Software Release Date: 10/30/2002
Updated Date: 03/05/2007
This release note documents version 4.5, of the BIG-IP Link Controller software. You can apply the software upgrade to version 4.3. For information about installing the software upgrade, please refer to the instructions below.
This section describes the minimum system requirements for this release.
Use the following instructions to apply the upgrade to the BIG-IP Link Controller software, version 4.3. The install script saves your current configuration.
Warning: Before you install the software, you must have a valid registration key. If you do not have a valid registration key, DO NOT attempt to install the software. If you choose to continue without obtaining a registration key, the BIG-IP system will not be fully functional. If you do not have a registration key, please contact your vendor to obtain one.
Important: If you have a valid license file from a previous version of the BIG-IP software, use the following site to obtain a new registration key: http://tech.f5.com/license/license.html.
Important: If you are upgrading an IP Application Switch, or a controller with a CompactFlash card, use the Upgrading an IP Application Switch instructions to apply the upgrade, rather than using the following instructions.
Note: If you want to create a CD image of the upgrade, download the bigip45crypto.iso file.
To upgrade an IP Application Switch or a CompactFlash card, use the following process.
When the im script is finished, the BIG-IP unit reboots automatically.
Note: This procedure provides over 90MB of temporary space on /mnt. The partition and the im package files are deleted upon rebooting.
Once you install the upgrade and connect the controller to the network, you need a valid license certificate to activate the software. To obtain a license certificate, you need to provide two items to the license server: a registration key and a dossier. The registration key is a 25-character string. You should have received the key by email. The registration key lets the license server know which F5 products you are entitled to license. The dossier is obtained from the software, and is an encrypted list of key characteristics used to identify the platform. If you do not have a registration key, please contact your vendor.
You can obtain a license certificate using one of the following methods:
Note: You can open the Configuration utility using either Netscape Navigator version 4.7, or Microsoft Internet Explorer version 5.0 or 5.5. Neither Internet Explorer 6.0 nor Netscape Navigator 6.0 is supported.
You can use the Configuration utility to manually activate a license for a previously-configured Link Controller and for a new controller. Before you can activate the license, however, you must log on to the Configuration utility.
To open the Configuration utility for an existing Link Controller
To open the Configuration utility for a new Link Controller
Once you have successfully logged in to the Configuration utility, you can proceed with the manual license activation.
To manually activate a license using the Configuration utility
Improved web user interface for link configuration and load balancing
The Configuration utility has been significantly improved for link configuration and management. Now you can easily add multiple links, configure wide IPs for inbound load balancing, and configure multiple router pools for outbound load balancing. To view the new configuration screens, expand the Link Configuration item in the navigation pane, and then select Links, Inbound LB, or Outbound LB. For details on the screen settings, click the Help button.
Full duplex billing support
With this version of the BIG-IP Link Controller, you can configure full duplex billing support if that is the billing method that your Internet service providers (ISPs) use. When you enable full duplex billing support, the Link Controller manages and reports on the link traffic based on the peak usage of ingress or egress bandwidth, whichever is higher. If duplex billing is not enabled, the controller manages and reports on link traffic based on the combined total of ingress and egress bandwidth usage. For details on enabling duplex billing support, see Enabling duplex billing support in the Optional configuration changes section of this release note.
Billing estimates based on P95 bandwidth usage
The Link Statistics screens now include a Billing Estimate screen, where you can enter date ranges and view your actual link bandwidth usage compared to your purchased bandwidth. For details on the Billing Estimate screen, review the online help for that screen. To view the Billing Estimate screen, from the navigation pane, expand the Link Statistics item and then click P95.
You can now use the Setup utility to configure a remote LDAP or RADIUS authentication server. With this feature, you no longer need to directly edit configuration files to set up your LDAP or RADIUS authentication server.
Also, this release of the BIG-IP Link Controller expands the number of user roles that you can assign to user accounts for the purpose of user authorization. In addition to the standard Full Read/Write, Partial Read/Write, and Read-Only access levels, you can now define which user interface an administrator uses to access the BIG-IP system (the Configuration utility, the command line interface, or the iControl interface). These user authorization roles are stored in the local LDAP database on the BIG-IP system and are designed to operate in concert with centralized LDAP and RADIUS authentication.
Other useful security features in this release are support for intrusion-detection devices, and protection from denial-of-service attacks. This release includes two new features to assist in detecting network intruders: VLAN mirroring and clone pools. By enabling a clone pool, any traffic directed to a pool is automatically sent to a node within a replicated pool.
Easy system account creation
With this release, the BIG-IP system now offers a centralized Setup screen to set the passwords for the two system accounts: admin and support. For the support account, you can also specify whether to allow command line access, Web access, or both.
Enhanced support for global variables
This release includes a number of new global variables, such as variables that define high-water and low-water marks for the adaptive reaping of connections to prevent denial-of-service attacks. Also, the Configuration utility now shows all global variables and presents them in categories, according to function.
The Link Controller has been enhanced to both monitor and share configuration information with the 3-DNS Controller. The benefits include:
The following issues are resolved in the current release.
Specifying invalid date ranges on the Billing Estimate statistics screen (CR23331)
In the Configuration utility, on the Billing Estimate statistics screen (P95 in the Link Statistics item), if you specify an end date that is later than the current date, you no longer see error messages. (Note that the controller cannot graph bandwidth usage that has not yet occurred.)
The following section provides information about both required and optional configuration changes.
F5 Networks has implemented a new product licensing process. You must obtain a valid registration key from your vendor before you can install the version 4.5 software. You can contact your vendor to obtain a valid registration key for the licensing process. To obtain a new license, follow the instructions for Activating the license.
Important: You must complete the authorization and licensing process before you run the configuration utility to configure the unit. If you do not obtain a license before you run the configuration utility, the system may behave in an unexpected manner.
When upgrading to BIG-IP version 4.5 from a previous version, the BIG-IP system manages the access level assigned to the admin account by retaining the same access level that was assigned to the account prior to the upgrade. Once the upgrade is completed, we recommend that you promote the access level on this account to CLI + Full Read/Write. Use the following instructions to promote the admin account:
The following instructions describe the steps to configure duplex billing support for a link.
To configure duplex billing support using the Configuration utility
The following items are known issues in the current release. For the latest known issues for this release, refer to AskF5 (http://tech.f5.com)
Lower connection rate (CR23803)
In this release, BIG-IP platforms, such as the 520 and 2000, equipped with a single processor, are expected to have a maximum new connection rate approximately 10% lower than the version 4.2 release. This has no additional performance impact other than a reduction of the maximum connection rate. This does not affect the general performance of the single processor systems, and has no affect on dual processor systems.
SNMP trap sink (CR19769)
Currently the SNMP trap source is the host name of the BIG-IP system that it is coming from. The SNMP trap source should be an IP address that is routable to the trap sink.
Setting active-active mode using the web-based Configuration utility (CR19794)
With network failover enabled, you cannot use the Configuration utility to configure active-active mode. When you have network failover enabled, use the command line interface to set active-active mode.
Rebooting the system and lost interrupt error message (CR19813)
In certain circumstances when you reboot, you may receive the error message wd0: lost interrupt. This message is only a warning, and does not affect the operation of the BIG-IP unit.
Broadcom 582x driver error message (CR20461)
Currently the Broadcom 582x driver does not return an error if the hardware operation times out.
Values for Link Limits (CR20744)
On the Modify Link screen in the Configuration utility, when you type values for bandwidth limits, and you type a number that is not divisible by 8, the Configuration utility rounds the value to the next lowest number that is divisible by 8.
snmp checktrap (CR21701)
When the port for the node that is being marked up or down is any, checktrap may not correctly identify it.
Windows uploads (CR22043)
Delayed-acks may throttle Windows uploads to 40K per second.
UDP checksums and TFTP packets (CR22113)
In rare instances, the checksums for TFTP packets are incorrect.
Default wildcard ports (CR22191)
Default wildcard ports do not use ICMP monitoring.
Network virtual servers (CR22202)
Creating more than 1024 network virtual servers may cause the BIG-IP system to become unstable.
Short-lived rapid connections from the same source IP (CR22232)
When dealing with short-lived rapid connections from the same source IP address, the BIG-IP system may arbitrarily reset some packets.
The ifTable function may not list VLANs.
SNMP traffic is passing through a vlan that has port lockdown enabled (CR22677)
A VLAN configured with port lockdown enabled allows SNMP traffic regardless of whether you have explicitly enabled the SNMP port using the open_snmp_port global setting.
Upgrading from version 4.3 to version 4.5 and duplex billing status (CR23053)
When you upgrade your Link Controller from version 4.3 to version 4.5, the upgrade process enables duplex billing support, by default, for the links in your configuration. To disable duplex billing support, clear the Duplex Billing check box on the Link Weighting tab in the Configuration utility.
Layer 2 (L2) forwarding two VLANs on one interface (CR23460)
When a VLAN group is bridging across the internal and external VLANs with the same IP network on both sides of the BIG-IP system, and you configure only one interface, with VLAN tags for both internal and external VLANs, the network becomes unusable. In this type of configuration, you need to configure one interface for each VLAN in the VLAN group in order for the BIG-IP system to function correctly.
Default path for client-trusted CA files and CRL files (CR23478)
The BIG-IP system uses the default path for client-trusted CA files and client CRL files even if a new path is created.
Inaccurate titles for Billing Estimate graphs (CR23770)
When you change the date or time range on the Billing Estimate screen in the Link Statistics, the titles on the graphs do not update to reflect the changes. If you are using Internet Explorer, you can update the titles by holding down the Control key, right-clicking in the screen, and then clicking Refresh. If you are using Netscape Navigator, you can update the titles by holding down the Shift key, right-clicking in the screen, and then clicking Refresh.
Setting prepaid segments all to 0 (zero) results inaccurate setting on Link Statistics screen (CR24680)
On the Link Statistics screen, in the Configuration utility, the Over Prepaid statistic displays as Yes when it should display as No, under the following conditions:
Deleting the Default Gateway Pool using the Setup utility (CR24519)
If you define a default gateway pool using the Setup utility, and then define a virtual server or other network objects on the pool, you will not be able to delete the pool using the Setup utility as long as the pool is in use. In order to delete the pool using the Setup utility, you must first remove all IP addresses and network objects associated with the pool.
Configuring the default gateway pool (CR24717)
If you only add one default route when you run the Setup utility, the utility does not create a default gateway pool. If you then add a second link (and route) using the Link Configuration screen in the Configuration utility, the utility creates a default gateway pool and adds the second router to the pool. This process does not, however, add the first default route to the newly-created default gateway pool. You must manually add the first default route to the newly-created default gateway pool.
Total traffic limit is not used in the Link Controller module (CR24793)
In the Link Controller module, Duplex Billing is turned on, and, therefore, the total traffic limit setting is not used.
Viewing wide IPs created in the 3-DNS Controller module from the Link Controller module (CR24842)
Wide IPs that you create in the 3-DNS Controller module that contain more than one pool, display only the first pool of the wide IP in the Inbound LB screen in the Link Controller module. You may encounter this known issue only when you are running a BIG-IP system with both the 3-DNS Controller module and the Link Controller module.
Rebooting the controller and mra.config.log.[nn] files in the /var/log directory (CR24922)
When you reboot the Link Controller, you may see the following file, mra.config.log.[nn] in the /var/log directory. These files and their output are not relevant to the Link Controller server appliance, and are, therefore, benign.
The BIG-IP Link Controller Solutions Guide is not available from the home screen in the Configuration utiluty (CR24946)
The BIG-IP Link Controller Solutions Guide is not available from the web server Welcome screen. You can obtain this guide from the Software and Documentation CD by navigating to the /doc directory, and opening the lc_solutions.pdf file. You can also obtain the guide from the AskF5 web site (http://tech.f5.com).
Changes in US and Canada Daylight Saving Time (CR58321)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. The resulting changes are not reflected in this version of the product software. To find out more about this issue, refer to SOL6551: F5 Networks software compliance with the Energy Policy Act of 2005.