image upgrades in groups of no more than 15.
-
For greater simplicity and efficiency, combine all your HA gateways and all primary gateways in separate operations.
-
To organize multiple image upgrades, consider spreading out groups of upgrades in separate windows on your browser.
-
-
Click IMAGE UPGRADE. You can follow the status in the progress window.
Replacing a gateway can take 5-7 minutes. After the gateway is up, it takes more time for the tunnels to come up. The total length of time required varies depending on the number of tunnels. For example, depending on the software version of the Controller, it may take up to one hour to upgrade 4,000 tunnels. |
Verify
Verify the gateway upgrade by reviewing the gateway information in the Current Image Version column in the Selective Gateway Upgrade window. For information about migrating your Controller to a new image, see Migrating Your Aviatrix Controller.
Migrating Unmanaged Disk to Managed Disk (Azure)
If you have a gateway deployed on Azure and you intend to migrate your unmanaged disk to a managed disk, it is recommended to follow the process of gateway image upgrade. This gateway image upgrade will automatically migrate the unmanaged disk to a managed disk after the gateway image upgrade.
It is highly recommended to migrate your unmanaged disk to a managed disk as soon as possible, as Azure will be retiring unmanaged disks soon. |