AskF5 Knowledge Base
- Home
- Supported Products
- BIG-IP PEM / VE
- Release Notes
- product
- BIG-IP PEM 11.3.0
Applies To:
Show Versions
Release Note: BIG-IP PEM 11.3.0
Original Publication Date: 12/17/2012
Summary:
This release note documents the version 11.3.0 release of BIG-IP Policy Enforcement Manager.
Contents:
- Configuration utility browser support
- User documentation for this release
- New in 11.3.0
- Supported high availability configuration for Policy Enforcement Manager
- Installation overview
- Installation checklist
- Installing the software
- Post-installation tasks
- Installation tips
- Known issues
- Contacting F5 Networks
- Legal notices
Supported hardware
You can apply the software upgrade to systems running software versions 10.x or 11.x. For a list of supported platforms, see SOL9412: The BIG-IP release matrix. For information about which platforms support which module combinations, see SOL10288: BIG-IP software and platform support matrix.
Configuration utility browser support
The BIG-IP Configuration Utility supports these browsers and versions:
- Microsoft Internet Explorer 8.x and 9.x
- Mozilla Firefox 15.0.x and 9.0.x
- Google Chrome 21.x
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IP PEM / VE 11.3.0 Documentation page.
New in 11.3.0
Application Subscriber Awareness
Application and subscriber awareness allows traffic classification, while mapping network traffic to the recognized applications and takes into account the source of traffic generation for a subscriber. This information can be further used for application and subscriber visibility, reporting, and policy enforcement.
Application Subscriber Visibility
The application subscriber visibility feature provides business intelligence with visibility into the applications that subscribers use and also monitors the usage consumption. Policy Enforcement Manager classifies traffic, and measures volume and bandwidth consumption (per subscriber and per application), so you can view statistics to understand the current situation on the network. This information might be processed by an external analytics solution, which presents various reports that can be used for trending analysis and system troubleshooting.
Policing
Policy Enforcement Manager enforces policies provisioned by the Policy and Charging Rules Function (PCRF, see 3GPP TS 23.203 version 9.6.0 Release 9) or policies that are manually configured on the BIG-IP system. Enforcement policies can filter traffic based on application type or flow information. iRules can be used for creation and termination of sessions, policy assignments, and report formatting. Policy enforcement actions can be applied to the traffic as well. This includes enforcing bandwidth control by limiting application use, and using DSCP and link quality of service (QoS) marking for delegating policy enforcement actions to other enforcing devices, such as routers. Bandwidth controller, which is another policy action, is the next generation QoS solution. It works with Policy Enforcement Manager to manage bandwidth per subscriber, per application, or per network egress link.
Intelligent Traffic Steering
Enforcement policies can be created to steer particular types of traffic to external components that provide expert services for that traffic. For example, video traffic from certain subscribers can be forwarded to video optimization servers so that the subscriber receives seamless and optimized video traffic flow. Traffic can also be directed to multiple locations that can provide a number of value-added services, such as antivirus, parental control, and web caching.
Reporting
The reporting functionality addresses application and subscriber visibility. It enables the service providers to control and report the type of traffic in their network. Policy Enforcement Manager implements the reporting functionality by delivering reporting data (usage monitoring) over Gx, and uses the BIG-IP high-speed logging (HSL) infrastructure. HSL logging can include flow-based or session-based information, and it might be sent to an external analytics system.
Supported high availability configuration for Policy Enforcement Manager
Policy Enforcement Manager is supported in an active-standby and active-active configuration with two BIG-IP systems only.
Installation overview
This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP System: Upgrading Active/Standby Systems and BIG-IP System: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.
Installation checklist
Before you begin:
- Update/reactivate your system license, if needed, to ensure that you have a valid service check date.
- Ensure that your system is running version 10.0.0 or later and is using the volumes formatting scheme.
- Download the .iso file (if needed) from F5 Downloads to /shared/images on the source for the operation. (If you need to create this directory, use the exact name /shared/images.)
- Configure a management port.
- Set the console and system baud rate to 19200, if it is not already.
- Log on as an administrator using the management port of the system you want to upgrade.
- Boot into an installation location other than the target for the installation.
- Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to a safe place on another device.
- Log on to the standby unit, and only upgrade the active unit after the standby upgrade is satisfactory.
- Turn off mirroring.
- If you are running WAN Optimization Manager, set provisioning to Minimum.
- If you are running Policy Enforcement Manager, set provisioning to Nominal.
- If you are running Advanced Firewall Manager, set provisioning to Nominal.
Installing the software
| Installation method | Command |
|---|---|
| Install to existing volume, migrate source configuration to destination | tmsh install sys software image [image name] volume [volume name] |
| Install from the browser-based Configuration utility | Use the Software Management screens in a web browser. |
Sample installation command
The following command installs version 11.2.0 to volume 3 of the main hard drive.
tmsh install sys software image BIGIP-11.2.0.2446.0.iso volume HD1.3
Post-installation tasks
This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP System: Upgrading Active/Standby Systems and BIG-IP System: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.
- Ensure the system rebooted to the new installation location.
- Log on to the browser-based Configuration utility.
- Run the Setup utility.
- Provision the modules.
- Convert any bigpipe scripts to tmsh. (Version 11.x does not support the bigpipe utility.)
Installation tips
- The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.
- You can check the status of an active installation operation by running the command watch tmsh show sys software, which runs the show sys software command every two seconds. Pressing Ctrl + C stops the watch feature.
- If installation fails, you can view the log file. The system stores the installation log file as /var/log/liveinstall.log.
Known issues
| ID Number | Description |
|---|---|
| 403592 | Platforms with less than 6.5G memory cannot be upgraded to 11.3 if three or more modules are provisioned. Note that upgrades from 10.0.x display only an "upgrade failed" message as a software status. All other versions show a clear error message, guiding the users to SOL13988. Before upgrading, make sure you have only one or two modules provisioned if the BIG-IP system has less than 6.5G of memory. |
| 397157 | The service-option attribute of is configurable only in tmsh for the 11.3 release. |
| 397397 | When multiple static subscriber information is loaded from a .csv file, the subscriber information is lost if enter or CRLF is not entered at the end of each record line. To workaround this issue, press Enter or insert the CRLF character at the end of each row in the .csv file. |
| 398922 | Only a single instance of the diameter-endpoint profile is supported in this release: the system-supplied default "gx-endpoint" profile. As a result, diameter-endpoint profiles cannot be created or deleted in the GUI or in tmsh. |
| 398416 | If Gx reporting is selected for a rule, the BIG-IP system does not process the thresholds specified. It is expected that PCRF over Gx interface specifies the thresholds for each subscriber. Even though the option exists to specify the threshold for Gx reporting, it will be ignored. |
| 398666 | In order to combine forwarding endpoints and LSNAT, configure the final egress network to the Internet using the egress-interfaces option on the LSNAT pool. |
| 399119 | If a policy matched with flow filters drop or redirect the traffic, that traffic will not match other policy rules which use classification filters. |
| 400065 | Active FTP over IPv6 data channel traffic is classified as unknown. |
| 400370 | The Gmail webmail traffic is identified as a standard Gmail application, even when the Gmail basic HTML view is opened. |
| 400372 | The protocol msn_video is used by MSN Messenger for video conversations and is supported for MSN Messenger 8 and earlier. |
| 400385 | When you create an IPv6 radius listener, you then modify the RADIUS virtual to use IPv4. The RADIUS virtual will not work until you do bigstart restart tmm. To work around this issue, do not try to reassign IPv6 RADIUS virtual server to IPv4. If you need an IPv4 RADIUS server, create an IPv4 RADIUS virtual server manually. Otherwise, if you have an IPv6 RADIUS virtual server and want to use it for IPv4 instead, you will have to do bigstart restart tmm from the command prompt in order for the change to take effect. Hence, a RADIUS virtual server will work only after you do bigstart restart tmm if you change its address from IPv6 to IPv4. |
| 400799 | The DIAMETER::state command is not implemented for the diameter-endpoint profile or any profiles derived from it (such as the gx-endpoint profile). iRule developers should avoid using the DIAMETER::state command in iRules assigned to diameter-endpoint virtuals. |
| 400893 | The .csv file for uploading static subscribers has multiple lines with Mac end of line. To work around this issue, convert the file into WIN file format and upload from the GUI or tmsh. This will solve the issue. |
| 401739 | Creation of a large number (>10000) of custom categories or applications could lead to memory exhaustion and possibly crash the BIG-IP system. |
| 402868 | The PEM Subscriber import feature does not properly handle importing files which include whitespace in the file's name. To work around this issue, rename such subscriber data files to remove whitespace before importing. |
| 403374 | On rare occasions, when a policy is installed with 15 rules and reporting is configured on them, only 14 of the reports are generated when multiple flows (traffic) are sent matching all of them. Maximum usage reports per subscriber is supported. |
| 404107 | A virtual server using the gx-endpoint profile will not disconnect from a pool member that is removed from the pool unless the service-down-action of the pool is set to either drop or reset. To work around this issue, configure the pool associated with the gx-endpoint virtual to have a service-down-action of either drop or reset. |
Contacting F5 Networks
| Phone: | (206) 272-6888 |
| Fax: | (206) 272-6802 |
| Web: | http://support.f5.com |
| Email: | support@f5.com |
For additional information, please visit http://www.f5.com.
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
- The F5 Networks Technical Support web site: http://www.f5.com/support/
- The AskF5 web site: http://support.f5.com/kb/en-us.html
- The F5 DevCentral web site: http://devcentral.f5.com/
- AskF5 TechNews
F5 Networks Technical Support
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5
AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
F5 DevCentral
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
AskF5 TechNews
- Weekly HTML TechNews
- The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, fill out the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
- Periodic plain text TechNews
- F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email). To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you would like to subscribe with. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.
Search AskF5
- Supported Products
- BIG-IP LTM / VE
- BIG-IP AFM / VE
- BIG-IP Analytics / VE
- BIG-IP APM / VE
- BIG-IP ASM / VE
- BIG-IP Edge Gateway / VE
- BIG-IP GTM / VE
- BIG-IP Link Controller
- BIG-IP PEM / VE
- BIG-IP PSM / VE
- BIG-IP WebAccelerator / VE
- BIG-IP WOM / VE
- ARX / VE
- ARX Cloud Extender
- Data Manager
- Enterprise Manager / VE
- F5 Monitoring Pack
- FirePass / VE
- BIG-IQ Cloud
- BIG-IQ Security
- BIG-IP Edge Apps
- End-of-Life Products
- Recent Additions
- About AskF5
