Applies To:

Show Versions Show Versions

Release Note: BIG-IP GTM and BIG-IP Link Controller 11.3.0
Release Note

Original Publication Date: 12/18/2013

Summary:

This release note documents the version 11.3.0 release of BIG-IP Local Traffic Manager and TMOS.

Contents:

- Supported hardware
- Configuration utility browser support
- User documentation for this release
- New in 11.3.0
- New in 11.2.1
- New in 11.2.0
- New in 11.1.0
- New in 11.0.0
- Installation overview
     - Installation checklist
     - Installing the software
     - Post-installation tasks
     - Installation tips
- Upgrading from earlier versions
- Fixes in 11.3.0
- Fixes in 11.2.1
- Fixes in 11.2.0
- Fixes in 11.1.0
- Fixes in 11.0.0
- Behavior changes in 11.3.0
- Behavior changes in 11.2.1
- Behavior changes in 11.2.0
- Known issues
- Contacting F5 Networks
- Legal notices

Supported hardware

You can apply the software upgrade to systems running software versions 10.1.0 (or later) or 11.x. For a list of supported platforms, see SOL9412: The BIG-IP release matrix. For information about which platforms support which module combinations, see SOL10288: BIG-IP software and platform support matrix.

Configuration utility browser support

The BIG-IP Configuration Utility supports these browsers and versions:

  • Microsoft Internet Explorer 8.x and 9.x
  • Mozilla Firefox 15.0.x
  • Google Chrome 21.x

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IP GTM / VE 11.3.0 Documentation page.

New in 11.3.0

GTM Save Interval Configuration

By default, configuration changes to the BIG-IP Global Traffic Manager are saved in the bigip_gtm.conf file every 15 seconds. In this release, you can configure how often GTM saves configuration changes.

DNS Remote High-Speed Logging

You can now configure BIG-IP system to log information about DNS traffic and send the log messages to remote high-speed log servers. You can choose to log either DNS queries or DNS responses, or both. In addition, you can configure the system to perform logging on DNS traffic differently for specific resources.

DNS Detailed Statistics

You can now view DNS AVR and DNS global statistics on the BIG-IP system to help you manage and report on the DNS traffic in your network. DNS AVR statistics include DNS requests per: virtual server, query name, query type, client IP address. DNS Global Statistics include: total DNS requests and responses, details about the DNS queries and responses, number of wide IP requests, number of DNS Express requests and notifies, number of DNS cache requests, number of DNS IPv6 to IPv4 requests, rewrites, and failures, and number of unhandled query actions per specific actions.

Common/Unified Logging

You can now configure the BIG-IP system to send specific log messages to multiple destinations, including remote, high-speed log servers, using publishers and log destinations.

New in 11.2.1

There are no new features specific to Global Traffic Manager/Link Controller.

New in 11.2.0

Google Chrome support

This release provides full support for current releases of the Google Chrome browser.

DNS cache

In this release, you can configure a cache on the BIG-IP system to cache DNS responses. The next time the system receives a query for a response that exists in the cache, the system returns the response from the cache.

New in 11.1.0

New in 11.1.0

There are no new features specific to Global Traffic Manager/Link Controller.

New in 11.0.0

DNS Express

You can now configure DNS Express on BIG-IP Global Traffic Manager (GTM) to mitigate distributed denial-of-service attacks (DDoS) and improve performance of both the local BIND server on the BIG-IP system and any back-end DNS servers.

GTM on VIPRION

This release provides support for BIG-IP GTM on the VIPRION platforms.

Virtual Edition

BIG-IP GTM is now available as a Virtual Edition (VE).

IP Anycast

This release provides support for IP Anycast for DNS services on BIG-IP GTM. This configuration helps mitigate distributed denial-of-service attacks (DDoS), reduce DNS latency, improve the scalability of your network, and assist with global traffic management.

Device-specific Probing and Statistics Collection

With this release, you can configure BIG-IP Global Traffic Manager (GTM) to perform intelligent probing of your network resources to determine whether the resources are up or down. This allows you to specify which BIG-IP systems probe specific servers for health and performance data.

Life Span of Default System Certificates Extended

This release provides default system certificates with a ten year initial life span on BIG-IP GTM.

GTM Monitor Supports Route Domains

You can now deploy BIG-IP GTM on a network where BIG-IP Local Traffic Manager (LTM) systems are configured with route domains.

Installation overview

This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Active-Standby Systems and BIG-IP Systems: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.

Installation checklist

Before you begin:

  • Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x).
  • Update/reactivate your system license, if needed, to ensure that you have a valid service check date.
  • Ensure that your system is running version 10.1.0 or later and is using the volumes formatting scheme.
  • Download the .iso file (if needed) from F5 Downloads to /shared/images on the source for the operation. (If you need to create this directory, use the exact name /shared/images.)
  • Configure a management port.
  • Set the console and system baud rate to 19200, if it is not already.
  • Log on as an administrator using the management port of the system you want to upgrade.
  • Boot into an installation location other than the target for the installation.
  • Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to a safe place on another device.
  • Log on to the standby unit, and only upgrade the active unit after the standby upgrade is satisfactory.
  • Turn off mirroring.
  • If you are running Application Acceleration Manager, set provisioning to Minimum.
  • If you are running Policy Enforcement Manager, set provisioning to Nominal.
  • If you are running Advanced Firewall Manager, set provisioning to Nominal.

Installing the software

You can install the software at the command line using the Traffic Management shell, tmsh, or in the browser-based Configuration utility using the Software Management screens, available in the System menu. Choose the installation method that best suits your environment.
Installation method Command
Install to existing volume, migrate source configuration to destination tmsh install sys software image [image name] volume [volume name]
Install from the browser-based Configuration utility Use the Software Management screens in a web browser.

Sample installation command

The following command installs version 11.2.0 to volume 3 of the main hard drive.

tmsh install sys software image BIGIP-11.2.0.2446.0.iso volume HD1.3

Post-installation tasks

This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Active-Standby Systems and BIG-IP Systems: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.

After the installation finishes, you must complete the following steps before the system can pass traffic.
  1. Ensure the system rebooted to the new installation location.
  2. Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x).
  3. Log on to the browser-based Configuration utility.
  4. Run the Setup utility.
  5. Provision the modules.
  6. Convert any bigpipe scripts to tmsh. (Version 11.x does not support the bigpipe utility.)
Note: You can find information about running the Setup utility and provisioning the modules in the BIG-IP TMOS implementations Creating an Active-Standby Configuration Using the Setup Utility and Creating an Active-Active Configuration Using the Setup Utility.

Installation tips

  • The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.
  • You can check the status of an active installation operation by running the command watch tmsh show sys software, which runs the show sys software command every two seconds. Pressing Ctrl + C stops the watch feature.
  • If installation fails, you can view the log file. The system stores the installation log file as /var/log/liveinstall.log.

Upgrading from earlier versions

Your upgrade process differs depending on the version of software you are currently running.

Warning: Do not use the 10.x installation methods (the Software Management screens, the b software or tmsh sys software commands, or the image2disk utility) to install/downgrade to 9.x software or operate on partitions. Depending on the operations you perform, doing so might render the system unusable. If you need to downgrade from version 10.x to version 9.x, use the image2disk utility to format the system for partitions, and then use a version 9.x installation method described in the version 9.x release notes to install the version 9.x software.

Upgrading from version 10.1.0 (or later) or 11.x

When you upgrade from version 10.1.0 (or later) or 11.x software, you use the Software Management screens in the Configuration utility to complete these steps. To open the Software Management screens, in the navigation pane of the Configuration utility, expand System, and click Software Management. For information about using the Software Management screens, see the online help.

Upgrading from versions earlier than 10.1.0

You cannot roll forward a configuration directly to this version from BIG-IP version 4.x, or from BIG-IP versions 9.0.x through 9.6.x. You must be running version 10.1.0 software. For details about upgrading to those versions, see the release notes for the associated release.

Automatic firmware upgrades

If this version includes new firmware for your specific hardware platform, after you install and activate this version, the system might reboot additional times to perform all necessary firmware upgrades.

Fixes in 11.3.0

ID Number Description
ID 224131 Creating a WideIP with a wildcard, such as "*.wipzone.com" now results in the correct DNS A record and zone creation in ZoneRunner.
ID 264607 The 'None' monitor is no longer allowed on GTM pools. In tmsh setting a 'none' monitor will result in no monitor on the pool, which is consistent with other similar tmsh commands. Any 'none' monitors that exist in bigip_gtm.conf or wideip.conf will be scraped out or adjusted for upon upgrade.
ID 364774 Redundant Link Controller should now work as expected.
ID 378175 The GTM bigip monitor should now work correctly.
ID 378261 The GTM whoami iRule command now works correctly.
ID 381557 The GTM utilities bigip_add and gtm_add now correctly import certificate files. In earlier versions, they would occasionally truncate certificates under particular conditions.
ID 384629 GTM configuration synchronization will now exit gracefully upon failure.
ID 384630 The number of parameters required for the matchregion command is now correctly validated. Now you will receive a syntax error when you compile the iRule, and the TMM/GTM will also do a check of the iRule itself.
ID 387799 GTM pools using the ratio load balancing method with mixed IPv4 and IPv6 pool members now properly respect their member's ratios when generating responses to mixed A/AAAA queries.
ID 390086 The ZoneRunner GUI View moving functionality had a bug in that the View pulldown menu was empty. This bug has been resolved.
ID 391315 iRule pool commands now correctly handle selection where the pool has no cname Resource Record associated.
ID 391569 GTM will now respect connection limits placed on pools.
ID 392834 Fixed a defect where TMM could core and restart while processing DNS requests after removing a wideip alias from the configuration.

Fixes in 11.2.1

ID Number Description
ID 387799 GTM pools using the ratio load balancing method with mixed IPv4 and IPv6 pool members now properly respect their member's ratios when generating responses to mixed A/AAAA queries

Fixes in 11.2.0

ID Number Description
ID 368721 An error that occurred during a config-sync has been corrected , specifically by synchronizing the GTM directory /var/named/config only, instead of /var/named.
ID 370962 The GTM search filter in the GUI now works correctly for Wide IPs and Servers.
ID 377453 DNS Express successful zone transfer statistics no longer continue to increment on failed transfers.
ID 377682 DNS Express zone transfer failures no longer cause the zxfrd.bin database file to indefinitely grow in size, or the zxfrd process to increase in memory.
ID 378182 TMM no longer leaks memory when GTM attempts to rewrite DNS responses.
ID 380814 A memory leak related to DNS Express zone transfers in the zxfrd process has been corrected.
ID 380767 The dnssec-on-miss flag makes the transparent cache always ask for DNSSEC (DO bit) when forwarding the query after a miss. All subsequent queries, w/ or w/o the DO bit will get the correct DNSSEC records. Note, the initial response will always contain DNSSEC data. The default of dnssec-on-miss is yes.
ID 381543 LTM is now provisioned as NOMINAL in an LTM/GTM combo when using DNS services such as DNS Express.
ID 383415 A defect which could cause some top-level zones to fail to load into DNS Express with large configurations has been corrected.
ID 384853 TMM no longer restarts with a SIGSEGV and the following log message while processing certain DNS Express traffic: xbuf_dma: Assertion 'valid magic' failed

Fixes in 11.1.0

Bug Description
ID 355937 This release fixes validation for pool members. They will now reference the pool member (rather than incorrectly referencing the backing VS).
ID 361548 After the first install on a cluster, an rndc reload may be necessary. This fix allows that to happen.
ID 364437 Link Controller GUI: removed the erroneous table columns from wideip member stats and wideip details stats tables.
ID 364918 Syncing configuration changes from a Link Controller to a Global Traffic Manager in the same sync group no longer causes the monitors to fail to load on the GTM.
ID 365582 A GTM iRule that refers to a pool without specifying the full path (e.g., [pool pool1]) will now work correctly when that pool is found in multiple folders. Correct behavior is to always choose the pool in the wideip's folder, and to dynamically switch if a pool (with the same name as in the iRule) is added/deleted in that folder.
ID 366165 Configuration changes to any/every GTM object now triggers the configuration file to be saved.
ID 367082 This release corrects an issue where gtmd could grow excessively.
ID 367836 This release corrects an issue involving excessive memory usage and crash/core when loading GTM configs with large numbers of virtual servers with topology records.
ID 368715 Corrected a condition where importing a ucs file generated from a previous release with depends_on in the configuration would fail.

Fixes in 11.0.0

Bug Description
226783 [Global Traffic Manager] Global Traffic Manager now correctly performs name resolution for the IPv6 addresses, and BIND responds correctly to DNS requests against IPv6 self IP addresses.
223590, CR130729 [Global Traffic Manager] This release provides the functionality for clearing link statistics.
343798 [Global Traffic Manager] This version of the software adds two read-only fields to gtm_dnssec_key_generation: creator and key_tag. The value of creator is a string representing the host name of the BIG-IP system that created the DNSSEC key generation. The value of key_tag is a hash calculated from the DNSKEY resource record (RR) for that generation. You can use these fields to help debug DNSSEC deployments. In addition, this release provides better constraint on which generations can rollover, which helps mitigate a potential race condition. Finally, this release provides additional debug logging.
348726 [Global Traffic Manager] The online help page for custom GTM SNMP monitors has been provided.

Behavior changes in 11.3.0

ID Number Description
ID 264607 The 'None' monitor is no longer allowed on GTM pools. In tmsh setting a 'none' monitor will result in no monitor on the pool, which is consistent with other similar tmsh commands. Any 'none' monitors that exist in bigip_gtm.conf will be scraped out or adjusted for upon upgrade.
ID 325241 If you set a value for the IPv6 NoError TTL property of a wide IP, when BIG-IP GTM returns a NOERROR DNS response for an IPv6 query, the response now contains an SOA record (with the negative caching TTL).
ID 356586 BIND v9.7, new in v11.0.0, requires an A (IP address) record for an in-zone nameserver (NS) entry in its configuration. In the past, an FQDN or CNAME for the NS was sufficient. This means that upgrades to v11.0.0 might fail to load if such an A record is not present (the symptom will be zrd stuck in a restart loop). The best solution is to create an A record for the NS before upgrading. Or you can create and disable a wideIP, which causes an A record to be created. (Note that this is for in-zone NS records only. An "out of zone" NS record should not have an A record, and if you add an A record for it, the named process generates a warning about "ignoring out of zone data".)
ID 377367 When you set the load balancing method to Return to DNS, when the BIG-IP system receives a client query, the system increments the Return to DNS statistics. When the BIG-IP system receives a server response, the system increments the Return from DNS statistics.
ID 389371 tmsh now provides an automatic_configuration_save_timeout property in the GTM Global-settings General sub-module. You can use this property to set how many seconds the BIG-IP system waits before automatically saving the GTM configuration to the bigip_gtm.conf. A timeout of -1 causes the GTM configuration to NEVER be saved. A value of 0 causes the GTM configuration to be saved immediately. The maximum value is 86400 seconds, the default value is 15 seconds.

Behavior changes in 11.2.1

ID Number Description
ID 325241 If you set a value for the IPv6 NoError TTL property of a wide IP, when BIG-IP GTM returns a NOERROR DNS response for an IPv6 query, the response now contains an SOA record (with the negative caching TTL).
ID 387757 Added a new flag: -f, which forces the local big3d agent to be installed on the remote device regardless of versioning.
ID 408481 The default value for the global setting inactive-ldns-ttl has been changed from 2419200 to 2592000. If you have not changed from the default value, when you update from version 10.x, the system changes the default value to 2592000.

Behavior changes in 11.2.0

ID Number Description
ID 346551 BIG-IP Global Traffic Manager now includes BIND version 9.7.3. This version of BIND requires that when a zone is created with a name server (NS) record that is contained in the zone, that NS record must have a matching A record. With this release, when you create a wide IP that requires the creation of a zone, BIG-IP GTM automatically creates not only an NS record, but also an A record for the NS record that points to the local host. The NS and A records are given a time-to-live (TTL) of 0 (zero). The administrator should change the NS record to match the desired NS record.

Known issues

ID Number Description
ID 403592 Platforms with less than 6.5G memory cannot be upgraded to 11.3 if three or more modules are provisioned. Note that upgrades from 10.0.x display only an "upgrade failed" message as a software status. All other versions show a clear error message, guiding the users to SOL13988. Before upgrading, make sure you have only one or two modules provisioned if the BIG-IP system has less than 6.5G of memory.
ID 222220 Distributed application statistics shows only requests passed to its first wide IP. The system does not include statistics for requests passed to other wide-IP-members of the distributed application.
ID 225759 When you upgrade a BIG-IP Global Traffic Manager synchronization group to version 10.1.0 or later, the master key is not synchronized to all members within the synchronization group. For step-by-step instructions to fix this known issue, see SOL11868 at AskF5 (http://support.f5.com).
ID 341722 Global Traffic Manager uses BIND 9.7.3. This version of BIND can log a complicated message about not being able to load managed keys from a master file. If you have not configured Global Traffic Manager for DNSSEC Lookaside Validation (DLV), you might receive this message. It is cosmetic and you can ignore it. This is a known issue in BIND.
ID 343030 "The named process might log the following error in daemon.log: ""Oct 22 09:44:24 local/localhost err named[8832]: 22-Oct-2010 09:44:24.278 general: error: managed-keys-zone ./IN/external: loading from master file 3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys failed: file not found."" Although it reported the error, the daemon is up and running, so you can safely ignore the error."
ID 345930 The "IPv6 NoError Response" and "Enabled" fields are missing input controls for Inbound Wide-IPs in the Link Controller UI. To workaround these issues: For IPv6 NoError Response, run the command "tmsh modify <wideip> ipv6-no-error-response enabled". To enable/disable a Wide-IP: Either enable/disable through the Wide-IP List page: Link Controller :: Inbound Wide-IPs :: Wide-IP List. Or, through tmsh: modify gtm wideip my.wide.ip enabled.
ID 349621 "Drop to BIND performance has dropped in this release. The DNS Express feature in this release should alleviate the performance drop in BIND."
ID 354161 DNS Express continues to handle queries for that zone, even if a BIND zone that underlies a DNS Express zone expires. This occurs when using DNS Express to handle queries for zones, and a BIND zone expires. The impact is that DNS Express continues to handle queries for that zone. Workaround: To have DNS Express stop answering queries, disable or delete the DNS Express zone itself.
ID 355018 GTM logging does not put the event name in the output. This is a widely known issue.
ID 361650 "Starting with 11.0.0, it takes minimum of 15 seconds to a maximum of 60 seconds for BIG-IP GTM to save any configuration change, regardless of whether it is made in the Configuration utility or in tmsh. The only way to speed up this process is to run the following command in tmsh: save sys config partitions all gtm-only No equivalent of this command exists in the Configuration utility."
ID 363134 Links get auto-discovered when global Auto-Discovery is disabled and Link Discovery is on. Disabling Link Discovery is the only way to truly disable this option.
ID 363142 [Link Controller] global Auto-Discovery can be disabled while having a link with bigip_link monitor. Do not disable global Auto-Discovery while having a link with bigip_link monitor.
ID 367459 The BIG-IP Configuration utility might incorrectly allow you to assign certain health monitors to pools and server objects that are configured with a wildcard service port. For more information, see SOL12400 at http://support.f5.com/kb/en-us/solutions/public/12000/400/sol12400.html?sr=20262082.
ID 401620 In previous releases, monitored BIG-IP virtual servers with addresses that overlap non-floating self IP addresses used to be marked up when the gateway_icmp monitor was used, but other, port-specific protocol monitors would fail. This was a false positive, as it is not possible to monitor virtual servers that overlap these addresses from the same box. In this release gateway_icmp monitor marks a virtual server that overlaps an IPv6 self IP 'down,' but it marks a virtual server that overlaps an IPv4 self IP 'up'. The latter is still an issue. To work around this issue, use the bigip monitor for monitoring BIG-IP virtual servers with IP addresses that overlap non-floating self IP addresses. Do not use any other GTM monitors for monitoring those virtual servers.
ID 403125 If GTM v11.x has LTM v10.x virtual servers auto-discovered and later LTM gets upgraded to 11.x, GTM auto-discovers will fail. If virtual server discovery was enabled, LTM virtual servers get re-discovered with the new names effectively deleting their previous memberships in the GTM pools. If virtual server discovery was enabled with no delete option then the pre-existing set of LTM virtual servers and their pool memberships stay intact but a second set of LTM virtual servers with the new names gets auto-discovered by the GTM.
ID 404383 big3d_install can, in some instances, fail to install a new big3d on a BIG-IP system running 10.2.4-hf4.
ID 406176 Big3d leaks memory on an LTM server where at least one of ASM/APM/WAM is also configured and a GTM monitors the LTM server using bigip monitor.

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you are using to subscribe. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.

Legal notices

 

 

 

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)