Applies To:

Show Versions Show Versions

Archived Release Note: BIG-IP Link Controller Release Note, version 4.5
Release Note

Software Release Date: 10/30/2002
Updated Date: 03/05/2007

This article has been archived, and is no longer maintained.

Summary:

This release note documents version 4.5, of the BIG-IP Link Controller software. You can apply the software upgrade to version 4.3. For information about installing the software upgrade, please refer to the instructions below.

Contents:

- Minimum system requirements
- Installing the upgrade
     - Upgrading an IP Application Switch
     - Activating the license
- New features and enhancements
- Fixes
- Configuring and using the new software
     - Required configuration changes
     - Optional configuration changes
- Known issues

Minimum system requirements

This section describes the minimum system requirements for this release.

  • Intel® Pentium® III 550MHz processor
  • 512MB disk drive or CompactFlash® card
  • 256MB RAM
  • Supported browsers: Microsoft® Internet Explorer 5.0 or 5.5; Netscape® Navigator 4.7x
[ Top ]

Installing the upgrade

Use the following instructions to apply the upgrade to the BIG-IP Link Controller software, version 4.3. The install script saves your current configuration.

Warning:  Before you install the software, you must have a valid registration key. If you do not have a valid registration key, DO NOT attempt to install the software. If you choose to continue without obtaining a registration key, the BIG-IP system will not be fully functional. If you do not have a registration key, please contact your vendor to obtain one.

Important:  If you have a valid license file from a previous version of the BIG-IP software, use the following site to obtain a new registration key: http://tech.f5.com/license/license.html.

Important:  If you are upgrading an IP Application Switch, or a controller with a CompactFlash card, use the Upgrading an IP Application Switch instructions to apply the upgrade, rather than using the following instructions.

  1. Connect to the F5 Networks, Inc., FTP site (ftp.f5.com). You are provided access to this service as part of the maintenance agreement with F5 Networks. Contact your vendor if you do not have a user ID and password for the F5 FTP site.

  2. Download the following file:

    BIGIP_4.5_Upgrade.im

    Note:  If you want to create a CD image of the upgrade, download the bigip45crypto.iso file.

  3. Download the upgrade file to the /var/tmp/ directory on the target BIG-IP unit.

  4. On the BIG-IP unit, change to the /var/tmp/ directory by typing:

    cd /var/tmp/

  5. Type the following command to install this upgrade:

    im BIGIP_4.5_Upgrade.im

    The BIG-IP unit automatically reboots multiple times as it completes the installation process.

Upgrading an IP Application Switch

To upgrade an IP Application Switch or a CompactFlash card, use the following process.

  1. Create a memory file system, by typing the following command:

    mount_mfs -s 200000 /mnt

  2. Type the following command:

    cd /mnt

  3. Connect to the FTP site (ftp.f5.com).

  4. Download the correct file from the F5 Networks, Inc., FTP site (ftp.f5.com).

    For this upgrade, the file name is BIGIP_4.5_Upgrade.im

  5. On the BIG-IP unit, run the im upgrade script, using the file name from the previous step as an argument:

    im /mnt/<file name>

    When the im script is finished, the BIG-IP unit reboots automatically.

Note:  This procedure provides over 90MB of temporary space on /mnt.  The partition and the im package files are deleted upon rebooting.

Activating the license

Once you install the upgrade and connect the controller to the network, you need a valid license certificate to activate the software. To obtain a license certificate, you need to provide two items to the license server: a registration key and a dossier. The registration key is a 25-character string. You should have received the key by email. The registration key lets the license server know which F5 products you are entitled to license. The dossier is obtained from the software, and is an encrypted list of key characteristics used to identify the platform. If you do not have a registration key, please contact your vendor.

You can obtain a license certificate using one of the following methods:

  • Automatic license activation

    You perform automatic license activation from the command line or from the web-based Configuration utility of an upgraded controller. This method automatically retrieves and submits the dossier to the F5 Networks license server, as well as installs the signed license certificate. In order for you to use this method, the controller must be installed on a network with Internet access.

  • Manual license activation

    You perform manual license activation from the Configuration utility, which is the software user interface. With this method, you submit the dossier to, and retrieve the signed license file from, the F5 Networks license server manually. In order for you to use this method, the administrative work station must have Internet access.

Note:  You can open the Configuration utility using either Netscape Navigator version 4.7, or Microsoft Internet Explorer version 5.0 or 5.5. Neither Internet Explorer 6.0 nor Netscape Navigator 6.0 is supported.

To automatically activate a license from the command line for first time installation

  1. Type the user name root and the password default at the log on prompt.

  2. At the prompt, type license. The following prompts appear:

    IP:
    Netmask:
    Default Route:
    Select interface to use to retrieve license:


    The Link Controller uses this information to make an Internet connection to the license server.

  3. After you type the Internet connection information, continue to the following prompt:

    The Registration Key should have been included with the software or given when the order was placed. Do you have your Registration Key? [Y/N]:

    Type Y, and the following prompt displays:

    Registration Key:

  4. Type the 25-character registration key you received. If you received more than one key, enter all of the keys separated by a space.

    The controller retrieves and sends the dossier to the F5 Networks license server, and the F5 Networks license server returns and installs a signed license file. A message displays indicating the process was successful.

  5. If the licensing process is not successful, contact your vendor.

To automatically activate a license from the command line for upgrades

  1. Type your user name and password at the log on prompt.

  2. At the prompt, type setup.

  3. Choose menu option (L) License Activation.

  4. The following prompt displays:

    Number of keys: 1

    If you have more than one registration key, enter the appropriate number, and press Enter.

  5. The following prompt displays:

    Registration Key:

    Type the 25-character registration key you received. If you received more than one key, enter all of the keys separated by a space.

    The controller retrieves and sends the dossier to the F5 Networks license server, and the F5 Networks license server returns and installs a signed license file. A message displays indicating the process was successful.

  6. If the licensing process is not successful, contact your vendor.

To manually activate a license using the Configuration utility

You can use the Configuration utility to manually activate a license for a previously-configured Link Controller and for a new controller. Before you can activate the license, however, you must log on to the Configuration utility.

To open the Configuration utility for an existing Link Controller

  1. Open the Configuration utility using the configured address.

  2. Type your user name and password at the log on prompt, and click OK.

    The Configuration utility home screen opens.

To open the Configuration utility for a new Link Controller

  1. From the administrative work station, open the Configuration utility using one of the following addresses: https://192.168.1.245 or https://192.168.245.245. These are default addresses on the units local area network.

  2. Type the user name root and the password default at the log on prompt, and click OK.

    The Configuration utility home screen displays.

Once you have successfully logged in to the Configuration utility, you can proceed with the manual license activation.

To manually activate a license using the Configuration utility

  1. Click License Utility to open the License Administration screen.

  2. In the Registration Key box, type the 25-character registration key that you received. If you have more than one key to install, click Enter More Keys to install multiple keys. Once you have entered all registration keys, click Automated Authorization.

  3. At the Manual Authorization screen, retrieve the dossier using one of the following methods:

    • Copy the entire contents of the Product Dossier box.

    • Click Download Product Dossier, and save the dossier to the hard drive.
  4. Click the link in the License Server box.

    The Activate F5 License screen opens in a new browser window.

  5. From the Activate F5 License screen, submit the dossier using one of the following methods:

    • Paste the data you just copied into the Enter your dossier box, and click Activate.

    • At the Product Dossier box, click Browse to locate the dossier on the hard drive, and then click Activate.
    The screen returns a signed license file.

  6. Retrieve the license file using one of the following methods:

    • Copy the entire contents of the signed license file.

    • Click Download license, and save the license file to the hard drive.
  7. Return to the Manual Authorization screen, and click Continue.

  8. At the Install License screen, submit the license file using one of the following methods:

    • Paste the data you copied into the License Server Output box, and click Install License.

    • At the License File box, click Browse to locate the license file on the hard drive, and then click Install License.
    The License Status screen displays status messages, and Process complete appears when the licensing activation is finished.

  9. Click License Terms, review the EULA, and accept it.

  10. At the Reboot Prompt screen, select when you want to reboot the platform.

    License activation is complete only after rebooting.

To automatically activate a license using the Configuration utility

  1. If you are licensing a previously configured Link Controller, open the Configuration utility using the configured address. If you are licensing a new Link Controller, from the administrative workstation, open the Configuration utility using one of the following addresses: https://192.168.1.245 or https://192.168.245.245. These are default addresses on the units local area network.

  2. If you are licensing a previously configured Link Controller, type your user name and password at the log on prompt. If you are licensing a new Link Controller, type the user name root and the password default at the log on prompt.

    The Configuration utility menu displays.

  3. Click License Utility to open the License Administration screen.

  4. In the Registration Key box, type the 25-character registration key that you received. If you have more than one key to install, click Enter More Keys to install multiple keys. Once you have entered all registration keys, click Automated Authorization.

    The License Status screen displays status messages, and Process complete appears when the licensing activation is finished.

  5. Click License Terms, review the EULA, and accept it.

  6. At the Reboot Prompt screen, select when you want to reboot the platform.

    License activation is complete only after rebooting.
[ Top ]

New features and enhancements

Improved web user interface for link configuration and load balancing
The Configuration utility has been significantly improved for link configuration and management. Now you can easily add multiple links, configure wide IPs for inbound load balancing, and configure multiple router pools for outbound load balancing. To view the new configuration screens, expand the Link Configuration item in the navigation pane, and then select Links, Inbound LB, or Outbound LB. For details on the screen settings, click the Help button.

Full duplex billing support
With this version of the BIG-IP Link Controller, you can configure full duplex billing support if that is the billing method that your Internet service providers (ISPs) use. When you enable full duplex billing support, the Link Controller manages and reports on the link traffic based on the peak usage of ingress or egress bandwidth, whichever is higher. If duplex billing is not enabled, the controller manages and reports on link traffic based on the combined total of ingress and egress bandwidth usage. For details on enabling duplex billing support, see Enabling duplex billing support in the Optional configuration changes section of this release note.

Billing estimates based on P95 bandwidth usage
The Link Statistics screens now include a Billing Estimate screen, where you can enter date ranges and view your actual link bandwidth usage compared to your purchased bandwidth. For details on the Billing Estimate screen, review the online help for that screen. To view the Billing Estimate screen, from the navigation pane, expand the Link Statistics item and then click P95.

Security enhancements
You can now use the Setup utility to configure a remote LDAP or RADIUS authentication server. With this feature, you no longer need to directly edit configuration files to set up your LDAP or RADIUS authentication server.

Also, this release of the BIG-IP Link Controller expands the number of user roles that you can assign to user accounts for the purpose of user authorization. In addition to the standard Full Read/Write, Partial Read/Write, and Read-Only access levels, you can now define which user interface an administrator uses to access the BIG-IP system (the Configuration utility, the command line interface, or the iControl interface). These user authorization roles are stored in the local LDAP database on the BIG-IP system and are designed to operate in concert with centralized LDAP and RADIUS authentication.

Other useful security features in this release are support for intrusion-detection devices, and protection from denial-of-service attacks. This release includes two new features to assist in detecting network intruders: VLAN mirroring and clone pools. By enabling a clone pool, any traffic directed to a pool is automatically sent to a node within a replicated pool.

Easy system account creation
With this release, the BIG-IP system now offers a centralized Setup screen to set the passwords for the two system accounts: admin and support. For the support account, you can also specify whether to allow command line access, Web access, or both.

Enhanced support for global variables
This release includes a number of new global variables, such as variables that define high-water and low-water marks for the adaptive reaping of connections to prevent denial-of-service attacks. Also, the Configuration utility now shows all global variables and presents them in categories, according to function.

Integration with 3-DNS Controller

The Link Controller has been enhanced to both monitor and share configuration information with the 3-DNS Controller. The benefits include:

  • Enhanced wide area traffic management capabilities
  • Additional Internet link statistics
  • Broader monitoring of the network
[ Top ]

Fixes

The following issues are resolved in the current release.

Specifying invalid date ranges on the Billing Estimate statistics screen (CR23331)
In the Configuration utility, on the Billing Estimate statistics screen (P95 in the Link Statistics item), if you specify an end date that is later than the current date, you no longer see error messages. (Note that the controller cannot graph bandwidth usage that has not yet occurred.)

[ Top ]

Configuring and using the new software

The following section provides information about both required and optional configuration changes.

Required configuration changes

New licensing process

F5 Networks has implemented a new product licensing process. You must obtain a valid registration key from your vendor before you can install the version 4.5 software. You can contact your vendor to obtain a valid registration key for the licensing process. To obtain a new license, follow the instructions for Activating the license.

Important:  You must complete the authorization and licensing process before you run the configuration utility to configure the unit. If you do not obtain a license before you run the configuration utility, the system may behave in an unexpected manner.

[ Top ]

Optional configuration changes

Changes to the admin account during an upgrade

When upgrading to BIG-IP version 4.5 from a previous version, the BIG-IP system manages the access level assigned to the admin account by retaining the same access level that was assigned to the account prior to the upgrade. Once the upgrade is completed, we recommend that you promote the access level on this account to CLI + Full Read/Write. Use the following instructions to promote the admin account:

  1. To promote this account in the Configuration utility, click System Admin in the navigation pane, and then click the admin account.

  2. From the Access Level list, select the CLI + Full Read/Write access level.

  3. Click Apply.

Enabling duplex billing support

The following instructions describe the steps to configure duplex billing support for a link.

To configure duplex billing support using the Configuration utility

  1. In the navigation pane, expand the Link Configuration item, and then click Links.

    The Link List screen opens.

  2. In the Link List, click the IP address of the link that you want to modify.

    The Link Properties screen opens.

  3. Click the Link Weighting tab.

    The Link Weighting screen opens.

  4. Check the Duplex Billing box.

  5. Click Apply.

    The controller applies the changes and saves the updated configuration.
[ Top ]

Known issues

The following items are known issues in the current release. For the latest known issues for this release, refer to AskF5 (http://tech.f5.com)

Lower connection rate (CR23803)
In this release, BIG-IP platforms, such as the 520 and 2000, equipped with a single processor, are expected to have a maximum new connection rate approximately 10% lower than the version 4.2 release. This has no additional performance impact other than a reduction of the maximum connection rate. This does not affect the general performance of the single processor systems, and has no affect on dual processor systems.

SNMP trap sink  (CR19769)
Currently the SNMP trap source is the host name of the BIG-IP system that it is coming from. The SNMP trap source should be an IP address that is routable to the trap sink.

Setting active-active mode using the web-based Configuration utility  (CR19794)
With network failover enabled, you cannot use the Configuration utility to configure active-active mode. When you have network failover enabled, use the command line interface to set active-active mode.

Rebooting the system and lost interrupt error message  (CR19813)
In certain circumstances when you reboot, you may receive the error message wd0: lost interrupt. This message is only a warning, and does not affect the operation of the BIG-IP unit.

Broadcom 582x driver error message  (CR20461)
Currently the Broadcom 582x driver does not return an error if the hardware operation times out.

Values for Link Limits  (CR20744)
On the Modify Link screen in the Configuration utility, when you type values for bandwidth limits, and you type a number that is not divisible by 8, the Configuration utility rounds the value to the next lowest number that is divisible by 8.

snmp checktrap  (CR21701)
When the port for the node that is being marked up or down is any, checktrap may not correctly identify it.

Windows uploads  (CR22043)
Delayed-acks may throttle Windows uploads to 40K per second.

UDP checksums and TFTP packets  (CR22113)
In rare instances, the checksums for TFTP packets are incorrect.

Default wildcard ports  (CR22191)
Default wildcard ports do not use ICMP monitoring.

Network virtual servers  (CR22202)
Creating more than 1024 network virtual servers may cause the BIG-IP system to become unstable.

Short-lived rapid connections from the same source IP  (CR22232)
When dealing with short-lived rapid connections from the same source IP address, the BIG-IP system may arbitrarily reset some packets.

ifTable  (CR22257)
The ifTable function may not list VLANs.

SNMP traffic is passing through a vlan that has port lockdown enabled (CR22677)
A VLAN configured with port lockdown enabled allows SNMP traffic regardless of whether you have explicitly enabled the SNMP port using the open_snmp_port global setting.

Upgrading from version 4.3 to version 4.5 and duplex billing status (CR23053)
When you upgrade your Link Controller from version 4.3 to version 4.5, the upgrade process enables duplex billing support, by default, for the links in your configuration. To disable duplex billing support, clear the Duplex Billing check box on the Link Weighting tab in the Configuration utility.

Layer 2 (L2) forwarding two VLANs on one interface  (CR23460)
When a VLAN group is bridging across the internal and external VLANs with the same IP network on both sides of the BIG-IP system, and you configure only one interface, with VLAN tags for both internal and external VLANs, the network becomes unusable. In this type of configuration, you need to configure one interface for each VLAN in the VLAN group in order for the BIG-IP system to function correctly.

Default path for client-trusted CA files and CRL files  (CR23478)
The BIG-IP system uses the default path for client-trusted CA files and client CRL files even if a new path is created.

Inaccurate titles for Billing Estimate graphs (CR23770)
When you change the date or time range on the Billing Estimate screen in the Link Statistics, the titles on the graphs do not update to reflect the changes. If you are using Internet Explorer, you can update the titles by holding down the Control key, right-clicking in the screen, and then clicking Refresh. If you are using Netscape Navigator, you can update the titles by holding down the Shift key, right-clicking in the screen, and then clicking Refresh.

Setting prepaid segments all to 0 (zero) results inaccurate setting on Link Statistics screen (CR24680)
On the Link Statistics screen, in the Configuration utility, the Over Prepaid statistic displays as Yes when it should display as No, under the following conditions:

  • You do not set any bandwidth limits when you create the link
  • You set the Prepaid Segment, on the Link Weighting screen, to 0 (zero)

Deleting the Default Gateway Pool using the Setup utility   (CR24519)
If you define a default gateway pool using the Setup utility, and then define a virtual server or other network objects on the pool, you will not be able to delete the pool using the Setup utility as long as the pool is in use. In order to delete the pool using the Setup utility, you must first remove all IP addresses and network objects associated with the pool.

Configuring the default gateway pool (CR24717)
If you only add one default route when you run the Setup utility, the utility does not create a default gateway pool. If you then add a second link (and route) using the Link Configuration screen in the Configuration utility, the utility creates a default gateway pool and adds the second router to the pool. This process does not, however, add the first default route to the newly-created default gateway pool. You must manually add the first default route to the newly-created default gateway pool.

Total traffic limit is not used in the Link Controller module (CR24793)
In the Link Controller module, Duplex Billing is turned on, and, therefore, the total traffic limit setting is not used.

Viewing wide IPs created in the 3-DNS Controller module from the Link Controller module (CR24842)
Wide IPs that you create in the 3-DNS Controller module that contain more than one pool, display only the first pool of the wide IP in the Inbound LB screen in the Link Controller module. You may encounter this known issue only when you are running a BIG-IP system with both the 3-DNS Controller module and the Link Controller module.

Rebooting the controller and mra.config.log.[nn] files in the /var/log directory (CR24922)
When you reboot the Link Controller, you may see the following file, mra.config.log.[nn] in the /var/log directory. These files and their output are not relevant to the Link Controller server appliance, and are, therefore, benign.

The BIG-IP Link Controller Solutions Guide is not available from the home screen in the Configuration utiluty (CR24946)
The BIG-IP Link Controller Solutions Guide is not available from the web server Welcome screen. You can obtain this guide from the Software and Documentation CD by navigating to the /doc directory, and opening the lc_solutions.pdf file. You can also obtain the guide from the AskF5 web site (http://tech.f5.com).

Changes in US and Canada Daylight Saving Time (CR58321)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. The resulting changes are not reflected in this version of the product software. To find out more about this issue, refer to SOL6551: F5 Networks software compliance with the Energy Policy Act of 2005.

[ Top ]

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)