Software Release Date: 12/05/2002
Updated Date: 03/05/2007
This product temporary fix (PTF) provides enhancements and fixes for the BIG-IP software, version 4.5. The PTF includes all fixes released since version 4.5, including fixes originally released in prior PTFs, and it is recommended only for those customers who want the enhancements and fixes listed below. You can apply the software upgrade to BIG-IP software, version 4.1.1 and later. For information about installing the PTF, please refer to the instructions below.
This release supports these platforms:
If you are unsure which platform you have, look at the sticker on the back of the chassis to find the platform number.
Important: If you are upgrading a BIG-IP redundant system, both units must be upgraded. We do not support running different PTF versions on a BIG-IP redundant system.
Important: If you are upgrading an IP Application Switch or a BIG-IP system that uses a CompactFlash® media drive, use the installation instructions here.
Apply the PTF to the BIG-IP software, version 4.5 using the following process. The installation script saves your current configuration.
The BIG-IP system automatically reboots once it completes installation.
When the im script is finished, the BIG-IP system reboots automatically.
Note: This procedure provides over 90MB of temporary space on /mnt. The partition and the im package file are deleted upon rebooting.
Added support for the 2400 platform
This release includes enhanced support for the F5 Networks 2400 platform.
Viewing licensing error log files from the Configuration utility (CR25055)
You can now view the log files for errors that occur during the licensing process using the Configuration utility. A View Log File button appears on the licensing screen when the licensing process generates errors.
Resets (RSTs) from aging-out connections can have incorrect sequence numbers (CR22219)
Resets (RSTs) from aging-out connections no longer cause some connections to hang due to incorrect sequence numbers for the resets.
CA-2002-31, Multiple Vulnerabilities in BIND (CR25085)
This PTF addresses the security vulnerabilities that are listed in CERT® advisory, CA-2002-31, Multiple Vulnerabilities in BIND. This PTF upgrades the BIND package to version 8.3.4. For more information on the CERT advisory, see http://www.cert.org/advisories/CA-2002-31.html.
The following items are the known issues identified since the release of BIG-IP software, version 4.5. For a list of the known issues in the 4.5 release, refer to the BIG-IP, version 4.5 Release Notes .
Default configuration of the external VLAN on 5100 and 5110 platforms (CR25353)
When you install this PTF, the external VLAN is assigned to different ports on the 5100 and 5110 platforms. The external VLAN on a 5100 Fiber Gigabit platform is mapped to interface 2.1, a fiber port. On the 5110 Copper Gigabit platform, the VLAN external is mapped to interface 1.1, a 10/100 port. When you run the setup utility, we recommend that you select the port you want to use for the external VLAN.
Manually deleting connections handled by the Packet Velocity ASIC (CR22494)
Manually deleting connections that are handled by the Packet VelocityTM ASIC does not generate a TCP reset.
Configuring the admin port for node connectivity (CR22599)
We recommend that you do not configure the admin port for node connectivity.
Changing active-active failback values (CR22715)
In active-active configurations, we recommend that you do not change the default failback value of 60 seconds. If you change this value, failback may not work as designed.
ANIP kernel on a dual-processor machine (CR24758) (CR23640)
Configuring or booting the ANIP kernel on a dual-processor machine that does not have any ANIP-capable (gigabit) interfaces may cause the system to become unstable. If the kernel is not in ANIP mode (see the cpu anip command to determine this), we recommend that you change to the SMP kernel for better utilization of the second processor.
Cookie insert overrides direct node selection (CR24957)
In systems with cookie insert and direct node selection configured, the cookie insert feature overrides the direct node selection feature.
Configuring a SNAT map with no virtual servers (CR24959)
On the 2400 platform, only connections that target a virtual server are accelerated by the Packet Velocity ASICTM.
TCP SYN packet to self IP that matches TIME_WAIT connection not handled correctly (CR24993)
If a TCP SYN packet is received for a self IP, and it matches an old connection that is in TIME_WAIT state (same source and destination address and port), the system deletes the old connection and creates a new one.
Connection statistics may be incorrect if you change the configuration under load (CR25044)
On the 2400 platform, connection statistics may be incorrect if you change the configuration under load.
VLAN-keyed connections on the 2400 platform (CR25046)
With VLAN-keyed connections on the 2400 platform, occasionally packet and byte statistics may be not counted for pools and SNATs.
Invalid OID for the shutdown trap in the SNMP MIB (CR25059)
The shutdown trap, in the SNMP MIB, has an invalid object identifier (OID) associated with it. Therefore, this trap does not function properly.
HTTP chunking when CRLF straddles boundary (CR25068)
The BIG-IP system incorrectly interprets carriage-return/line-feed (CRLF) when it is split across two packets.
Direct node selection fails to fallback to persistence (CR25077)
If you have direct node selection configured and a connection fails, the BIG-IP system does not maintain simple persistence for the connection.
proxyd processes with non-idle connections may never exit (CR25080)
Connections may not be timed out as long as the proxyd continues to receive data within the idle connection timeout, and the server-side connection remains open.
Pool::set_persist_mode() to type_expression (CR25096)
If you call Pool::set_persist_mode() to persist_mode_expression using iControl, and you do not set the persist_expression variable, when a packet comes through that virtual server, the system may become unstable.
Dual processor system without a gigabit interface (CR25104)
With this release, if you have a BIG-IP 540 platform, with two processors and no gigabit Ethernet interface, we recommend that you turn off one of the processors, and run the SMP kernel in UP (uniprocessor) mode. To do this, use the following steps:
An error message may display on shutdown (CR25110)
On switch platforms, an error message may display as the system shuts down when you reboot. You can ignore this warning, the reboot corrects the error situation.
The conn dump verbose command values displayed for packet or byte counts (CR25119)
The command b conn dump verbose may show incorrect values for packet and byte counts.
Switch platforms and STP (CR25113)
Using the halt command to halt the system with Spanning Tree Protocol (STP) enabled and participating in a STP domain may create a bridge loop on the switch platform.
The tcpdump utility on a switch platform with mirror VLAN and mirror hash enabled (CR25129)
When you use the tcpdump utility to view traffic on a switch platform that has mirror VLAN and mirror hash enabled, the utility does not properly display the traffic.
Single default gateway member is not displayed as a default gateway pool (CR25141)
If you only configure a single default gateway member, that address is configured as the default route. It is not displayed as a default gateway pool.
Web-based Configuration utility General page (CR25143)
The web-based Configuration utility General page does not update global defaults.
Invalid metrics statistics and graphs for down remote links (CR25146)
The Link Statistics screen, in the Configuration utility, displays very large, invalid values for remote links that are down (red ball). This invalid value causes the link statistics graphs to inaccurately display the data for both the down link and any available links.
Spanning Tree Protocol (STP) does not work properly if the BIG-IP Application Switch is the only active STP in the network (CR25162)
If the BIG-IP Application Switch is the only STP-enabled device in the network, parallel ports go to a forwarding state because the switch ignores its returning BPDU frames. This leaves the network open to bridge loops. To avoid this situation, we recommend that you disable STP if you only have one only STP-enabled device in your network.
UDP checksums and TFTP packets (CR25181)
In rare instances, the UDP checksums for TFTP packets may be incorrect.
Simple persistence timers and the 2400 platform (CR25182)
Simple persistence timeout global settings function slightly differently on the 2400 platform than on other BIG-IP platforms. With the 2400 platform, the global mode global persist timer timeout causes the persist timer to be updated every 30 seconds when a connection that references the persist entry is still alive. On other platforms, the persist timer is updated with every packet inbound from the client.
Using a serial terminal as console does not work on certain platforms (CR25183)
In version 4.5, the serial terminal as the console functionality does not work on some 2U controller platforms. You can determine if your unit is affected by examining the white F5 Networks sticker on the back of the unit. If you see D25 on the sticker, you may experience the problem. If you do experience this problem, contact Support for assistance. Note that the serial terminal functionality does work if you are running a IP Application Switch platform.
Version 4.5 and rules using contains against a class (CR25236)
In rules, you cannot use the contains, starts_with, and ends_with operators to compare class values if the value being compared was not equal to a member of the class.
HTTP header inserts and proxies (CR25246)
If header insertion is enabled in the proxy, and the proxy receives only the HTTP command as the first SSL record, the proxy assumes that the entire header has been sent, inserts its headers, and terminates the HTTP header block.
E-Commerce Controller and setting port translation option for wildcard ports (CR25336)
On the E-Commerce Controller only, when you configure a virtual server with a wildcard port (*) using the Configuration utility, the default port translation setting is set to enable instead of disable. Note that this does not occur when you use the bigpipe utility. If you want to configure virtual servers with wildcard ports, and you want to disable the port translation, add the virtual server using the following bigpipe command (rather than using the Configuration utility):
bigpipe virtual <ip_address:0> use pool <pool_name>
The redirect option in the Universial Inspection Engine(CR25358)
If you use the redirect option in the Universial Inspection Engine, and you do not specify a value for the %u variable, the BIG-IP system may examine an out-of-bounds memory location.
Changes in US and Canada Daylight Saving Time (CR58321)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. The resulting changes are not reflected in this version of the product software. To find out more about this issue, refer to SOL6551: F5 Networks software compliance with the Energy Policy Act of 2005.