Applies To:

Show Versions Show Versions

Release Note: BIG-IP GTM and BIG-IP Link Controller version 11.2.0
Release Note

Original Publication Date: 08/30/2013


This release note documents the version 11.2.0 release of BIG-IP Global Traffic Manager and BIG-IP Link Controller.


- Supported hardware
- Configuration utility browser support
- User documentation for this release
- New in 11.2.0
- New in 11.1.0
- New in 11.0.0
- Installation overview
     - Installation checklist
     - Installing the software
     - Post-installation tasks
     - Installation tips
- Upgrading from earlier versions
- Fixes in 11.2.0
- Fixes in 11.1.0
- Fixes in 11.0.0
- Known issues
- Contacting F5 Networks
- Legal notices

Supported hardware

You can apply the software upgrade to systems running software versions 10.x or 11.x. For a list of supported platforms, see SOL9412: The BIG-IP release matrix. For information about which platforms support which module combinations, see SOL10288: BIG-IP software and platform support matrix.

Configuration utility browser support

The BIG-IP system Configuration utility supports the following browsers and versions:

  • Microsoft Internet Explorer 8.x and 9.x
  • Mozilla Firefox 15.0.x and 9.0.x
  • Google Chrome 21.x

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IP GTM 11.2.0 Documentation page.

New in 11.2.0

Google Chrome support

This release provides full support for current releases of the Google Chrome browser.

DNS cache

In this release, you can configure a cache on the BIG-IP system to cache DNS responses. The next time the system receives a query for a response that exists in the cache, the system returns the response from the cache.

New in 11.1.0

New in 11.1.0

There are no new features specific to Global Traffic Manager/Link Controller.

New in 11.0.0

DNS Express

You can now configure DNS Express on BIG-IP Global Traffic Manager (GTM) to mitigate distributed denial-of-service attacks (DDoS) and improve performance of both the local BIND server on the BIG-IP system and any back-end DNS servers.


This release provides support for BIG-IP GTM on the VIPRION platforms.

Virtual Edition

BIG-IP GTM is now available as a Virtual Edition (VE).

IP Anycast

This release provides support for IP Anycast for DNS services on BIG-IP GTM. This configuration helps mitigate distributed denial-of-service attacks (DDoS), reduce DNS latency, improve the scalability of your network, and assist with global traffic management.

Device-specific Probing and Statistics Collection

With this release, you can configure BIG-IP Global Traffic Manager (GTM) to perform intelligent probing of your network resources to determine whether the resources are up or down. This allows you to specify which BIG-IP systems probe specific servers for health and performance data.

Life Span of Default System Certificates Extended

This release provides default system certificates with a ten year initial life span on BIG-IP GTM.

GTM Monitor Supports Route Domains

You can now deploy BIG-IP GTM on a network where BIG-IP Local Traffic Manager (LTM) systems are configured with route domains.

Installation overview

This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP System: Upgrading Active/Standby Systems and BIG-IP System: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.

Installation checklist

Before you begin:

  • Update/reactivate your system license, if needed, to ensure that you have a valid service check date.
  • Ensure that your system is running version 10.0.0 or later and is using the volumes formatting scheme.
  • Download the .iso file (if needed) from F5 Downloads to /shared/images on the source for the operation. (If you need to create this directory, use the exact name /shared/images.)
  • Configure a management port.
  • Set the console and system baud rate to 19200, if it is not already.
  • Log on as an administrator using the management port of the system you want to upgrade.
  • Boot into an installation location other than the target for the installation.
  • Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to a safe place on another device.
  • Log on to the standby unit, and only upgrade the active unit after the standby upgrade is satisfactory.
  • Turn off mirroring.
  • If you are running WAN Optimization Manager, set provisioning to Minimum.

Installing the software

You can install the software at the command line using the Traffic Management shell, tmsh, or in the browser-based Configuration utility using the Software Management screens, available in the System menu. Choose the installation method that best suits your environment.
Installation method Command
Install to existing volume, migrate source configuration to destination tmsh install sys software image [image name] volume [volume name]
Install from the browser-based Configuration utility Use the Software Management screens in a web browser.

Sample installation command

The following command installs version 11.2.0 to volume 3 of the main hard drive.

tmsh install sys software image BIGIP- volume HD1.3

Post-installation tasks

This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP System: Upgrading Active/Standby Systems and BIG-IP System: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.

After the installation finishes, you must complete the following steps before the system can pass traffic.
  1. Ensure the system rebooted to the new installation location.
  2. Log on to the browser-based Configuration utility.
  3. Run the Setup utility.
  4. Provision the modules.
  5. Convert any bigpipe scripts to tmsh. (Version 11.x does not support the bigpipe utility.)
Note: You can find information about running the Setup utility and provisioning the modules in the BIG-IP TMOS implementations Creating an Active/Standby Configuration Using the Setup Utility and Creating an Active-Active Configuration Using the Setup Utility.

Installation tips

  • The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.
  • You can check the status of an active installation operation by running the command watch tmsh show sys software, which runs the show sys software command every two seconds. Pressing Ctrl + C stops the watch feature.
  • If installation fails, you can view the log file. The system stores the installation log file as /var/log/liveinstall.log.

Upgrading from earlier versions

Your upgrade process differs depending on the version of software you are currently running. Software version 10.x introduced the ability to run multiple modules based on platform. The number and type of modules that can be run simultaneously is strictly enforced through licensing. For more information, see SOL10288: BIG-IP software and platform support matrix.

Warning: Do not use the 10.x installation methods (the Software Management screens, the b software or tmsh sys software commands, or the image2disk utility) to install/downgrade to 9.x software or operate on partitions. Depending on the operations you perform, doing so might render the system unusable. If you need to downgrade from version 10.x to version 9.x, use the image2disk utility to format the system for partitions, and then use a version 9.x installation method described in the version 9.x release notes to install the version 9.x software.

Upgrading from version 10.x or 11.x

When you upgrade from version 10.x or 11.x software, you use the Software Management screens in the Configuration utility to complete these steps. To open the Software Management screens, in the navigation pane of the Configuration utility, expand System, and click Software Management. For information about using the Software Management screens, see the online help.

Upgrading from versions earlier than 10.x

You cannot roll forward a configuration directly to this version from BIG-IP version 4.x, or from BIG-IP versions 9.0.x through 9.6.x. You must be running version 10.x software. For details about upgrading to those versions, see the release notes for the associated release.

Automatic firmware upgrades

If this version includes new firmware for your specific hardware platform, after you install and activate this version, the system might reboot additional times to perform all necessary firmware upgrades.

Fixes in 11.2.0

ID Number Description
ID 368721 An error that occurred during a config-sync has been corrected , specifically by synchronizing the GTM directory /var/named/config only, instead of /var/named.
ID 370962 The GTM search filter in the GUI now works correctly for Wide IPs and Servers.
ID 377453 DNS Express successful zone transfer statistics no longer continue to increment on failed transfers.
ID 377682 DNS Express zone transfer failures no longer cause the zxfrd.bin database file to indefinitely grow in size, or the zxfrd process to increase in memory.
ID 378182 TMM no longer leaks memory when GTM attempts to rewrite DNS responses.
ID 380814 A memory leak related to DNS Express zone transfers in the zxfrd process has been corrected.
ID 380767 The dnssec-on-miss flag makes the transparent cache always ask for DNSSEC (DO bit) when forwarding the query after a miss. All subsequent queries, w/ or w/o the DO bit will get the correct DNSSEC records. Note, the initial response will always contain DNSSEC data. The default of dnssec-on-miss is yes.
ID 381543 LTM is now provisioned as NOMINAL in an LTM/GTM combo when using DNS services such as DNS Express.
ID 383415 A defect which could cause some top-level zones to fail to load into DNS Express with large configurations has been corrected.
ID 384853 TMM no longer restarts with a SIGSEGV and the following log message while processing certain DNS Express traffic: xbuf_dma: Assertion 'valid magic' failed

Fixes in 11.1.0

Bug Description
ID 355937 This release fixes validation for pool members. They will now reference the pool member (rather than incorrectly referencing the backing VS).
ID 361548 After the first install on a cluster, an rndc reload may be necessary. This fix allows that to happen.
ID 364437 Link Controller GUI: removed the erroneous table columns from wideip member stats and wideip details stats tables.
ID 364918 Syncing configuration changes from a Link Controller to a Global Traffic Manager in the same sync group no longer causes the monitors to fail to load on the GTM.
ID 365582 A GTM iRule that refers to a pool without specifying the full path (e.g., [pool pool1]) will now work correctly when that pool is found in multiple folders. Correct behavior is to always choose the pool in the wideip's folder, and to dynamically switch if a pool (with the same name as in the iRule) is added/deleted in that folder.
ID 366165 Configuration changes to any/every GTM object now triggers the configuration file to be saved.
ID 367082 This release corrects an issue where gtmd could grow excessively.
ID 367836 This release corrects an issue involving excessive memory usage and crash/core when loading GTM configs with large numbers of virtual servers with topology records.
ID 368715 Corrected a condition where importing a ucs file generated from a previous release with depends_on in the configuration would fail.

Fixes in 11.0.0

Bug Description
226783 [Global Traffic Manager] Global Traffic Manager now correctly performs name resolution for the IPv6 addresses, and BIND responds correctly to DNS requests against IPv6 self IP addresses.
223590, CR130729 [Global Traffic Manager] This release provides the functionality for clearing link statistics.
343798 [Global Traffic Manager] This version of the software adds two read-only fields to gtm_dnssec_key_generation: creator and key_tag. The value of creator is a string representing the host name of the BIG-IP system that created the DNSSEC key generation. The value of key_tag is a hash calculated from the DNSKEY resource record (RR) for that generation. You can use these fields to help debug DNSSEC deployments. In addition, this release provides better constraint on which generations can rollover, which helps mitigate a potential race condition. Finally, this release provides additional debug logging.
348726 [Global Traffic Manager] The online help page for custom GTM SNMP monitors has been provided.

Known issues

This release contains the following known issues.

Bug Description
ID 222220 Distributed application statistics shows requests passed only to its first wide IP. It does not add requests passed to other wide IPs - members of this distributed app to the total numbers.
ID 225759 When you upgrade a BIG-IP Global Traffic Manager synchronization group to version 10.1.0 or later, the master key is not synchronized to all members within the synchronization group. For step-by-step instructions to fix this known issue, see SOL11868 on AskF5.
ID 337824 "GTM UI: Modifying VS attributes strips trailing spaces from the server name, causing the following error: VS <name_you_entered> server <server_name_you_entered> does not exist."
ID 341722 Global Traffic Manager uses BIND 9.7.3. This version of BIND can log a complicated message about not being able to load managed keys from a master file. If you have not configured Global Traffic Manager for DNSSEC Lookaside Validation (DLV), you might receive this message. It is cosmetic and you can ignore it. This is a known issue in BIND.
ID 343030 "The named process might log the following error in daemon.log: Oct 22 09:44:24 local/localhost err named[8832]: 22-Oct-2010 09:44:24.278 general: error: managed-keys-zone ./IN/external: loading from master file 3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys failed: file not found Although it reported the error, the daemon is up and running, so you can safely ignore the error."
ID 354161 If an BIND zone that underlies a DNS Express zone expires, DNS Express will continue to handle queries for that zone. Disable or delete the DNS Express zone itself if you want DNS Express to stop answering queries.
ID 355018 GTM logging does not put the event name in the output. This has always been the case, so it is a widely known issue.
ID 355924 On DNS responses directly from a BIG-IP system (from GTM, DNSSEC, DNS Express) the edns0 nsid option len and data will be stripped. If the response is not modified by the BIG-IP system (from BIND or pool member), then it will not be stripped.
ID 356348 iApps application service objects will not be synced to GTM devices.
ID 356586 BIND v9.7, new in v11.0.0, requires an A (IP address) record for an in-zone nameserver (NS) entry in its configuration. In the past, an FQDN or CNAME for the NS was sufficient. This means that upgrades of BIND configurations to v11.0.0 might fail to load if such an A record is not present (the symptom will be zrd stuck in a restart loop). The best solution is to create an A record for the NS (before) upgrading. (Note that this is for in-zone NS records only. An "out of zone" NS record should not have an A record, and if you add an A record for it, the named process generates a warning about "ignoring out of zone data".)
ID 357361 DNSSEC objects are owned by GTM (due to the need for wide-area sync). An LTM load only does a mark/sweep for LTM objects, not GTM. Therefore, an attempt (in the sweep) to delete the unsaved folder fails because the object unable to be swept, the DNSSEC object, still exists.
ID 360270 RESOLV::lookup -ptr and NAME::lookup -ptr are not caching returned records, so the tmm must perform a query each time. This could result in slower than expected performance.
ID 361650 "Starting with 11.0.0, it takes minimum of 15 seconds to a maximum of 60 seconds for BIG-IP GTM to save any configuration change, regardless of whether it is made in the Configuration utility or in tmsh. The only way to speed up this process is to run the following command in tmsh: save sys config partitions all gtm-only No equivalent of this command exists in the Configuration utility."
ID 361784 "To add virtual servers to GTM pools, at minimum the user will need to provide this level of information: modify poolxyz members add {<hostname>:<partition>/<vsname>} (specifying the partition for the hostname is not necessary). NOTE: There is NO autocomplete help for any of this. You will need to do this completely and accurately or risk receiving a message such as: 01070226:3: Pool Member VS9eleven6 references a nonexistent Virtual Server"
ID 362356 When a device in a GTM device group restarts for any reason, and if the MCP database (/var/db/mcpdb.*) is missing, devices could lose configuration changes that happened during the restart.
ID 363134 Links get auto-discovered when global Auto-Discovery is disabled and Link Discovery is on.
ID 363142 [Link Controller] global Auto-Discovery can be disabled while having a link with bigip_link monitor
ID 365764 Loading a UCS with no custom partition in it fails on a system that has any GTM objects defined in a custom partition.
ID 367459 The BIG-IP Configuration utility may incorrectly allow you to assign certain health monitors to pools and server objects that are configured with a wildcard service port. For more information, see SOL12400 at
ID 403125 [Global Traffic Manager] If GTM v11.x has LTM v10.x virtual servers auto-discovered and later LTM gets upgraded to 11.x, GTM auto-discovers a new set of virtual servers with their names in 11.x format (with partition path being added to their 10.x names). If virtual server discovery was enabled, LTM virtual servers get re-discovered with the new names effectively deleting their previous memberships in the GTM pools. If virtual server discovery was enabled with no delete option then the pre-existing set of LTM virtual servers and their pool memberships stay intact but a second set of LTM virtual servers with the new names gets auto-discovered by the GTM.

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802

For additional information, please visit

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it's providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure you get the most from your F5 technology.


AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news on your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, fill out the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email). To subscribe, send a blank email to from the email address you would like to subscribe with. Unsubscribe by sending a blank email to

Legal notices

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)