Applies To:

Show Versions Show Versions

Release Note: BIG-IP GTM and BIG-IP Link Controller 11.4.0
Release Note

Original Publication Date: 07/20/2015

Summary:

This release note documents the version 11.4.0 release of BIG-IP Global Traffic Manager and BIG-IP Link Controller. You can apply the software upgrade to systems running software versions 10.1.0 (or later) or 11.x.

Contents:

- Supported platforms
- Configuration utility browser support
- User documentation for this release
- New in 11.4.0
- New in 11.3.0
- New in 11.2.1
- New in 11.2.0
- New in 11.1.0
- New in 11.0.0
- Installation overview
     - Installation checklist
     - Installing the software
     - Post-installation tasks
     - Installation tips
- Upgrading from earlier versions
- Fixes in 11.4.0
- Fixes in 11.3.0
- Fixes in 11.2.1
- Fixes in 11.2.0
- Fixes in 11.1.0
- Fixes in 11.0.0
- Behavior changes in 11.4.0
- Behavior changes in 11.3.0
- Behavior changes in 11.2.1
- Behavior changes in 11.2.0
- Known issues
- Contacting F5 Networks
- Legal notices

Supported platforms

This version of the software is supported on the following platforms:

Platform name Platform ID
BIG-IP 1600 C102
BIG-IP 3600 C103
BIG-IP 3900 C106
BIG-IP 6900 D104
BIG-IP 8900 D106
BIG-IP 8950 D107
BIG-IP 11000 E101
BIG-IP 11050 E102
BIG-IP 2000s, BIG-IP 2200s C112
BIG-IP 4000s, BIG-IP 4200v C113
BIG-IP 5000s, BIG-IP 5200v C109
BIG-IP 7000s, BIG-IP 7200v D110
BIG-IP 10000s, BIG-IP 10200v D113
VIPRION B2100 Blade A109
VIPRION C2400 Chassis F100
VIPRION B4100 Blade A100, A105
VIPRION B4200 Blade A107, A111
VIPRION B4300 Blade A108
VIPRION B4340N Blade A110
VIPRION 4400 Chassis J100, J101
VIPRION 4480 Chassis J102, J103
VIPRION 4800 Chassis S100, S101

These platforms support various combinations of product modules. This section provides general guidelines for module support.

Most of the support guidelines relate to memory on the platform or provisioned guest. For vCMP support and for Policy Enforcement Module (PEM) and Carrier-Grade NAT (CGNAT), the following list applies for all memory levels:

  • vCMP supported platforms
    • VIPRION B2100, B4200, B4300, B4340N
    • BIG-IP 5200v, 7200v, 10200v
  • PEM and CGNAT supported platforms
    • VIPRION B4300, B4340N
    • BIG-IP 5200v, 7200v, 10200v
    • BIG-IP Virtual Edition (VE) (Not including Amazon Web Service Virtual Edition)
    • PEM and CGNAT may be provisioned on the VIPRION B4200 but it is not recommended for production, only for evaluation. Use the B4300 or B4340N instead.

Memory: 12 GB or more

All module combinations may be run on platforms with 12 GB or more of memory, and on VE and vCMP guests provisioned with 12 GB or more of memory.

Memory: 8 GB

The following guidelines apply to the BIG-IP 2000s, 2200s, 3900, 6900 platforms, to the VIPRION B4100 and B4100N platforms, and to VE guests configured with 8 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus does not fit in this category.)

  • No more than three modules should be provisioned together.
  • On the 2000s and 2200s, Application Acceleration Manager (AAM) can be provisioned with only one other module.
  • Note that Global Traffic Manager (GTM) and Link Controller (LC) do not count toward the module-combination limit.

Memory: Less than 8 GB and more than 4 GB

The following guidelines apply to platforms, and to VE and vCMP guests provisioned with less than 8 GB and more than 4 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus fits in this category.)

  • No more than three modules (not including AAM) should be provisioned together.
  • Application Acceleration Manager (AAM) cannot be provisioned with any other module; AAM can only be provisioned standalone.
  • Note that GTM and LC do not count toward the module-combination limit.
  • New in 11.4.0, Analytics (AVR) counts towards the two module-combination limit (for platforms with less than 6.25 GB of memory).

Memory: 4 GB or less

The following guidelines apply to the BIG-IP 1600 and 3600 platforms, and to VE and vCMP guests provisioned with 4 GB or less of memory.

  • No more than two modules may be configured together.
  • AAM should not be provisioned, except as Dedicated.

VIPRION and vCMP caching and deduplication requirements

Application Acceleration Manager (AAM) supports the following functionality when configuring vCMP and VIPRION platforms.

  • AAM does not support disk-based caching functionality on vCMP platforms. AAM requires memory-based caching when configuring it to run on vCMP platforms.
  • AAM supports disk-based caching functionality on VIPRION chassis or blades.
  • AAM does not support deduplication functionality on vCMP platforms, or VIPRION chassis or blades.

vCMP memory provisioning calculations

The amount of memory provisioned to a vCMP guest is calculated using the following formula: (platform_memory - 3 GB) x (cpus_assigned_to_guest / total_cpus).

As an example, for the B2100 with two guests, provisioned memory calculates as: (16-3) x (2/4) ~= 6.5 GB.

For certain platforms, the vCMP host can allocate a single core to a vCMP guest. However, because a single-core guest has relatively small amounts of CPU resources and allocated memory, F5 supports only the following products or product combinations for a single-core guest:

  • BIG-IP LTM standalone only
  • BIG-IP GTM standalone only
  • BIG-IP LTM and GTM combination only

Configuration utility browser support

The BIG-IP Configuration Utility supports these browsers and versions:

  • Microsoft Internet Explorer 8.x and 9.x
  • Mozilla Firefox 15.0.x
  • Google Chrome 21.x

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IP GTM / VE 11.4.0 Documentation page.

New in 11.4.0

Incremental synchronization for GTM synchronization groups

The BIG-IP GTM system now synchronizes configuration changes incrementally across a GTM synchronization group. Incremental synchronization improves system performance, because only the data that has changed on a GTM device is synchronized to the other GTM devices in the synchronization group. Although incremental synchronization is the default behavior, if an incremental synchronization fails, the system automatically performs a full configuration synchronization.

Manual saves of GTM configuration changes

By default, BIG-IP Global Traffic Manager (GTM) automatically saves GTM configuration changes 15 seconds after the change is made in either the Configuration utility or tmsh. You can now change how long GTM waits before it saves GTM configuration changes. In addition, you can disable automatic saves of GTM configuration changes, and then run a tmsh command to save those changes.

Rate-Limited Licenses Statistics

With this release, BIG-IP GTM and DNS Services rate-limited licenses are available. If a BIG-IP system has a rate-limited license, the system displays statistics about the rate limits on the Local Traffic DNS profile statistics page. It is important to note that GTM requests (requests for wide IPs) are a subset of DNS requests. Therefore, when the number of requests that GTM receives for a wide IP exceeds the DNS Services rate limit, the Rate Rejects count for DNS increments, rather than the Rate Rejects count for Global Traffic Management incrementing.

DNSKey records available in the Configuration utility

With this release, you can now copy the public DS record for a DNS zone from within the Configuration utility to facilitate sending the record to the parent authority.

GTM load balancing decisions

When BIG-IP GTM receives a DNS name resolution request for a wide IP, in order to send a response, the system makes a load-balancing decision. With this release, you can send information about how GTM made the load-balancing decision to the high-speed remote logs.

Disabling TSIG verification for NOTIFY messages (ID 388869)

You can disable TSIG verification for NOTIFY messages that the BIG-IP system receives from the Master DNS server for a DNS Express zone. When the BIG-IP system receives a NOTIFY message without a TSIG HMAC included, the system processes the request. To disable TSIG verification for NOTIFY Messages, run the tmsh command: modify ltm dns dns-express zone <zone name> verify-notify-tsig no

GTM notifies iControl of GTM object state change

In this release, when the status of a GTM object changes, if you have enabled the GTM general global-setting Forward Status, GTM now notifies iControl of the change. This setting is disabled by default. You can enable the Forward Status setting in the Configuration utility on the System :: Configuration : Global Traffic : General screen. You can also enable this setting using the command: tmsh modify gtm global-settings general { forward-status enabled}

New in 11.3.0

GTM Save Interval Configuration

By default, configuration changes to the BIG-IP Global Traffic Manager are saved in the bigip_gtm.conf file every 15 seconds. In this release, you can configure how often GTM saves configuration changes.

DNS Remote High-Speed Logging

You can now configure BIG-IP system to log information about DNS traffic and send the log messages to remote high-speed log servers. You can choose to log either DNS queries or DNS responses, or both. In addition, you can configure the system to perform logging on DNS traffic differently for specific resources.

DNS Detailed Statistics

You can now view DNS AVR and DNS global statistics on the BIG-IP system to help you manage and report on the DNS traffic in your network. DNS AVR statistics include DNS requests per: virtual server, query name, query type, client IP address. DNS Global Statistics include: total DNS requests and responses, details about the DNS queries and responses, number of wide IP requests, number of DNS Express requests and notifies, number of DNS cache requests, number of DNS IPv6 to IPv4 requests, rewrites, and failures, and number of unhandled query actions per specific actions.

Common/Unified Logging

You can now configure the BIG-IP system to send specific log messages to multiple destinations, including remote, high-speed log servers, using publishers and log destinations.

New in 11.2.1

There are no new features specific to Global Traffic Manager/Link Controller.

New in 11.2.0

Google Chrome support

This release provides full support for current releases of the Google Chrome browser.

DNS cache

In this release, you can configure a cache on the BIG-IP system to cache DNS responses. The next time the system receives a query for a response that exists in the cache, the system returns the response from the cache.

New in 11.1.0

New in 11.1.0

There are no new features specific to Global Traffic Manager/Link Controller.

New in 11.0.0

DNS Express

You can now configure DNS Express on BIG-IP Global Traffic Manager (GTM) to mitigate distributed denial-of-service attacks (DDoS) and improve performance of both the local BIND server on the BIG-IP system and any back-end DNS servers.

GTM on VIPRION

This release provides support for BIG-IP GTM on the VIPRION platforms.

Virtual Edition

BIG-IP GTM is now available as a Virtual Edition (VE).

IP Anycast

This release provides support for IP Anycast for DNS services on BIG-IP GTM. This configuration helps mitigate distributed denial-of-service attacks (DDoS), reduce DNS latency, improve the scalability of your network, and assist with global traffic management.

Device-specific Probing and Statistics Collection

With this release, you can configure BIG-IP Global Traffic Manager (GTM) to perform intelligent probing of your network resources to determine whether the resources are up or down. This allows you to specify which BIG-IP systems probe specific servers for health and performance data.

Life Span of Default System Certificates Extended

This release provides default system certificates with a ten year initial life span on BIG-IP GTM.

GTM Monitor Supports Route Domains

You can now deploy BIG-IP GTM on a network where BIG-IP Local Traffic Manager (LTM) systems are configured with route domains.

Installation overview

This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Active-Standby Systems and BIG-IP Systems: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.

Installation checklist

Before you begin:

  • Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x).
  • Update/reactivate your system license, if needed, to ensure that you have a valid service check date.
  • Ensure that your system is running version 10.1.0 or later and is using the volumes formatting scheme.
  • Download the .iso file (if needed) from F5 Downloads to /shared/images on the source for the operation. (If you need to create this directory, use the exact name /shared/images.)
  • Configure a management port.
  • Set the console and system baud rate to 19200, if it is not already.
  • Log on as an administrator using the management port of the system you want to upgrade.
  • Boot into an installation location other than the target for the installation.
  • Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to a safe place on another device.
  • Log on to the standby unit, and only upgrade the active unit after the standby upgrade is satisfactory.
  • Turn off mirroring.
  • If you are running Application Acceleration Manager, set provisioning to Minimum.
  • If you are running Policy Enforcement Manager, set provisioning to Nominal.
  • If you are running Advanced Firewall Manager, set provisioning to Nominal.

Installing the software

You can install the software at the command line using the Traffic Management shell, tmsh, or in the browser-based Configuration utility using the Software Management screens, available in the System menu. Choose the installation method that best suits your environment.
Installation method Command
Install to existing volume, migrate source configuration to destination tmsh install sys software image [image name] volume [volume name]
Install from the browser-based Configuration utility Use the Software Management screens in a web browser.

Sample installation command

The following command installs version 11.2.0 to volume 3 of the main hard drive.

tmsh install sys software image BIGIP-11.2.0.2446.0.iso volume HD1.3

Post-installation tasks

This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Active-Standby Systems and BIG-IP Systems: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.

After the installation finishes, you must complete the following steps before the system can pass traffic.
  1. Ensure the system rebooted to the new installation location.
  2. Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x).
  3. Log on to the browser-based Configuration utility.
  4. Run the Setup utility.
  5. Provision the modules.
  6. Convert any bigpipe scripts to tmsh. (Version 11.x does not support the bigpipe utility.)
Note: You can find information about running the Setup utility and provisioning the modules in the BIG-IP TMOS implementations Creating an Active-Standby Configuration Using the Setup Utility and Creating an Active-Active Configuration Using the Setup Utility.

Installation tips

  • The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.
  • You can check the status of an active installation operation by running the command watch tmsh show sys software, which runs the show sys software command every two seconds. Pressing Ctrl + C stops the watch feature.
  • If installation fails, you can view the log file. The system stores the installation log file as /var/log/liveinstall.log.

Upgrading from earlier versions

Your upgrade process differs depending on the version of software you are currently running.

Warning: Do not use the 10.x installation methods (the Software Management screens, the b software or tmsh sys software commands, or the image2disk utility) to install/downgrade to 9.x software or operate on partitions. Depending on the operations you perform, doing so might render the system unusable. If you need to downgrade from version 10.x to version 9.x, use the image2disk utility to format the system for partitions, and then use a version 9.x installation method described in the version 9.x release notes to install the version 9.x software.

Upgrading from version 10.1.0 (or later) or 11.x

When you upgrade from version 10.1.0 (or later) or 11.x software, you use the Software Management screens in the Configuration utility to complete these steps. To open the Software Management screens, in the navigation pane of the Configuration utility, expand System, and click Software Management. For information about using the Software Management screens, see the online help.

Upgrading from versions earlier than 10.1.0

You cannot roll forward a configuration directly to this version from BIG-IP version 4.x, or from BIG-IP versions 9.0.x through 9.6.x. You must be running version 10.1.0 software. For details about upgrading to those versions, see the release notes for the associated release.

Automatic firmware upgrades

If this version includes new firmware for your specific hardware platform, after you install and activate this version, the system might reboot additional times to perform all necessary firmware upgrades.

Fixes in 11.4.0

ID Number Description
ID 227276 GTM FTP monitors now correctly mark the operational state of IPv6 servers.
ID 247055 "iControl clients will be able to receive event notifications whenever GTM object's availability status has changed via iControl :: Management :: EventNotification interface. This functionality is disabled by default. It can be enabled via the IControl::GlobalLB::Globals interface by: set_forward_status_state('STATE_ENABLED'); The state of the feature is returned via the same interface: get_forward_status_state();"
ID 342508 The bigip_add and gtm_add scripts can now be passed a user name.
ID 381036 Now you can change Global Quality of Service (QoS) load-balancing factors from tmsh.gtm.global-settings.load-balancing.
ID 403125 GTM virtual server auto-discovery now works correctly when the GTM is v11.x and an LTM is upgraded from v10.x to v11.x.
ID 405230 Fixed backwards compatibility between new big3ds and older gtms.
ID 406751 This fix corrects a defect whereby a GTM using topology load balancing can intermittently experience TMM crashes shortly after topology records are added or removed from the configuration.
ID 407256 GTM is now able to collect the right hop count for LDNSs.

Fixes in 11.3.0

ID Number Description
ID 224131 Creating a WideIP with a wildcard, such as "*.wipzone.com" now results in the correct DNS A record and zone creation in ZoneRunner.
ID 264607 The 'None' monitor is no longer allowed on GTM pools. In tmsh setting a 'none' monitor will result in no monitor on the pool, which is consistent with other similar tmsh commands. Any 'none' monitors that exist in bigip_gtm.conf or wideip.conf will be scraped out or adjusted for upon upgrade.
ID 364774 Redundant Link Controller should now work as expected.
ID 378175 The GTM bigip monitor should now work correctly.
ID 378261 The GTM whoami iRule command now works correctly.
ID 381557 The GTM utilities bigip_add and gtm_add now correctly import certificate files. In earlier versions, they would occasionally truncate certificates under particular conditions.
ID 384629 GTM configuration synchronization will now exit gracefully upon failure.
ID 384630 The number of parameters required for the matchregion command is now correctly validated. Now you will receive a syntax error when you compile the iRule, and the TMM/GTM will also do a check of the iRule itself.
ID 387799 GTM pools using the ratio load balancing method with mixed IPv4 and IPv6 pool members now properly respect their member's ratios when generating responses to mixed A/AAAA queries.
ID 390086 The ZoneRunner GUI View moving functionality had a bug in that the View pulldown menu was empty. This bug has been resolved.
ID 391315 iRule pool commands now correctly handle selection where the pool has no cname Resource Record associated.
ID 391569 GTM will now respect connection limits placed on pools.
ID 392834 Fixed a defect where TMM could core and restart while processing DNS requests after removing a wideip alias from the configuration.

Fixes in 11.2.1

ID Number Description
ID 387799 GTM pools using the ratio load balancing method with mixed IPv4 and IPv6 pool members now properly respect their member's ratios when generating responses to mixed A/AAAA queries

Fixes in 11.2.0

ID Number Description
ID 368721 An error that occurred during a config-sync has been corrected , specifically by synchronizing the GTM directory /var/named/config only, instead of /var/named.
ID 370962 The GTM search filter in the GUI now works correctly for Wide IPs and Servers.
ID 377453 DNS Express successful zone transfer statistics no longer continue to increment on failed transfers.
ID 377682 DNS Express zone transfer failures no longer cause the zxfrd.bin database file to indefinitely grow in size, or the zxfrd process to increase in memory.
ID 378182 TMM no longer leaks memory when GTM attempts to rewrite DNS responses.
ID 380814 A memory leak related to DNS Express zone transfers in the zxfrd process has been corrected.
ID 380767 The dnssec-on-miss flag makes the transparent cache always ask for DNSSEC (DO bit) when forwarding the query after a miss. All subsequent queries, w/ or w/o the DO bit will get the correct DNSSEC records. Note, the initial response will always contain DNSSEC data. The default of dnssec-on-miss is yes.
ID 381543 LTM is now provisioned as NOMINAL in an LTM/GTM combo when using DNS services such as DNS Express.
ID 383415 A defect which could cause some top-level zones to fail to load into DNS Express with large configurations has been corrected.
ID 384853 TMM no longer restarts with a SIGSEGV and the following log message while processing certain DNS Express traffic: xbuf_dma: Assertion 'valid magic' failed

Fixes in 11.1.0

Bug Description
ID 355937 This release fixes validation for pool members. They will now reference the pool member (rather than incorrectly referencing the backing VS).
ID 361548 After the first install on a cluster, an rndc reload may be necessary. This fix allows that to happen.
ID 364437 Link Controller GUI: removed the erroneous table columns from wideip member stats and wideip details stats tables.
ID 364918 Syncing configuration changes from a Link Controller to a Global Traffic Manager in the same sync group no longer causes the monitors to fail to load on the GTM.
ID 365582 A GTM iRule that refers to a pool without specifying the full path (e.g., [pool pool1]) will now work correctly when that pool is found in multiple folders. Correct behavior is to always choose the pool in the wideip's folder, and to dynamically switch if a pool (with the same name as in the iRule) is added/deleted in that folder.
ID 366165 Configuration changes to any/every GTM object now triggers the configuration file to be saved.
ID 367082 This release corrects an issue where gtmd could grow excessively.
ID 367836 This release corrects an issue involving excessive memory usage and crash/core when loading GTM configs with large numbers of virtual servers with topology records.
ID 368715 Corrected a condition where importing a ucs file generated from a previous release with depends_on in the configuration would fail.

Fixes in 11.0.0

Bug Description
226783 [Global Traffic Manager] Global Traffic Manager now correctly performs name resolution for the IPv6 addresses, and BIND responds correctly to DNS requests against IPv6 self IP addresses.
223590, CR130729 [Global Traffic Manager] This release provides the functionality for clearing link statistics.
343798 [Global Traffic Manager] This version of the software adds two read-only fields to gtm_dnssec_key_generation: creator and key_tag. The value of creator is a string representing the host name of the BIG-IP system that created the DNSSEC key generation. The value of key_tag is a hash calculated from the DNSKEY resource record (RR) for that generation. You can use these fields to help debug DNSSEC deployments. In addition, this release provides better constraint on which generations can rollover, which helps mitigate a potential race condition. Finally, this release provides additional debug logging.
348726 [Global Traffic Manager] The online help page for custom GTM SNMP monitors has been provided.

Behavior changes in 11.4.0

ID Number Description
ID 345733 You can now use Ctrl-C to stop the gtm_add process and gtmd, named, and zrd will be restarted if they have been stopped.

Behavior changes in 11.3.0

ID Number Description
ID 264607 The 'None' monitor is no longer allowed on GTM pools. In tmsh setting a 'none' monitor will result in no monitor on the pool, which is consistent with other similar tmsh commands. Any 'none' monitors that exist in bigip_gtm.conf will be scraped out or adjusted for upon upgrade.
ID 325241 If you set a value for the IPv6 NoError TTL property of a wide IP, when BIG-IP GTM returns a NOERROR DNS response for an IPv6 query, the response now contains an SOA record (with the negative caching TTL).
ID 356586 BIND v9.7, new in v11.0.0, requires an A (IP address) record for an in-zone nameserver (NS) entry in its configuration. In the past, an FQDN or CNAME for the NS was sufficient. This means that upgrades to v11.0.0 might fail to load if such an A record is not present (the symptom will be zrd stuck in a restart loop). The best solution is to create an A record for the NS before upgrading. Or you can create and disable a wideIP, which causes an A record to be created. (Note that this is for in-zone NS records only. An "out of zone" NS record should not have an A record, and if you add an A record for it, the named process generates a warning about "ignoring out of zone data".)
ID 377367 When you set the load balancing method to Return to DNS, when the BIG-IP system receives a client query, the system increments the Return to DNS statistics. When the BIG-IP system receives a server response, the system increments the Return from DNS statistics.
ID 389371 tmsh now provides an automatic_configuration_save_timeout property in the GTM Global-settings General sub-module. You can use this property to set how many seconds the BIG-IP system waits before automatically saving the GTM configuration to the bigip_gtm.conf. A timeout of -1 causes the GTM configuration to NEVER be saved. A value of 0 causes the GTM configuration to be saved immediately. The maximum value is 86400 seconds, the default value is 15 seconds.

Behavior changes in 11.2.1

ID Number Description
ID 325241 If you set a value for the IPv6 NoError TTL property of a wide IP, when BIG-IP GTM returns a NOERROR DNS response for an IPv6 query, the response now contains an SOA record (with the negative caching TTL).
ID 387757 Added a new flag: -f, which forces the local big3d agent to be installed on the remote device regardless of versioning.
ID 408481 The default value for the global setting inactive-ldns-ttl has been changed from 2419200 to 2592000. If you have not changed from the default value, when you update from version 10.x, the system changes the default value to 2592000.

Behavior changes in 11.2.0

ID Number Description
ID 346551 BIG-IP Global Traffic Manager now includes BIND version 9.7.3. This version of BIND requires that when a zone is created with a name server (NS) record that is contained in the zone, that NS record must have a matching A record. With this release, when you create a wide IP that requires the creation of a zone, BIG-IP GTM automatically creates not only an NS record, but also an A record for the NS record that points to the local host. The NS and A records are given a time-to-live (TTL) of 0 (zero). The administrator should change the NS record to match the desired NS record.

Known issues

ID Number Description
ID 222220 Distributed application statistics shows only requests passed to its first wide IP. The system does not include statistics for requests passed to other wide-IP-members of the distributed application.
ID 225759 When you upgrade a BIG-IP Global Traffic Manager synchronization group to version 10.1.0 or later, the master key is not synchronized to all members within the synchronization group. For step-by-step instructions to fix this known issue, see SOL11868 at AskF5 (http://support.f5.com).
ID 341722 Global Traffic Manager uses BIND 9.7.3. This version of BIND can log a complicated message about not being able to load managed keys from a master file. If you have not configured Global Traffic Manager for DNSSEC Lookaside Validation (DLV), you might receive this message. It is cosmetic and you can ignore it. This is a known issue in BIND.
ID 343030 "The named process might log the following error in daemon.log: ""Oct 22 09:44:24 local/localhost err named[8832]: 22-Oct-2010 09:44:24.278 general: error: managed-keys-zone ./IN/external: loading from master file 3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys failed: file not found."" Although it reported the error, the daemon is up and running, so you can safely ignore the error."
ID 349621 "Drop to BIND performance has dropped in this release. The DNS Express feature in this release should alleviate the performance drop in BIND."
ID 354161 DNS Express continues to handle queries for that zone, even if a BIND zone that underlies a DNS Express zone expires. This occurs when using DNS Express to handle queries for zones, and a BIND zone expires. The impact is that DNS Express continues to handle queries for that zone. Workaround: To have DNS Express stop answering queries, disable or delete the DNS Express zone itself.
ID 361650 "Starting with 11.0.0, it takes minimum of 15 seconds to a maximum of 60 seconds for BIG-IP GTM to save any configuration change, regardless of whether it is made in the Configuration utility or in tmsh. The only way to speed up this process is to run the following command in tmsh: save sys config partitions all gtm-only No equivalent of this command exists in the Configuration utility."
ID 363134 Links get auto-discovered when global Auto-Discovery is disabled and Link Discovery is on. Disabling Link Discovery is the only way to truly disable this option.
ID 363142 [Link Controller] global Auto-Discovery can be disabled while having a link with bigip_link monitor. Do not disable global Auto-Discovery while having a link with bigip_link monitor.
ID 367459 The BIG-IP Configuration utility might incorrectly allow you to assign certain health monitors to pools and server objects that are configured with a wildcard service port. For more information, see SOL12400 at http://support.f5.com/kb/en-us/solutions/public/12000/400/sol12400.html?sr=20262082. Make sure to specify an Alias Port on a monitor when it needs to probe a specific service port on wildcard virtuals or pool members.
ID 401620 In previous releases, monitored BIG-IP virtual servers with addresses that overlap non-floating self IP addresses used to be marked up when the gateway_icmp monitor was used, but other, port-specific protocol monitors would fail. This was a false positive, as it is not possible to monitor virtual servers that overlap these addresses from the same box. In this release gateway_icmp monitor marks a virtual server that overlaps an IPv6 self IP 'down,' but it marks a virtual server that overlaps an IPv4 self IP 'up'. The latter is still an issue. To work around this issue, use the bigip monitor for monitoring BIG-IP virtual servers with IP addresses that overlap non-floating self IP addresses. Do not use any other GTM monitors for monitoring those virtual servers.
ID 404383 big3d_install can, in some instances, fail to install a new big3d on a BIG-IP system running 10.2.4-hf4.
ID 406176 Big3d leaks memory on an LTM server where at least one of ASM/APM/WAM is also configured and a GTM monitors the LTM server using bigip monitor.
ID 411515 The editing of builtin objects is not compatible with incremental sync. To synchronize an edit to a builtin object you must temporarily enable the device group's full-load-on-sync option; this option can be disabled after synchronizing the changes. It is not recommended to edit builtin objects; you should use inheritance when possible. For example, instead of editing a base profile you should create a new profile that inherits from the base profile using the defaults-from option; this profile can be synchronized over incremental sync. The same practice can be applied to monitors. For objects without inheritance (such as iApp templates) you will need to copy the builtin object into a new object.
ID 413902 If they sync group is intact and you are doing a rolling upgrade of your sync group from pre-v11.x to v11.x, you will experience flapping of the monitored objects due to the two versions not fully understanding iQuery messages. Could cause flapping of object status. Use live install on volumes to complete upgrades on each system and then switch over all systems to the new v11.x systems at the same time, essentially, eliminating a window where the sync group contains both v11.x and pre-v11.x systems.
ID 415976 A full load across a GTM sync group may occur on the creation of a DNSSEC key under certain conditions. Each device in a GTM sync group has a local ID viewable by running 'list sys db gtm.peerinfolocalid' from tmsh. One device will have a local ID of 0. This issue will not occur if DNSSEC keys are created from this device.
ID 416262 GTM may request that the configuration be saved more often than is strictly necessary. "The code was originally designed to minimize configuration saving (to minimize disk activity and reduce the performance hit required to save) when multiple changes are being made in quick succession. This is done by keeping track of the last change and waiting 10 seconds before writing out the configuration *if* no other change occurs in that 10 seconds. If another change does occur, then the 10 second wait is reset. This (resetting the wait time) can happen multiple times until 60 seconds has elapsed since the first change. Once 60 seconds has elapsed, no matter if changes are still being made, the configuration is saved. This is done to minimize the chance that configuration changes can be lost in the event of a power cycle or reboot. The code was later modified and this functionality was broken, such that the configuration was always saved after 10 seconds. This fix restores the original design. Please note that separate from this change, the design was modified to all that wait time (10 seconds by default) to be set by the user. So it is possible to modify this behavior by setting the GTM Global variable. Setting this to 0 (zero) will result in configuration changes being made immediately. Setting this to -1 will result in the configuration to not be saved automatically. A manual save would be required. Setting this to any other value will result in the wait period to be set to that value." None
ID 420440 Checking your TXT record in the web interface causes the system to give an error. Querying for the data against a listener for the record reveals that the TXT rdata is incorrect. GTM enabled and a zone file with a TXT record that has multi-line rdata has been imported via the GUI into ZoneRunner. Your DNS TXT records will be incorrect. Enter your multi-line TXT records via the web interface as single line, quote separated lines.
ID 421773 gtm_add or bigip_add utility exits with "ERROR: Can't create a hard link". Presence of server.crt.backup or client.crt.backup prior to a run of gtm_add or bigip_add. Inability to add new devices to sync group. Delete the offending server.crt.backup or client.crt.backup file. As an optional precaution, make a copy of the file before deletion.

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you are using to subscribe. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.

Legal notices

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)