- Installing the PTF
- What's fixed in this PTF (PTF-06)
- Configuring and using the updated software
- Media types
- Installing a Verisign Global Certificate
- Tips on setting the preferred controller in redundant BIG-IP Controller installations
- Known issues
Installing the PTF
Apply the PTF to BIG-IP Controller version 3.3.1 using the following process:
- Connect to the F5 FTP site (ftp.f5.com).
Use FTP in passive mode from the BIG-IP Controller to download the file. To place FTP in passive mode, type pass from the command line before transferring the file.
- Download the bigip3.3.1PTF-06kit.tar file to the /var/tmp/ directory on the target BIG-IP Controller
- Enter the following commands to install this PTF:
tar -xvpf bigip3.3.1PTF-06kit.tar
- Run the following commands:
- Follow on-screen instructions.
The install automatically creates a backup of the /etc/syslog.conf file in /var/save/backupyymmdd_hhmm/ on the BIG-IP Controller and removes any old files that are no longer used. If you have made changes to the /etc/syslog.conf file, you may need to edit that file and retype your modifications.
The checksums for this PTF are available in a file called sums, which can be downloaded from the FTP site.
Once you have installed the PTF software, please refer to the Configuring and using the updated software.
What's fixed in this PTF (PTF-06)
- The gateway fail-safe feature now pings gateways properly.
- UDP traffic is now handled properly by IP forwarding when a SNAT exists that contains the address of a node.
- This version of the software fixes hang-on-reboot issues on certain platforms of BIG-IP Controller.
- SSL persistent connections no longer persist to a node that is marked down.
What's fixed from PTF-05
- Rapid switching of configuration no longer destabilizes the controller.
- Interface name and pool name interpretation ambiguities have been resolved.
- Cookie persistence now works correctly when a connection is routed to a different data center.
- The controller can now force the media type for the wx gigabit driver.
See Media types for more information.
- The XML provider no longer encounters a memory allocation error.
- bigsnmpd memory leak fixed.
- Fixed the BIG-IP Controller's susceptibility to certain denial of service attacks.
- The controller correctly evaluates rules with http_cookie and exists.
- Forwarding virtual servers can now be defined on the BIG-IP e-Commerce Controller.
- Path MTU discovery works correctly through translating wildcard VIPs.
- SSL proxy now shuts down the SSL session correctly.
- Cache rule display issue is now fixed.
What's fixed from PTF-04
- Path MTU discovery now works properly with BIG-IP Controller virtual servers.
What's fixed from PTF-03
- This PTF upgrades the SSH client to version 1.3.11.
- BIG-IP Controller EAVs referencing a large number of nodes now run consistently at the specified interval.
- The MIB-II OID for the loopback interface (lo0) now displays the status UP.
What's fixed from PTF-02
- The BIG-IP Controller can now handle an interface failsafe timeout of less than 25 seconds.
- The BIG-IP Controller can now handle all rules from BIG-IP Controller version 3.2.3.
- Transparent node checking now works properly on targets with a port of zero (0).
- When FastFlow is enabled, the BIG-IP Controller now ARPs the nexthop gateway correctly while connections are in progress.
What's fixed from PTF-01
- Under all known circumstances, including when the second packet or later is holding the cookie and the packet ends on a CRLF, the BIG-IP Controller can now detect its cookie.
- When the IP Forwarding feature is enabled, ICMP Destination Unreachable Need Fragmentation packets are now forwarded.
- Traceroute now uses the correct destination address when encountering a wildcard virtual server that matches the destination address.
- Reduced state mirroring daemon (sfd) logging sensitivity and verbosity.
- Included new security patches for BIND by upgrading the version of BIND to version 8.2.3.
- The BIG-IP Controller serial number displays in the web-based Configuration utility.
Configuring and using the updated software
This release provides the following configuration options.
Use the following command to get a list of appropriate media types for an interface.
ifconfig -m <interface name>
Installing a Verisign Global Certificate
The BIG-IP Controller SSL gateway supports Verisign Global Certificates. To install a Global Certificate, you need the intermediate-ca.cert file provided by Verisign. Use the following procedure to install a Global Certificate.
- Copy the intermediate-ca.cert file into the /var/asr/gateway/CA/ directory. To do this, type the following command.
cp intermediate-ca.cert /var/asr/gateway/CA/
- Next, restart the proxy. The easiest way to do this is to simply reload the configuration file. To reload the configuration file, type the following command.
bigpipe -f /etc/bigip.conf
The proxy should now be working with the new certificate.
Tips on setting the preferred controller in redundant BIG-IP Controller installations
If you are using the force_master flag to set a specific controller to be the preferred active unit, we recommend that that you set the force_slave flag on the controller you want to run primarily as a secondary controller. This flag must be set if you are using network fail-over. For more information about these flags, see the BIG-IP Reference Guide, v.3.3, Setting a specific controller to be the preferred active unit, on page 1-100.
The following issues are known issues with the BIG-IP Controller, version 3.3.1 PTF-06 as of the release date. For known issues subsequent to the release date, please go to AskF5. Once you have logged in, type "known issues" and click Ask. Select the correct version number and click Ask again.
Network virtual server interface binding cannot be changed after definition
Once you define a network virtual server, you cannot change its interface binding.