Skip to main content

Illumio Core 21.5 Install, Configure, Upgrade

  • Illumio Core 21.5 Install, Configure, Upgrade
  • NEN Installation and Usage
  • Configure, Upgrade, or Revert High Availability (HA) NEN Support

Configure, Upgrade, or Revert High Availability (HA) NEN Support

This topic describes how to configure, upgrade, and revert HA NEN support. For information about running the NEN as an HA pair, see "NEN High Availability Support" in "About NEN Installation and Architecture."

Configure HA Support for the NEN

This optional procedure describes how to install the NEN on a secondary node to provide HA support for the NEN in a PCE cluster.

Prerequisite

  • You have already installed the NEN on the primary node.

  • service_discovery_fqdn must be the hostname or IP address of the primary node.

  • Network latency between DB nodes must not exceed 10ms.

  • nen_fqdn in the runtime_env.yml file:

    • Both nodes must have the same nen_fqdn so that the PCE knows they are part of the same NEN HA pair.

    • The nen_fqdn can be anything you choose as long as it is unique among NEN clusters paired to the PCE.

    • The nen_fqdn doesn't need to match the actual hostname of either node nor be resolvable via DNS.

  • Each NEN node's actual hostname must be resolvable from the actual hostname of the other node in the pair.

Note

You cannot change the nen_fqdn once the NEN has been paired to the PCE.

Procedure

  1. Install the NEN on the secondary node:

    sudo yum install -y <path_to_Illumio_NEN_rpm>/illumio-nen-<release_number>
-<build_number>.x86_64.rpm

  2. Set up NEN runtime environment on the secondary node using one of the following methods:

    • Method one (preferred): Copy /etc/illumio-nen/runtime_env.yml file from the primary node to /etc/illumio-nen/runtime_env.yml on the secondary node and change the node type:value to network_enforcement1

    • Method two: Issue sudo -u ilo-nen /opt/illumio-nen/illumio-nen-env setup and be prompted for the values instead of editing the file.

    sudo -u ilo-nen /opt/illumio-nen/illumio-nen-env setup

    Tip

    For an interactive installation, you can use either method. For information, see the section "To modify the template runtime environment file" in "Install a New Standalone NEN."

  3. Start the NEN on the secondary node:

    sudo -u ilo-nen /opt/illumio-nen/illumio-nen-ctl start

Upgrade a NEN HA Pair

To upgrade the nodes in a NEN pair, you must do so in the proper sequence when the nodes are in the proper state.

Before you begin

  • A rolling upgrade is not supported. Perform the upgrade in the order described in the steps below.

  • Make sure that the nodes can communicate with each other (that is, that the network connection between them is up). The nodes need to be able to share the same database information. This is to avoid a "split brain" state where both nodes can communicate with the PCE but not with each other.

Procedure

  1. Stop the secondary NEN node.

  2. Stop the primary node.

  3. Upgrade the primary NEN node.

  4. Wait for the primary NEN node to be online (in the RUNNING state).

  5. Upgrade the secondary NEN node.

Revert a NEN HA Pair to a Standalone NEN

In some cases, it may be necessary to revert a NEN HA deployment to a standalone NEN architecture.

Caution

Before reverting, make sure the NEN HA pair isn't in failover mode.

To revert a NEN HA pair to a standalone NEN 

  1. Stop the secondary NEN node.

    sudo -u ilo-nen /opt/illumio-nen/illumio-nen-ctl stop

  2. On the primary NEN node, edit the /etc/illumio-nen/runtime_env.yml file to change the cluster_type value to snc0. See .

  3. Restart the primary NEN node.

    sudo -u ilo-nen /opt/illumio-nen/illumio-nen-ctl restart

  4. Run the status command to verify that the system is up and running.

    sudo -u ilo-nen /opt/illumio-nen/illumio-nen-ctl status