Citrix ADCs support critical application infrastructure that is essential to operations at many organizations. The first five seconds of a web page load has a high impact on user experience and, ultimately, business revenue. Capabilities such as high availability and connection failover offer a layer of assurance that there will be no interruptions in your data flow and app delivery.
By keeping your Citrix ADCs updated with the latest software, you get access to new features, critical security patches, and important bug fixes. However, when it comes to software upgrades for your Citrix ADC, admins need to plan accordingly to ensure there is no interruption to business continuity. Candidate software versions need to be tested, traffic patterns need to be analyzed for downtime, and IT teams must be available to ensure a successful upgrade.
The new In-Service Software Upgrade (ISSU) for high availability for Citrix ADC pairs helps you upgrade to the latest software version without disrupting your apps. A high availability (HA) deployment of two Citrix ADC appliances can provide uninterrupted operation where one appliance is configured as the primary node and the other as the secondary or backup node.
The primary node actively processes traffic while the secondary node monitors the primary and takes over (failover) if the primary node becomes unhealthy. When an HA pair needs upgrading, the secondary node is upgraded, a force failover is executed where the upgraded node takes over, and the remaining node is upgraded. This way, one node is always actively processing traffic, keeping the application alive.
For an HA pair to truly function to its fullest potential, both nodes must run the same version of the Citrix ADC software. Features such as connection failover only function in this format. During the upgrade process, there is a time right after upgrading the secondary node and prior to upgrading the remaining node when there is a version mismatch. When a failover occurs at this stage, all existing connections are lost, leading to downtime.
This is where ISSU can help. It introduces a migration function that honors existing connections during the failover process, resulting in zero downtime. When the migration function is executed, the upgraded node (new primary) receives traffic for the existing connection but then steers it back to the node that was previously serving traffic for these connections (old primary). The old primary then processes the traffic and sends it to the destination.
The migration is complete when all existing connections are closed. Then, a user can upgrade the remaining node. This migration step ensures that all active connections are fulfilled and results in a zero-loss upgrade process.
The migration can be initiated from the UI or CLI, and its status can be monitored. SNMP traps are also supported to alert users when migration begins and completes. Information pertaining to the respective sessions can be viewed as well. The ISSU statistics displays the following information:
- Current status of ISSU migration operation
- Start time of the ISSU migration operation
- End time of the ISSU migration operation
- Start time of the ISSU rollback operation
- Total number of connections that are processed as part of ISSU migration operation
- Number of remaining connections that are being processed as part of ISSU migration operation
- Information on connections that were migrated.
If an end user sees issues after the upgrade or has concerns regarding the health of the system, the admin can always rollback using the ISSU rollback capability. The rollback stops the migration process and triggers a failover on the node now processing new connections. The system is brought back to the state before the initial migration began.
Even during the rollback, the system honors all connections ā old and new ā and continues to process them. A user with an active connection prior to or during the upgrade will not experience disruption, regardless of whether the upgrade was successful or unsuccessful. Itās a truly transparent experience for the end user.
Check out our product documentation for more information and a detailed walkthrough on the new ISSU capability.