Migrating Azure vSockets to a 2-NIC Solution

This article explains how to migrate an Azure vSocket from a VM with 3 network interfaces (NICs) to 2 NICs.

Note

Note: Cato is gradually releasing this feature. Customers will receive a separate dedicated email notification when it is ready for their account.

Overview

This article provides information about Cato's supported Azure vSockets. Previously, Cato only supported Azure vSockets with 3 network interfaces. Starting with Socket v21, you can now create new Azure instances that have 2 interfaces, and migrate your existing vSockets to a 2-NIC instance.

The following sections explain how to migrate your existing vSockets to a Standard_D2s_v5 instance.

You are not required to migrate to a 2-NIC instance and can continue using the supported 3-NIC instances

2 NICs or 3 NICs

There are two main differences between the 2-NIC and 3-NIC Azure vSockets:

  • 3-NIC instances support a MGMT interface, which is not available for 2-NIC instances
  • 2-NIC instances are cheaper than the 3-NIC instance

For information about the supported 3-NIC Azure instances, see this document. For information about Azure pricing, see the relevant Microsoft documentation.

Instructions

In an HA configuration, you should run the migration procedure on your secondary vSocket before your primary vSocket.

  1. If you are currently on the Standard_D2S_v4 Azure instance, before upgrading to Socket v21, you have to resize your instance to the 3-NIC supported instance. If you are already on the 3-NIC supported instance, you can skip to the next step.

    Note

    Note: For Azure HA vSockets with Standard_D2S_v4 instances and Availability Set, there is downtime for the site during this process for up to 17 minutes.

  2. Manually upgrade to Socket v21.
    Note: Make sure to wait for a Cato notification that the upgrade was completed successfully, the upgrade process can take up to 17 minutes. The successful upgrade is notified with an event, email, and message in the CMA notification area.
  3. After upgrading, run the migration script using AzureCLI.
    The script will disassociate the management interface from the Azure instance. As part of the process, the vSocket will shut down and come up after one minute.
  4. Downsize your instance to Standard_D2s_v5.
  5. Confirm that you are connected to the Cato Cloud.

If you are in an HA configuration, repeat this process for the primary vSocket.

(Optional) Switch back to a 3-NIC solution

  1. If you are currently running on Standard_D2S_v4 or Standard_D2S_v5 first resize to a supported 3-NIC instance.
  2. Proceed to run the migration script and in step 5 select No, the script will then ask if you would you like to add Management Network interface, select Yes and select the relevant NIC from the list to finish the process.

Running the Migration Script

After the vSocket is upgraded to v21, run the migration script to remove the management interface from the vSocket:

  1. Download the migration script
  2. Connect to Azure CLI from within the Azure user interface only and, under Manage files, upload the script

    Note

    Note: Running the script outside of the Azure user interface might cause the script to fail.

    Screenshot 2024-09-22 at 13.48.57.png

  3. Change the run permissions on the script using the following command:
     chmod 755 <filename>
  4. Run the script using the following command:
     sh <filename>
    1. Enter the subscription ID.
    2. Select VM Resource Group.
    3. Select Location
    4. Select the relevant VM instance
    5. Select Yes to remove the MGMT network interface and select the NIC to remove.
    6. Select the relevant WAN NIC.

      At this point, the MGMT interface is disconnected and the script completes.

Confirm HA Failover

If you are in an HA configuration, it is important that you also confirm that the HA failover works during this procedure.

Go to the WebUI's Network Tools section and run the API Test Tool.

  • If the test fails, follow the troubleshooting steps mentioned in Troubleshooting Azure HA vSocket.
  • If the API Test is successful, follow the steps described in the next sections.

Note

Note: During the resize operation, the Socket WebUI API Test Tool on the Secondary vSocket might return the following message:

Azure API Test state 'Retrieve NIC configuration for current socket' failed! Azure API BLOCK state 'Unblock ALL AZ API'

If the test succeeds on the Primary vSocket, this message is a mistake and you can safely ignore this specific result and continue with the resizing procedure below.

 

Confirm Connectivity to Cato

  • From the Monitoring > Topology page, select the Azure vSocket site and in the Site > Socket Configuration section, click Action > Socket WebUI for the Primary and Secondary vSockets.

    The browser opens a new tab and logs in to the Socket WebUI.

    When the vSocket is functioning correctly, the Socket WebUI displays the Monitor tab and the active links have green Link Status icons. The example below shows the WAN links (1 and 4) have green icons.

vSocket_webUI.png

 

Was this article helpful?

1 out of 1 found this helpful

1 comment

  • Comment author
    Ryu Lekranty
    • Edited

    We've just upgraded the vSocket to v21.0.18735 and has the instance Standard_D8ls_v5. We are now at step 4 of running the script selecting the VM, however we run into the following error.

    ERROR: Failed to connect to MSI. Please make sure MSI is configured correctly.
    Get Token request returned: <Response [400]>
    Can't perform Add/Remove Mgmt interface.
    Socket is not stable or Version is less than v21
    Or there is no ability to run az vm extention on the socket
    Can't continue, Socket is not compatible for add/remove mgmt iface!
    Exiting ...

    Any idea what the issue could be? Customer account has full rights and the vm is able to run extentions.

Add your comment