Citrix SD-WAN Orchestrator


HA near-hitless software upgrade

  1. What is the difference between High Availability and Secondary (Geo) appliance?

    • High Availability ensures fault tolerance. Secondary (Geo) appliance enables disaster recovery.
    • High Availability can be configured for the MCN, RCN, and branch appliances. Secondary (Geo) appliance can be configured for MCN and RCNs only.
    • High Availability appliances are configured within the same site or geographical location. A branch appliance in a different geographical location is configured as Secondary (Geo) MCN/ RCN appliance.
    • High Availability primary and secondary appliance should be the same platform models. The Secondary (Geo) appliance might or might not be the same platform model as the primary MCN/RCN.
    • High Availability has higher priority over secondary (Geo). If an appliance (MCN/RCN) is configured with High Availability and Secondary (Geo) appliance, when the appliance fails the secondary high availability appliance becomes active. If both the high availability appliances fail or if the Data Center site crashes, the secondary (Geo) appliance becomes active.
    • In High Availability, the primary/secondary switchover happens instantaneously or within 10-12 seconds depending upon the high availability deployment. The primary MCN/RCN to secondary (Geo) MCN/RCN switch over, happens after 15 seconds of the primary being inactive.
    • High Availability configuration allows you to configure primary reclaim. You cannot configure primary reclaim for Secondary (Geo) appliance, the primary reclaim happens automatically after the primary appliance is back and the hold timer expires.
  2. What are the prerequisites for the HA near-hitless software upgrade?

    The existing customer network must already be running on Citrix SD-WAN 11.1 or higher release which supports the near-hitless upgrade procedure for HA.

  3. Is this functionality enabled by default or is there some setting to enable this?

    It is enabled by default.

  4. What if there are a few sites with Non-HA deployment?

    The sites with non-HA deployment are activated at the second step of activation. If the entire network does not have HA deployment then the single step upgrade is activated.

  5. What if the activation fails either on the Standby or Active appliance?

    The software has a timeout implementation. If the activation on the Standby appliance fails, after the timeout period, activation on the Active appliances is initiated.

  6. What is the duration of the timeout period?

    The timeout periods for the following upgrade activations are:

    • Configuration update activation: 5 minutes
    • Near hitless software upgrade for HA Step 1: 20 minutes
    • Near hitless software upgrade for HA Step 2: 20 minutes
    • Single step software upgrade activation: 20 minutes
  7. What if Active and Standby are in different software versions because of error/issues during upgrade?

    The HA pair continues to work in different software versions. Another Change Management Activation is required to bring the HA pair to the same software version.

  8. What if the standby appliance is down when we initiate software upgrade?

    Citrix SD-WAN Orchestrator service cannot complete the first step of near hitless upgrade activation process, which is upgrading the standby appliances and switching the standby appliances to active. It waits for the timeout period to get over and then transitions to the second step. As part of the second step, Citrix SD-WAN Orchestrator service upgrades the active appliances. The standby appliances get upgraded once they come back online.

  9. Can we time schedule software Upgrade/Activation?

    This functionality is not available currently.

  10. Does this process apply to RCN based deployments?


  11. Do we support partial site upgrade?

    Yes. Citrix SD-WAN Orchestrator service supports partial site upgrade from Citrix SD-WAN release 11.2.2 onwards. Even for the partial software upgrade scenarios, HA hitless upgrade is effective.

  12. Do we support revert-on error functionality?

    This functionality is not available currently.

  13. How are non-SD-WAN components such as LTE Firmware, SVM, and Citrix Hypervisor Hotfixes upgraded? Can we have scheduled installation of these non-SD-WAN components?

    This functionality is not available currently.

  14. What if there is any configuration change during the software upgrade? Are we going to inform the user/admin that we are not going to apply the HA near-hitless software upgrade?

    Yes. User/Admin is informed that there is a configuration change during current software upgrade activity. The user is given a choice to continue with the normal single step software upgrade procedure, instead of near-hitless upgrade.

2100 Premium (Enterprise) Edition

What does the following message indicate when a 2100 EE appliance is upgraded to release 10.0?

localized image

Appliance has EE license or WANOP redirection is enabled from MCN. You can schedule installation of WANOP components to start provisioning WANOP features on this platform.