- Installing the upgrade
- What's new in this version
- Known issues
Installing the upgrade
You can apply this release to version 1.8.3 and later. Do not apply previous PTFs; they are already included in the current installation.
Use the following process to install the software:
- Click here and follow the instructions for using the F5 Networks FTP site.
- Download bigipv30domkit.f5.tar file to the /var/tmp/ directory on the BIG/ip Controller.
Customers with International versions of the BIG/ip Controller need to download the bigipv30intlkit.f5.tar. Customers who are using LB versions of the BIG/ip Controller need to download the bigipv30lbdomkit.f5.tar. To place FTP in passive mode, type pass from the command line before transferring the file.
- Enter the following commands to install this software:
tar -xpf bigipv30domkit.f5.tar (Domestic HA and HA+)
tar -xpf bigipv30lbdomkit.f5.tar (Domestic LB)
tar -xpf bigipv30intlkit.f5.tar (International HA/LB)
- From the root, enter the following command:
- Follow the on-screen instructions.
The installation automatically creates a backup of the following files in /var/save/backupyymmdd_hhmm/ on the BIG/ip Controller, and removes any old files that are no longer used. If you have made changes to a file in the following list, you may need to edit that file and retype your modifications:
Customers upgrading LB or international versions of the BIG/ip Controller now have the option of configuring either a Telnet or FTP server during the upgrade, or you do the configuration at a later time. During the upgrade process, you are prompted to configure either Telnet or FTP if they have not been configured. Follow the instructions.
If you choose to configure Telnet or FTP at a later time, type the appropriate command:
During the final step in an international upgrade, you are prompted for the type of system you are upgrading: single or redundant. If you choose redundant, you are prompted to type in the user ID and password for accessing the BIG/ip web server. This information is used when synchronizing configurations (configsync).
After the BIG/ip Controller upgrade, you are prompted to enable or disable F5 support accounts on the BIG/ip Controller. You can configure a new password for F5 support accounts or disable the accounts.
If you have not configured a unit number for each controller in a redundant system, you are prompted to type in a unit number for the BIG/ip Controller. If this is the first controller you are upgrading, you can use the default unit number 1. If this is the second controller, type in 2, for the second unit.
Note: During an upgrade, you may see the error message "Bad interface name passed to the kernel" when the BIG/ip Controller starts to reboot. This error is harmless. It is a result of the unfamiliarity of the drivers with the new configuration files. After the upgraded controller automatically reboots, the new drivers should correspond to the new configuration files correctly.
The checksums for this release are available in a file called sums, which can be downloaded from the FTP site.
What's new in this version
- Active-active redundant controllers
The active-active redundant controller feature allows both controllers to simultaneously manage traffic for different virtual addresses. This option allows you to take advantage of the throughput of both controllers simultaneously. In the event of a failure on one of the controllers, the remaining active controller manages the virtual servers of the failed machine. For more information about this feature, see the BIG/ip Controller Administrator Guide, Working with Advanced Redundant System Features.
- Intelligent traffic control (ITC)
Intelligent traffic control (ITC) is a set of flexible features that increase the level of service and control over Internet traffic. In these features is the ability to identify specific traffic, based on HTTP request data (URLs, HTTP version, HTTP host field), cookies, or client source address and send that traffic to a specific set of servers or devices that can best service the request. These features let you allocate server resources based on the type of application or content requested most. The following features are included in ITC:
- Pools and members
For more information about how to configure pools and members, see the BIG/ip Controller Administrator Guide, More Flexible Load Balancing Using Pools and Members.
- Load balancing rules (BIG/ip Controller HA versions only)
For more information about how to configure rules, see the BIG/ip Controller Administrator Guide, Selecting a Load Balancing Pool Using a Rule.
- Cookie persistence hash mode (BIG/ip Controller HA versions only)
The hash mode for cookie persistence is a new feature available with this release of the BIG/ip Controller. You can use this mode to specify a certain number of bytes in a cookie to determine the destination of the connection. This cookie persistence mode maps a cookie value to a node. Clients connect persistently when they present cookies to a given node. For more information about this feature, see the BIG/ip Controller Administrator Guide, Working with Advanced Persistence Options.
- Versatile interfaces: Source and destination processing
The versatile interfaces feature provides the ability to change both the source address or destination address and/or route of an IP packet on a BIG/ip Controller interface. You can turn on source or destination processing independently for an interface. In practical terms, this means that you can configure an interface to handle traffic going to virtual servers and, independently, you can configure the interface to handle traffic going out from nodes. So, you can have virtual servers and nodes on each interface you have installed in the BIG/ip Controller. This allows the most flexible processing of packets by the BIG/ip Controller. When either the source or destination processing feature is turned off for an interface, the result is a gain in performance. You can optimize BIG/ip Controller performance with no additional effort. For more information about this feature, see the BIG/ip Controller Administrator Guide, Using the versatile interface configuration options, page 2-24.
- Interface security
An additional feature of versatile interfaces is the ability to control access to the BIG/ip Controller on any interface. In previous versions of the BIG/ip Controller, the external interface was always in a locked down state, and the internal interface was open. In BIG/ip Controller version 3.0, any interface may be in either a locked down or open state. When an interface is locked down, only the ports essential to the configuration and operation of the BIG/ip Controller and 3DNS Controller are open. When an interface is open, all connections are allowed to and from the BIG/ip Controller through that interface. For more information about this feature, see the BIG/ip Controller Administrator Guide, Inteface security, page 2-28.
- Per-connection routing
The per-connection routing option is now available for virtual servers. In situations where the BIG/ip Controller is accepting connections for virtual servers from more than one router, you can send the return data back through the same device from which the connection originated. Use this option to spread the load among outbound routers, or to ensure that connections go through the same device if that device is connection-oriented, such as a proxy, cache, firewall, or VPN router. You can do this by defining a pool that contains the list of routers from which the connections are received, and then associating the pool with a virtual server using the lasthop keyword. For more information about this feature, see the BIG/ip Controller Administrator Guide, Using the per-connection routing, page 2-29.
- Forwarding virtual servers
You can now create a forwarding virtual server in the BIG/ip Controller, version 3.0. A forwarding virtual server is a type of virtual server that simply forwards all traffic to the specific node specified in the virtual IP address. It has no associated nodes. For more information about this feature, see the BIG/ip Controller Administrator Guide, Configuring forwarding virtual servers, page 2-31.
- Transparent virtual servers
You can now create a transparent virtual server in BIG/ip Controller, version 3.0. The new translate keyword allows you to turn off address translation for any virtual server. This can be useful when the BIG/ip Controller is load balancing devices that have the same IP address. This is typical with the nPath routing configuration where duplicate IP addresses are configured on the loopback device of several servers. You can control whether port translation is enabled for a virtual server using the translate keyword. Port translation is enabled by default. Port translation can be disabled or enabled for any valid port. For more information about this feature, see the BIG/ip Controller Administrator Guide, Configuring transparent virtual servers, page 2-32.
- Reset connections on service down
You can configure individual virtual servers so that the BIG/ip Controller sends connection resets to the end points of TCP connections when the controller determines that the service they are using has gone down. This feature is currently only used in conjunction with service checking. Node pings that time out do not cause connection resets to be sent. Only TCP connections receive the resets. UDP connections are not reset because there is no shutdown mechanism for UDP connections. For more information about this feature, see the BIG/ip Controller Administrator Guide, Resetting connections on service down, page 2-34.
- Enhancements to the F5 Configuration utility
The web-based F5 Configuration utility for the BIG/ip Controller, version 3.0, contains the following enhancements:
- Ports are now automatically created when you define virtual servers.
- There is quicker navigation to global virtual ports and global node ports from the left-hand navigation pane.
- We have updated the virtual server and SNAT creation step, which assembles groups of nodes through interactive list editors.
- We have improved the high-level listing of objects including Virtual Servers, Global Virtual Ports, Nodes, and Global Node Ports. The new lists present more summary information for each list item. Also, items in the high-level lists that are themselves lists (like the nodes associated with a virtual server in a default pool) are now lists, which means the you can navigate to one of the items on that list by clicking the list and choosing a particular item.
- Now there is a separate extended service check category on ECV/EAV property pages for Simple service check. That category was previously part of the ECV select box menu.
- You can now configure multiple trap communities and trap sinks for SNMP using the new lists editors.
- The load balancing options for node list virtual servers have moved from the BIG/ip System Properties Page to the Virtual Servers List page.
- The network interface card properties page is improved to show shared IP addresses. This page also has new navigation options for VLAN tag information.
- We have added support for all the new BIG/ip Controller version 3.0 enhancements.
- CR 4992: UC Davis MIB does not load in OpenView Network Node Manager
Fixed a problem so that the UC Davis MIB can load into OpenView Network Node Manager.
- CR 4960: Local time zone is not being set correctly by the First-Time Boot utility
Fixed a problem so that the First-Time Boot utility now sets the time zone correctly.
- CR 4652: FTBU does not set FDDI media type correctly
Fixed a problem with the First-Time Boot utility so that the FDDI media type is consistently set correctly.
- CR 3926: Terminal type evaluated wrong when you SSH from one BIG/ip Controller to another
The BIG/ip Controller intermittently used the wrong terminal type when you tried to SSH from one BIG/ip Controller to another. It now uses the correct terminal type consistently.
- CR 3578: Bigsnmpd does not allow a netmask of 255.255.255.255 in /etc/hosts.allow file
You can now use the netmask 255.255.255.255 in the /etc/hosts.allow file.
The following issues are known issues with the BIG/ip Controller, version 3.0.
BIG/ip Controller, version 3.0, compatibility with the 3DNS Controller
The BIG/ip Controller, version 3.0, is compatible with the 3DNS Controller, version 2.0. Previous versions of the 3DNS Controller are not supported with this release.
The /etc/bigip.interfaces file is deprecated. Interface settings are now stored in BIG/db.
The default SNAT from BIG/ip Controller versions 2.1.x
Default SNAT definitions are not compatible with NATs.
State mirroring in BIG/ip Controller
In order for state mirroring to work properly after a configuration change, follow these general guidelines:
- Make your configuration changes.
- Synchronize the configuration between the two controllers. You can run the bigpipe configsync all command, or use the F5 Configuration utility Config Sync feature.
Filter message on reboot
You can recieve a syntax error message at boot time on the BIG/ip Controller if you have a zero-length ipfw.conf and/or zero-length ipfwrate.conf file. This error does not affect the performance of the BIG/ip Controller. To avoid this error message, remove the zero length ipfw.conf, ipfw.filt, ipfwrate.conf, and ipfwrate.filt files from the BIG/ip Controller.