Software Release Date: 01/05/2003
Updated Date: 03/05/2007
This product temporary fix (PTF) provides enhancements and fixes for the BIG-IP Link Controller software, version 4.5. The PTF includes all fixes released since version 4.5, including fixes originally released in prior PTFs, and it is recommended only for those customers who want the enhancements and fixes listed below. You can apply the software upgrade only to BIG-IP Link Controller software, version 4.5 and later. For information about installing the PTF, please refer to the instructions below.
Important: If you are upgrading a Link Controller redundant system, both units must be upgraded. We do not support running different PTF versions on a Link Controller redundant system. Additionally, If you are updating the Link Controller module on a BIG-IP system, refer to the BIG-IP, version 4.5 PTF-02 note for instructions on installing the PTF.
Apply the PTF to the BIG-IP Link Controller, version 4.5 using the following process. Note that the installation script saves your current configuration.
Note: If you have installed prior PTFs, this installation does not overwrite any configuration changes that you made for prior PTFs.
Important: If you are upgrading an IP Application Switch or a Link Controller unit that uses a CompactFlashÂ® media drive, use the installation instructions here.
The Link Controller automatically reboots once it completes installation.
When the im script is finished, the Link Controller reboots automatically.
Note: This procedure provides over 90MB of temporary space on /mnt. The partition and the im package file are deleted upon rebooting.
This PTF adds a new load balancing method, fallback, and two new load balancing modes for the fallback method, drop_packet and explicit_ip. The fallback method and load balancing modes are applicable to inbound load balancing only. The Link Controller uses the fallback method when the preferred and alternate load balancing modes do not provide an available virtual server to return as an answer to a query. When you specify the drop_packet mode, the Link Controller does nothing with the packet, and simply drops the request. (Note that a typical LDNS server iteratively queries other authoritative name servers when it times out on a query.) When you specify the explicit_ip mode, the 3-DNS Controller returns the IP address that you specify as the fallback IP as an answer to the query. Note that the IP address that you specify is not monitored for availability before being returned as an answer. When you use the explicit_ip mode, you can specify a disaster recovery site to return when no load balancing mode returns an available virtual server.
You can configure the fallback method only from the command line. For information on configuring the fallback method and load balancing mode, see the Configuring the fallback method for inbound load balancing section of this PTF note.
UDP checksums and TFTP packets (CR22113, CR25181)
In rare instances, the checksums for TFTP packets were incorrect. This issue has been resolved.
Resets (RSTs) with incorrect sequence numbers (CR22219)
Resets (RSTs) from aging-out connections no longer cause some connections to hang due to incorrect sequence numbers for the resets.
Apache web server and the CERT Coordination Center vulnerability, VU#672683 (CR24689)
This PTF addresses the vulnerability in the Tomcat package for the Apache web server that is described in Vulnerability Note VU#672683 on the CERTÂ® Coordination Center website. For more information on the vulnerability, see http://www.kb.cert.org/vuls/id/672683.
iControl BaseServer::get_interfaces function and the 3dnsd process (CR24912)
The following iControl function, ITCMGlobalLB::BaseServer::get_interfaces, no longer causes the 3dnsd process to stop running when you specify an invalid type within the function.
Root servers list for BIND (CR25064)
The root servers list file for BIND, root.hint, has been updated to include the most current list of root servers.
Invalid metrics statistics and graphs for down remote links (CR25146)
The Link Statistics screen, in the Configuration utility, no longer displays very large, invalid values for remote links that are down (red ball). The link statistics graphs now accurately display the data for both the link that is down, and any available links.
Using a serial terminal as a console (CR25183)
This PTF fixes the serial terminal as the console functionality, as described in the 3-DNS Reference Guide, Chapter 6, Monitoring and Administration, so that it works with all 2U controller platforms.
CA-2002-31, Multiple Vulnerabilities in BIND
This PTF addresses the security vulnerabilities that are listed in CERTÂ® advisory, CA-2002-31, Multiple Vulnerabilities in BIND. This PTF upgrades the BIND package to version 8.3.4. For more information on the CERT advisory, see http://www.cert.org/advisories/CA-2002-31.html.
Support for the 2400 platform
This release includes enhanced support for the F5 Networks 2400 platform.
Viewing licensing error log files from the Configuration utility (CR25055)
You can now view the log files for errors that occur during the licensing process using the Configuration utility. A View Log File button appears on the licensing screen when the licensing process generates errors.
The following section provides information about optional configuration changes.
You configure the fallback method only at the command line, by editing the wideip.conf file. You can specify either the drop_packet load balancing mode, or the expicit_ip load balancing mode. Note that if you specify the explicit_IP mode, you also specify a fallback IP address (fallback_ip).
To configure the fallback method using the drop_packet mode
To configure the fallback method using the explicit_ip mode
The following items are the known issues identified since the release of BIG-IP Link Controller, version 4.5. For a list of the known issues in the 4.5 release, refer to the BIG-IP Link Controller, version 4.5 release note .
Deleting hardware-accelerated connections (CR22494)
You cannot force the BIG-IP system to delete hardware-accelerated connections using the bigpipe command, b conn delete all. The BIG-IP system, however, does delete hardware-accelerated connections when the system initiates the delete command.
Creating pools and the admin VLAN (CR22599)
If you create a pool that uses the admin VLAN, the system cannot use hardware acceleration for that pool. We recommend that you do not use the admin VLAN for load balancing connections.
SNAT automap and acceleration (CR24959)
If you configure SNAT automap and do not associate the SNAT with a virtual server, the traffic is not accelerated. Note that you can associate the SNAT with a wildcard virtual server to accelerate any SNAT automap traffic.
Changing the hardware acceleration mode and resetting connections (CR25009)
When you change the hardware acceleration mode for a pool, and there are current connections for the nodes in the pool, the connections do not reset when you use the b conn reset command. The connections do close when they reach their time-to-live (TTL).
Invalid OID for the shutdown trap in the SNMP MIB (CR25059)
The shutdown trap, in the SNMP MIB, has an invalid object identifier (OID) associated with it. Therefore, this trap does not function properly.
b conn dump verbose command does not display correct values for packet counts or byte counts (CR25119)
The bigpipe command, b conn dump verbose, displays incorrect values for packet counts and byte counts.
Default gateway pool does not display properly when there is only a single pool member (CR25141)
In the Configuration utility, on the Outbound LB screen, the default gateway pool does not display properly when you define only one router when you first run the Setup utility. Once you configure a link for that router, the default gateway pool displays properly on the Outbound LB screen.
MicrosoftÂ® Internet Explorer security settings and the Link Configuration screens (CR25444)
MAC masquerade addresses and forcing a system to standby (CR25453)
When you purposefully change the state on a BIG-IP unit in a redundant system from active to standby, the first octet of the MAC address for any self IPs that you have configured may change to 02. This happens only when your configuration meets all of the following conditions:
Turning off Total Traffic Limit after setting all limits (CR25466)
In the Configuration utility on the Link Configuration screen, you cannot turn off the total traffic limit for a link once you have configured a limit for total traffic. This occurs only when you configure bandwidth limits for inbound traffic, outbound traffic, and total traffic, and then later try to turn off only the total traffic limit setting. If you want to turn off the limit setting for total traffic, and you have configured limits for inbound traffic, outbound traffic, and total traffic, then you must clear the limits for all three settings, and then reset the limits for inbound traffic and outbound traffic only.
Changes in US and Canada Daylight Saving Time (CR58321)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. The resulting changes are not reflected in this version of the product software. To find out more about this issue, refer to SOL6551: F5 Networks software compliance with the Energy Policy Act of 2005.