Release Notes :
BIG-IP AAM 11.5.2
Applies To:
Show Versions
BIG-IP AAM
- 11.5.2
Original Publication Date: 02/17/2015
Updated Date: 04/18/2019
Summary:
This release note documents the version 11.5.2 release of BIG-IP Application Acceleration Manager. You can apply the software upgrade to systems running software versions 10.1.0 (or later) or 11.x.
Contents:
- Supported platforms
- Configuration utility browser support
- User documentation for this release
- New in 11.5.2
- New in 11.5.1
- New in 11.5.0
- Installation overview
- Upgrading from earlier versions
- Fixes in 11.5.2
- Fixes in 11.5.1
- Fixes in 11.5.0
- Behavior changes in 11.5.2
- Behavior changes in 11.5.1
- Behavior changes in 11.5.0
- Known issues
- Contacting F5 Networks
- Legal notices
Supported platforms
This version of the software is supported on the following platforms:
| Platform name | Platform ID |
|---|---|
| BIG-IP 1600 | C102 |
| BIG-IP 3600 | C103 |
| BIG-IP 3900 | C106 |
| BIG-IP 6900 | D104 |
| BIG-IP 8900 | D106 |
| BIG-IP 8950 | D107 |
| BIG-IP 11000 | E101 |
| BIG-IP 11050 | E102 |
| BIG-IP 2000s, BIG-IP 2200s | C112 |
| BIG-IP 4000s, BIG-IP 4200v | C113 |
| BIG-IP 5000s, 5050s, 5200v, 5250v | C109 |
| BIG-IP 7000s, 7050s, 7200v, 7250v | D110 |
| BIG-IP 12250v (requires 11.6.0 HF2) | D111 |
| BIG-IP 10350N (requires 11.6.0 HF2) | D112 |
| BIG-IP 10000s, 10050s, 10200v, 10250v | D113 |
| VIPRION B2100 Blade | A109 |
| VIPRION B2150 Blade | A113 |
| VIPRION B2250 Blade | A112 |
| VIPRION B4100, B4100N Blade | A100, A105 |
| VIPRION B4200, B4200N Blade | A107, A111 |
| VIPRION B4300, B4340N Blade | A108, A110 |
| VIPRION C2200 Chassis | D114 |
| VIPRION C2400 Chassis | F100 |
| VIPRION C4400, C4400N Chassis | J100, J101 |
| VIPRION C4480, C4480N Chassis | J102, J103 |
| VIPRION C4800, C4800N Chassis | S100, S101 |
| Virtual Edition (VE) | Z100 |
| vCMP Guest | Z101 |
These platforms support various licensable combinations of product modules. This section provides general guidelines for module support.
Most of the support guidelines relate to memory. The following list applies for all memory levels:
- vCMP supported platforms
- VIPRION B2100, B2150, B2250, B4200, B4300, B4340N
- BIG-IP 5200v, 7200v, 10200v
Memory: 12 GB or more
All licensable module-combinations may be run on platforms with 12 GB or more of memory, and on VE and vCMP guests provisioned with 12 GB or more of memory. Note that this does not mean that all modules may be simultaneously provisioned on all platforms with 12 GB or more of memory. The BIG-IP license for the platform determines which combination of modules are available for provisioning.
Memory: 8 GB
The following guidelines apply to the BIG-IP 2000s, 2200s, 3900, 6900 platforms, to the VIPRION B4100 and B4100N platforms, and to VE guests configured with 8 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus does not fit in this category.)
- No more than three modules should be provisioned together.
- On the 2000s and 2200s, Application Acceleration Manager (AAM) can be provisioned with only one other module.
Memory: Less than 8 GB and more than 4 GB
The following guidelines apply to platforms, and to VE and vCMP guests provisioned with less than 8 GB and more than 4 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus fits in this category.)
- No more than three modules (not including AAM) should be provisioned together.
- Application Acceleration Manager (AAM) cannot be provisioned with any other module; AAM can only be provisioned standalone.
- Analytics (AVR) counts towards the two module-combination limit (for platforms with less than 6.25 GB of memory).
Memory: 4 GB or less
The following guidelines apply to the BIG-IP 1600 and 3600 platforms, and to VE and vCMP guests provisioned with 4 GB or less of memory.
- No more than two modules may be configured together.
- AAM should not be provisioned, except as Dedicated.
VIPRION and vCMP caching and deduplication requirements
Application Acceleration Manager (AAM) supports the following functionality when configuring vCMP and VIPRION platforms.
- AAM does not support disk-based caching functionality on vCMP platforms. AAM requires memory-based caching when configuring it to run on vCMP platforms.
- AAM supports disk-based caching functionality on VIPRION chassis or blades.
- AAM does not support deduplication functionality on vCMP platforms, or VIPRION chassis or blades.
vCMP memory provisioning calculations
The amount of memory provisioned to a vCMP guest is calculated using the following formula: (platform_memory- 3 GB) x (cpus_assigned_to_guest/ total_cpus).
As an example, for the B2100 with two guests, provisioned memory calculates as: (16-3) x (2/4) ~= 6.5 GB.
Configuration utility browser support
The BIG-IP Configuration Utility supports these browsers and versions:
- Microsoft Internet Explorer 8.x, 11.x
- Mozilla Firefox 27.x
- Google Chrome 32.x
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IP AAM / VE 11.5.2 Documentation page.
New in 11.5.0
WebP Image Optimization
Application Acceleration Manager now recognizes and converts images to WebP, an image format that offers both lossless and lossy compression with better quality per byte than JPEG. WebP is useful for compressing existing JPEG, GIF, PNG, or TIFF images. Compressed images can be significantly smaller in percentage compared to PNG or JPEG. When enabled, Application Acceleration Manager will convert the images only when the request comes from a browser that supports WebP.
Intelligent Client Cache
Intelligent Client Cache (ICC) provides a web acceleration technique for mobile and desktop browsers that support HTML5. ICC uses HTML5 local storage to build a cache of documents and resources. It does this either by replacing the link to CSS/JavaScript/Image by inlining them into the HTML document, or by replacing the link to CSS/JavaScript/Image by adding reference to content that might already be in the client's local storage. Client-side JavaScript code tracks the resources cached and interacts with the server-side code to ensure that only changed resources are downloaded on subsequent requests.
Video Quality of Experience Profile
The BIG-IP system's video Quality of Experience (QoE) profile enables you to assess an audience's video session or overall video experience, providing an indication of customer satisfaction. The QoE profile uses static information, such as bitrate and duration of a video, and video metadata, such as URL and content type, in monitoring video streaming. Additionally, the QoE profile monitors dynamic information, which reflects the real-time network condition. By considering both the static video parameters and the dynamic network information, the user experience can be assessed and defined in terms of a single mean opinion score (MOS) of the video session, and a level of customer satisfaction can be derived.
Maximized Enterprise Application Delivery Value
To make it easier and more affordable to get the Software Defined Application Services capabilities all organizations need, F5 introduces three software bundle offerings: Good, Better, and Best.- Good
- Provides intelligent local traffic management for increased operational efficiency and peak network performance of applications.
- Better
- Good plus enhanced network security, global server load balancing, and advanced application delivery optimization.
- Best
- Better plus advanced access management and total application security. Delivers the ultimate in security, performance, and availability for your applications and network.
Installation overview
This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Active-Standby Systems and BIG-IP Systems: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.
Installation checklist
Before you begin:
- Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x).
- Update/reactivate your system license, if needed, to ensure that you have a valid service check date.
- Ensure that your system is running version 10.1.0 or later and is using the volumes formatting scheme.
- Download the .iso file (if needed) from F5 Downloads to /shared/images on the source for the operation. (If you need to create this directory, use the exact name /shared/images.)
- Configure a management port.
- Set the console and system baud rate to 19200, if it is not already.
- Log on as an administrator using the management port of the system you want to upgrade.
- Boot into an installation location other than the target for the installation.
- Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to a safe place on another device.
- Log on to the standby unit, and only upgrade the active unit after the standby upgrade is satisfactory.
- Turn off mirroring.
- If you are running Application Acceleration Manager, set provisioning to Minimum.
- If you are running Policy Enforcement Manager, set provisioning to Nominal.
- If you are running Advanced Firewall Manager, set provisioning to Nominal.
Installing the software
You can install the software at the command line using the Traffic Management shell, tmsh, or in the browser-based Configuration utility using the Software Management screens, available in the System menu. Choose the installation method that best suits your environment.
| Installation method | Command |
|---|---|
| Install to existing volume, migrate source configuration to destination | tmsh install sys software image [image name] volume [volume name] |
| Install from the browser-based Configuration utility | Use the Software Management screens in a web browser. |
Sample installation command
The following command installs version 11.2.0 to volume 3 of the main hard drive.
tmsh install sys software image BIGIP-11.2.0.2446.0.iso volume HD1.3
Post-installation tasks
This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Active-Standby Systems and BIG-IP Systems: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.
After the installation finishes, you must complete the following steps before the system can pass traffic.
- Ensure the system rebooted to the new installation location.
- Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x).
- Log on to the browser-based Configuration utility.
- Run the Setup utility.
- Provision the modules.
- Convert any bigpipe scripts to tmsh. (Version 11.x does not support the bigpipe utility.)
Note: You can find information about running the Setup utility and provisioning the modules in the BIG-IP TMOS implementations Creating an Active-Standby Configuration Using the Setup Utility and Creating an Active-Active Configuration Using the Setup Utility.
Installation tips
- The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.
- You can check the status of an active installation operation by running the command watch tmsh show sys software, which runs the show sys software command every two seconds. Pressing Ctrl + C stops the watch feature.
- If installation fails, you can view the log file. The system stores the installation log file as /var/log/liveinstall.log.
Upgrading from earlier versions
Your upgrade process differs depending on the version of software you are currently running.
Warning: Do not use the 10.x installation methods (the Software Management screens, the b software or tmsh sys software commands, or the image2disk utility) to install/downgrade to 9.x software or operate on partitions. Depending on the operations you perform, doing so might render the system unusable. If you need to downgrade from version 10.x to version 9.x, use the image2disk utility to format the system for partitions, and then use a version 9.x installation method described in the version 9.x release notes to install the version 9.x software.
Upgrading from version 10.1.0 (or later) or 11.x
When you upgrade from version 10.1.0 (or later) or 11.x software, you use the Software Management screens in the Configuration utility to complete these steps. To open the Software Management screens, in the navigation pane of the Configuration utility, expand System, and click Software Management. For information about using the Software Management screens, see the online help.
Upgrading from versions earlier than 10.1.0
You cannot roll forward a configuration directly to this version from BIG-IP version 4.x, or from BIG-IP versions 9.0.x through 9.6.x. You must be running version 10.1.0 software. For details about upgrading to those versions, see the release notes for the associated release.
Automatic firmware upgrades
If this version includes new firmware for your specific hardware platform, after you install and activate this version, the system might reboot additional times to perform all necessary firmware upgrades.
Fixes in 11.5.2
There are no Application Acceleration Manager-specific fixes specified for this release.
Fixes in 11.5.1
There are no Application Acceleration Manager-specific fixes specified for this release.
Fixes in 11.5.0
| ID Number | Description |
|---|---|
| ID 378430 | Upgrading to version 11.x, with a WAM policy containing no nodes, the upgrade now completes successfully. |
| ID 408817 | In a symmetric WAM configuration, invalidation triggers will no longer match twice. |
| ID 418760 | Qpdf no longer cores when trying to linearize PDFs with certain internal inconsistencies. |
| ID 420893 | When RAM or disk space becomes low abruptly while under heavy image optimization or pdf linearization load, wamd will no longer core. |
| ID 420951 | The system no longer leaks memory when an LTM virtual is being removed. |
| ID 423805 | The fix, as supplied in the EHF, makes WAM to return the Etag. |
| ID 430340 | The validation error is no longer seen on the application screen by accidentally setting a symmetric folder on the application. |
| ID 430488 | AAM no longer crashes while attempting viewstate processing. |
| ID 435367 | Doesn't leak. |
| ID 438688 | TMM will no longer crash. When the newer document gets evicted due to cache writing errors, the stand-in document will be used as configured. |
| ID 413981 | WAM install/UCS restore from a v10.x release will succeed. |
Behavior changes in 11.5.2
There are no Application Acceleration Manager-specific behavior changes specified for this release.
Behavior changes in 11.5.1
There are no Application Acceleration Manager-specific behavior changes specified for this release.
Behavior changes in 11.5.0
There are no Application Acceleration Manager-specific behavior changes specified for this release.
Known issues
| ID Number | Description |
|---|---|
| ID 204432 | (CR109097) The system does not log a warning if local advertised routes conflict with advertised routes on remote endpoints. Having two systems with conflicting routes is most likely a configuration error. Workaround: |
| ID 219763 | If a virtual server running both the Application Security Manager and the WebAccelerator system receives an HTTP request that contains a null character, the WebAccelerator system replaces the null character with a space. The null character is removed from the HTTP request header, so this request does not trigger the HTTP Protocol Compliance violation Null in request. This behavior has no other effect on how the request is processed. Workaround: |
| ID 222545 | In the case of an abnormal TCP connection reset, the iSession connection is terminated and reset. While this action is transparent to the user, this action might appear in diagnostics. Workaround: |
| ID 223434 | (CR129753) For active FTP, the system changes the data ports advertised by the server, so the client might see a different port than the one originally sent by the server. For passive FTP, the system changes the data ports advertised by the client, so the server might see a different port than the one originally sent by the client. In both cases, the data transfers are successful. Workaround: |
| ID 223624 | An initial active FTP connection fails when dynamic discovery is enabled and allow routing is disabled on the remote peer. Active FTP connections are initiated from the FTP server to the FTP client. When the FTP server initiates this connection, the allow routing option of the remote endpoint is enabled. To avoid the initial failure, enable outbound connections before initiating FTP traffic. On the Remote Endpoints List screen (Acceleration > Symmetric optimization > Remote Endpoints), click the name of the remote endpoint. On the Properties screen that opens, select the Outbound Connections check box, and then click Update. Workaround: |
| ID 223947 | When the BIG-IP system is under a heavy load, you may see occasional spikes on the Bandwidth Gain graphs on the WAN Optimization dashboard. A system delay in reporting the statistics to the dashboard causes the delay, which is usually about twice the average amount. Workaround: |
| ID 293593 | (CR132785) If the datastor disk mode is disabled when you provision Application Acceleration Manager (AAM) along with any other module and then you enable the datastor disk, you must restart the system to show the correct datastor size. Workaround: |
| ID 335216 | (CR128965) If you use the smbclient (version 3.2 or later) program to get a file, CIFS read optimization does not occur. Workaround: |
| ID 335217 | (CR130507) If you map a network drive and create a new folder, it takes more than 10 seconds for the folder to appear in the directory and does not allow you to name the folder. To name the folder, right-click it and select rename. Workaround: |
| ID 342251 | "If you are trying to remove the iSession connection between two peers, to prevent reconnection, you must delete the remote endpoint before you delete the local endpoint. If you are using the browser interface, the procedure is as follows: 1. On the Discovery screen (Acceleration > Remote Endpoints > Discovery), disable (clear) the settings Allow Remote Endpoints to Discover This Endpoint and Automatically save discovered Remote Endpoints. 2. On the Remote Endpoints screen, select the remote endpoint and click Delete. 3. On the Local Endpoint screen, click Delete." Workaround: |
| ID 348741 | If you are upgrading from 10.x to 11.x, and you are rolling over existing iSession configurations, the bzip2 compression option (enabled) is added to all existing iSession profiles. For best performance, after the upgrade, review all iSession profiles to ensure that the compression settings are correct. In some cases, you might want to disable the bzip2 compression option. Workaround: |
| ID 348816 | When rolling forward a WebAccelerator 10.x configuration to version 11.0.0, access logging configuration on the acceleration policy is not rolled forward. Workaround: To enable access logging for BIG-IP WebAccelerator version 11.0.0, please see Using the Request Logging Profile (chapter 18) in the WebAccelerator Implementations guide. |
| ID 356245 | A COMPRESS::enable or COMPRESS:disable iRule does not take effect on cached items. Workaround: |
| ID 356867 | Earlier versions of the BIG-IP WebAccelerator module allowed importing of identically named acceleration policies without selecting the Overwrite existing policy of the same name check box, resulting in a number appended to the imported acceleration policy name. In this version, you must select the Overwrite existing policy of the same name check box to import identically named acceleration policies. Or you can ensure the policy you are importing has a unique name. Workaround: |
| ID 357320 | For iRules associated with a virtual server that has an associated Web Acceleration profile, [CACHE::disable] can only be used if there is no WebAccelerator Application enabled in the Web Acceleration profile, and [WAM::disable] can only be used if there is a WebAccelerator Application enabled in the Web Acceleration profile. Workaround: Edit the iRules to use the correct command, either CACHE::disable or WAM::disable, for the virtual server's Web Acceleration profile. |
| ID 357720 | File copying might be significantly slower when IPsec encapsulation is used with CIFS optimization. Workaround: |
| ID 357921 | The Configuration utility should provide a specific error message when an extension or MIME type for an object type is not unique, instead of a generic error message. Workaround: |
| ID 358109 | Invalidation rules on a given node are only effective in invalidating one single extension. Workaround: |
| ID 358530 | Various matching parameters in WebAccelerator Configuration utility that contain a regular expression with a pipe symbol (|) are incorrectly formatted for display. Workaround: |
| ID 358785 | The WebAccelerator GUI displays dormant proxy rules on a node even when it is set to Always Proxy. Workaround: |
| ID 359062 | This version does not include query parameters in a POST body for any rules: matching, variation, proxy, or invalidation. Workaround: |
| ID 359075 | Deprovisioning AAM (for example, changing the provisioning level from Dedicated to None) may require a reboot, even though the reboot prompt may not be visible. Workaround: |
| ID 359093 | "If you want to receive an HTTP POST request and decompress it before sending it to the origin web server, and the client software sends an Expect: 100-continue header and the HTTP request-chunking mode is set to preserve, the request will not be decompressed. Specifically, the following iRule will not decompress the request in the presence of the Expect header with request-chunking set to preserve: when HTTP_REQUEST { DECOMPRESS::enable } Instead, to receive an HTTP POST request and decompress it before sending it to the origin web server, do one of the following steps: - Ensure that the client doesn't send an Expect header. - Change the request-chunking to selective, instead of preserve." Workaround: |
| ID 359498 | In tmsh, the WebAccelerator module can assemble hostnames that include IP addresses with MultiConnect prefixes, for example, wa1.10.0.0.1. In tmsh, specify zero (0) for the number of HTTP and HTTPS subdomains on any WebAccelerator hostnames that are IP addresses. Workaround: |
| ID 359835 | Deprovisioning AAM (for example, changing the provisioning level from Dedicated to None) may require a reboot, even though the reboot prompt may not be visible. Workaround: |
| ID 360211 | Invalidation rules that match on components not in the UCI will not invalidate content if it is first accessed without those components matching the rule before it is accessed with those components matching the rule. Workaround: |
| ID 360229 | If you are upgrading from 10.x to 11.x, and you receive the warning DISK MGMT REQUIRED, try rebooting the BIG-IP system. Workaround: |
| ID 360488 | Using the Configuration utility to make changes to the WebAccelerator configuration, such as deleting an Acceleration Policy or Object Type, might take up to 30 seconds to write to disk. This process can result in deleted objects reappearing in the configuration if it is reloaded immediately after making the change. Workaround: |
| ID 361243 | Under certain conditions, Adaptive Compression does not perform as well as a static algorithm. If you experience this issue, in the iSession profile you are using, disable the option Adaptive, and manually select a compression codec. Workaround: |
| ID 361490 | If a device between the BIG-IP iSession endpoints strips out unknown TCP options, the BIG-IP TCP acceleration optimizations might fail to negotiate, which can reduce overall performance. Workaround: |
| ID 361618 | When an MCPD communication failure occurs, the WebAccelerator wamd process does not automatically restart. There is no workaround for this issue. Workaround: |
| ID 361810 | If two invalidation rules match the same path but have different extensions, one will match and one will not. Workaround: |
| ID 361852 | Invalidation rules that specify cached content by protocol invalidate content regardless of the protocol. Workaround: |
| ID 361869 | An invalidation rule that specifies Client IP as a condition for invalidation never matches. The trigger can match an IP; however, the content to invalidate cannot match. Workaround: |
| ID 361875 | An invalidation rule that specifies an empty or absent Query Parameter for Cached Content to Invalidate is not functional. This invalidation rule works, however, if you specify a non-empty Query Parameter value for Cached Content to Invalidate. Workaround: |
| ID 361982 | Some combinations of spaces and tabs, before and after HTTP header values, are not properly ignored and defeat invalidation that is based on those headers. The workaround is to remove the leading/trailing whitespace from the values. Workaround: |
| ID 362005 | A message needs to be logged when the Cache-Control header is truncated to a maximum length of 256 characters. Workaround: |
| ID 362275 | "Setting the Web Acceleration Profile to optimized-acceleration for a virtual server without enabling a WebAccelerator Application will result in an error message similar to the following: cache memory assigned to Web Acceleration profiles (6144MB) exceeds the maximum amount (697MB) defined by Ramcache.MaxMemoryPercent (50) The optimized-acceleration profile is designed for use with the WebAccelerator module. If you are not using the WebAccelerator module with your virtual server and wish to use standard cache, you should use the optimized-caching profile, or create a customized webacceleration profile that uses either the optimized-caching profile or basic webacceleration profile as the parent." Workaround: |
| ID 363059 | Renaming a top-level policy node may cause an unintended re-ordering of policy nodes, resulting in a different prioritization of matching criteria. Workaround: |
| ID 363171 | "Validation of Web Acceleration profiles can fail during a config sync when the sum of the cache sizes exceeds the Datastor volume size on the receiving BIG-IP system. For all BIG-IP systems in the Device Group: 1) Run each BIG-IP system with identical provisioning. 2) Ensure that each BIG-IP system has the same volume size for Datastor: # tmsh show sys disk application-volume datastor 3) Configure the Web Acceleration profiles. 4) Sync each BIG-IP system to the Device Group." Workaround: |
| ID 363402 | Specifying content to invalidate as the Referer header from the invalidation trigger (which specifies request-data-type referrer) is not functional. Workaround: |
| ID 363413 | Specifying content to invalidate as the User-Agent header from the invalidation trigger (which specifies request-data-type user-agent) is not functional. Workaround: |
| ID 363821 | On the server-facing BIG-IP system, if you configure the iSession receiving virtual server to target another virtual server, connection resets might occur. To avoid this problem, set the Zero Window Timeout setting value for the client-side TCP profile on the targeted virtual server to at least 300000. Workaround: |
| ID 364603 | For this version, in the BIG-IP Dashboard, in the Web Acceleration view, on the Cache pane, with the Entries tab in focus, the graph displays an incorrect value. The graph displays the number of cache transactions per second, instead of displaying the number of entries in cache. Workaround: |
| ID 365390 | If the BIG-IP platform you are using has hardware compression, and the intended use case is a single connection, you might see compression performance issues in some scenarios. Workaround: As a work around, F5 recommends that you disable hardware compression to achieve better single-connection performance on platforms that support hardware compression. To disable hardware compression, change the Deflate Level setting in the iSession profile to a number greater than or equal to 3, using the browser interface (click Local Traffic :: Virtual Servers :: Services :: iSession, and then click the iSession profile you are using) or the command-line interface (type tmsh modify wom profile isession isession deflate-compression-level 3). |
| ID 365600 | In the BIG-IP Dashboard, in the Web Acceleration view, reporting of statistics show spikes at irregular intervals with a magnitude of 2 to 3 times the average traffic through the WebAccelerator module. This was observed for the 5-min interval window. Workaround: |
| ID 366387 | In the WAM Dashboard, the Entries graph in the Cache window incorrectly calculates a moving average for the number of entries. This is misleading because this can lead to fractional values whereas the graph label suggests the values will be in whole numbers. Workaround: |
| ID 368982 | Disabling any virtual server stops traffic from passing through the BIG-IP WOM device, even though other virtual servers may be enabled. To avoid this issue, you can delete the virtual server rather than disabling it. Workaround: |
| ID 369282 | On a BIG-IP provisioned LTM/WAM nominal, when WAM is de-provisioned back to none, the load average of the system spikes to 30+ making the box basically unresponsive for roughly 5 minutes. After this time, the system appears to return to normal and the prompt status returns to REBOOT REQUIRED. Workaround: |
| ID 370139 | WebAccelerator performance reports record some non-error cache bypass conditions as errors. Workaround: |
| ID 370311 | "If you create a virtual server with Type set to Reject, or change the Type setting to Reject for an existing virtual server and update the screen, when you open the screen to modify the virtual server, a second iSession Profile setting appears in the browser interface. The additional setting lacks a Context field, and has no effect on the configuration." Workaround: |
| ID 375477 | Beginning with version 11.2.0, WAM parses and IBR/MC links inside a CSS file. Four new settings "IBR-to", "IBR-within", "MC-to", and "MC-within" are added to replace "IBR" and "MC" settings at WAM policy assembly page. For custom policies that have "IBR" and "MC" enabled, "IBR-to", "IBR-within", "MC-to", and "MC-within" will be enabled too after migration to this release. In other words, WAM will IBR/MC CSS files for these policies. If you prefer not to use this feature, you must disable the settings on corresponding policy nodes. Workaround: |
| ID 381229 | When cached documents are served, the browser workarounds configuration option is ignored. Workaround: |
| ID 381712 | In an active/standby configuration, modifying the WAN optimization codec from SDD v2 to SDD v3, or the reverse, requires that you issue a bigstart restart command on the standby BIG-IP system for the change to take affect. Workaround: |
| ID 382629 | If you update or delete an iSession self IP, and then create a new self IP before deleting the associated local endpoint and iSession listener, the local endpoint becomes unmodifiable. Workaround: To avoid this issue, delete the local endpoint and associated iSession listener before creating another self IP on the same VLAN. |
| ID 382725 | The TCP progressive stack used in WOM configurations performs autotuning of the send buffer and receive window in order to simplify deployments. In high latency environments, the TCP stack incorrectly increases the receive window, which can result in inappropriately large send buffer on the peer. This can cause overdriving of the network resulting in large packet drops in the internal switch and very poor performance. This problem can be more severe on some platforms, and when the WOM deployment is a bridge mode rather than a routed mode deployment. Workaround: "To work around this issue, disable the autotuning and use the WOM quickstart to set the buffers, or manually configure the buffers for the actual deployment scenario. The command to disable autotuning is: tmsh modify sys db tm.tcpprogressive.autobuffertuning value disable" |
| ID 382744 | Exporting Excel or CSV performance monitor reports will generate a file with an unexpected extension in some browsers. In most instances the saved file will have a .do extension. The workaround is to rename the file with the correct extension. Workaround: |
| ID 382976 | Erroneously enabling image optimization on policy nodes matching HTML or CSS content causes that content to become uncacheable with S10206. Workaround: |
| ID 383398 | Cache entries that are being constantly refreshed due to traffic cannot be cleared with wa_clear_cache if the configured lifetime is less than 4 seconds. Workaround: |
| ID 383444 | If the origin web server and BIG-IP clocks are significantly different or a long network delay exists, the actual MTag and cache lifetime values will not match. Workaround: |
| ID 383945 | During automation tests with AVR enabled, memory leaks can occur, and the WebAccelerator system might crash. Workaround: |
| ID 383985 | When you configure WAN optimization using the Quick Start screen, the BIG-IP system creates two virtual servers for HTTP traffic, http_optimize_client and http_optimize_client_v6, which specify a default network destination of 0.0.0.0 (all networks). If you change the destination to point to a specific subnet, and then attempt to change the IP Encapsulation Type on either the Quick Start or Local Endpoint screen, the user interface displays an error message, and the change does not take effect. Workaround: As a workaround, you can make the change using the command-line interface. For example, after you update the virtual servers to point to a specific subnet, modify the ip_encap_type attribute for the local-endpoint component by typing 'tmsh modify wom local-endpoint ip-encap-type ipsec ip-encap-profile replace-all-with {default-ipsec-policy}'. |
| ID 384068 | When large files are served from cache, the optional X-WA-Info header may, on occasion, incorrectly contain S10205 when no invalidation/revalidation occurred. Workaround: |
| ID 384759 | For best performance, F5 recommends using the SDD v2 symmetric deduplication codec for CIFS Layer 7 optimization. Workaround: |
| ID 385740 | You cannot configure IP encapsulation on an iSession local endpoint that uses an IPv6 address. Workaround: |
| ID 392479 | It has been observed, under rare conditions, that clicking save on the lifetime page without making any modifications causes inheritance settings to be overridden. Workaround: |
| ID 393966 | The BIG-IP 4000 platform supports hardware accelerated compression. However, it does not decompress using hardware, as other BIG-IP platforms do. Workaround: |
| ID 395368 | When specifying the Requested Host in a Web Accelerator Application, using a port number causes IBR to not be used. Workaround: |
| ID 396155 | "After caching an uncompressed document, requesting a specific compressed range of the document results in either no compression and the specific range being asked for, or only the range of the original document compressed, depending on the length of the range being requested. The reason is that it only compresses the range being requested rather than the whole document, so if you only ask for 1000 bytes in the range, it falls under the compression profile's minimum. Also, upon content expiration from the cache, it seems that the uncompressed version of the document is evicted from the cache." Workaround: |
| ID 396167 | If you cache a compressed document normally, and then switch to asking for a range beyond the end of the document, you get a 416 Requested Range Not Satisfiable response from WAM, but only while the cached content has a positive lifetime. As soon as the document expires and needs re-validation with the OWS, the response from WAM is a complete bypass, with no WAM related headers at all, resulting in partial content reflecting the full uncompressed content-range. Workaround: |
| ID 397789 | Under certain low-memory situations, it is possible for WA to core for out-of-memory. Workaround: |
| ID 398452 | With successive calls to wa_clear_cache and parking enabled, it is possible that a somewhat higher than usual amount of proxying occurs the content refreshes stop and server-side throughput returns to normal. Workaround: |
| ID 399034 | When the secondary blades in the chassis are not fully booted up, an external ESI invalidation or iControl may cause daemons to restart on the secondary blades. Workaround: |
| ID 401054 | The WAM perfmonitor content-type report could potentially display duplicate application-name/node-name values if an applications policy assignment is modified after passing traffic. The report does not identify the policy a node belongs to. If the newly assigned policy contains identical node names as its predecessor, the results will appear to be duplicates. Workaround: |
| ID 401471 | Assembly parameter substitution option Query Parameter target does not recognize escaped XML entities. If the URL to be substituted has multiple query parameters, the parameters that follow the '&' may not work as expected. For example, if the URL to be substituted has a pattern of field1=x&field2=y, substitution works for both fields. However, if the URL is field1=x&field2=y, substitution works for the 'field1' parameter, but does not work for the 'field2' parameter. Workaround: To work around this, include the escape sequence as part of the Query Parameter Name. In the example, a Query Parameter of 'field1=x&&field2' yields the expected substitution. |
| ID 401922 | In a second or third request for an object (JS, CSS, Image, etc.) expected to be cached, the Content-Length header will return a larger size, causing the client to hang waiting for more data than what BIG-IP sent. LTM virtual with Web Accelerator profile configured. The http profile (LTM) must have the setting response-chunking set to other than SELECTIVE. Failed requests for objects from multiple clients. Workaround: Change the response-chunking setting to SELECTIVE in the http profile for this virtual server. |
| ID 402303 | WAM transaction-type perfmonitor reports display empty text for application names or node names if an existing application or policy is deleted after passing traffic. WAM transaction-type perfmonitor. The textual identifiers located in the policy or application no longer exist in the configuration after delete but the stats remain. Workaround: |
| ID 403350 | "WAM uses OWS response headers if it proxies a request, and format its own response headers if it serves from cache. This could result in the inconsistent Date header value if there is clock skew between BIGIP and OWS. If this happens, we suggest OWS to use NTP server to sync their clock." Workaround: |
| ID 406301 | Client can see intermittent failures, forcing client to try again. Under high concurrent request load, small object content that expires and happens to be updated can cause this behavior. Client can see intermittent failures, forcing client to try again. Workaround: Enabling request queuing avoids the resets. |
| ID 410879 | When configured to inline content, WAM will not inline content which is not already cached or served from OWS with status 200 OK Workaround: |
| ID 411917 | If the Remote WA is restarted ( or cache cleared by wa_clear_cache) without simultaneously clearing the Central WA cache, it can lead to Remote WA being unable to cache or serve content from cache ( though Central WA is still caching and serving from Cache ). If the Remote WA is restarted ( or cache cleared by wa_clear_cache) without simultaneously clearing the Central WA cache. Remote WA not being able to cache and serve content from cache. Workaround: Restart/Clear-cache on Central WA along with Remote WA. |
| ID 415243 | When HTML is requested over https, images will not be inlined into CSS that are in-turn inlined into HTML. "* Images are configured to be inlined into CSS. * CSS is in-turn configured to be inlined into HTML. * Image URL resource specified as inlining candidate, has ""http"" in the scheme part of the URI. * HTML is requested over https." Inlining is not performed for the image and hence browser requires more roundtrips to render the page. Workaround: "* Configure another entry for the same image in the URL resources section, but with ""https"" as the scheme. * Add this as a candidate for inlining on the policy node." |
| ID 415803 | Invalidation of .txt documents which are too small to cache compressed does not work. A cache minimum size is specified and the compressed text is smaller than the minimum. Workaround: none |
| ID 416532 | If "Assembly On Proxies" is disabled, and a large number of concurrent requests is made, we might see excessive proxying behaviour (which can be observed from the WA S-code 10413). Large number of concurrent requests with "Assembly On Proxies" disabled. Excessive proxying meaning increased load on OWS. Workaround: Enable "Assembly On Proxies". |
| ID 420954 | If content is cached only uncompressed before it is invalidated and after invalidation is requested only compressed, the invalidation may be delayed by several requests. old content may be served several extra times Workaround: Repeatedly request the contents until the invalidation happens. |
| ID 420957 | when static content is cached both compressed and uncompressed, they may not invalidate simultaneously. This may result in their cache ages being different. a mix of compressed and uncompressed requests for static content combined with triggered or ESI invalidations of that content extra revalidations after invalidations and unexpected cache lifetimes Workaround: |
| ID 421791 | "TMM crashes due to a segmentation violation early in a WAM interface. Most likely, before the crash occurs the logs should show messages indicating that the sweeper was activated one or more times." Only happens when free memory is very low to non-existent. TMM crashes. Workaround: Reduce load on box if possible. |
| ID 423151 | In WAM policy editor to modify the Path Segment Variation behavior, the checkbox for "Case Sensitivity" does not function as described. Deselect the "Case Sensitivity" check box. Even with the option disabled, i.e. customer does not want case sensitivity as the differentiating criteria, WAM will always treat path segments that differ only in case as different objects in the cache. Workaround: Customer can use iRule to change the case. |
| ID 423882 | The system is configured incorrectly where the remote ip address is set to the same value as the self ip address, the wocd process may go into a restart loop. The remote IP address is set to the same value as the self IP address. The wocd process may go into a restart loop and WOM will be unusable. Workaround: Correct the remote IP address. |
| ID 424657 | "When a TMM process restarts and deduplication is enabled, an out-of-order prune assertion failure might cause the TMM to restart again." Deduplication is enabled and a sufficient number of hits are generated to cause the deduplication cache to be pruned. TMM restarts while prune messages are pending. The assertion failure causes the TMM process to restart a second time, terminating active flows. Workaround: |
| ID 426652 | Deduplication does not occur and wocd daemon control connections are frequently aborted. Workaround: |
| ID 433087 | URLs that contain a question mark in the query component -- that is, more than one question mark -- may not be parsed correctly. Emitted URLs may be incorrect, disrupting IBR documents. In-document URL contains at least 2 question marks IBR'd documents include invalid URLs Workaround: "An iRule to correct the URL before emission follows: when HTTP_REQUEST_RELEASE { set ibrpoint [string first "";wa"" [HTTP::uri]] if {$ibrpoint != -1} then { set ibrend [expr {$ibrpoint + 18 } ] HTTP::uri [string replace [HTTP::uri] $ibrpoint $ibrend] } }" |
| ID 435434 | When Intelligent Client cache is enabled, JS/CSS/Images are expected to be inlined. But CSS of size greater than 32k will not be inlined. "* Webacceleration is attached to the Virtual * Intelligent client cache is enabled on WAM policy * CSS size limit is set to greater than 32k * CSS optimizations are turned on - such as IBR, inlining images into CSS." Customer not getting the benefit of Intelligent client cache in this scenario. Workaround: * Turn off CSS optimizations (IBR, inlining images into CSS) |
| ID 436339 | The reference link in Intelligent Client Cache contains http when VIP is https. Request using the URL in the reference link will fail. HTML page rendering appears broken. VIP is https. Requests for the HTML are from HTML5 browser and Intelligent Client Cache is enabled. Local storage element for the ICC-ed content in the browser is then deleted and the HTML page is requested again. This time the page does not render. Request using the URL in the reference link will fail. HTML page rendering appears broken. Workaround: No workaround. Issue is not seen if the local storage element for ICC-ed content is not deleted. |
| ID 440572 | In WAM symmetric deployment, the X-WA-Surrogate header is used to communicate OWS lifetime values from the central device to the remote. In some cases, an empty X-WA-Surrogate header may be sent. Occurs when central originates a 304 response when the original response from OWS did not contain cache-control headers Minimal. This only occurs when OWS sends no cache-control headers, so the remote will still compute correct lifetime. Workaround: |
| ID 441529 | In version 10.x, lifetime heuristic runs on auto-pilot, that is, PVAC calculates the heuristic cache lifetime when 1) there is no OWS Cache-Control values or, 2) all honored OWS Cache-Control directives are absent. In v11.x, WebAccelerator (WA)/Application Acceleration Manager (AAM) use heuristic cache lifetime in these two cases, and there is no WebAccelerator Cache Settings Maximum Age configured. This is observable when using WA/AAM and comparing lifetime heuristic behavior in versions 10.x and 11.x. The behavior differs. Workaround: None. |
| ID 442124 | "When an image is optimized, the caches in which the original and the optimized versions are stored can be different. In that case, it is possible for one TMM to have a differently encoded version of the same image than another TMM." This condition applies on images whose size, after optimization, crosses back or forth across the 4KB boundary that defines the size discriminator for choosing the cache. Minor, but some clients will receive the unoptimized image, while others will receive the optimized image. Workaround: None truly needed, though if necessary, image optimization can be disabled. |
| ID 443262 | When ICC is applied to an html node and a client requests that html using the cookie header, if WA serves the html from cache it will inline the content instead of just referencing the content that is already in the clients local storage. When the lifetime for the html expires, WA revalidates with the OWS (S10232) and will replace the links with references to the content in the clients local storage. ICC is enabled for node matching html. When a client makes a request using the cookie header and WA responds from cache (S11101), WA does not replace the links with references to the content in local storage. Content is inlined in the html even though it already exists in the clients local storage. Workaround: Have the Lifetime on the html pages set to 0 to force each request to revalidate with OWS. |
| ID 447254 | TMM core error in a previously parked transaction "* Stand-is enabled on the policy. * Request queueing is turned on in the policy * Document may have been removed from entity due to not matching policy on node." Loss of service. Workaround: * Disable stand-in and/or Request queueing |
| ID 456845 | WAM generated customized ETag sent to OWS. Client has content cached and sends a conditional GET. wa_clear_cache has been issued or content has been evicted from WAM cache. The ETag sent by the client in headers is sent to the OWS. Customized WA ETag makes it to the client. Assuming the server does not generated WA ETags, the behavior would be the same irrespective of whether the ETag makes it to the server or not. The expectation is to receive a 200 OK from the server so that the content can be cached by WAM. Workaround: No workaround required. |
| ID 459851 | The connection is aborted when using If-Match header with a Always Proxy response policy node but No Proxy request policy node. "Virtual server with Web Accelerator. GET request with Header: If-Match with strong tag. WA Policy: Node matching the request: No-Proxy Node matching the response: Always Proxy" Connection reset when it should be return 412. Workaround: |
| ID 460393 | The tmsh command it too lax about what special characters are allowed in some AAM policy rules It is possible to create a policy name or rule with improper characters in it using the command line. Workaround: |
| ID 476476 | Restarting the datastor service can result in some optimized PDFs or optimized images becoming un-cacheable If WAM has a handle to cached content in datastor which no longer exists because datastor restarted or evicted it, and if this content is an image or PDF which WAM optimized, and if two requests for such content arrive on the same TCP connection, the second can get incorrectly cached such that it can not be served or replaced until tmm is restarted. Certain URLs become uncacheable, thus reducing effectiveness of WAM. Workaround: "Disable client keep-alive in the HTTP profile (change Maximum Requests in the HTTP profile from 0 to 1) or disable PDF linearization and image optimization. A partial workaround is to use wa_clear_cache instead of restarting datastor to clear the cache. Content which datastor evicts might still suffer (but this is unlikely)." |
| ID 488013 | If cache-on-first-hit and OWS-compression are both enabled on a WA policy node requests for uncached but cacheable documents will hang. "WA enabled on VIP Cache on first hit enabled in WA policy OWS enabled in WA policy" No response returned to client Workaround: Disable either cache on first hit or OWA compression on the WA policy node |
Contacting F5 Networks
| Phone: | (206) 272-6888 |
| Fax: | (206) 272-6802 |
| Web: | http://support.f5.com |
| Email: | support@f5.com |
For additional information, please visit http://www.f5.com.
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
- The F5 Networks Technical Support web site: http://www.f5.com/support/
- The AskF5 web site: http://support.f5.com/kb/en-us.html
- The F5 DevCentral web site: http://devcentral.f5.com/
- AskF5 TechNews
F5 Networks Technical Support
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5
AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
F5 DevCentral
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
AskF5 TechNews
- Weekly HTML TechNews
- The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
- Periodic plain text TechNews
- F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you are using to subscribe. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.
