- Installing the PTF
- What's fixed in this PTF (PTF-04)
- What's fixed from PTF-03
- What's fixed from PTF-02
- Configuring and using the updated software
- Installing a Verisign Global Certificate
- Tips on setting the preferred controller in redundant BIG-IP Controller installations
- Known issues
Installing the PTF
Apply the PTF to BIG-IP Controller version 3.3.1 using the following process:
- Click here and follow the instructions for using the F5 Networks FTP site.
Use FTP in passive mode from the BIG-IP Controller to download the file. To place FTP in passive mode, type pass from the command line before transferring the file.
- Download the bigip3.3.1PTF-04kit.tar file to the /var/tmp/ directory on the target BIG-IP Controller
- Enter the following commands to install this PTF:
tar -xvpf bigip3.3.1PTF-04kit.tar
- Run the following commands:
- Follow on-screen instructions.
The install automatically creates a backup of the /etc/syslog.conf file in /var/save/backupyymmdd_hhmm/ on the BIG-IP Controller and removes any old files that are no longer used. If you have made changes to the /etc/syslog.conf file, you may need to edit that file and retype your modifications.
The checksums for this PTF are available in a file called sums, which can be downloaded from the FTP site.
Once you have installed the PTF software, please refer to the Configuring and using the updated software.
What's fixed in this PTF (PTF-04)
- Path MTU discovery now works properly with BIG-IP Controller virtual servers.
What's fixed from PTF-03
- This PTF upgrades the SSH client to version 1.3.11.
- BIG-IP Controller EAVs referencing a large number of nodes now run consistently at the specified interval.
- The MIB-II OID for the loopback interface (lo0) now displays the status UP.
What's fixed from PTF-02
- The BIG-IP Controller can now handle an interface failsafe timeout of less than 25 seconds.
- The BIG-IP Controller can now handle all rules from BIG-IP Controller version 3.2.3.
- Transparent node checking now works properly on targets with a port of zero (0).
- When FastFlow is enabled, the BIG-IP Controller now ARPs the nexthop gateway correctly while connections are in progress.
What's fixed from PTF-01
- Under all known circumstances, including when the second packet or later is holding the cookie and the packet ends on a CRLF, the BIG-IP Controller can now detect its cookie.
- When the IP Forwarding feature is enabled, ICMP Destination Unreachable Need Fragmentation packets are now forwarded.
- Traceroute now uses the correct destination address when encountering a wildcard virtual server that matches the destination address.
- Reduced state mirroring daemon (sfd) logging sensitivity and verbosity.
- Included new security patches for BIND by upgrading the version of BIND to version 8.2.3.
- The BIG-IP Controller serial number displays in the web-based Configuration utility.
Configuring and using the updated software
This release provides the following configuration options.
Installing a Verisign Global Certificate
The BIG-IP Controller SSL gateway supports Verisign Global Certificates. To install a Global Certificate, you need the intermediate-ca.cert file provided by Verisign. Use the following procedure to install a Global Certificate.
- Copy the intermediate-ca.cert file into the /var/asr/gateway/CA/ directory. To do this, type the following command.
cp intermediate-ca.cert /var/asr/gateway/CA/
- Next, restart the proxy. The easiest way to do this is to simply reload the configuration file. To reload the configuration file, type the following command.
bigpipe -f /etc/bigip.conf
The proxy should now be working with the new certificate.
If you are using the force_master flag to set a specific controller to be the preferred active unit, we recommend that that you set the force_slave flag on the controller you want to run primarily as a secondary controller. This flag must be set if you are using network fail-over. For more information about these flags, see the BIG-IP Controller Reference Guide, v.3.3, Setting a specific controller to be the preferred active unit .
The following issues are known issues with the BIG-IP Controller, version 3.3.1 PTF-04 as of the release date. For known issues subsequent to the release date, please go to AskF5. Once you have logged in, type "known issues" and click Ask. Select the correct version number and click Ask again.
Cache rule cannot be displayed if optional fields are not configured
If the optional fields in a cache rule are not configured, the virtual server is not displayed correctly by the bigpipe vip show command.
Network virtual server interface binding cannot be changed after definition
Once you define a network virtual server, you cannot change its interface binding.