Original Publication Date: 05/12/2015
This release note documents the version 11.5.3 release of BIG-IP Policy Enforcement Manager (PEM).
This version of the software is supported on the following platforms:
|Platform name||Platform ID|
|BIG-IP 800 (LTM only)||C114|
|BIG-IP 2000s, BIG-IP 2200s||C112|
|BIG-IP 4000s, BIG-IP 4200v||C113|
|BIG-IP 5000s, 5050s, 5200v, 5250v||C109|
|BIG-IP 7000s, 7050s, 7055, 7200v, 7250v, 7255||D110|
|BIG-IP 10000s, 10050s, 10055, 10200v, 10250v, 10255||D113|
|VIPRION B2100 Blade (for evaluation only)||A109|
|VIPRION B2150 Blade||A113|
|VIPRION B2250 Blade||A112|
|VIPRION B4100, B4100N Blade||A100, A105|
|VIPRION B4200, B4200N Blade (for evaluation only)||A107, A111|
|VIPRION B4300, B4340N Blade||A108, A110|
|VIPRION C2200 Chassis||D114|
|VIPRION C2400 Chassis||F100|
|VIPRION C4400, C4400N Chassis||J100, J101|
|VIPRION C4480, C4480N Chassis||J102, J103|
|VIPRION C4800, C4800N Chassis||S100, S101|
|Virtual Edition (VE)||Z100|
These platforms support various licensable combinations of product modules. This section provides general guidelines for module support.
Most of the support guidelines relate to memory. The following list applies for all memory levels:
All licensable module-combinations may be run on platforms with 12 GB or more of memory, and on VE and vCMP guests provisioned with 12 GB or more of memory. Note that this does not mean that all modules may be simultaneously provisioned on all platforms with 12 GB or more of memory. The BIG-IP license for the platform determines which combination of modules are available for provisioning.
The following guidelines apply to the BIG-IP 2000s, 2200s, 3900, 6900 platforms, to the VIPRION B4100 and B4100N platforms, and to VE guests configured with 8 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus does not fit in this category.)
The following guidelines apply to platforms, and to VE and vCMP guests provisioned with less than 8 GB and more than 4 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus fits in this category.)
The following guidelines apply to the BIG-IP 1600 and 3600 platforms, and to VE and vCMP guests provisioned with 4 GB or less of memory.
Application Acceleration Manager (AAM) supports the following functionality when configuring vCMP and VIPRION platforms.
The amount of memory provisioned to a vCMP guest is calculated using the following formula: (platform_memory- 3 GB) x (cpus_assigned_to_guest/ total_cpus).
As an example, for the B2100 with two guests, provisioned memory calculates as: (16-3) x (2/4) ~= 6.5 GB.
The BIG-IP Configuration Utility supports these browsers and versions:
For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IP PEM / VE11.5.3 Documentation page.
|432950||The BIG-IP GUI and QoS model uses uplink, downlink, total terminology which corresponds to input, output and total terms respectively, defined by RFC 4006.|
Policy Enforcement Manager is supported in an active-standby and active-active configuration with two BIG-IP systems only.
Before you begin:
|Install to existing volume, migrate source configuration to destination||tmsh install sys software image [image name] volume [volume name]|
|Install from the browser-based Configuration utility||Use the Software Management screens in a web browser.|
The following command installs version 11.2.0 to volume 3 of the main hard drive.
tmsh install sys software image BIGIP-126.96.36.1996.0.iso volume HD1.3
|397397||When multiple static subscriber information is loaded from a .csv file, the subscriber information is lost if enter or CRLF is not entered at the end of each record line. To workaround this issue, press the Enter key or insert the CRLF character at the end of each row in the .csv file.|
|398416||In this release, volume threshold is supported. However, time threshold does not qualify for Gx reporting as it is not specified in the standard. To workaround this issue, do not use time threshold.|
|398922||Only a single instance of the diameter-endpoint profile is supported in this release: the system-supplied default gx-endpoint profile. As a result, diameter-endpoint profiles cannot be created or deleted in the GUI or in tmsh.|
|399119||If a policy rule matched with flow filters drop or redirect the traffic, that traffic will not match other policy rules that use classification filters.|
|400372||The protocol msn_video is used by MSN Messenger for video conversations and is supported for MSN Messenger 8 and earlier.|
|400893||The .csv file for uploading static subscribers has multiple lines with Mac end-of-line. To work around this issue, convert the file into WIN file format and upload from the GUI or tmsh. This resolves the issue.|
|403374||On rare occasions, when a policy is installed with 15 rules and reporting is configured on them, only 14 of the reports are generated when multiple flows (traffic) are sent matching all of them. Maximum usage reports per subscriber is supported.|
|406311||If gate status disabled action is enforced while using profile FastL4, the client will see unwanted connection resets. To work around this issue, set the srDB using the db var tmm.pem.srdb.entry.step to 240.|
|406349||If the dynamic_spm_bwc_policy is not created, dynamic PCC rules are not applied. To work around this issue, ensure that the dynamic_spm_bwc_policy is configured with proper parameters prior to getting dynamic PCC rules from the PCRF.|
|409201||If you change the SPM (PEM) profile of a virtual during a certain flow, the flow will not get policy reevaluation. Instead, only new flows will be using the new policies that are attached to the profile.|
|410763||If the monitoring key is longer than 1053 characters, an error message is issued. To work around this issue, use monitoring keys fewer than 1053 characters.|
|417139||Modifying Session state through iRules may cause issues over Gx. To work around this issue, do not modify the session state if session is active.|
|427429||No statistics are available for troubleshooting with the new "show pem irule" stats command.|
|427844||Any tunneling traffic such IPsec, GRE, and IPIP cannot be steered by the BIG-IP system to a different endpoint. This is because the traffic is encapsulated and targets only the destination endpoint.|
|428178||All IP addresses that are identified as frequent are not stored in the database, and thus are not categorized.|
|428420||Some IP addresses are categorized as unknown on the BIG-IP system, even though they are categorized in the cloud database of webroot.|
|430344||A URL categorization limitation is that a small set of URLs are categorized as unknown on the BIG-IP system, even though they may get categorized in the cloud database of webroot.|
|435596||The CEC hitless upgrade does not sync files between active-standby setup, using device group. To work around this issue, change standby to active to do CEC hitless upgrade.|
|438549||If you turn on the SNAT pool or SNAT Automap on IPOther virtual, no traffic passes through in most cases. In some cases, the traffic passes but the out stats (packets and bytes) is zero. To workaround this, do not turn on SNAT pool or SNAT Automap on IPOther virtual that processes IPsec traffic.|
For additional information, please visit http://www.f5.com.
You can find additional support resources and technical documentation through a variety of sources.
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.