Release Notes :
BIG-IP AAM 12.1.0
Applies To:
Show Versions
BIG-IP AAM
- 12.1.0
Original Publication Date: 04/20/2017
Updated Date: 04/18/2019
Summary:
This release note documents the version 12.1.0 release of BIG-IP Application Acceleration Manager. You can apply the software upgrade to systems running software versions 10.1.0 (or later) or 11.x/12.x.
Contents:
- Platform support
- Configuration utility browser support
- BIG-IQ – BIG-IP compatibility
- User documentation for this release
- New in 12.1.0
- Installation overview
- Upgrading from earlier versions
- Fixes in 12.1.0
- Behavior changes in 12.1.0
- Known issues
- Contacting F5 Networks
- Legal notices
Platform support
This version of the software is supported on the following platforms:
| Platform name | Platform ID |
|---|---|
| BIG-IP 1600 | C102 |
| BIG-IP 3600 | C103 |
| BIG-IP 3900 | C106 |
| BIG-IP 6900 | D104 |
| BIG-IP 8900 | D106 |
| BIG-IP 8950 | D107 |
| BIG-IP 11000 | E101 |
| BIG-IP 11050 | E102 |
| BIG-IP 2000s, BIG-IP 2200s | C112 |
| BIG-IP 4000s, BIG-IP 4200v | C113 |
| BIG-IP 5000s, 5050s, 5200v, 5250v | C109 |
| BIG-IP 7000s, 7050s, 7055, 7200v, 7250v, 7255 | D110 |
| BIG-IP 12250v | D111 |
| BIG-IP 10150s-NEBS, 10350v (AC), 10350v-NEBS (requires 12.0.0 HF1), 10350v-FIPS (requires 11.5.4 HF1) | D112 |
| BIG-IP 10000s, 10050s, 10055, 10200v, 10250v, 10255 | D113 |
| VIPRION B2100 Blade | A109 |
| VIPRION B2150 Blade | A113 |
| VIPRION B2250 Blade | A112 |
| VIPRION B4200, B4200N Blade | A107, A111 |
| VIPRION B4450 Blade | A114 |
| VIPRION B4300, B4340N Blade | A108, A110 |
| VIPRION C2200 Chassis | D114 |
| VIPRION C2400 Chassis | F100 |
| VIPRION C4400, C4400N Chassis | J100, J101 |
| VIPRION C4480, C4480N Chassis | J102, J103 |
| VIPRION C4800, C4800N Chassis | S100, S101 |
| Virtual Edition (VE) | Z100 |
| vCMP Guest | Z101 |
These platforms support various licensable combinations of product modules. This section provides general guidelines for module support.
Most of the support guidelines relate to memory. The following list applies for all memory levels:
- vCMP supported platforms
- VIPRION B2100, B2150, B2250, B4200
- VIPRION B4300 blades in the 4400(J100)/4480(J102) and the 4800(S100)
- BIG-IP 5200v, 5250v, 7200v, 7250v, 10200v, 10250v, 10350v, 12250v
Memory: 12 GB or more
All licensable module-combinations may be run on platforms with 12 GB or more of memory, and on VE and vCMP guests provisioned with 12 GB or more of memory. Note that this does not mean that all modules may be simultaneously provisioned on all platforms with 12 GB or more of memory. The BIG-IP license for the platform determines which combination of modules are available for provisioning.
Memory: 8 GB
The following guidelines apply to the BIG-IP 2000s, 2200s, 3900, 6900 platforms, to the VIPRION B4100 and B4100N platforms, and to VE guests configured with 8 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus does not fit in this category.)
- No more than three modules should be provisioned together.
- On the 2000s and 2200s, Application Acceleration Manager (AAM) can be provisioned with only one other module.
- In the case of Access Policy Manager (APM) and SWG together, no module other than LTM may be provisioned, and LTM provisioning must be set to None.
Memory: Less than 8 GB and more than 4 GB
The following guidelines apply to platforms, and to VE and vCMP guests provisioned with less than 8 GB and more than 4 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus fits in this category.)
- No more than three modules (not including AAM) should be provisioned together.
- Application Acceleration Manager (AAM) cannot be provisioned with any other module; AAM can only be provisioned standalone.
- Analytics (AVR) counts towards the two module-combination limit (for platforms with less than 6.25 GB of memory).
Memory: 4 GB or less
The following guidelines apply to the BIG-IP 1600 and 3600 platforms, and to VE and vCMP guests provisioned with 4 GB or less of memory.
- No more than two modules may be configured together.
- AAM should not be provisioned, except as Dedicated.
- ASM can be provisioned with this amount of memory, but a sizing exercise should be performed to ensure that it does not hit capacity issues.
VIPRION and vCMP caching and deduplication requirements
Application Acceleration Manager (AAM) supports the following functionality when configuring vCMP and VIPRION platforms.
- AAM does not support disk-based caching functionality on vCMP platforms. AAM requires memory-based caching when configuring it to run on vCMP platforms.
- AAM supports disk-based caching functionality on VIPRION chassis or blades.
- AAM does not support deduplication functionality on vCMP platforms, or VIPRION chassis or blades.
vCMP memory provisioning calculations
The amount of memory provisioned to a vCMP guest is calculated using the following formula: (platform_memory- 3 GB) x (cpus_assigned_to_guest/ total_cpus).
As an example, for the B2100 with two guests, provisioned memory calculates as: (16-3) x (2/4) ~= 6.5 GB.
For certain platforms, the vCMP host can allocate a single core to a vCMP guest. However, because a single-core guest has relatively small amounts of CPU resources and allocated memory, F5 supports only the following products or product combinations for a single-core guest:
- BIG-IP LTM standalone only
- BIG-IP GTM standalone only
- BIG-IP LTM and GTM combination only
Configuration utility browser support
The BIG-IP Configuration Utility supports these browsers and versions:
- Microsoft Internet Explorer 11.x
- Mozilla Firefox 27.x
- Google Chrome 32.x
BIG-IQ – BIG-IP compatibility
SOL14592: Compatibility between BIG-IQ and BIG-IP releases provides a summary of version compatibility for specific features between the BIG-IQ system and BIG-IP releases.
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IP AAM / VE 12.1.0 Documentation page.
New in 12.1.0
HTML minification
In this release, minification is now available for HTML, along with minification for JavaScript and CSS, to reduce page size and increase load speed. When minification is enabled in AAM, whitespaces and comments are stripped from HTML and XHTML pages. HTML minification will have no effect on page semantics or syntax, and is disabled by default.
Installation overview
This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Software, and we strongly recommend that you reference the information to ensure successful completion of the installation process.
Installation checklist
Before you begin:
- Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility.
- Update/reactivate your system or vCMP host license, if needed, to ensure that you have a valid service check date. For more information, see SOL7727 - License activation may be required prior to a software upgrade for the BIG-IP or Enterprise Manager system.
- Ensure that your system is running version 10.1.0 or later and is using the volumes formatting scheme.
- Download the .iso file (if needed) from F5 Downloads to /shared/images on the source for the operation. (If you need to create this directory, use the exact name /shared/images.)
- Configure a management port.
- Set the console and system baud rate to 19200, if it is not already.
- Log on as an administrator using the management port of the system you want to upgrade.
- Boot into an installation location other than the target for the installation.
- Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to a safe place on another device.
- Log on to the standby unit, and only upgrade the active unit after the standby upgrade is satisfactory.
- Turn off mirroring.
- If you are running Application Acceleration Manager, set provisioning to Minimum.
- If you are running Policy Enforcement Manager, set provisioning to Nominal.
- If you are running Advanced Firewall Manager, set provisioning to Nominal.
Installing the software
You can install the software at the command line using the Traffic Management shell, tmsh, or in the browser-based Configuration utility using the Software Management screens, available in the System menu. Choose the installation method that best suits your environment.
| Installation method | Command |
|---|---|
| Install to existing volume, migrate source configuration to destination | tmsh install sys software image [image name] volume [volume name] |
| Install from the browser-based Configuration utility | Use the Software Management screens in a web browser. |
Sample installation command
The following command installs version 11.2.0 to volume 3 of the main hard drive.
tmsh install sys software image BIGIP-11.2.0.2446.0.iso volume HD1.3
Post-installation tasks
This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Software, and we strongly recommend that you reference the information to ensure successful completion of the installation process.
After the installation finishes, you must complete the following steps before the system can pass traffic.
- Ensure the system rebooted to the new installation location.
- Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility.
- Log on to the browser-based Configuration utility.
- Run the Setup utility.
- Provision the modules.
- Convert any bigpipe scripts to tmsh. (Version 11.x does not support the bigpipe utility.)
Note: You can find information about running the Setup utility and provisioning the modules in the BIG-IP TMOS implementations Creating an Active-Standby Configuration Using the Setup Utility and Creating an Active-Active Configuration Using the Setup Utility.
Installation tips
- The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.
- You can check the status of an active installation operation by running the command watch tmsh show sys software, which runs the show sys software command every two seconds. Pressing Ctrl + C stops the watch feature.
- If installation fails, you can view the log file. The system stores the installation log file as /var/log/liveinstall.log.
Upgrading from earlier versions
Your upgrade process differs depending on the version of software you are currently running.
Warning: Do not use the 10.x installation methods (the Software Management screens, the b software or tmsh sys software commands, or the image2disk utility) to install/downgrade to 9.x software or operate on partitions. Depending on the operations you perform, doing so might render the system unusable. If you need to downgrade from version 10.x to version 9.x, use the image2disk utility to format the system for partitions, and then use a version 9.x installation method described in the version 9.x release notes to install the version 9.x software.
Upgrading from version 10.1.0 (or later) or 11.x
When you upgrade from version 10.1.0 (or later) or 11.x software, you use the Software Management screens in the Configuration utility to complete these steps. To open the Software Management screens, in the navigation pane of the Configuration utility, expand System, and click Software Management. For information about using the Software Management screens, see the online help.
Upgrading from versions earlier than 10.1.0 11.x
You cannot roll forward a configuration directly to this version from BIG-IP version 4.x, or from BIG-IP versions 9.0.x through 9.6.x. You must be running version 10.1.0 software. For details about upgrading to those versions, see the release notes for the associated release.
Automatic firmware upgrades
If this version includes new firmware for your specific hardware platform, after you install and activate this version, the system might reboot additional times to perform all necessary firmware upgrades.
Fixes in 12.1.0
| ID Number | Description |
|---|---|
| 401324 | When linearizing a PDF, qpdf no longer cores when processing a document with no pages. |
| 476460 | Use db variable Wam.Cache.Range.MaxRanges to increase the number of max allowed sub-ranges in a HTTP range request. It defaults to a maximum of 8 sub-ranges, however it can be increased up to 32. |
| 486167 | Now, the GUI behavior is the same as TMSH: the GUI 'delete local endpoint operation' deletes only the endpoint. |
| 498302 | The new object will now be served to the client with the new Last-Modified time stamp. |
| 499124 | The messages created by wom_verify_config have been cleaned up. |
| 521455 | "Transcoded WebP images are no longer served to the Edge browser. By default, transcoded JPEG-XR is also no longer served to the Edge browser, but the db variable ccdb.allow.edge.jpegxr may be used to override this." |
| 523325 | WAM/AAM PDF linearization no longer corrupts password-protected PDFs. |
| 525787 | A leading *, *., or dot in policy extension value is now ignored, which logs an error in /var/log/tmm similar to the following: notice WAM policy error: initial '*.' in extension 'html' ignored. |
| 547537 | An iSession tunnel initialization defect has been corrected. |
| 551010 | Gracefully recover from unexpected WAM storage queue state |
| 552198 | This release fixes an APM App Tunnel/AM iSession connection memory leak. |
| 553741 | The color management library and functionality has been restored. |
| 562644 | TMM no longer crashes when AAM receives a pipelining HTTP request which while shutting down the connection |
Behavior changes in 12.1.0
| ID Number | Description |
|---|---|
| 553741 | Restores correct color management to WAM's image optimization feature. |
Known issues
| ID Number | Description |
|---|---|
| 222545 | In the case of an abnormal TCP connection reset, the iSession connection is terminated and reset. The iSession connection is terminated and reset. While this action is transparent to the user, this action might appear in diagnostics. This might occur when an abnormal TCP connection reset is received. Workaround: None. |
| 223434 | (CR129753) When optimizing FTP (passive mode) connections, the data connection's destination TCP port as chosen by the client, is different after optimization/passing through iSession/FTP on the server side. For active FTP, the system changes the data ports advertised by the server, so the client might see a different port than the one originally sent by the server. For passive FTP, the system changes the data ports advertised by the client, so the server might see a different port than the one originally sent by the client. Note that in both cases, the data transfers are successful. When optimizing FTP (passive mode) connections. Workaround: None. |
| 346536 | If resources for PDF linearization become unavailable while accepting a PDF file, the linearization and connection to client will abort. Linearization and connection to client will abort. Resources for PDF linearization become unavailable while accepting a PDF file Workaround: No workaround is available; however, if the origin web server supplies Content-Length headers for PDF content, this condition becomes less likely. |
| 348816 | When rolling forward a WebAccelerator 10.x configuration to version 11.x, access logging configuration on the acceleration policy is not rolled forward. Access logging configuration on the acceleration policy is not rolled forward. When rolling forward a WebAccelerator 10.x configuration to version 11.x. Workaround: To enable access logging for BIG-IP WebAccelerator version 11.x, please see Using the Request Logging Profile chapter in the WebAccelerator Implementations guide or in BIG-IP Acceleration: Implementations. |
| 356245 | A COMPRESS::enable or COMPRESS:disable command set in an HTTP_RESPONSE iRule event clause does not set a persistent state. "The next request, if served from cache, does not invoke the HTTP Response event. So only the request state can control the compression state in subsequent requests, until the object is refreshed. For objects greater than 4K in size, compression::enable in an HTTP_REQUEST event may not compress when serving from cache." An enable or disable compression command in an HTTP Response event clause in an iRule. Workaround: |
| 356867 | Earlier versions of the BIG-IP WebAccelerator module allowed importing of identically named acceleration policies without selecting the Overwrite existing policy of the same name check box, resulting in a number appended to the imported acceleration policy name. In this version, you must select the Overwrite existing policy of the same name check box to import identically named acceleration policies. Or you can ensure the policy you are importing has a unique name. Workaround: None. |
| 357320 | For iRules associated with a virtual server that has an associated Web Acceleration profile, [CACHE::disable] can only be used if there is no WebAccelerator Application enabled in the Web Acceleration profile, and [WAM::disable] can only be used if there is a WebAccelerator Application enabled in the Web Acceleration profile. Workaround: Edit the iRules to use the correct command, either CACHE::disable or WAM::disable, for the virtual server's Web Acceleration profile. |
| 357706 | In the BIG-IP Dashboard, in the Web Acceleration view, on the Performance pane, with the Errors tab in focus, Requests bypassed due to overload shows zero statistics because the WebAccelerator module does not bypass traffic due to resource constraints. Workaround: None. |
| 357712 | The stat field proxied_per_iRule, in the stat table tmctl wam_application_stat, remains at zero. Workaround: None. |
| 357921 | The Configuration utility should provide a specific error message when an extension or MIME type for an object type is not unique, instead of a generic error message. Workaround: None. |
| 358109 | Invalidation rules on a given node are only effective in invalidating one single extension. Workaround: None. |
| 358530 | Various matching parameters in WebAccelerator Configuration utility that contain a regular expression with a pipe symbol (|) are incorrectly formatted for display. Workaround: |
| 358785 | The WebAccelerator GUI displays dormant proxy rules on a node even when it is set to Always Proxy. Workaround: None. |
| 359062 | This version does not include query parameters in a POST body for any rules: matching, variation, proxy, or invalidation. Workaround: |
| 359093 | "If you want to receive an HTTP POST request and decompress it before sending it to the origin web server, and the client software sends an Expect: 100-continue header and the HTTP request-chunking mode is set to preserve, the request will not be decompressed. Specifically, the following iRule will not decompress the request in the presence of the Expect header with request-chunking set to preserve: when HTTP_REQUEST { DECOMPRESS::enable } Instead, to receive an HTTP POST request and decompress it before sending it to the origin web server, do one of the following steps: - Ensure that the client doesn't send an Expect header. - Change the request-chunking to selective, instead of preserve." Workaround: None. |
| 359498 | In tmsh, the WebAccelerator module can assemble hostnames that include IP addresses with MultiConnect prefixes, for example, wa1.10.0.0.1. In tmsh, specify zero (0) for the number of HTTP and HTTPS subdomains on any WebAccelerator hostnames that are IP addresses. Workaround: None. |
| 359835 | Deprovisioning AAM (for example, changing the provisioning level from Dedicated to None) may require a reboot, even though the reboot prompt may not be visible. Workaround: None. |
| 360211 | Invalidation rules that match on components not in the UCI will not invalidate content if it is first accessed without those components matching the rule before it is accessed with those components matching the rule. Workaround: None. |
| 360229 | If you are upgrading from 10.x to 11.x, and you receive the warning DISK MGMT REQUIRED, try unprovisioning WOM and rebooting the BIG-IP system. Some disk management may be required during upgrade. In an upgrade situation, this could be an expected/necessary state. Volumes, /usr in particular have grown from 10x to 11x which could be one reason (it needs to remove the datastor to make the re-size). In 11.x, the vg-reserved functionality should help prevent most of these issues that are frequently remedied by the need to unprovision WOM. Workaround: Free up disk space and unprovision WOM. |
| 360488 | Using the Configuration utility to make changes to the WebAccelerator configuration, such as deleting an Acceleration Policy or Object Type, might take up to 30 seconds to write to disk. This process can result in deleted objects reappearing in the configuration if it is reloaded immediately after making the change. Workaround: None. |
| 361810 | If two invalidation rules match the same path but have different extensions, one will match and one will not. Workaround: None. |
| 361852 | Invalidation rules that specify cached content by protocol invalidate content regardless of the protocol. Workaround: None. |
| 361869 | An invalidation rule that specifies Client IP as a condition for invalidation never matches. The trigger can match an IP; however, the content to invalidate cannot match. Workaround: None. |
| 361875 | An invalidation rule that specifies an empty or absent Query Parameter for Cached Content to Invalidate is not functional. This invalidation rule works, however, if you specify a non-empty Query Parameter value for Cached Content to Invalidate. Workaround: None. |
| 361982 | Some combinations of spaces and tabs, before and after HTTP header values, are not properly ignored and defeat invalidation that is based on those headers. Workaround: The workaround is to remove the leading/trailing whitespace from the values. |
| 362005 | A message needs to be logged when the Cache-Control header is truncated to a maximum length of 256 characters. Workaround: None. |
| 362275 | "Setting the Web Acceleration Profile to optimized-acceleration for a virtual server without enabling a WebAccelerator Application will result in an error message similar to the following: cache memory assigned to Web Acceleration profiles (6144 MB) exceeds the maximum amount (697 MB) defined by Ramcache.MaxMemoryPercent (50) The optimized-acceleration profile is designed for use with the WebAccelerator module. If you are not using the WebAccelerator module with your virtual server and wish to use standard cache, you should use the optimized-caching profile, or create a customized webacceleration profile that uses either the optimized-caching profile or basic webacceleration profile as the parent." Workaround: None. |
| 363171 | "Validation of Web Acceleration profiles can fail during a config sync when the sum of the cache sizes exceeds the Datastor volume size on the receiving BIG-IP system. For all BIG-IP systems in the Device Group: 1) Run each BIG-IP system with identical provisioning. 2) Ensure that each BIG-IP system has the same volume size for Datastor: # tmsh show sys disk application-volume datastor 3) Configure the Web Acceleration profiles. 4) Sync each BIG-IP system to the Device Group." Workaround: None. |
| 363402 | Specifying content to invalidate as the Referer header from the invalidation trigger (which specifies request-data-type referrer) is not functional. Workaround: None. |
| 363413 | Specifying content to invalidate as the User-Agent header from the invalidation trigger (which specifies request-data-type user-agent) is not functional. Workaround: None. |
| 363699 | "The WebAccelerator module Configuration utility incorrectly allows creation of nodes with reserved keyword names, which results in the configuration improperly loading the next time that the unit is rebooted or the configuration is loaded. This issue also causes config sync in a High Availability pair to fail. When creating WebAccelerator policy node names in the Configuration utility, avoid using the following reserved keywords. invalidations matching order proxy substitutions variation code description" Workaround: None. |
| 364338 | The WebAccelerator module allows the creation of Object Types that contain a space in the identifier name on the Object Types page in the Configuration utility and by using TMSH. Including a space prevents the ability to delete the object type from the Configuration utility. When you create an identifier name for an object type from the Configuration utility or in TMSH, do not include a space in the name. If you have an object whose name contains a space, you can delete it using TMSH. Workaround: None. |
| 364603 | For this version, in the BIG-IP Dashboard, in the Web Acceleration view, on the Cache pane, with the Entries tab in focus, the graph displays an incorrect value. The graph displays the number of cache transactions per second, instead of displaying the number of entries in cache. Workaround: |
| 365390 | If the BIG-IP platform you are using has hardware compression, and the intended use case is a single connection, you might see compression performance issues in some scenarios. Workaround: As a work around, F5 recommends that you disable hardware compression to achieve better single-connection performance on platforms that support hardware compression. To disable hardware compression, change the Deflate Level setting in the iSession profile to a number greater than or equal to 3, using the browser interface (click Local Traffic :: Virtual Servers :: Services :: iSession, and then click the iSession profile you are using) or the command-line interface (type tmsh modify wom profile isession isession deflate-compression-level 3). |
| 365600 | In the BIG-IP Dashboard, in the Web Acceleration view, reporting of statistics show spikes at irregular intervals with a magnitude of 2 to 3 times the average traffic through the WebAccelerator module. This was observed for the 5-min interval window. Workaround: None. |
| 368982 | Disabling any virtual server stops traffic from passing through the BIG-IP WOM device, even though other virtual servers may be enabled. To avoid this issue, you can delete the virtual server rather than disabling it. Workaround: None. |
| 369282 | On a BIG-IP provisioned LTM and WAM/AAM nominal, when WAM/AAM is de-provisioned back to none, the load average of the system spikes to 30+, and the system becomes unresponsive for approximately five minutes. The system becomes unresponsive for approximately five minutes. WAM/AAM is de-provisioned. Workaround: None needed. After approximately five minutes, the system appears to return to normal and the prompt status returns to REBOOT REQUIRED. |
| 370311 | If you create a virtual server with Type set to Reject, or change the Type setting to Reject for an existing virtual server and update the screen, when you open the screen to modify the virtual server, a second iSession Profile setting appears in the browser interface. A second iSession Profile setting appears in the browser interface. The additional setting lacks a Context field, and has no effect on the configuration. This occurs when you create a Virtual Server of Type Reject, add an iSession Profile, and then modify the Virtual Server. Workaround: None. |
| 381229 | When cached documents are served, the browser workarounds configuration option is ignored. Browser workarounds configuration option is ignored. This occurs when the system caches a document (one served by a newer browser that causes the document to be cached) and then attempting to access that cached document with old browsers, such as Mozilla version 4.5. Workaround: None. |
| 381712 | In an active/standby configuration, modifying the WAN optimization codec from SDD v2 to SDD v3, or the reverse, requires that you issue a bigstart restart command on the standby BIG-IP system for the change to take affect. Workaround: None. |
| 382629 | If you update or delete an iSession self IP, and then create a new self IP before deleting the associated local endpoint and iSession listener, the local endpoint becomes unmodifiable. The local endpoint becomes unmodifiable. Update or delete an iSession self IP, and then create a new self IP before deleting the associated local endpoint and iSession listener. Workaround: To avoid this issue, delete the local endpoint and associated iSession listener before creating another self IP on the same VLAN. |
| 382976 | Erroneously enabling image optimization on policy nodes matching HTML or CSS content causes that content to become uncacheable, and the system posts S10206 codes. Content is not cached and responses return S10206 codes. This occurs when enabling image optimization on nodes that match content that can be parsed (for example, HTML or CSS content). Workaround: None. |
| 383398 | Cache entries that are being constantly refreshed due to traffic cannot be cleared with wa_clear_cache if the configured lifetime is less than 4 seconds. Workaround: |
| 383985 | When you configure WAN optimization using the Quick Start screen, the BIG-IP system creates two virtual servers for HTTP traffic, http_optimize_client and http_optimize_client_v6, which specify a default network destination of 0.0.0.0 (all networks). If you change the destination to point to a specific subnet, and then attempt to change the IP Encapsulation Type on either the Quick Start or Local Endpoint screen, the user interface displays an error message, and the change does not take effect. Workaround: As a workaround, you can make the change using the command-line interface. For example, after you update the virtual servers to point to a specific subnet, modify the ip_encap_type attribute for the local-endpoint component by typing 'tmsh modify wom local-endpoint ip-encap-type ipsec ip-encap-profile replace-all-with {default-ipsec-policy}'. |
| 385722 | If a Web Acceleration profile has more than one WebAccelerator application enabled, ESI and triggered invalidations rules incorrectly invalidate content, regardless of which WebAccelerator application cached it. ESI and triggered invalidations rules incorrectly invalidate content. Web Acceleration profile has more than one WebAccelerator application enabled. Workaround: None. |
| 392479 | A rarely encountered issue occurs in which clicking save on the Lifetime page without making any modifications causes inheritance settings to be lost. Basically, when you click the save button on the Lifetime page for any of these nodes when no changes are made, inheritance is immediately overridden and a red 'x' appears to the right of 'WebAccelerator Cache Settings' near the top of the frame. This occurs on Pages, XML, JSON, Media, and Other Binary leaf nodes when saving the Lifetime page when no changes are made. Workaround: None. |
| 392549 | The Performance Monitor Data Retention Period setting for WAM application is not being recognized properly. The retention value from the most recent WAM app is used for all applications. That means that the system removes Performance Monitor data after that app's retention period, regardless of the retention setting in any older WAM applications. The issue is seen on a BIG-IP system with multiple WAM applications, each with different retention periods. Workaround: There is no workaround. |
| 396155 | After caching an uncompressed document, requesting a specific compressed range of the document results in either no compression and the specific range being asked for, or only the range of the original document compressed, depending on the length of the range being requested. Compression not as expected. The reason is that it only compresses the range being requested rather than the whole document, so if you only ask for 1000 bytes in the range, it falls under the compression profile's minimum. Also, upon content expiration from the cache, it seems that the uncompressed version of the document is evicted from the cache. This occurs after caching an uncompressed document and then requesting a specific compressed range of the document. Workaround: None. |
| 396167 | If you cache a compressed document normally, and then switch to asking for a range beyond the end of the document, you get a 416 Requested Range Not Satisfiable response from WAM, but only while the cached content has a positive lifetime. As soon as the document expires and needs re-validation with the OWS, the response from WAM is a complete bypass, with no WAM related headers at all, resulting in partial content reflecting the full uncompressed content-range. Workaround: |
| 401054 | The WAM perfmonitor content-type report could potentially display duplicate application-name/node-name values if an applications policy assignment is modified after passing traffic. The report does not identify the policy a node belongs to. If the newly assigned policy contains identical node names as its predecessor, the results will appear to be duplicates. VIPRION chassis with two blades installed and configured. Workaround: None. |
| 401922 | In a second or third request for an object (JS, CSS, Image, etc.) expected to be cached, the Content-Length header will return a larger size, causing the client to hang waiting for more data than what BIG-IP sent. Failed requests for objects from multiple clients. This is as-designed behavior that represents configuration requirements across application layers that cannot be enforced due to their complexity. LTM virtual with Web Accelerator profile configured. The http profile (LTM) must have the setting response-chunking set to other than SELECTIVE. Workaround: Change the response-chunking setting to SELECTIVE in the http profile for this virtual server. |
| 402303 | WAM transaction-type perfmonitor reports display empty text for application names or node names if an existing application or policy is deleted after passing traffic. The textual identifiers located in the policy or application no longer exist in the configuration after delete but the stats remain. This has no negative effect on system functionality. WAM transaction-type perfmonitor. Workaround: None. |
| 403350 | "WAM uses OWS response headers if it proxies a request, and format its own response headers if it serves from cache. This could result in the inconsistent Date header value if there is clock skew between the BIG-IP system and OWS. If this happens, we suggest OWS to use NTP server to sync their clock." Workaround: None. |
| 404830 | "You may be unable to delete acceleration policy object types from a partition other than the Common partition. Impact" "As a result of this issue, you may encounter one or more of the following symptoms: When attempting to delete a policy object type, you see an error message in the Configuration utility that appears similar to the following example: Deleting Object Type failed. When attempting to modify a policy object type, you see an error message in the Configuration utility that appears similar to the following example: The requested WAM object type (/<partition>/<object_name>) was not found." "You must change partitions to the Common partition before deleting the objects. Symptoms" Workaround: "To work around this issue, you can modify or delete objects from within the Common partition. Impact of workaround: Performing the suggested workaround should not have a negative impact on your system." |
| 405763 | The BIG-IP system cannot refresh cached content by querying server. Proxying the response prevents the cached data from being refreshed, with the result being that every request after max-age results in an OWS request and proxied response until the data is evicted from cache. If the OWS is IIS and has the forced compression setting enabled, the presence of the Content-Encoding: gzip header in a 304 response results in the BIG-IP proxying the response. Workaround: Write an iRule to remove the Content-Encoding header from 304 responses, or mitigate illegal OWS response by turning off forced compression. |
| 406301 | Small object content that expires and happens to be updated might cause resets to be sent to clients. Client can see intermittent failures, forcing client to try again. Under high concurrent request load, small object content that expires and happens to be updated can cause this behavior. Workaround: Enabling request queuing avoids the resets. |
| 410879 | When configured to inline content, WAM/AAM does not inline content that is not already cached or served from OWS with status 200 OK. WAM/AAM does not inline content. When configured to inline content. Workaround: None. |
| 415803 | Invalidation does not work for .txt documents that are too small to cache when compressed. The .txt documents are not invalidated. There is a cache minimum size specified, and the compressed text is smaller than the specified minimum. Workaround: None. |
| 416733 | In WebAccelerator's Symmetric Deployment mode, when configuration changes made on one device are synced to other devices in the deployment, the changes are not automatically saved to bigip.conf. Changes are not automatically saved to bigip.conf. WebAccelerator's Symmetric Deployment when configuration changes made on one device are synced to other devices. Workaround: Save the configuration manually by running the following command on all devices in the symmetric deployment after configuration changes are made: tmsh save sys config. |
| 419617 | Configuration error when creating several policy nodes in a single tmsh command. "Configuration error similar to the following 01070734:3: Configuration error: Configuration from primary failed validation: 01070734:3: Configuration error: Policy ""/Common/IBM Tivoli Maximo Asset Management"" node ""segment"" must have ordinal greater then its base node ordinal." "This occurs when the following conditions are met: -- B4300/B4340N and PB200/B4200 multi-bladed chassis. -- AAM licensed and provisioned. -- Edit several WAM/AAM policy nodes in a single tmsh command." Workaround: On B4300/B4340N and PB200/B4200 multi-bladed chassis, do not create several policy nodes in a single tmsh command, or, if doing so, specify correct ordinals for each node in that command. |
| 420954 | invalidation may be delayed when compressed and uncompressed requests are present. Old content may be served several extra times. If content is cached only uncompressed before it is invalidated and after invalidation is requested only compressed, the invalidation may be delayed by several requests. Workaround: Repeatedly request the contents until the invalidation happens. |
| 420957 | When static content is cached both compressed and uncompressed, they may not invalidate simultaneously. This may result in their cache ages being different. This might result in extra revalidations after invalidations and unexpected cache lifetimes. This occurs when there is a mix of compressed and uncompressed requests for static content, combined with triggered or ESI invalidations of that content. Workaround: None. |
| 423204 | When the small object size limits change, objects are not moved between small object cache and datastor. If tmm is running low on memory and the small object size limit has been increased, this might consume tmm memory. Reducing or increasing the small object limit in order to free up memory or move currently cached content to datastor does not have the desired effect. The small object size threshold db variable is changed from default values. Workaround: "To move content into datastor, temporarily reduce the number of cached objects. This causes all small objects to be evicted; datastor content is still available. Then increase the limit once again (this can be done immediately) and the content will be cached in datastor. There is no workaround to move currently cached content from datastor into the small object cache. Restarting datastor flushes all content including content that should remain in datastor." |
| 426652 | Remote Endpoints stay in 'unknown' state after iSession 'Hello' message is received. Remote Endpoints stay in 'unknown' state. Parse error related to UUID in the version reply message. Workaround: This issue has no workaround at this time. |
| 432072 | "It is not possible to add a web acceleration profile inheriting either directly or indirectly from the built-in profiles to a sync folder of a device group. An error message similar to the following is seen: 01070734:3: Configuration error: Invalid Devicegroup Reference. The profile_webacceleration (/testing/namewebaccel) requires profile_webacceleration (/Common/webacceleration) to be synced to the same devices" Config changes that create this condition (i.e. creating a webacceleration profile in a synced folder, or adding syncing to a folder containing a profile) will be rejected. Attempt to add a web acceleration profile inheriting from a built in profile to a devicegroup that is synced to other devices. Workaround: Edit bigip.conf to remove the /Common/webacceleration profile, then reload the config. |
| 435434 | When Intelligent Client cache is enabled, JS/CSS/Images are expected to be inlined. But CSS of size greater than 32 KB will not be inlined. Customer not getting the benefit of Intelligent client cache in this scenario. "* Webacceleration is attached to the virtual server. * Intelligent client cache is enabled on WAM policy. * CSS size limit is set to greater than 32 KB. * CSS optimizations are turned on - such as IBR, inlining images into CSS." Workaround: * Turn off CSS optimizations (IBR, inlining images into CSS). |
| 435947 | Upon WAM cache lifetime expiry, when revalidating content cached in tmm memory and receiving a 304 Not Modified response from OWS, WAM sometimes serves a response with S code 10232 (as expected) but lacking an Etag, and indicates the response came from datastor, when there is no indication of the reason this occurred. Without an Etag sent back to the client, WAM might get unnecessary load from clients that otherwise could perform a conditional GET with the Etag. WAM is configured to cache compressed static content from OWS, and OWS does not send a Last-Modified date header in the response. Workaround: Configure OWS to return the Last-Modified header for content it serves. |
| 436339 | The reference link in Intelligent Client Cache contains http when virtual server is https. Request using the URL in the reference link will fail. HTML page rendering appears to be nonfunctional. Request using the URL in the reference link fails. HTML page rendering appears to be nonfunctional. Virtual server is https. Requests for the HTML are from HTML5 browser and Intelligent Client Cache is enabled. Local storage element for the ICC-ed content in the browser is then deleted and the HTML page is requested again. This time the page does not render. Workaround: Although there is no specific workaround, the issue is not seen if the local storage element for ICC-ed content is not deleted. |
| 442124 | "When an image is optimized, the caches in which the original and the optimized versions are stored can be different. In that case, it is possible for one TMM to have a differently encoded version of the same image than another TMM." Minor, but some clients might receive the unoptimized image, while others will receive the optimized image. This condition applies on images whose size, after optimization, crosses back or forth across the 4 KB boundary that defines the size discriminator for choosing the cache. Workaround: Although no workaround is truly needed, image optimization can be disabled. |
| 447254 | TMM core error in a previously parked transaction Loss of service. "* Stand-in is enabled on the policy. * Request queueing is turned on in the policy * Document may have been removed from entity due to not matching policy on node." Workaround: * Disable stand-in and/or Request queueing |
| 456845 | WAM generated customized ETag sent to OWS. Customized WA ETag makes it to the client. Assuming the server does not generated WA ETags, the behavior would be the same irrespective of whether the ETag makes it to the server or not. The expectation is to receive a 200 OK from the server so that the content can be cached by WAM. Client has content cached and sends a conditional GET. wa_clear_cache has been issued or content has been evicted from WAM cache. The ETag sent by the client in headers is sent to the OWS. Workaround: None. |
| 465854 | When both CSS inline and JavaScript reordering are enabled, page rendering might be incorrect due to missing 'src' attribute in a script tag. Web pages do render correctly. Have AAM provisioned and a policy with both CSS inline and JavaScript reordering enabled and attached to a virtual server. Have a page with both CSS and JavaScript resources associated requested via the virtual server. Workaround: Disable either of the optimizations. |
| 465901 | Using AAM to inline a large number of JavaScripts in HTML code might result in resetting a connection and not serving the requested page to the client. When conditions are met there is a chance that the connection will be reset and the content won't be served to the client. Provision AAM and have a policy with inlining enabled for a large number of configured JavaScripts used in a single HTML page. Send a request to this page. Workaround: Reducing the number of inlining-enabled JavaScripts might result in properly serving the page. |
| 488013 | If cache-on-first-hit and OWS-compression are both enabled on a WA policy node, requests for uncached but cacheable documents will hang. No response returned to client "Conditions leading to this issue include: WA enabled on VIP, Cache on first hit enabled in WA policy, and OWS enabled in WA policy." Workaround: Disable either cache on first hit or OWA compression on the WA policy node. |
| 515861 | Some WAM/AAM policies from version 10.x might cause tmm to be killed by sod after upgrade to 11.x and applying the policy to the virtual server (through the web acceleration profile, which has the application with the associated policy). sod repeatedly kills tmm (seen as tmm crash) after the upgrade, which might eventually cause general unavailability for all virtual servers on a given BIG-IP system. The policy contains many of the following elements in the 10.x version: - regular expressions. - certain ordinal path-segment directives (including some redundant left-to-right ones which could be simplified in a single right-to-left ordinal match). Workaround: None. |
| 530466 | "The issue happens when MultiConnect is enabled and a resource is reloaded by a user request. If the browsers have CORS policy enforcement applied to the resource, the consequent requests for the resource are forwarded to a subdomain and a CORS header ""Origin"" is inserted into the request. In response the browser expects ""Access-Control-Allow-Origin"" header with a value allowing the subdomain as a host in the request. AAM doesn't recognize the header and just ignores it or has it passed to OWS which doesn't expect it." Lack of loading of the resource which may result in incorrect rendering of the page. An AAM policy with MultiConnect option is configured and attached to a virtual. There are resource(s) in a page are used for which CORS policy is enforced in a client browser, for example, font file for CSS. Workaround: "1) Disable MultiConnect. 2) Create an iRule to properly process Origin header." |
| 538309 | When a policy is changed and published, its publishing date is kept in memory and does not go into configuration file. When a configuration is reloaded with an explicit command or after reboot, it shows an incorrect policy publishing date. Reloading the configuration shows an incorrect policy publishing date, and the policy publishing history is lost. AAM is configured and has a custom policy. Workaround: None. |
Contacting F5 Networks
| Phone: | (206) 272-6888 |
| Fax: | (206) 272-6802 |
| Web: | http://support.f5.com |
| Email: | support@f5.com |
For additional information, please visit http://www.f5.com.
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
- The F5 Networks Technical Support web site: http://www.f5.com/support/
- The AskF5 web site: http://support.f5.com/kb/en-us.html
- The F5 DevCentral web site: http://devcentral.f5.com/
- AskF5 TechNews
F5 Networks Technical Support
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5
AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
F5 DevCentral
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
AskF5 TechNews
- Weekly HTML TechNews
- The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
- Periodic plain text TechNews
- F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you are using to subscribe. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.
