Applies To:

Show Versions Show Versions

Release Note: BIG-IP Analytics 11.6.0
Release Note

Original Publication Date: 12/23/2014

Summary:

This release note documents the version 11.6 release of BIG-IP Analytics (AVR). You can apply the software upgrade to systems running software versions 11.x.

Contents:

- User documentation for this release
- Supported platforms
- Configuration utility browser support
- Installation overview
     - Installation checklist
     - Installing the software
     - Post-installation tasks
     - Installation tips
- Upgrading from earlier versions
     - Automatic firmware upgrades
     - Changing the Resource Provisioning level of the Analytics Module
- New items and fixes in this release
     - New in this release
     - Fixes in this release
- Features and fixes introduced in prior releases
     - New features introduced in 11.5.1
     - Fixes introduced in version 11.5.1
     - New features introduced in 11.5.0
     - Fixes introduced in version 11.5.0
     - New features introduced in 11.4.1
     - Fixes introduced in 11.4.1
     - New features introduced in 11.4.0
     - Fixes introduced in 11.4.0
     - New features introduced in 11.3.0
     - Fixes introduced in 11.3.0
     - New features introduced in 11.2.1
     - Fixes introduced in 11.2.1
     - New features introduced in 11.2.0
     - Fixes introduced in 11.2.0
     - New features introduced in 11.1.0
     - Fixes introduced in 11.1.0
     - New features introduced in 11.0.0
     - Fixes introduced in version 11.0.0
- Known issues
- Legal notices

User documentation for this release

To view a complete list of documentation relevant to this release, see BIG-IP Analytics 11.6 Documentation.

[ Top ]

Supported platforms

This version of the software is supported on the following platforms:

Platform name Platform ID
BIG-IP 1600 C102
BIG-IP 3600 C103
BIG-IP 3900 C106
BIG-IP 6900 D104
BIG-IP 8900 D106
BIG-IP 8950 D107
BIG-IP 11000 E101
BIG-IP 11050 E102
BIG-IP 2000s, BIG-IP 2200s C112
BIG-IP 4000s, BIG-IP 4200v C113
BIG-IP 5000s, 5050s, 5200v, 5250v C109
BIG-IP 7000s, 7050s, 7200v, 7250v D110
BIG-IP 12250v (requires 11.6.0 HF2) D111
BIG-IP 10350N (requires 11.6.0 HF2) D112
BIG-IP 10000s, 10050s, 10200v, 10250v D113
VIPRION B2100 Blade A109
VIPRION B2150 Blade A113
VIPRION B2250 Blade A112
VIPRION B4100, B4100N Blade A100, A105
VIPRION B4200, B4200N Blade A107, A111
VIPRION B4300, B4340N Blade A108, A110
VIPRION C2200 Chassis D114
VIPRION C2400 Chassis F100
VIPRION C4400, C4400N Chassis J100, J101
VIPRION C4480, C4480N Chassis J102, J103
VIPRION C4800, C4800N Chassis S100, S101
Virtual Edition (VE) Z100
vCMP Guest Z101

These platforms support various combinations of product modules. This section provides general guidelines for module support.

Most of the support guidelines relate to memory on the platform or provisioned guest. For vCMP support and for Policy Enforcement Module (PEM), Carrier-Grade NAT (CGNAT), and the Local Traffic Manager (LTM), the following list applies for all memory levels:

  • vCMP supported platforms
    • VIPRION B2100, B2150, B2250, B4200, B4300, B4340N
    • BIG-IP 5200v, 5250, 7200v, 7250v, 10200v, 10250v
  • PEM and CGNAT supported platforms
    • VIPRION B2150, B2250, B4300, B4340N
    • BIG-IP 5x00v(s), 7x00v(s), 10x00v(s)
    • BIG-IP Virtual Edition (VE) (Not including Amazon Web Service Virtual Edition) (3 GB, 10 GB production and combination lab models)
    • PEM and CGNAT may be provisioned on the VIPRION B4200 but it is not recommended for production, only for evaluation. PEM may be provisioned on the VIPRION B2100, but it is not recommended for production, only for evaluation. Use the B4300 or B4340N instead.

Memory: 12 GB or more

All licensable module-combinations may be run on platforms with 12 GB or more of memory, and on BIG-IP Virtual Edition (VE) and vCMP guests provisioned with 12 GB or more of memory. Note that this does not mean that all modules may be simultaneously provisioned on all platforms with 12 GB or more of memory. The BIG-IP system license for the platform determines which combination of modules are available for provisioning.

Memory: 8 GB

The following guidelines apply to the BIG-IP 2000s, 2200s, 3900, 6900 platforms, to the VIPRION B4100 and B4100N platforms, and to VE guests configured with 8 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus does not fit in this category.)

  • No more than three modules should be provisioned together.
  • On the 2000s and 2200s, Application Acceleration Manager (AAM) can be provisioned with only one other module.

Memory: Less than 8 GB and more than 4 GB

The following guidelines apply to platforms, and to VE and vCMP guests provisioned with less than 8 GB and more than 4 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus fits in this category.)

  • No more than three modules (not including AAM) should be provisioned together.
  • Application Acceleration Manager (AAM) cannot be provisioned with any other module; AAM can only be provisioned standalone.

Memory: 4 GB or less

The following guidelines apply to the BIG-IP 1600 and 3600 platforms, and to VE and vCMP guests provisioned with 4 GB or less of memory.

  • No more than two modules may be configured together.
  • AAM should not be provisioned, except as Dedicated.
  • Analytics (AVR) counts towards the two module-combination limit (for platforms with less than 6.25 GB of memory).

vCMP memory provisioning calculations

The amount of memory provisioned to a vCMP guest is calculated using the following formula:
(platform_memory - 3 GB) x (cpus_assigned_to_guest / total_cpus).

As an example, for the B2100 with two guests, provisioned memory calculates as:
(16-3) x (2/4) ~= 6.5 GB.

[ Top ]

Configuration utility browser support

The BIG-IP system Configuration utility supports the following browsers and versions:

  • Microsoft Internet Explorer 8.x, 11.x
  • Mozilla Firefox 27.0.x
  • Google Chrome 32.x

Note: Newer browsers (Internet Explorer 9 or later, Firefox 3.6 or later, or Chrome 14 or later) support viewing Analytics charts with no additional plug-in. If using older browsers (Internet Explorer 8 or earlier, Firefox 3.5 or earlier, or Chrome 13 or earlier), Adobe Flash Player (version 8 or later) must be installed on the computer where you plan to view Analytics charts.

[ Top ]

Installation overview

This section covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in Upgrading Active-Standby Systems and Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.

Installation checklist

Before you begin:

  • Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x)
  • Update/reactivate your system license, if needed, to ensure that you have a valid service check date.
  • Ensure that your system is running version 11.0 or later and is using the volumes formatting scheme.
  • Download the .iso file (if needed) from F5 Downloads to /shared/images on the source for the operation. (If you need to create this directory, use the exact name /shared/images.)
  • Configure a management port.
  • Set the console and system baud rate to 19200, if it is not already.
  • Log on as an administrator using the management port of the system you want to upgrade.
  • Boot into an installation location other than the target for the installation.
  • Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to a safe place on another device.
  • Log on to the standby unit, and only upgrade the active unit after the standby upgrade is satisfactory.
  • Turn off mirroring.
  • If you are running WAN Optimization Manager, set provisioning to Minimum.
  • If you are running Policy Enforcement Manager, set provisioning to Nominal.
  • If you are running Advanced Firewall Manager, set provisioning to Nominal.

Installing the software

You can install the software at the command line using the Traffic Management shell, tmsh, or in the browser-based Configuration utility using the Software Management screens, available in the System menu. Use one of the following methods:

  • Run the command tmsh install sys software image [image name] volume [volume name]. If the volume does not exist, add to the end of this command: [create-volume].
  • Use the Software Management screens in a web browser.

Sample installation command

The following command installs version 11.2.0 to volume 3 of the main hard drive:
tmsh install sys software image BIGIP-11.2.0.2446.0.iso volume HD1.3

Post-installation tasks

After the installation finishes, you must complete the following steps before the system can pass traffic.

  1. Ensure the system rebooted to the new installation location.
  2. Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x)
  3. Log on to the browser-based Configuration utility as a user with administrator rights.
  4. Run the Setup utility.
  5. Provision the module.
  6. Convert any bigpipe scripts to tmsh. (Version 11.x does not support the bigpipe utility.)

You can find complete, step-by-step installation and upgrade instructions in Creating an Active-Standby Configuration Using the Setup Utility and Creating an Active-Active Configuration Using the Setup Utility, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.

Installation tips

The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three to seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD (recommended), type yes, otherwise, type no.

You can check the status of an active installation operation by running the command tmsh show sys software.

If installation fails, you can view the log file. The system stores the installation log file as /var/log/liveinstall.log.

[ Top ]

Upgrading from earlier versions

Use one of the following upgrade methods:

  • Run the command tmsh install sys software image BIGIP-11.6.XXXX.0.iso volume HD1.X. If the volume does not exist, add to the end of this command: [create-volume].
  • Use the Software Management screens in the browser-based Configuration utility.

Automatic firmware upgrades

If this version includes new firmware for your specific hardware platform, after you install and activate this version, the system might reboot additional times to perform all necessary firmware upgrades.

[ Top ]

Changing the Resource Provisioning level of the Analytics Module

After upgrading or installing a new version, before you can use the Analytics Module, you must set the Analytics Module resource provisioning level to Nominal. You can do this from the command line, or using the Configuration utility.

Important: Wait 5 minutes after you set the resource provisioning level before making any configuration changes to the Analytics Module. The system overrides all configuration changes made before this process is completed. The system informs you when the process is not completed by displaying, in the Configuration utility, the following message: AVR is not ready. The system informs you when the process completed by indicating in the log (/var/log/avr) the following message: AVR started successfully.

To set the Analytics Module resource provisioning level to Nominal from the command line

Open the command-line interface utility, and run the following commands:
      tmsh modify sys provision avr level nominal
      tmsh save sys config

To set the Analytics Module resource provisioning level to Nominal using the Configuration utility

  1. Using the Configuration utility, on the Main tab of the navigation pane, expand System, and click Resource Provisioning.
    The Resource Provisioning screen opens.
  2. Set the Application Visibility and Reporting (AVR) option to Nominal.
  3. Click Submit.
    The screen refreshes, and the resource provisioning level of the Analytics Module is set to Nominal.
[ Top ]

New items and fixes in this release

New in this release

This release includes the following new items and fixes.

Historical TMM control utility Statistics
In this release, you can view graphical and historical statistics of virtual servers and historical statistics from the TMM control utility. In previous releases, they were all displayed only as a static table, and you could only view the current status. To view graphic virtual server and TMM control utility statistics, navigate to the following:

  • Statistics > Analytics > IP
  • Statistics > Analytics > Virtual Servers
  • Statistics > Analytics > CPU
  • Statistics > Analytics > Memory
  • Statistics > Analytics > Disk

Historical vCMP Statistics
From the vCMP host, you can view detailed historical vCMP statistics in the Analytics section of the Configuration utility. The statistics provide an overview of vCMP performance, network throughput, CPU usage, and disk usage in graphical form. You can customize the information that is displayed, the time periods, and what information you want to appear on the overview screen.

To view graphic vCMP statistics, navigate to Statistics > Analytics > VCMP.

Important: In order to view historical vCMP statistics, vCMP must be provisioned.

Fixes in this release

This release includes the following fixes.

ID Number Description
ID 417685 OWA 2003 now correctly starts when an Analytics profile, with page-load-time enabled, is assigned to a virtual server.
ID 430136 Requests that are rejected by client-side prevention mitigation are no longer counted in the URL Latencies report (Security > Reporting > DoS > Application > URL Latencies).
ID 432922 We improved the system’s JavaScript injection mechanism. The system injects JavaScript to HTML pages at the end rather than after the HEAD tag, when Page Load Time collection is enabled in an Analytics profile assigned to a virtual server.
ID 438604 AVR now checks the Content-Type of a response before inserting CSPM JavaScript, so that it only injects the CSPM JavaScript into appropriately formatted text and HTML documents.
ID 432921 You can now add a prefix and a suffix to the AVR cookie name. The prefix and suffix length can be no more than 32 characters. A prefix and a suffix can contain only numbers, letters, a period (.), or a hyphen (-). If the user inserts an illegal prefix or suffix, the system displays an error message. The new default prefix is f5avr. The new default suffix is " " (empty suffix).
ID 439439 Analytics profile subnets: The system now displays correct route domain identifiers, and correctly calculates the mask length for IP addresses with route domains.
ID 441214 We fixed a scenario when intermittently monpd would core dump due to a MySQL crash, and reports would not be available during the crash.
ID 442703 Traffic Capturing displays the response body as it is, with the chunk sizes, when it is chunked. The body will contain one or more chunk sizes when there is a header Transfer-Encoding: chunked. Previously, the system displayed the response body without the chunk sizes.
ID 459844 The default maximum number of entities the system collects every 10 seconds for DoS input is 4095 entities. You can now change the maximum entities number by changing the value of the new variable Avr.DosMaxEntitiesPerTable from the command line. The entities number can be between 1000 to 1000000 entities.
ID 464366 Devices in a device group are now properly synchronized when a new Analytics profile is created and assigned to a virtual server.
ID 465181-1 Even if BIG-IP system fails to connect to the IP reputation database server (either using a proxy or not), it will not cause a memory leak in one of the internal daemons.

[ Top ]

Features and fixes introduced in prior releases

New features introduced in 11.5.1

There were no new features introduced in version 11.5.1.

Fixes introduced in version 11.5.1

This release includes the following fixes from version 11.5.1.

ID Number Description
ID 448717 The AVR_DIM_URL table size is now controlled and does not fill the /var/lib/mysql partition nor block /var/avr/loader files from being loaded.
[ Top ]

New features introduced in 11.5.0

Display Statistics per Pre-Defined Subnets
We added the client IP subnet as another entity for which statistics can be collected. Now, network administrators can view traffic statistics that have been collected by Analytics, and broken down by subnets, and use these statistics to monitor the traffic usage per network subnet. To do this, select pre-define subnets on the Analytics profile screen. If you assign names to the subnets, these names appear in the reports; if you do not assign names to the subnets, their IP addresses appear in the reports.

The system supports both IPv4 and IPv6 addresses.

More visible iRule support
In previous versions, starting with version 11.1.0, you could obtain and manage Analytics statistics in real-time using iRules by performing the following steps:

  1. Provision Analytics.
  2. Define an Analytics profile with enabled metrics and entities.
  3. Write an iRule expression describing which statistics you want to see.
    For syntax and examples, see the iRule expressions section following.
  4. Enable the ISTATS variable from the command line.
  5. Run a command to view the statistics.
    (To view all of the collected iRule statistics, from the command line, type this command: ISTATS dump.)

To make this feature more visible to the user, with this release, instead of enabling the ISTATS variable from the command line, you select the Publish iRule Statistics check box in the Local Traffic > Profiles > Analytics > Analytics Profile Properties screen. This setting is disabled by default.

iRule expressions
Use the following expression: ISTATS::get "<ENTITY> <name> counter <TYPE>"

Where:
ENTITY is one of the following values:

  • vip - local virtual server statistics
  • VIP - global virtual server statistics (cluster)
  • pool - local pool member statistics
  • POOL - global pool member statistics (cluster)
  • GEO - global sessions statistics (cluster)

NAME is one of the following values:

  • GEO - 2 uppercase characters of country code. Example: US
  • VIP/vip - case-sensitive full name of virtual server. Example:/Common/myvip1
  • POOL/pool - pool member name in the following format: IP%RTDOM:PORT. Examples: 172.29.38.211:80, c82d:46f5:800:0:3000:0:200:0.0, 172.29.38.211%1:80

TYPE is the metric type, and is one of the following values:

  • tps
  • request_throughput
  • response_throughput
  • server_latency
  • page_load_time
  • max_server_latency
  • max_page_load_time
  • concurrent_sessions
  • page_load_time_samples

Expression examples: if { [ISTATS::get "VIP /common/MyVIP1 counter tps"] > 10 } ....
if { [ISTATS::get "POOL 172.29.38.211%1:80 counter page_load_time"] > 200} ...
if { [ISTATS::get "GEO IL counter concurrent_sessions"] > 200} ...

Notes:

  • Changing Analytics or iRule configuration results in the cleaning of all real-time statistics.
  • There is a delay of at least 10 seconds between the time the event occurred and the time the statistics arrive.

Maximized Enterprise Application Delivery Value
To make it easier and more affordable to get the Software Defined Application Services capabilities all organizations need, F5 introduces three new software bundle offerings: Good, Better, and Best. GOOD: Provides intelligent local traffic management for increased operational efficiency and peak network performance of applications. BETTER: Good plus enhanced network security, global server load balancing, and advanced application delivery optimization. BEST: Better plus advanced access management and total application security. Delivers the ultimate in security, performance, and availability for your applications and network. You can learn more about these new software bundles from your F5 Networks Sales Representative.

Fixes introduced in version 11.5.0

This release includes the following fixes from version 11.5.0.

ID Number Description
ID 418058 You should no longer see the following message in the TMM file (found in /var/log/tmm) when an analytics profile with a user session collection is configured on a virtual server: "AVR: Session Lookup. Found invalid Key: ..."
ID 425163 In previous versions, starting with version 11.1.0, you could use the command line to obtain and manage Analytics statistics in real-time using iRules. To make this feature more visible to the user, with this release, instead of enabling the ISTATS variable from the command line, you select the Publish iRule Statistics check box in the Local Traffic > Profiles > Analytics > Analytics Profile Properties screen. This setting is disabled by default.
ID 426550 We fixed an issue that sometimes caused the Analytics module external logging to not work after the BIG-IP system was rebooted, unless you also ran the command "bigstart restart avrd".
ID 427888 AVR no longer breaks the response of an HTTP transaction when receiving a FIN before receiving the entire request.
ID 429522 Fixed a rare issue with the AVR initialization process that led to invalid JavaScript injection when the page-load-time feature is used.
ID 432352 After upgrading to version 11.5, the system removes logger publishers with unsupported destinations, such as ArcSight and LocalDB.
ID 434283 DoS attack statistics are collected for VLAN groups, but are reported as Aggregated and are not broken down for each individual VLAN group.
ID 436352 We fixed an issue where the Analytics user-session tracking feature sometimes caused the TMM to core dump due to memory consumption issues.
ID 436363 BIG-IP versions 11.x use new Flash components in the Charts that protect the system against a potential XSS vulnerability in third party components.

New features introduced in 11.4.1

Maximized Enterprise Application Delivery Value
To make it easier and more affordable to get the Software Defined Application Services capabilities all organizations need, F5 introduces three new software bundle offerings: Good, Better, and Best. GOOD: Provides intelligent local traffic management for increased operational efficiency and peak network performance of applications. BETTER: Good plus enhanced network security, global server load balancing, and advanced application delivery optimization. BEST: Better plus advanced access management and total application security. Delivers the ultimate in security, performance, and availability for your applications and network. You can learn more about these new software bundles from your F5 Networks Sales Representative.

Fixes introduced in 11.4.1

This release includes the following fixes from version 11.4.1.

ID Number Description
ID 419923 The avrd daemon no longer crashes when setting the AVRD_CONFIG logging level to DEBUG (done in /etc/avr/avrd_logger.cfg) if an AVR profile is assigned to a virtual server, and if this AVR profile's session-cookie-security is set to always-secure.
ID 420080 Fixed an Application DoS/AVR issue that rarely caused a memory leak.
ID 421435 Fixed an Application DoS/AVR issue that caused the double release of memory, and possible memory corruption.
ID 421909 We optimized AVR to prevent possible memory corruption and crashes.
ID 422199 Requests that are originally chunked are returned chunked to the client even if a DoS profile is assigned to the virtual server.
ID 422916 We fixed a TMM crash that sometimes occurred during the AVR decompression process. In addition, the decompression process is done only to serve DoS with Application Security (DoS layer 7) with client side mitigation, otherwise it is avoided.
ID 422917 In the Configuration utility, when accessing Analytics from the Virtual Server or iApp screens, Analytics is correctly reflected in the Statistics screen because virtual servers and iApps are now correctly filtered in the drill-down path.
ID 423355 We fixed an issue regarding application security DoS protection using client-side mitigation on compressed responses.
ID 423802 We fixed an issue where using AVR page-load-time together with user-session tracking could have invalidated the response.
ID 424673 We fixed an issue that rarely caused the TMM or the AVR daemon to crash, or sometimes generated invalid statistics.
ID 424719 AVR no longer reports invalid latency (very high) values when the connection is closed by server.
ID 424850 A multithreading synchronization issue was fixed. As a result, memory corruption that took place in previous versions no longer occurs.
ID 425254 To better performance, the system's collection of maximum TPS and throughput statistics is now disabled by default.
[ Top ]

New features introduced in 11.4.0

Securing the AVR session cookie (ID 410638)
For each Analytics profile, you can configure the system to add the secure attribute to the AVR session cookie. If you ask for sessions in the metrics, there is a list with the following options: Always (AVR always adds the secure attribute), Only SSL (AVR adds the secure attribute only if the VIP has a Client-SSL profile attached to it), and Never.

Configuration utility support for enabling the viewing of maximum TPS and throughput statistics
In version 11.3.0, you configured the system to display the maximum TPS and throughput running the following tmsh command: tmsh modify sys db md.enablemaxandglobalhttpstats value 1
From version 11.4.0, you do this from the configuration utility. For every Analytics profile, navigate to Local Traffic > Profiles > Analytics, and on the Analytics properties screen, in the Statistics Gathering Configuration area, enable the Collected Metric Max TPS and Throughput.
After this setting is enabled, the system displays the following:

  • The maximum TPS for each entity, if you drill down to a specific entity, in the Details table of the Transactions tab of the Statistics > Analytics > HTTP screen.
  • The maximum request throughput for each entity, if you drill down to a specific entity, in the Details table of the Request Throughput tab of the Statistics > Analytics > HTTP screen.
  • The maximum response throughput for each entity, if you drill down to a specific entity, in the Details table of the Response Throughput tab of the Statistics > Analytics > HTTP screen.

Configuration utility support for enabling the viewing of DNS detailed statistics
In version 11.3.0, you enabled Analytics statistics for DNS by running the following tmsh command: tmsh modify ltm profile dns <dns_profile_name> avr-dnsstat-sample-rate 1
From version 11.4.0, you do this from the configuration utility. For every DNS profile, navigate to Local Traffic > Profiles > Services > DNS, and on the DNS properties screen, enable the AVR Statistics Sample Rate setting. This setting is enabled by default.
In addition, with this setting you can control how many queries are sampled (the sampling rate). The default sampling rate is 1/1, meaning all traffic is collected and used for statistical data.

Fixes introduced in 11.4.0

This release includes the following fixes from version 11.4.0.

ID Number Description
ID 348588 You can now control whether the Analytics Statistics graphs should refresh automatically, and how often, using the Auto-Refresh button.
ID 376854 Added the Total entities information and index numbers for the Details table in the exported PDF file of the Statistics > Analytics > Analytics Statistics screen.
ID 391120 Analytics supports user roles. Analytics statistics displayed are restricted according to partition.
ID 401219 The system now prevents users, both in the Configuration utility and tmsh, from drilling-down statistics of client-IP and domain-name into each-other.
ID 402739 There are no longer HTTPD errors if you navigate to the Security > Overview > Application > Traffic screen and set any value, except for the default value, Show details, for any widget.
ID 403654 Analytics supports ACL-Rules, ACL-Management-Rules and DNS-Queries memory-pools containing items of 256 symbols, instead of 128 symbols for DNS-Queries, and 64 symbols for ACL-Rules.
ID 403864 We limited the various tmsh analytics commands so that only valid drilldown combinations are allowed.
ID 403987 URLs are now displayed correctly on the Traffic Capturing screen.
ID 404455 All scheduled reports are now upgraded correctly between versions.
ID 404473 You can now configure a filter from the popup screen where you add and edit a widget.
ID 404600 Protocol DNS statistics are now correctly displayed even for undefined query types.
ID 404732 When running traffic for multiple security policies, having an Overview widget that has filters on Virus, Username, or URL will now display the correct values.
ID 404733 When updating an Application Security Overview widget, filtering by violation, attack type or IP address intelligence will now work correctly and display the right values.
ID 404734 When creating a widget that is viewed by security policy, the user can now define a violation filter on it without receiving an error (in the Configuration utility, monpd daemon, and LTM logs).
ID 404746 The data on the Overview screen now displays faster even if there is a large number of logged requests (around 50000), and the widget is configured to show countries.
ID 404836 HTTP, DNS and DDoS statistics: We fixed some issues with inaccurate statistics in AVR charts. Now they are reported correctly.
ID 404893 An incorrect note was removed regarding sampling in the Online Help of the Analytics Profile Properties screen.
ID 406178 We upgraded the version of MySQL from 5.1.63 to 5.1.67.
ID 406187 The system now removes Page Load Time cookies from requests when the page load time setting is disabled.
ID 406272 TMM no longer produces a core dump when caching, compression, AVR, and DoS are enabled on a virtual server and HTTPS traffic is sent with a gzip response file.
ID 406948 We fixed an issue that prevented the system from creating AVR snapshots.
ID 407688 mcpd daemon file descriptor leaks no longer occur when email notifications (alerts) are configured for analytics profiles.
ID 408147 When configuring a scheduled report (under Security > Reporting > Application > Chart scheduler), all predefined filters now work as expected.
ID 408162 Changing the IP address, or port, of a virtual server no longer leads to a mismatch of statistics gathered on this virtual server and other virtual servers created afterward.
ID 408404 We fixed an issue when dealing with a large number of URLs that sometimes caused the AVR module not to publish URLs at all.
ID 410483 We fixed a memory leak that sometimes occurred.
ID 411307 If a database partition file (.par) was corrupted in a previous version and then a hotfix was installed on top of that version, the monpd bigstart service no longer continuously restarts on the hotfix installation, and you can provision AVR.
ID 412779 We fixed a scenario that sometimes caused a core dump when the system was running low on memory.

New features introduced in 11.3.0

Viewing maximum TPS and throughput statistics
You can now view the maximum TPS and throughput of specific entities. You manage this setting by the db variable enablemaxandglobalhttpstats, which is enabled by default.
To enable this variable globally (for all Analytics profiles) from the command line, run the command: tmsh modify sys db md.enablemaxandglobalhttpstats value 1
To disable this variable globally (for all Analytics profiles) from the command line, run the command: tmsh modify sys db md.enablemaxandglobalhttpstats value 0

DNS Detailed Statistics
You can now view DNS statistics on the BIG-IP system to help you manage and report on the DNS traffic in your network. DNS statistics include DNS requests per: virtual server, query name, query type, client IP address.

To enable Analytics statistics for DNS, you need to enable the avr-dnsstat-sample-rate variable, which is disabled by default.
To enable this variable, from the command line, run the command: tmsh modify ltm profile dns <dns_profile_name> avr-dnsstat-sample-rate 1
To disable this variable, from the command line, run the command: tmsh modify ltm profile dns <dns_profile_name> avr-dnsstat-sample-rate 0

To view DNS statistics, navigate to Statistics > Analytics > DNS.

Enhanced Infrastructure
We changed the underlying Analytics infrastructure to increase performance.

Changes in the Configuration Utility
Due to system changes, we made the following changes to the Analytics Profile Properties screen:

  • We removed the settings for the collected metrics Server Latency and Throughput because they are now automatically collected.
  • We removed the setting Transaction Sampling Ratio. You can enable or disable sampling, but you cannot set the sampling ratio. If sampling is disabled, the system learns information from every transaction, while if sampling is enabled, the system learns information from a sample of the total number of transactions.
  • We moved the Trust XFF configuration setting from the Analytics configuration (on the Analytics Profile Properties screen) to the HTTP profile configuration of the Local Traffic Manager. If you upgrade from a version prior to 11.3.0 an Analytics profile with the Trust XFF setting enabled, after the upgrade, the XFF configuration setting is disabled. To enable the system to accept XFF, navigate to Local Traffic > Profiles > Services > HTTP, open the properties of an HTTP service, and select the Accept XFF check box.

Fixes introduced in 11.3.0

This release includes the following fixes from version 11.3.0.

ID Number Description
ID 377110 On a machine running Enterprise Manager, on the Captured Transactions screen, the system now supports global sorting of the shared log data.
ID 384079 You can now use the Configuration utility to associate at once a high number of virtual servers with an Analytics profile. Due to paging, you cannot select thousands of virtual servers simultaneously.
ID 384224 AVR supports up to 4096 virtual servers with explicit configurations. AVR can handle any number of virtual servers, but it applies the default analytics configuration to those beyond the first 4096 virtual servers. The system reports these additional virtual servers as "aggregated" instead of with their explicit names.
ID 384303 On the Analytics profile screen, when you are editing an Analytics profile that resides under the Common partition, the system allows you to assign all virtual servers from all partitions. When you are editing an Analytics profile that resides under any other partition, the system allows you to assign virtual servers from that partition only.
ID 386925 Request and Response details are now displayed on the Captured Transactions screen when using VCMP guest devices.

New features introduced in 11.2.1

There were no new features introduced in version 11.2.1.

Fixes introduced in 11.2.1

There were no new fixes introduced in version 11.2.1.

New features introduced in 11.2.0

Centralized Reporting
With this release, the BIG-IP® Enterprise Manager supports Analytics. Enterprise Manager is an appliance that helps you streamline the administrative tasks associated with managing multiple BIG-IP devices. You can now use Enterprise Manager to view centralized analytic reports collected by more than one managed BIG-IP device configured to use Analytics.

To view statistical data according to traffic that passes through a specific device, device list, or all devices, you can either use the Device(s) filter in the Configuration utility, or you can run tmsh commands. For a list of commands, see the Traffic Management Shell (tmsh) Reference Guide on http://support.f5.com.

tmsh support
With this release you can use tmsh commands to display the analytics of monitored entities.

Notes:

  • The analytics are displayed for statistical data in aggregated mode only.
  • The time-series modes of statistical data and captured traffic are not currently supported.

For information regarding the tmsh commands, see the Traffic Management Shell (tmsh) Reference Guide on http://support.f5.com.

Exporting Analytic reports
You can now export what appears on the Analytics screens as a PDF file, as a CSV file, or send it as an attachment to an email address. From the Configuration utility, click the Export button or click the Export option from the Widget Configuration icon.

You can also export analytics reports by running tmsh commands. For a list of commands, see the Traffic Management Shell (tmsh) Reference Guide on http://support.f5.com.

Centralized SMTP configuration (ID 374481)
SMTP configuration is now a global setting used for all email and alerts on the BIG-IP system. The email alerts sent by Analytics now rely on the global SMTP configuration (found on the screen at System > Configuration > Device > SMTP), and thus this configuration is no longer tied to SNMP and the Syslog. You can specify the SMTP configuration only in the default Analytics profile, and all child profiles use this setting.

Fixes introduced in 11.2.0

URL Decoding (ID 350381)
Analytics now performs URL decoding. As a result, the Captured Transactions screen displays URLs correctly decoded, and therefore both normalized and not-normalized URLs are displayed as the same URL. Note that Analytics functions as though UTF-8 encoding is used as the application encoding.

Maximum latency value in clustered environment (ID 368230)
We fixed a synchronization problem between blades in a clustered environment, so that the maximum latency value that the system records is correct.

Chunked response handling (ID 368599)
We fixed an issue regarding how the system handles chunked responses. In the previous version, under certain circumstances, the system returned chunked responses in an illegal format.

Refreshing the Captured Transactions details (ID 371476)
On the Captured Transactions screen, the Refresh button now works correctly after the user switches between the Details, Request and Response tabs.

Auditor user role permissions (ID 371517)
The Auditor user role now has access to the System > Analytics and System > Classification screens.

Traffic Classification appearing when Analytics is provisioned (ID 372755)
After a user provisions Application Visibility and Reporting (AVR), also known as Analytics, Traffic Classification menus and profile options are no longer visible because Traffic Classification features are not fully supported under the main license in this release.

Core dump due to lack of memory (ID 372915)
We fixed a TMM core that occurred as a side-effect of an out-of-memory condition. The out-of-memory condition occurred when AVR was configured to capture traffic or collect page-load-time data, and the traffic included large requests or responses. AVR no longer consumes large amounts of memory in this case.

MD memory leak (ID 373223)
We fixed an issue that sometimes caused an MD memory leak.

Traffic capturing memory leak (ID 374759)
We fixed a memory leak that sometimes occurred during traffic capturing.

Badly formatted memcached messages (ID 375963)
The system checks the format of memcached messages and ignores invalid messages, so it is no longer vulnerable to bad formatted memcached messages.

Drilling down from the Overview screen (ID 381630)
You can drill down and view statistics by clicking on data in a chart or table on the Statistics > Analytics > Overview screen.

Provisioning LTM, ASM, and AVR together using a vCMP guest on a multi-blade platform with 3G of memory (ID 385366)
You can now provision Local Traffic Manager (LTM) with Application Security Manager (ASM) and Analytics (AVR) when a vCMP (Virtual Clustered Multiprocessing) guest is deployed on a multi-blade platform with 3G of memory if you set the provisioning levels of all three modules to Minimum.

Provisioning LTM, ASM, and AVR together on the 1600 platform (ID 386379)
You can now provision Local Traffic Manager (LTM) with Application Security Manager (ASM) and Analytics (AVR) on the 1600 platform if you set the provisioning levels of all three modules to Minimum.

New features introduced in 11.1.0

VIPRION and vCMP Support
We now support the AVR module on the VIPRION® platform and on a vCMP system.

iControl Support
You can now use iControl® to configure an Analytics profile.

iRule support
You can obtain and manage AVR statistics in real-time using iRules®. From iRule, use the following expression:

ISTATS::get "<ENTITY> <name> counter <TYPE>"

Where:
ENTITY is one of the following values:

  • vip - local virtual server statistics
  • VIP - global virtual server statistics (cluster)
  • pool - local pool member statistics
  • POOL - global pool member statistics (cluster)
  • GEO - global sessions statistics (cluster)

NAME is one of the following values:

  • GEO - 2 capital chars of country code. Example: US
  • VIP/vip - case-sensitive full name of virtual server. Example:/Common/myvip1
  • POOL/pool - pool member name in the following format: IP%RTDOM:PORT. Examples: 172.29.38.211:80, c82d:46f5:800:0:3000:0:200:0.0, 172.29.38.211%1:80

TYPE is the metric type, and is one of the following values:

  • tps
  • request_throughput
  • response_throughput
  • server_latency
  • page_load_time
  • max_server_latency
  • max_page_load_time
  • concurrent_sessions
  • page_load_time_samples

Expression examples:
if { [ISTATS::get "VIP /common/MyVIP1 counter avr_tps"] > 10 } ....
if { [ISTATS::get "POOL 172.29.38.211%1:80 counter avg_page_load_time"] > 200} ...
if { [ISTATS::get "GEO IL counter concurrent_sessions"] > 200} ...

Notes:

  • In order to manage real-time AVR statistics using iRules, besides provisioning AVR and defining an Analytics profile with enabled metrics and entities, you need to ensure that the db variable md.enableistats is set to 1 (enabled).
    To enable the db variable, from the command line, run the command: tmsh modify sys db md.enableistats value 1
    To disable the db variable, from the command line, run the command: tmsh modify sys db md.enableistats value 0
  • Changing AVR or iRule configuration results in the cleaning of all real-time statistics.
  • There is a delay of at least 10 seconds (or more) between the time the event occurred and the time the statistics arrived.

Stop CSPM Injection
You can now use iRules to stop CSPM injection. The iRule syntax is as follows:

when AVR_CSPM_INJECTION {
if { ...expression... } {
AVR::disable_cspm_injection
}
}

Traffic Sampling
From the default Analytics profile provided by the system, you can now configure the ratio of how many transactions from which the system learns information. To do this, navigate to and select one of the following:

  • all: Specifies that the system gathers information from every request and does not perform sampling. This is the default.
  • 1 of every «n»: Specifies that the system samples every nth transaction. For example, if the value is 1 of every 10, then the system samples every tenth transaction.

Sampling should be adjusted according to expected TPS and quantity of entities.

Tip: Sampling improves system performance, so F5 recommends using sampling if you utilize more than 50 percent of the BIG-IP system CPU resources, or if you have at least 100 transactions for each entity during 5 minutes.

Note: A high sampling rate results in less precise statistical data learned by the system.

Important: If you enable sampling the User Sessions metric and Traffic Capturing become unavailable.

Route Domain Support
In the Configuration utility, where you enter a client IP address, we now support the following syntax: IP_address%route_domain_id, where the IP address can (optionally) be followed by a percent sign (%) and the numeric ID of a route domain configured in the system (Network > Route Domains).

Note: If not specified, the route domain of an IP address entered in the configuration will default to the default route domain for the partition/path that is selected or current in the configuration utility (and displayed in the drop-down list at the upper right-hand corner of any screen). The default route domain of the selected or current partition/path is not shown in the configuration screens.

IPv6 Support
ASM now supports IPv6 addresses in all parts of the product where you can configure an IP address. Any place where IP addresses are displayed, whether in the GUI or in internal/external logging capabilities, both IPv4 and IPv6 addresses are shown in their normal string representations.

GUI enhancements
We made the following enhancements to the Configuration utility:

  • Added an Overview screen that displays different statistical information in graphs about traffic on your system centralized on one screen. This screen is made of widgets that you can customize.
  • You can now edit an Active Rule (in the Alerts and Notifications Configuration area of the Analytics configuration screen) instead of having to delete an unwanted rule and create a new one.

Fixes introduced in 11.1.0

Virtual server traffic when AVR not provisioned (ID 349658)
The system presents an alert with a warning message when AVR is selected to be un-provisioned and has a virtual server with an Analytics profile assigned to it.

Note: If any Analytics profile is assigned to a virtual server and AVR becomes un-provisioned (or if it was already un-provisioned before assigning the Analytics profile to the virtual server), traffic will not pass through the virtual server. To work around this issue, you can set the Analytics Profile setting to None (and then click Update to save the changes). We recommended you do so before un-provisioning AVR to avoid traffic stoppage. In addition, the Analytics Profile setting is visible in the virtual server’s Advanced Properties screen even when AVR is not provisioned.

Pre-filtered countries statistics (ID 360182)
On the Analytics Statistics screen, the list of countries in the "Countries" filter is now pre-filtered to display only countries that accessed the unit.

Records Per Screen setting all inclusive (ID 364715)
The number of Analytics profiles displayed at a time on the Local Traffic > Profiles > Analytics screen now conforms to the configuration of the Records Per Screen setting on the System > Preferences screen.

Preserving changes to default Analytics profile settings after restarting the system (ID 368440)
Any changes in default Analytics profile are preserved after you restart the system. In the previous release, the default Analytics profile’s settings were reset and returned to the system’s default values.

New features introduced in 11.0.0

This release introduced BIG-IP Analytics, also known as Application Visibility and Reporting (AVR). Analytics is a module on the BIG-IP® system that lets you analyze performance of web applications. It provides detailed metrics such as transactions per second, server latency, page load time, request and response throughput, and sessions. You can view metrics for applications, virtual servers, pool members, URLs, specific countries, and additional detailed statistics about an application. You can use the Configuration utility filters to configure which traffic the system captures, publishes and analyzes.

Transaction counters for response codes, user agents, HTTP methods, countries, and IP addresses provide statistical analysis of the traffic that is going through the system. You can capture traffic for examination and have the system send alerts so you can troubleshoot problems and immediately react to sudden changes.

Use the remote logging capabilities to consolidate statistics gathered from multiple BIG-IP appliances onto syslog servers or Security Information and Event Management (SIEM) devices, such as Splunk.

You must provision AVR. AVR is provisioned separately from the Local Traffic Manager, but requires the Local Traffic Manager be provisioned.

Once you have provisioned AVR, you can perform the following:

  • Create an Analytics profile. Navigate to Local Traffic > Profiles > Analytics.
  • View charts of statistical information about traffic sent to your web application. Navigate to Overview > Statistics > Analytics.
  • View application traffic transactions that the system captured. Navigate to Overview > Statistics > Captured Transactions.

Important: You must have Adobe Flash Player installed on the computer where you plan to view Analytics statistics.

Fixes introduced in version 11.0.0

There were no fixes in version 11.0.0.

[ Top ]

Known issues

The following items are known issues in the current release.

No support for triplet module combinations on low-end platforms (ID 403592)
Platforms with less than 6.5 GB memory cannot be upgraded to version 11.3.0 if three or more modules are provisioned. Upon attempting to upgrade, users see a clear error message that guides them to SOL13988. Before upgrading, make sure you have only one or two modules provisioned if the BIG-IP system has less than 6.5 GB of memory.

Different methods of calculating statistics (ID 344054)
The system calculates statistics differently in the graphs and in the table. In the graphs, the system displays a snapshot of statistics recorded at a specific point in time, every five minutes. In the table, the system displays a cumulative number of statistics recorded.

Report delay (ID 344763)
It may take up to a few minutes for the system to display in the graphs changes made to the Analytics configuration.

Compressed responses (ID 346255)
Analytics does not collect page load time statistics for gzipped (compressed) responses.

Global Traffic Manager pools and Analytics Statistics (ID 351257)
Health monitor requests for Global Traffic Manager (GTM) pools or servers are shown in Analytics statistics.

AVR and APM (ID 368119)
If an Analytics profile is assigned to a virtual server and an Access Profile is assigned to same virtual server, then statistics for pool members are not displayed for page load time.

Restart md after changing sampling ratio (ID 372174)
After changing the sampling ratio, you must restart the MD service by running the command: bigstart restart md.

Chunked response size less than actual (ID 379479)
For chunked responses, the system reports the average HTTP response size in the Configuration utility and database as at least 25 bytes less than its actual size. This is because the system does not report the header "Transfer-Encoding:chunked" and the numbers that indicate the chunked size.

Error when drilling down statistics (ID 396068)
Sometimes when you drill down on the Statistics > Analytics screen, the system displays the following error: "Cannot drilldown into entity: %s ".

Drilling down statistics for IP address and query name (ID 396131)
Although the system permits you to select options from the filter to view statistics by a client IP address and then drill down to view statistics for a custom domain-name ("query name"), you should not. This filter combination is invalid and does not produce results.

Restarting a bigstart daemon (ID 397064)
If you stop and restart a bigstart daemon (for example, if you run the command bigstart restart mysql) afterward, you must also run the command bigstart start to restart dependent daemons.

Resetting concurrent session statistics (ID 402353)
AVR concurrent session statistics available in iRules are not reset to zero when the traffic is completely stopped. So a later event that triggers iRules and checks for the concurrent number of active sessions does not acquire a value of zero. Instead, it acquires the number of active sessions for some time in the past when there was traffic activity.

Sending traffic with AVR and Response-Adapt profiles (ID 404106)
When sending HTTP traffic through a virtual server configured with AVR and Response-Adapt profiles, and the ICAP server modifies the response, AVR does not report any activity for the virtual server.

AVR-DOS-RamCache: Attack reporting (ID 407631)
There may be situations where the system's DOS mechanism detects a DoS attack, but the RAM-cache handles the attacking transactions instead of the module. In these cases, while the system detects the attack, the system does not report the attack unless AVR is also assigned to the virtual server.

Custom filter displaying different results on different screens (ID 414273)
The results of a user-created filter on the Event Logs > Application > Requests screen may appear differently when using the same filter on the Reporting > Application > Charts screen.

Provisioning changes to AVR, ASM or AFM modules (ID 415883)
On rare occasions, provisioning changes that involve the AVR, ASM or AFM modules can cause TMM to continuously restart after the machine is reactivated. A reboot to the machine solves the problem (by running the command reboot).

Alerts assigned to multiple virtual servers (ID 419676)
When you define an alert on an Analytics profile that is assigned to multiple virtual servers, and that alert is defined for any maximum TPS, latency or throughput on an application or pool member, that alert will not be notified, and the ltm log (/var/log/ltm) will show an error: "could not find id or measure field in report ...".

Using an iRule to disable AVR from collecting statistics for a specific URL (ID 441578)
If you use an iRule to disable AVR from collecting statistics for a specific URL, that URL does not receive Application Security DoS protection even if Application Security DoS protection is enabled on the virtual server.

Traffic with malformed XFF when Accept/Trust XFF is enabled (ID 461234)
If the system processes HTTP requests with malformed XFF, and the security policy’s Accept XFF/Trust XFF Header option is enabled, the IP addresses that sent this traffic are identified as the IPv6 address "::".

TMM crash after traffic stress with rapid changes to traffic capturing profiles (ID 470559)
TMM may crash and core dump due to traffic stress with rapid changes made to traffic capturing profiles.

Unresponsive DoS Overview screen (ID 471127)
The DoS Overview screen may become unresponsive if there are hundreds of ongoing DoS attacks.

The "show analytics report view-by profile" tmsh command (ID 471289)
After creating an Analytics profile, the show analytics report view-by profile tmsh command may not show any results if a DoS profile is not configured for, and attached to, a virtual server.

No automatic log out when Analytics Statistics screens are opened (ID 472291)
If AVR is provisioned, and statistics are produced while traffic is running through a virtual server assigned to an Analytics profile, the Configuration utility does not automatically log out after the logout period (configured in the Idle Time Before Automatic Logout setting in the System > Preferences screen) when any Analytics screen under the Statistics menu is opened.

Upgrading from previous versions (ID 474613)
Configuration upgrade from versions 11.2, 11.1 or 11.0 fails when two analytics profiles on different partitions are configured with the same remote login server IP address. To work around this issue, remove the external logging configuration on the source partition, upgrade, and then restore the configuration as needed.

ASM Custom Reports Advanced Filters on Upgrade (ID 474814)
When using Advanced Filters on ASM Charts pages on custom reports, they are not saved when upgrading to a newer version.

[ Top ]

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news on your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, fill out the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email). To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you would like to subscribe with. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.

Legal notices

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)