AskF5 Knowledge Base
- Home
- Supported Products
- BIG-IP GTM / VE
- BIG-IP GTM and BIG-IP Link Controller 11.3.0
Applies To:
Show Versions
Release Note: BIG-IP GTM and BIG-IP Link Controller 11.3.0
Original Publication Date: 04/24/2013
Summary:
This release note documents the version 11.3.0 release of BIG-IP Local Traffic Manager and TMOS.
Contents:
- Configuration utility browser support
- User documentation for this release
- New in 11.3.0
- New in 11.2.1
- New in 11.2.0
- New in 11.1.0
- New in 11.0.0
- Installation overview
- Installation checklist
- Installing the software
- Post-installation tasks
- Installation tips
- Upgrading from earlier versions
- Fixes in 11.3.0
- Fixes in 11.2.1
- Fixes in 11.2.0
- Fixes in 11.1.0
- Fixes in 11.0.0
- Behavior changes in 11.3.0
- Behavior changes in 11.2.1
- Behavior changes in 11.2.0
- Known issues
- Contacting F5 Networks
- Legal notices
Supported hardware
You can apply the software upgrade to systems running software versions 10.x or 11.x. For a list of supported platforms, see SOL9412: The BIG-IP release matrix. For information about which platforms support which module combinations, see SOL10288: BIG-IP software and platform support matrix.
Configuration utility browser support
The BIG-IP Configuration Utility supports these browsers and versions:
- Microsoft Internet Explorer 8.x and 9.x
- Mozilla Firefox 15.0.x and 9.0.x
- Google Chrome 21.x
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IP GTM / VE 11.3.0 Documentation page.
New in 11.3.0
GTM Save Interval Configuration
By default, configuration changes to the BIG-IP Global Traffic Manager are saved in the bigip_gtm.conf file every 15 seconds. In this release, you can configure how often GTM saves configuration changes.
DNS Remote High-Speed Logging
You can now configure BIG-IP system to log information about DNS traffic and send the log messages to remote high-speed log servers. You can choose to log either DNS queries or DNS responses, or both. In addition, you can configure the system to perform logging on DNS traffic differently for specific resources.
DNS Detailed Statistics
You can now view DNS AVR and DNS global statistics on the BIG-IP system to help you manage and report on the DNS traffic in your network. DNS AVR statistics include DNS requests per: virtual server, query name, query type, client IP address. DNS Global Statistics include: total DNS requests and responses, details about the DNS queries and responses, number of wide IP requests, number of DNS Express requests and notifies, number of DNS cache requests, number of DNS IPv6 to IPv4 requests, rewrites, and failures, and number of unhandled query actions per specific actions.
Common/Unified Logging
You can now configure the BIG-IP system to send specific log messages to multiple destinations, including remote, high-speed log servers, using publishers and log destinations.
New in 11.2.0
Google Chrome support
This release provides full support for current releases of the Google Chrome browser.
DNS cache
In this release, you can configure a cache on the BIG-IP system to cache DNS responses. The next time the system receives a query for a response that exists in the cache, the system returns the response from the cache.
New in 11.1.0
New in 11.1.0
There are no new features specific to Global Traffic Manager/Link Controller.
New in 11.0.0
DNS Express
You can now configure DNS Express on BIG-IP Global Traffic Manager (GTM) to mitigate distributed denial-of-service attacks (DDoS) and improve performance of both the local BIND server on the BIG-IP system and any back-end DNS servers.
GTM on VIPRION
This release provides support for BIG-IP GTM on the VIPRION platforms.
Virtual Edition
BIG-IP GTM is now available as a Virtual Edition (VE).
IP Anycast
This release provides support for IP Anycast for DNS services on BIG-IP GTM. This configuration helps mitigate distributed denial-of-service attacks (DDoS), reduce DNS latency, improve the scalability of your network, and assist with global traffic management.
Device-specific Probing and Statistics Collection
With this release, you can configure BIG-IP Global Traffic Manager (GTM) to perform intelligent probing of your network resources to determine whether the resources are up or down. This allows you to specify which BIG-IP systems probe specific servers for health and performance data.
Life Span of Default System Certificates Extended
This release provides default system certificates with a ten year initial life span on BIG-IP GTM.
GTM Monitor Supports Route Domains
You can now deploy BIG-IP GTM on a network where BIG-IP Local Traffic Manager (LTM) systems are configured with route domains.
Installation overview
This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP System: Upgrading Active-Standby Systems and BIG-IP System: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.
Installation checklist
Before you begin:
- Update/reactivate your system license, if needed, to ensure that you have a valid service check date.
- Ensure that your system is running version 10.0.0 or later and is using the volumes formatting scheme.
- Download the .iso file (if needed) from F5 Downloads to /shared/images on the source for the operation. (If you need to create this directory, use the exact name /shared/images.)
- Configure a management port.
- Set the console and system baud rate to 19200, if it is not already.
- Log on as an administrator using the management port of the system you want to upgrade.
- Boot into an installation location other than the target for the installation.
- Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to a safe place on another device.
- Log on to the standby unit, and only upgrade the active unit after the standby upgrade is satisfactory.
- Turn off mirroring.
- If you are running WAN Optimization Manager, set provisioning to Minimum.
- If you are running Policy Enforcement Manager, set provisioning to Nominal.
- If you are running Advanced Firewall Manager, set provisioning to Nominal.
Installing the software
| Installation method | Command |
|---|---|
| Install to existing volume, migrate source configuration to destination | tmsh install sys software image [image name] volume [volume name] |
| Install from the browser-based Configuration utility | Use the Software Management screens in a web browser. |
Sample installation command
The following command installs version 11.2.0 to volume 3 of the main hard drive.
tmsh install sys software image BIGIP-11.2.0.2446.0.iso volume HD1.3
Post-installation tasks
This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP System: Upgrading Active-Standby Systems and BIG-IP System: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.
- Ensure the system rebooted to the new installation location.
- Log on to the browser-based Configuration utility.
- Run the Setup utility.
- Provision the modules.
- Convert any bigpipe scripts to tmsh. (Version 11.x does not support the bigpipe utility.)
Installation tips
- The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.
- You can check the status of an active installation operation by running the command watch tmsh show sys software, which runs the show sys software command every two seconds. Pressing Ctrl + C stops the watch feature.
- If installation fails, you can view the log file. The system stores the installation log file as /var/log/liveinstall.log.
Upgrading from earlier versions
Your upgrade process differs depending on the version of software you are currently running. Software version 10.x introduced the ability to run multiple modules based on platform. The number and type of modules that can be run simultaneously is strictly enforced through licensing. For more information, see SOL10288: BIG-IP software and platform support matrix.
Upgrading from version 10.x or 11.x
When you upgrade from version 10.x or 11.x software, you use the Software Management screens in the Configuration utility to complete these steps. To open the Software Management screens, in the navigation pane of the Configuration utility, expand System, and click Software Management. For information about using the Software Management screens, see the online help.
Upgrading from versions earlier than 10.x
You cannot roll forward a configuration directly to this version from BIG-IP version 4.x, or from BIG-IP versions 9.0.x through 9.6.x. You must be running version 10.x software. For details about upgrading to those versions, see the release notes for the associated release.
Automatic firmware upgrades
If this version includes new firmware for your specific hardware platform, after you install and activate this version, the system might reboot additional times to perform all necessary firmware upgrades.
Fixes in 11.3.0
| ID Number | Description |
|---|---|
| ID 224131 | Creating a WideIP with a wildcard, such as "*.wipzone.com" now results in the correct DNS A record and zone creation in ZoneRunner. |
| ID 264607 | The 'None' monitor is no longer allowed on GTM pools. In tmsh setting a 'none' monitor will result in no monitor on the pool, which is consistent with other similar tmsh commands. Any 'none' monitors that exist in bigip_gtm.conf or wideip.conf will be scraped out or adjusted for upon upgrade. |
| ID 364774 | Redundant Link Controller should now work as expected. |
| ID 378175 | The GTM bigip monitor should now work correctly. |
| ID 378261 | The GTM whoami iRule command now works correctly. |
| ID 381557 | The GTM utilities bigip_add and gtm_add now correctly import certificate files. In earlier versions, they would occasionally truncate certificates under particular conditions. |
| ID 384629 | GTM configuration synchronization will now exit gracefully upon failure. |
| ID 384630 | The number of parameters required for the matchregion command is now correctly validated. Now you will receive a syntax error when you compile the iRule, and the TMM/GTM will also do a check of the iRule itself. |
| ID 387799 | GTM pools using the ratio load balancing method with mixed IPv4 and IPv6 pool members now properly respect their member's ratios when generating responses to mixed A/AAAA queries. |
| ID 390086 | The ZoneRunner GUI View moving functionality had a bug in that the View pulldown menu was empty. This bug has been resolved. |
| ID 391315 | iRule pool commands now correctly handle selection where the pool has no cname Resource Record associated. |
| ID 391569 | GTM will now respect connection limits placed on pools. |
| ID 392834 | Fixed a defect where TMM could core and restart while processing DNS requests after removing a wideip alias from the configuration. |
Fixes in 11.2.1
| ID Number | Description |
|---|---|
| ID 387799 | GTM pools using the ratio load balancing method with mixed IPv4 and IPv6 pool members now properly respect their member's ratios when generating responses to mixed A/AAAA queries |
Fixes in 11.2.0
| ID Number | Description |
|---|---|
| ID 368721 | An error that occurred during a config-sync has been corrected , specifically by synchronizing the GTM directory /var/named/config only, instead of /var/named. |
| ID 370962 | The GTM search filter in the GUI now works correctly for Wide IPs and Servers. |
| ID 377453 | DNS Express successful zone transfer statistics no longer continue to increment on failed transfers. |
| ID 377682 | DNS Express zone transfer failures no longer cause the zxfrd.bin database file to indefinitely grow in size, or the zxfrd process to increase in memory. |
| ID 378182 | TMM no longer leaks memory when GTM attempts to rewrite DNS responses. |
| ID 380814 | A memory leak related to DNS Express zone transfers in the zxfrd process has been corrected. |
| ID 380767 | The dnssec-on-miss flag makes the transparent cache always ask for DNSSEC (DO bit) when forwarding the query after a miss. All subsequent queries, w/ or w/o the DO bit will get the correct DNSSEC records. Note, the initial response will always contain DNSSEC data. The default of dnssec-on-miss is yes. |
| ID 381543 | LTM is now provisioned as NOMINAL in an LTM/GTM combo when using DNS services such as DNS Express. |
| ID 383415 | A defect which could cause some top-level zones to fail to load into DNS Express with large configurations has been corrected. |
| ID 384853 | TMM no longer restarts with a SIGSEGV and the following log message while processing certain DNS Express traffic: xbuf_dma: Assertion 'valid magic' failed |
Fixes in 11.1.0
| Bug | Description |
|---|---|
| ID 355937 | This release fixes validation for pool members. They will now reference the pool member (rather than incorrectly referencing the backing VS). |
| ID 361548 | After the first install on a cluster, an rndc reload may be necessary. This fix allows that to happen. |
| ID 364437 | Link Controller GUI: removed the erroneous table columns from wideip member stats and wideip details stats tables. |
| ID 364918 | Syncing configuration changes from a Link Controller to a Global Traffic Manager in the same sync group no longer causes the monitors to fail to load on the GTM. |
| ID 365582 | A GTM iRule that refers to a pool without specifying the full path (e.g., [pool pool1]) will now work correctly when that pool is found in multiple folders. Correct behavior is to always choose the pool in the wideip's folder, and to dynamically switch if a pool (with the same name as in the iRule) is added/deleted in that folder. |
| ID 366165 | Configuration changes to any/every GTM object now triggers the configuration file to be saved. |
| ID 367082 | This release corrects an issue where gtmd could grow excessively. |
| ID 367836 | This release corrects an issue involving excessive memory usage and crash/core when loading GTM configs with large numbers of virtual servers with topology records. |
| ID 368715 | Corrected a condition where importing a ucs file generated from a previous release with depends_on in the configuration would fail. |
Fixes in 11.0.0
| Bug | Description |
|---|---|
| 226783 | [Global Traffic Manager] Global Traffic Manager now correctly performs name resolution for the IPv6 addresses, and BIND responds correctly to DNS requests against IPv6 self IP addresses. |
| 223590, CR130729 | [Global Traffic Manager] This release provides the functionality for clearing link statistics. |
| 343798 | [Global Traffic Manager] This version of the software adds two read-only fields to gtm_dnssec_key_generation: creator and key_tag. The value of creator is a string representing the host name of the BIG-IP system that created the DNSSEC key generation. The value of key_tag is a hash calculated from the DNSKEY resource record (RR) for that generation. You can use these fields to help debug DNSSEC deployments. In addition, this release provides better constraint on which generations can rollover, which helps mitigate a potential race condition. Finally, this release provides additional debug logging. |
| 348726 | [Global Traffic Manager] The online help page for custom GTM SNMP monitors has been provided. |
Behavior changes in 11.3.0
| ID Number | Description |
|---|---|
| ID 264607 | The 'None' monitor is no longer allowed on GTM pools. In tmsh setting a 'none' monitor will result in no monitor on the pool, which is consistent with other similar tmsh commands. Any 'none' monitors that exist in bigip_gtm.conf will be scraped out or adjusted for upon upgrade. |
| ID 325241 | If you set a value for the IPv6 NoError TTL property of a wide IP, when BIG-IP GTM returns a NOERROR DNS response for an IPv6 query, the response now contains an SOA record (with the negative caching TTL). |
| ID 356586 | BIND v9.7, new in v11.0.0, requires an A (IP address) record for an in-zone nameserver (NS) entry in its configuration. In the past, an FQDN or CNAME for the NS was sufficient. This means that upgrades to v11.0.0 might fail to load if such an A record is not present (the symptom will be zrd stuck in a restart loop). The best solution is to create an A record for the NS before upgrading. Or you can create and disable a wideIP, which causes an A record to be created. (Note that this is for in-zone NS records only. An "out of zone" NS record should not have an A record, and if you add an A record for it, the named process generates a warning about "ignoring out of zone data".) |
| ID 377367 | When you set the load balancing method to Return to DNS, when the BIG-IP system receives a client query, the system increments the Return to DNS statistics. When the BIG-IP system receives a server response, the system increments the Return from DNS statistics. |
| ID 389371 | tmsh now provides an automatic_configuration_save_timeout property in the GTM Global-settings General sub-module. You can use this property to set how many seconds the BIG-IP system waits before automatically saving the GTM configuration to the bigip_gtm.conf. A timeout of -1 causes the GTM configuration to NEVER be saved. A value of 0 causes the GTM configuration to be saved immediately. The maximum value is 86400 seconds, the default value is 15 seconds. |
Behavior changes in 11.2.1
| ID Number | Description |
|---|---|
| ID 325241 | If you set a value for the IPv6 NoError TTL property of a wide IP, when BIG-IP GTM returns a NOERROR DNS response for an IPv6 query, the response now contains an SOA record (with the negative caching TTL). |
| ID 387757 | Added a new flag: -f, which forces the local big3d agent to be installed on the remote device regardless of versioning. |
| ID 408481 | The default value for the global setting inactive-ldns-ttl has been changed from 2419200 to 2592000. If you have not changed from the default value, when you update from version 10.x, the system changes the default value to 2592000. |
Behavior changes in 11.2.0
| ID Number | Description |
|---|---|
| ID 346551 | BIG-IP Global Traffic Manager now includes BIND version 9.7.3. This version of BIND requires that when a zone is created with a name server (NS) record that is contained in the zone, that NS record must have a matching A record. With this release, when you create a wide IP that requires the creation of a zone, BIG-IP GTM automatically creates not only an NS record, but also an A record for the NS record that points to the local host. The NS and A records are given a time-to-live (TTL) of 0 (zero). The administrator should change the NS record to match the desired NS record. |
Known issues
| ID Number | Description |
|---|---|
| ID 403592 | Platforms with less than 6.5G memory cannot be upgraded to 11.3 if three or more modules are provisioned. Note that upgrades from 10.0.x display only an "upgrade failed" message as a software status. All other versions show a clear error message, guiding the users to SOL13988. Before upgrading, make sure you have only one or two modules provisioned if the BIG-IP system has less than 6.5G of memory. |
| ID 222220 | Distributed application statistics shows only requests passed to its first wide IP. The system does not include statistics for requests passed to other wide-IP-members of the distributed application. |
| ID 225759 | When you upgrade a BIG-IP Global Traffic Manager synchronization group to version 10.1.0 or later, the master key is not synchronized to all members within the synchronization group. For step-by-step instructions to fix this known issue, see SOL11868 at AskF5 (http://support.f5.com). |
| ID 341722 | Global Traffic Manager uses BIND 9.7.3. This version of BIND can log a complicated message about not being able to load managed keys from a master file. If you have not configured Global Traffic Manager for DNSSEC Lookaside Validation (DLV), you might receive this message. It is cosmetic and you can ignore it. This is a known issue in BIND. |
| ID 343030 | "The named process might log the following error in daemon.log: ""Oct 22 09:44:24 local/localhost err named[8832]: 22-Oct-2010 09:44:24.278 general: error: managed-keys-zone ./IN/external: loading from master file 3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys failed: file not found."" Although it reported the error, the daemon is up and running, so you can safely ignore the error." |
| ID 345930 | The "IPv6 NoError Response" and "Enabled" fields are missing input controls for Inbound Wide-IPs in the Link Controller UI. To workaround these issues: For IPv6 NoError Response, run the command "tmsh modify <wideip> ipv6-no-error-response enabled". To enable/disable a Wide-IP: Either enable/disable through the Wide-IP List page: Link Controller :: Inbound Wide-IPs :: Wide-IP List. Or, through tmsh: modify gtm wideip my.wide.ip enabled. |
| ID 349621 | "Drop to BIND performance has dropped in this release. The DNS Express feature in this release should alleviate the performance drop in BIND." |
| ID 355018 | GTM logging does not put the event name in the output. This is a widely known issue. |
| ID 361650 | "Starting with 11.0.0, it takes minimum of 15 seconds to a maximum of 60 seconds for BIG-IP GTM to save any configuration change, regardless of whether it is made in the Configuration utility or in tmsh. The only way to speed up this process is to run the following command in tmsh: save sys config partitions all gtm-only No equivalent of this command exists in the Configuration utility." |
| ID 363134 | Links get auto-discovered when global Auto-Discovery is disabled and Link Discovery is on. Disabling Link Discovery is the only way to truly disable this option. |
| ID 363142 | [Link Controller] global Auto-Discovery can be disabled while having a link with bigip_link monitor. Do not disable global Auto-Discovery while having a link with bigip_link monitor. |
| ID 367459 | The BIG-IP Configuration utility might incorrectly allow you to assign certain health monitors to pools and server objects that are configured with a wildcard service port. For more information, see SOL12400 at http://support.f5.com/kb/en-us/solutions/public/12000/400/sol12400.html?sr=20262082. |
| ID 401620 | In previous releases, monitored BIG-IP virtual servers with addresses that overlap non-floating self IP addresses used to be marked up when the gateway_icmp monitor was used, but other, port-specific protocol monitors would fail. This was a false positive, as it is not possible to monitor virtual servers that overlap these addresses from the same box. In this release gateway_icmp monitor marks a virtual server that overlaps an IPv6 self IP 'down,' but it marks a virtual server that overlaps an IPv4 self IP 'up'. The latter is still an issue. To work around this issue, use the bigip monitor for monitoring BIG-IP virtual servers with IP addresses that overlap non-floating self IP addresses. Do not use any other GTM monitors for monitoring those virtual servers. |
| ID 403125 | If GTM v11.x has LTM v10.x virtual servers auto-discovered and later LTM gets upgraded to 11.x, GTM auto-discovers will fail. If virtual server discovery was enabled, LTM virtual servers get re-discovered with the new names effectively deleting their previous memberships in the GTM pools. If virtual server discovery was enabled with no delete option then the pre-existing set of LTM virtual servers and their pool memberships stay intact but a second set of LTM virtual servers with the new names gets auto-discovered by the GTM. |
| ID 404383 | big3d_install can, in some instances, fail to install a new big3d on a BIG-IP system running 10.2.4-hf4. |
| ID 406176 | Big3d leaks memory on an LTM server where at least one of ASM/APM/WAM is also configured and a GTM monitors the LTM server using bigip monitor. |
Contacting F5 Networks
| Phone: | (206) 272-6888 |
| Fax: | (206) 272-6802 |
| Web: | http://support.f5.com |
| Email: | support@f5.com |
For additional information, please visit http://www.f5.com.
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
- The F5 Networks Technical Support web site: http://www.f5.com/support/
- The AskF5 web site: http://support.f5.com/kb/en-us.html
- The F5 DevCentral web site: http://devcentral.f5.com/
- AskF5 TechNews
F5 Networks Technical Support
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5
AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
F5 DevCentral
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
AskF5 TechNews
- Weekly HTML TechNews
- The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, fill out the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
- Periodic plain text TechNews
- F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email). To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you would like to subscribe with. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.
Search AskF5
- Supported Products
- BIG-IP LTM / VE
- BIG-IP AFM / VE
- BIG-IP Analytics / VE
- BIG-IP APM / VE
- BIG-IP ASM / VE
- BIG-IP Edge Gateway / VE
- BIG-IP GTM / VE
- BIG-IP Link Controller
- BIG-IP PEM / VE
- BIG-IP PSM / VE
- BIG-IP WebAccelerator / VE
- BIG-IP WOM / VE
- ARX / VE
- ARX Cloud Extender
- Data Manager
- Enterprise Manager / VE
- F5 Monitoring Pack
- FirePass / VE
- BIG-IQ Cloud
- BIG-IQ Security
- BIG-IP Edge Apps
- End-of-Life Products
- Recent Additions
- About AskF5
