Applies To:

Show Versions Show Versions

Archived Release Note: BIG-IP Controller Release Note, version 4.1
Release Note

Original Publication Date: 04/25/2002

This article has been archived, and is no longer maintained.

Summary:

This release note documents version 4.1 of the BIG-IP software. This release supports the BIG-IP® IP Application SwitchTM only.

Contents:

- Connecting to the IP Application Switch
- New features and enhancements
     - Support for the IP Application Switch platform
     - SSL-to-server
     - Enhanced startup
     - Enhanced interface statistics
     - Health monitor enhancements
     - Port mirroring
     - Spanning tree protocol support
     - Pool and rule support for Quality of Service (QoS)
     - Pool and rule support for IP Type-Of-Service (ToS)
     - Configurable protocol identifier for HTTP redirection
     - List of reserved keywords
- Configuring and using the new software
     - Required configuration changes
     - Optional configuration changes
     - Wildcard forwarding virtual server
- Known issues

Connecting to the IP Application Switch

This section describes how to connect to the BIG-IP® IP Application SwitchTM through either a null modem cable on the serial console, or a shielded ethernet cable on the administrative port.

Connecting with a null modem cable to the serial port

To connect through the serial port you must have a DB9 null modem cable, and a vt100-capable terminal emulator available on a computer in close proximity to the IP Application Switch.  Use the following process to connect the IP Application Switch and the terminal emulator:

  1. Connect the null modem cable to the IP Application Switch.  Use the DB9 port labeled Console on the IP Application Switch.


  2. Connect the null modem cable to a serial port on the system with the terminal emulator.


  3. Start the terminal emulator.  Set the emulator to 19200 baud and choose the correct serial device.


  4. Turn on the IP Application switch.  It may take a moment for the terminal emulator to connect.


  5. At the logon prompt, type the user name root with the password default.

  6. From the command line, type config to run the First-Time Boot utility.

Configuring the IP Application Switch through the administrative interface

Use the following procedure to connect to the IP Application Switch through the administrative interface.  The administrative interface is a 10/100 port labeled MGMT.  You need a shielded Category 5 cable, and an administrative workstation with a 10/100 interface to connect to the IP Application Switch through the administrative port. You can configure the BIG-IP through the administrative interface with a web browser or with SSH.

  1. Connect the shielded cable to the MGMT interface (3.1).


  2. Connect the shielded cable to the 10/100 interface on the management workstation.


  3. On the management workstation 10/100 interface, set up an IP alias of 192.168.1.1.  For more information on setting up an IP alias, consult your operating system documentation.


  4. Turn on the IP Application Switch. Wait a few moments while the IP Application Switch boots.


  5. Open a browser, or an SSH session, on the management workstation.


  6. If you use a browser, connect to the following URL: https://192.168.1.245.
    If you use SSH, connect to the IP address 192.168.1.245.


  7. At the logon prompt, type the user name root with the password default.

  8. To configure the IP Application Switch from the browser, click the First-Time Boot utility link on the Configuration utility screen.
    To configure it from SSH, type config.

[ Top ]

New features and enhancements

This section describes new features and enhancements included in this release of the BIG-IP software.

Support for the IP Application Switch platform

This release includes support for the IP Application Switch hardware platform.

Note: You should install this release only on the IP Application Switch hardware platform.

SSL-to-server

This release includes an SSL-to-server feature. In some situations, your security needs may require you to encrypt traffic behind the virtual server. You can use this feature to re-encrypt traffic after it is processed by the BIG-IP. For more information about the SSL-to-server feature, see the BIG-IP Controller Reference Guide, version 4.1,  pages 3-61 to 3-63.

Enhanced startup

This release includes enhancements that reduce the amount of time required to start the BIG-IP. In addition to booting more quickly, more relevant information is displayed on the terminal during boot up.  This information includes product identification, vendor identification, copyright notice, hardware configuration information, version information, and a login prompt.

Enhanced interface statistics

This release features enhanced statistics for BIG-IP interfaces.  The following state information and statistics are now available: MTU, Speed, MAC address, packets in, errors in, packets out, errors out, collisions, dropped packets, bits in, bits out.  The purpose of the change is:
  • To further reduce the need for separate UNIX utilities like netstart.
  • To report statistics specifically for interfaces (netstat lumps interfaces, VLANS, and trunks).
  • To enable other application interfaces, like iControl, to have access to this information.

For detailed information about enhanced interface statistics, see the BIG-IP Controller Reference Guide, version 4.1,  Displaying status for interfaces, page 2-4.

Health monitor enhancements

In this release, the WMI Data Collecting Agent (ISAPI) and the WMI Monitor Agent (WMIHttpAgent) have been enhanced to support WMI metrics for Windows Media Services.  The new metrics are shown in the following table, along with the command for gathering the metrics (GetWinMediaInfo), and the default coefficient and default threshold values. For detailed information about the GetWinMediaInfo metrics and how to set them, see the BIG-IP Controller Reference Guide, version 4.1,  Configuring Windows Servers with WMI, pages 3-12 to 3-17.

Port mirroring

For the BIG-IP IP Application Switch, you can copy traffic from any port or set of ports to a single, separate port.  This is called port mirroring.  The target port, called the mirror-to port, should have attached to it a sniffer device for debugging and monitoring. For detailed information about configuring port mirroring, see the BIG-IP Controller Reference Guide, version 4.1,  Port Mirroring, pages 2-22 to 2-23.

Spanning tree protocol support

Spanning Tree Protocol (STP) is supported in this release. For more information about STP, see the BIG-IP Controller Reference Guide, version 4.1,  Spanning Tree Protocol (STP), pages 2-20 to 2-22.

Pool and rule support for Quality of Service (QoS)

The QoS standard is a means by which network equipment can identify and treat traffic differently based on an identifier.  As traffic enters the site, the QoS level can be set by the controller.  The BIG-IP Controller can apply a rule and send the traffic to different pools of servers based on the Quality of Service level.

The BIG-IP Controller can tag outbound traffic (the return packets based on an HTTP GET) based on the QoS value set in the pool.  That value is then inspected by upstream devices and given appropriate priority.  Based on a rule, the controller can examine incoming traffic to see if it has a particular QoS or ToS tag in the header. The controller can then make a rule-based load balancing decision based on that tag.

There are two main usages for this feature:

  • Setting the QoS value on a packet based on which pool was selected for that packet.

    The following shows how to configure a pool for the first type of usage. In this example, the QoS tag will be set to 3 when sending packets to the client, and the tag will be set to 4 when packets are sent to the server. 

    pool http_pool {
        link_qos to client 3
        link_qos to server 4
    }

  • Making a load balancing decision based on the existing value within a packet.
    Use this syntax to configure a rule for this type of usage:

    rule my_rule {
        if (link_qos > 2) {
            use (fast_pool)
        }     else {
            use (slow_pool)
        }
    }

Pool and rule support for IP Type-Of-Service (ToS)

Please see Pool and rule support for Quality of Service (QoS) for general information about this feature. 

There are two main usages for this feature:

  • Setting the ip_tos (Type of Service) value on a packet based on which pool was selected for that packet.  This value is also called DiffServ.
  • The following shows how to configure a pool for the first type of usage.  In this example, the ToS tag will be set to 16 when sending packets to the client, and the tag will be set to 16 when packets are sent to the server.

    pool http_pool {
        ip_tos to client 16
        ip_tos to server 16
    }

  • Making a load balancing decision based on the existing value within a packet.

    The following shows how to configure a rule for the second type of usage.

    rule my_rule {
        if (ip_tos == 16) {
            use (telnet_pool)
        }
        else {
            use (slow_pool)
        }
    }

Configurable protocol identifier for HTTP redirection

This release includes support for new syntax that allows you to configure a protocol identifier for the HTTP redirection feature. For example, you want to specify an HTTPS site for www.yoursite.com, you would type fallback https://www.yoursite.com instead of the standard fallback syntax in the bigip.conf.

The following example defaults to redirect to an HTTP URL:

fallback www.yoursite.com

The following example overrides the protocol identifier with an HTTPS prefix:

fallback https://www.yoursite.com

The following example overrides the protocol identifier with an FTP prefix:

fallback ftp://www.yoursite.com

List of reserved keywords

With this version of the BIG-IP software, there is a list of keywords that are reserved.  You cannot use any words in the list when you create configurations from the web-based Configuration utility, or from the command line.  For more information about the reserved keywords, see the list of reserved keywords.


[ Top ]

Configuring and using the new software

This section provides information about both required and optional configuration changes.

Required configuration changes

The current release has no required configuration changes

Optional configuration changes

Wildcard forwarding virtual server

If you are currently using IP forwarding, for BIG-IP version 4.0 and higher we strongly recommend that you use a wildcard forwarding virtual server instead of or in addition to IP forwarding. With the additional features in BIG-IP 4.x, using a wildcard forwarding virtual server is faster than using IP forwarding. A wildcard forwarding virtual server also allows you to get statistics on the exact amount of traffic flowing through the system.

If you want to configure a wildcard forwarding virtual server to handle IP forwarded traffic, use the following procedure on your 4.x system. You can perform this procedure on-the-fly without causing any interruption of service.

  1. To set up timeouts type the following commands:

  2. bigpipe service 0 tcp enable
    bigpipe service 0 timeout tcp 30
    bigpipe service 0 udp enable
    bigpipe service 0 timeout udp 30

  3. Set up a wildcard forwarding virtual server by typing the following command:

  4. bigpipe virtual 0.0.0.0:0 forward

  5. If you want to allow protocols other than TCP and UDP through the forwarding virtual server, use the following command. The default timeout is 15 seconds.
    bigpipe virtual 0.0.0.0 any_ip enable
    If you want to change the default timeout for this setting, use this syntax:
    bigpipe virtual 0.0.0.0 any_ip timeout <seconds>
    For example, if you want to change the default timeout to 5 seconds, type this command:
    bigpipe virtual 0.0.0.0 any_ip timeout 5


  6. To save your new configuration, type:

  7. bigpipe save

For more information on wildcard forwarding virtual servers, see the BIG-IP Administrator Guide.


[ Top ]

Known issues

The following items are known issues in the current release.

Pressing the NETboot or RESET buttons
We recommend that you use a blunt object, such as a paper clip, to press the NETboot or RESET buttons. (CR16683)

Shell interpreted characters in monitors
Monitors cannot pass shell interpreted characters, such as &, >, and < in parameters. (CR13788)

Use a shielded cable in the administrative interface
To meet FCC emission requirements, a shielded cable is required for the administrative interface on the IP Application Switch (CASE)

Netscape browser security messages
You may see browser security alert messages when you resize the Configuration utility window in Netscape browsers. (CR11933)

Netscape browser window resize
If you resize a wizard window in the Configuration utility window in Netscape browsers, you are returned to the opening page of the wizard. (CR13239)

Interface media settings
For best results, choose the Auto media setting. In some cases, devices configured for Auto media are incompatible and the proper duplex setting will not be negotiated between these devices. In these cases you may need to set the media settings to the same speed and duplex on both the BIG-IP and the corresponding switch or host. (CR16145)

Changing the static route on a node
If you change the static route to a node you are load balancing, you should reload the BIG-IP configuration. To reload the BIG-IP configuration, use the bigpipe load command. (CR15769)

Network wildcard virtual servers
If you create a network wildcard virtual server, you must specify a netmask. (CR15925)

Gateway fail-safe with active-active mode
Gateway fail-safe is not supported in active-active mode. (CR14880)

Cannot remove all monitors to create a monitorless state
A base ICMP monitor is always associated with each node. This monitor cannot removed. (CR15512)

SSL proxy header insertion with SEARCH method
Recent changes to the SSL Proxy HTTP header insertion mechanism require client requests to begin with one of GET, POST, or HEAD; if the client request does not begin with one of these methods, HTTP headers are not inserted by the proxy. Certain versions of Internet Explorer send the non-standard SEARCH method while communicating with Outlook Web Access. This results in browser warnings regarding mixed secure and insecure content. Other applications may be affected by this issue.

In future releases BIG-IP will support inserting HTTP headers in client requests with methods specified in RFC 2616, as well as SEARCH and any other non-standard methods of which we become aware. (CR16869)

tcpdump shows no ICMP packets when pinging a virtual server
The tcpdump utility does not display ICMP packets when you ping a virtual server from a client. (CR16203)


[ Top ]

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)