Applies To:

Show Versions Show Versions

Release Note: BIG-IP GTM and BIG-IP Link Controller version 10.2.4
Release Note

Original Publication Date: 08/30/2013

Summary:

This release note documents the version 10.2.4 release of BIG-IP Global Traffic Manager and BIG-IP Link Controller.

Contents:

- Supported hardware
- User documentation for this release
- New in 10.2.4
- New in 10.2.3
- New in 10.2.2
- New in 10.2.1
- New in 10.2.0
- Installation overview
     - Installation checklist
     - Installing the software
     - Post-installation tasks
     - Installation tips
- Upgrading from earlier versions
- Fixes in 10.2.4
- Fixes in 10.2.3
- Fixes in 10.2.2
- Fixes in 10.2.1
- Fixes in 10.2.0
- Behavior changes in 10.2.4
- Behavior changes in 10.2.3
- Behavior changes in 10.2.2
- Behavior changes in 10.2.1
- Behavior changes in 10.2.0
- Known issues
- Contacting F5 Networks
- Legal notices

Supported hardware

You can apply the software upgrade to systems running software versions 9.3.x, 9.4.x, 9.6.x, and 10.x. For a list of supported platforms, see SOL9412: The BIG-IP release matrix. For information about which platforms support which module combinations, see SOL10288: BIG-IP software and platform support matrix.

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IP GTM / VE 10.2.4 Documentation page and the BIG-IP Link Controller 10.2.4 Documentation page.

New in 10.2.4

There are no new features specific to Global Traffic Manager/Link Controller.

Important: For platform-related or cross-product items, see Release Note: BIG-IP Local Traffic Manager and TMOS version 10.2.4.

New in 10.2.3

Auto-discovery of Local Traffic Manager Virtual Servers (ID 364037)

You can use the tmsh command sequence tmsh modify gtm server <server_name> expose-route-domains yes to allow the Global Traffic Manager server <server_name> to auto-discover Local Traffic Manager virtual servers from all route domains. This requires that Global Traffic Manager auto-discovery be enabled and server-level virtual server auto-discovery be enabled for the Global Traffic Manager server <server_name>. Notes: * This may cause IP address and/or port conflicts between Global Traffic Manager virtual servers for that server. * The expose-route-domains flag must remain set to yes for probing to work for the Global Traffic Manager virtual servers that correspond to Local Traffic Manager virtual servers from other route domains.

Important: For platform-related or cross-product items, see Release Note: BIG-IP Local Traffic Manager and TMOS version 10.2.3.

New in 10.2.2

DNSSEC key creation and rollover improvements (ID 343798)

This version of the software adds two read-only fields to gtm_dnssec_key_generation: creator and key_tag. The value of creator is a string representing the host name of the BIG-IP system that created the DNSSEC key generation. The value of key_tag is a hash calculated from the DNSKEY resource record (RR) for that generation. You can use these fields to help debug DNSSEC deployments. In addition, this release provides better constraint on which generations can rollover, which helps mitigate a potential race condition. Finally, this release provides additional debug logging.

Important: For platform-related or cross-product items, see Release Note: BIG-IP Local Traffic Manager and TMOS version 10.2.2.

New in 10.2.1

There are no new features specific to Global Traffic Manager/Link Controller.

Important: For platform-related or cross-product items, see Release Note: BIG-IP Local Traffic Manager and TMOS version 10.2.1.

New in 10.2.0

New Wide IP Dependency Level for Distributed Applications (CR133521)

When you create a distributed application, you now have the option of setting the status of the distributed application to be dependent upon the status of a wide IP. When you configure a distributed application for wide IP dependency, the Global Traffic Manager considers all wide IPs that host that application to be unavailable, even if only one of the wide IPs is unavailable.

Global Traffic Manager listener and load balancing to a pool of DNS servers (CR131948)

You can now use a Global Traffic Manager system to seamlessly screen standard DNS BIND requests, and load balance those requests to a pool of external DNS servers instead of to the local BIND server running on the Global Traffic Manager system. First the system checks the incoming DNS query type. If the query is for an address record (A, AAAA, A6) or a CNAME, the system attempts to match the request against the list of configured wide IPs. If the query is for a wide IP, the system applies rules configured for the wide IP resource. Otherwise, if the request is for a non-address type, such as an MX record, or if the request is for an address that is not configured as a wide IP, the Global Traffic Manager system forwards the DNS query to one of the servers listed in the pool of DNS servers. The Global Traffic Manager system also inspects responses from the pool of external DNS servers, and if it finds a wide IP match for an address record embedded in a response, the Global Traffic Manager system intercepts and resolves the address record using normal Global Traffic Manager system functions. Finally, the Global Traffic Manager system rewrites the request as necessary before sending it back to the DNS client. Adding the DNSSEC module expands this capability to also allow standalone Global Traffic Manager systems to perform real-time DNSSEC signing as needed for any DNS response, including the standard BIND responses from the pool of DNS servers.

Virtual Location monitor and Global Traffic Manager

The Local Traffic Manager Virtual Location monitor uses the higher Priority Group setting of local pool members to optimize end-user response time in environments with dynamic distribution of application resources across multiple data centers. When a configured Virtual Location monitor is used in conjunction with the Global Traffic Manager, the total local pool member count is used to distribute new clients to data centers in a manner proportional to the percentage of available resources. For example, if data center 1's virtual server has 5 local pool members, and data center 2's has 10, then the Global Traffic Manager sends data center 2 twice the traffic as data center 1. As pool members migrate, the Global Traffic Manager adjusts traffic distribution.

Important: For platform-related or cross-product items, see Release Note: BIG-IP Local Traffic Manager and TMOS version 10.2.0.

Installation overview

This document lists only the very basic steps for installing the software. The BIG-IP Systems: Getting Started Guide contains details and step-by-step instructions for completing an installation. F5 recommends that you consult the getting started guide for all installation operations.

Installation checklist

Before you begin:

  • If using partitions, reformat for the 10.1.0 and later partition size, if needed (partitions created using version 9.x or 10.0.x do not accommodate the 10.1.0 and later software).
  • Reactivate the license and update the service contract.
  • Download the .iso file (if needed) from F5 Downloads to /shared/images on the source for the operation. (If you need to create this directory, use the exact name /shared/images.)
  • Configure a management port.
  • Set the console and system baud rate to 19200, if it is not already.
  • Log on as an administrator using the management port of the system you want to upgrade.
  • Boot into an installation location other than the target for the installation.
  • Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to a safe place on another device.
  • Log on to the standby unit, and only upgrade the active unit after the standby upgrade is satisfactory.
  • Turn off mirroring.
  • If you are upgrading from version 9.3.x or 9.4.x, run im <downloaded_filename.iso> to copy over the new installation utility.
  • If you are running WAN Optimization Manager, set provisioning to Minimum.

Installing the software

F5 offers several installation methods. Choose the method that best suits your environment.
Warning: Do not use the --nomoveconfig option described in the following table on systems with existing, running installations of Application Security Manager. Doing so removes all content from the associated database. Instead, ensure that the configuration on the source installation location matches the one on the destination. To do so, save the UCS configuration on the location you want to preserve, and apply that configuration to the destination before or after the installation operation.

To install the software, use one of the methods described here.

Install method Command
Format for volumes, migrate source configuration to destination image2disk --format=volumes <downloaded_filename.iso>
Format for volumes, preserve destination configuration (for fully 10.x environments) image2disk --nomoveconfig --format=volumes <downloaded_filename.iso>
Install without formatting (not for first-time 10.x installation) bigpipe software desired HD.<n.n> version 10.x build <nnnn.n>.iso product BIG-IP
Format for partitions (for mixed 9.x and 10.x environments) image2disk --format=partitions <downloaded_filename.iso>
Install from the browser-based Configuration utility Use the Software Management screens in a web browser.

Post-installation tasks

This document lists only the very basic steps for installing the software. The BIG-IP Systems: Getting Started Guide contains details and step-by-step instructions for completing an installation. F5 recommends that you consult the getting started guide for all installation operations.

After the installation finishes, you must complete the following steps before the system can pass traffic.
  1. Ensure the system rebooted to the new installation location.
  2. Log on to the browser-based Configuration utility.
  3. Run the Setup utility.
  4. Provision the modules.

Installation tips

  • The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.
  • You can view a list of the image2disk utility options by running the command image2disk --help.
  • You can check the status of an active installation operation by running the command watch tmsh show sys software, which runs the show sys software command every two seconds. Pressing Ctrl + C stops the watch feature.
  • If installation fails, you can view the log file. For image2disk installations, the system logs messages to the file you specify using the --t option. For other installations, the system stores the installation log file as /var/log/liveinstall.log.

Upgrading from earlier versions

Your upgrade process differs depending on the version of software you are currently running. Software version 10.x introduced the ability to run multiple modules based on platform. The number and type of modules that can be run simultaneously is strictly enforced through licensing. For more information, see SOL10288: BIG-IP software and platform support matrix.

Warning: Do not use the 10.x installation methods (the Software Management screens, the b software or tmsh sys software commands, or the image2disk utility) to install/downgrade to 9.x software or operate on partitions. Depending on the operations you perform, doing so might render the system unusable. If you need to downgrade from version 10.x to version 9.x, use the image2disk utility to format the system for partitions, and then use a version 9.x installation method described in the version 9.x release notes to install the version 9.x software.

Upgrading from version 9.6.x or 10.x

When you upgrade from software version 9.6.x or 10.x, you can use the Software Management screens in the Configuration utility to complete these steps. To open the Software Management screens, in the navigation pane of the Configuration utility, expand System, and click Software Management. For information about using the Software Management screens, see the online help, or the relevant chapters in the BIG-IP Systems: Getting Started Guide.

Important: Upgrading a version 9.6.x platform to version 10.x also performs a BIOS upgrade. (You can find more information in the following Solution: SOL10633: BIOS update may be required before installing BIG-IP version 10.1.0 or later on the VIPRION platform.) If you also apply a version 10.x hotfix when you attempt the software upgrade, the operation fails to install the new BIOS. This can cause additional issues. For more information, see SOL10548: The BIOS of the VIPRION platform is not upgraded when installing BIG-IP version 10.0.x and a hotfix in a single step and SOL10016: A VIPRION kernel panic occurs following an upgrade to BIG-IP version 10.x.

Upgrading from version 9.3.x or 9.4.x

If you plan to install this version of the software onto a system running 9.3.x or 9.4.x, you must perform a one-time upgrade procedure to make your system ready for the new installation process. When you update from software version 9.3.x or 9.4.x to 10.x, you cannot use the Software Management screens in the Configuration utility. Instead, you must run the image2disk utility on the command line. For information about using the image2disk utility, see the BIG-IP Systems: Getting Started Guide.

Upgrading from versions earlier than 9.3.x

You cannot roll forward a configuration directly to this version from BIG-IP version 4.x or from BIG-IP versions 9.0.x through 9.2.x. You must be running software version 9.3.x, 9.4.x, 9.6.x, or 10.x. For details about upgrading to those versions, see the release notes for the associated release.

Important: Beginning with version 10.0.0 of the software, a redundant system configuration must contain failover peer management addresses for each unit. If you roll forward a redundant system configuration from 9.3.x or 9.4.x, the units start up in an offline state because each one needs a failover peer management address. To configure the failover peer management addresses, navigate to System > High Availability > Network Failover , and specify the management IP address of the peer unit in the Peer Management Address field. Then do the same on the other unit in the configuration. Once you specify both IP addresses, the system should operate as expected. For more information, see SOL9947: Change in Behavior: The Peer Management Address setting is required for BIG-IP version 10.x systems configured for network failover.

Fixes in 10.2.4

The current release includes the fixes and enhancements from previous releases and the fixes that were distributed 10.2.3 Hotfix 1. For more information, see SOL13344: BIG-IP cumulative hotfix version 10.2.3.

ID Number Description
ID 348726 The custom GTM SNMP monitors now has online help.
ID 367740 This release corrects a problem with using SSL certificate files when sending an HTTPS monitor request.
ID 372575 Scripted monitors now work correctly.
ID 372590 BIND has been updated to 9.6-ESV-R5-P1 to mitigate CVE-2011-4313.

Fixes in 10.2.3

The current release includes the fixes and enhancements from previous releases and the fixes that were distributed 10.2.2 Hotfix 1, 10.2.2 Hotfix 2, and 10.2.2 Hotfix 3. For more information, see SOL13109: Overview of BIG-IP version 10.2.2 cumulative hotfixes.

ID Number Description
[Global Traffic Manager] Excessive gtmd growth (ID 367082) This release corrects an issue where gtmd could grow excessively.

Fixes in 10.2.2

The current release includes the fixes and enhancements from previous releases and the fixes that were distributed in SOL12729: Overview of BIG-IP version 10.2.1 HF1,SOL12778: Overview of BIG-IP version 10.2.1 HF2, and SOL12816: Overview of BIG-IP version 10.2.1 HF3.

ID Number Description
[Global Traffic Manager] Option to clear link statistics (ID 223590, CR130729) This release provides the functionality for clearing link statistics.

Fixes in 10.2.1

The current release includes the fixes and enhancements from previous releases and the fixes that were distributed in SOL12188: Overview of BIG-IP version 10.2.0 HF2.

ID Number Description
[Global Traffic Manager] Discovery of multiple virtual servers with same IP:port (ID 222281) A Global Traffic Manager system with virtual server discovery enabled now properly handles a Local Traffic Manager system configuration containing multiple virtual servers with the same IP address:Port combination, but with differing names/protocols. Now, the discovery operation returns only one virtual server for each unique IP address:Port combination, and no longer results in a configuration reload every 30 seconds.
[ZoneRunner] Zone names case sensitivity (ID 247684) ZoneRunner now handles zone names in a completely case-insensitive manner. For example, with the zone example.com, if a WideIP was created as EXAmple.Com, Zone Runner would attempt to create a new zone EXAmple.Com then log the following error: /var/log/gtm:Sep 3 16:15:47 local/d62 err zrd[19048]: 0115020b:3: Errors in config file named.conf:99: zone 'example.com': already exists previous definition: /tmp/named.conf.tmp.jOkxME:7.
[ZoneRunner] Detailed view information (ID 247971) Users using ZoneRunner with multiple views may now display a specific view's detailed information.
[Global Traffic Manager] Stability enhancements to gtmd (ID 328802) Stability enhancements have been made to the gtmd service.
[Global Traffic Manager] Alternate load balancing method and corrupt configuration file (ID 336260) When the pool's alternate load balancing method is different from the preferred method, and the system uses the alternate method, when the query returns to DNS, the configuration file no longer gets corrupted.

Fixes in 10.2.0

The current release includes the fixes and enhancements from previous releases and the fixes that were distributed in SOL11790: Overview of BIG-IP version 10.1.0 HF2.

Behavior changes in 10.2.4

There are no behavior changes specific to Global Traffic Manager/Link Controller.

Behavior changes in 10.2.3

There are no behavior changes specific to Global Traffic Manager/Link Controller.

Behavior changes in 10.2.2

ID Number Description
ID 343798 In previous releases, the value of the Rollover Period for a DNSSEC key had to be equal to or greater than one third the value of the Expiration Period of the key, and less than the Expiration Period. In this release, the value of the Rollover Period must be equal to or greater than one half the value of the Expiration Period, and less than the Expiration Period. If your DNSSEC keys do not meet this criteria, before you upgrade to this version, change the value of the Rollover Period for each DNSSEC key.

Behavior changes in 10.2.1

There are no behavior changes specific to Global Traffic Manager/Link Controller.

Behavior changes in 10.2.0

There are no behavior changes specific to Global Traffic Manager/Link Controller.

Known issues

ID Number Description
[Global Traffic Manager] Enable/disable object status (CR92216) Occasionally, changes to object status (specifically, enable/disable) you make using the browser-based Configuration utility do not always immediately reflect in the Configuration utility. The corresponding config file (for example, wideip.conf) is correctly modified, but the object's visual status might remain in its previous state.  
[Global Traffic Manager] Format of Unknown string behavior change (CR101680) The system now returns a consistent Unknown string for continent and country tags for the IP Classifier or netIana.inc file. Previously, the system returned UNKNOWN for unknown country codes and unknown for unknown continent codes. This might impact you if you are using the whereis iRule command for the Global Traffic Manager.
[Global Traffic Manager] Monitor timeout and changing timeout values (CR101679) If you have a large configuration, and you change a monitor's timeout and interval values at the same time, the system might report hosts changing to a down state immediately followed by an up state. In general it is best to change either the timeout or interval, but not both simultaneously. If you plan to use bigger values, change the timeout first. If you plan to use smaller values, change the interval first. In each case, always allow for a full configuration propagation in between changes.
[Global Traffic Manager] ?Active? string in command line prompt (CR106291) When you load a large configuration, the command line prompt might change to ?Active?. Pressing return resets the prompt to Active, as expected.
[Global Traffic Manager] Translated IP and Port (CR113989) Using the Traffic Management Shell (tmsh), it is possible to add only a translated IP address or only a translated port, rather than specifying both values together. If you only specify one, the system does not save the configuration, and uses 0 (zero) as the port. The workaround is to change the port, define the IP address, and then set the port to the value you want to use.
[Global Traffic Manager] mprov logging errors in /var/log/gtm (CR112754) When you use the bigpipe utility or the tmsh utility to set provisioning, make sure to wait a minimum of 30 seconds (more, if you are provisioning several modules) before issuing any other provisioning command. If you do not, the system could end up misconfigured, which requires a full reboot to correct.
[Global Traffic Manager] Operator role and enable/disable pool members (CR111032) Users with the Operator role can now use the interactive command line to enable and disable pool members. However, users with the Operator role cannot use the edit command to perform the same functions, because there is no way to determine what part of the configuration is legitimate for the Operator user to edit.
[Global Traffic Manager] Data centers across gateways (CR110976) If you configure two data centers, one with a default gateway pool and links to another subnet, and the other with no links to another subnet, the system might show incorrect status until it resolves all the input from the links. In that case, you might see the following error message in the /var/log/gtm log: Nov 3 11:28:22 local/gtm3603 crit gtmd: 011a1002:2: Can not find GATEWAY target member 10.20.0.254:0 for pool default_gateway_pool Although there is no workaround for this issue, the systems eventually sort out the conflicts and mark all objects up.
[Global Traffic Manager] Upgrade and sync groups (CR103265) If you are upgrading from 9.2.x, and you have a Global Traffic Manager unit that belongs to a sync group, you must remove the unit from the sync group before you install the software or apply the upgrade. Failure to do so may cause irrevocable damage to the units in the sync group that are running older versions of the software. Once you have upgraded all units to the same version, you can then re-create the sync group. For details on removing a unit from a sync group, see the product documentation. Once you have removed the unit from the sync group, you can proceed with the installation or upgrade. Note that this is for upgrades from 9.2.x only.
[Global Traffic Manager] FTP monitor and multi-line responses (CR104562) The Global Traffic Manager FTP monitor does not handle multi-line responses correctly. If an FTP server uses multi-line responses, you might encounter undefined behavior, which could include monitor flapping or consistent monitor failure.
[Global Traffic Manager/Link Controller] Licensing for Global Traffic Manager or Link Controller only (CR107158) When you install the software for a Global Traffic Manager only or Link Controller only, the system reports provisioning only for Local Traffic Manager, even though the Global Traffic Manager and Link Controller menus are active. Before you can use Global Traffic Manager or Link Controller, you must open the Resource Provisioning screen on the System menu in the navigation pane, and provision Global Traffic Manager or Link Controller.
[Global Traffic Manager] Routing domains and Global Traffic Manager (CR107402) Routing Domains are supported on internal interfaces only when there is a Global Traffic Manager system on the network and monitoring the Local Traffic Manager system. Routing Domains are supported on internal and external interfaces (virtual servers, self IP addresses, and so on) when there is Global Traffic Manager in the network or the operator decides not to monitor that Local Traffic Manager. Note that there is nothing in the software to prevent you from configuring Routing Domains on both the internal and external interfaces when there is a Global Traffic Manager system on the network. Therefore, it is the system administrators' responsibility to ensure the proper configuration for their network environment. Also note that Routing Domains are not supported on a Local Traffic Monitor system that is also running the Global Traffic Monitor product module.
[Global Traffic Manager/Link Controller] Roll forward from 9.x and Application Security Manager and Global Traffic Manager provisioning (CR120828) When you roll forward a 9.x user configuration set (UCS) file that is configured for Application Security Manager and Global Traffic Manager, provisioning for Global Traffic Manager is not enabled. To enable Global Traffic Manager using the browser-based Configuration utility, in the navigation pane, expand System, and click Resource Provisioning. In the Module Resource Provisioning section, select the provisioning level you want from the Global Traffic (GTM) and Link Controller (LC) drop-down lists.
[Global Traffic Manager/Link Controller] Object enable and disable and screen refresh (CR125781) The system can encounter a race condition in which the screen does not correctly register the state when you enable and disable objects. The work around is to manually refresh the page.
[DNSSEC] Repeat key create and sync (CR127441) Using the Repeat button to create keys can cause a race condition in the syncing mechanism that results in the key not being created on the peer. The workaround is to add the next object once you see the generation object appear.
[DNSSEC] 4096 bit keys and FIPS (CR131190) Federal Information Processing Standards (FIPS) does not support a key size of 4096. You can use FIPS with a smaller key size.
[DNSSEC] Intermittent err mcpd[3259] message (CR132153) You might intermittently see the message err mcpd[3259]: 010712d7:3: DNSSEC Key Generation transaction failed with exception for [Can't save/checkpoint DB object, class:gtm_dnssec_key_generation status:13] in generation_create_cb. This error message is benign, and you can safely ignore it.
[Global Traffic Manager/Link Controller] Limit on length of object names (CR133288) In order to display status or statistics for the following objects, their names can be no longer than 63 characters: data centers, servers, pools, pool members, and links. Objects whose names are longer than 63 characters remain in the unknown (blue) state. Additionally, you cannot view statistics for the object. Previous releases did not have this object name limit. For more information, see SOL10871: BIG-IP GTM reports a status of Unknown and is unable to retrieve statistics for objects configured with a name longer than 63 characters.
[Global Traffic Manager] Empty region string (CR138719) If you create a Region that has no member criteria, the system matches every region. To work around this issue, always specify at least one Member Type for the Member List.

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com.

Legal notices

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)