Applies To:

Show Versions Show Versions

Release Note: BIG-IP GTM and BIG-IP Link Controller version 11.0.0
Release Note

Original Publication Date: 08/30/2013


This release note documents the version 11.0.0 release of BIG-IP Global Traffic Manager and BIG-IP Link Controller. You can apply the software upgrade to software versions 10.x on multiple platforms, as defined in SOL10288: BIG-IP software and platform support matrix.


- User documentation for this release
- New in 11.0.0
- Installation overview
     - Installation checklist
     - Installing the software
     - Post-installation tasks
     - Installation tips
- Upgrading from earlier versions
- Fixes in 11.0.0
- Known issues
- Contacting F5 Networks
- Legal notices

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IP GTM 11.0.0 Documentation page.

New in 11.0.0

DNS Express

You can now configure DNS Express on BIG-IP Global Traffic Manager (GTM) to mitigate distributed denial-of-service attacks (DDoS) and improve performance of both the local BIND server on the BIG-IP system and any back-end DNS servers.


This release provides support for BIG-IP GTM on the VIPRION platforms.

Virtual Edition

BIG-IP GTM is now available as a Virtual Edition (VE).

IP Anycast

This release provides support for IP Anycast for DNS services on BIG-IP GTM. This configuration helps mitigate distributed denial-of-service attacks (DDoS), reduce DNS latency, improve the scalability of your network, and assist with global traffic management.

Device-specific Probing and Statistics Collection

With this release, you can configure BIG-IP Global Traffic Manager (GTM) to perform intelligent probing of your network resources to determine whether the resources are up or down. This allows you to specify which BIG-IP systems probe specific servers for health and performance data.

Life Span of Default System Certificates Extended

This release provides default system certificates with a ten year initial life span on BIG-IP GTM.

GTM Monitor Supports Route Domains

You can now deploy BIG-IP GTM on a network where BIG-IP Local Traffic Manager (LTM) systems are configured with route domains.

Installation overview

This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP System: Upgrading Active/Standby Systems and BIG-IP System: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.

Installation checklist

Before you begin:

  • Update/reactivate your system license, if needed, to ensure that you have a valid service check date.
  • Ensure that your system is running version 10.0.0 or later and is using the volumes formatting scheme.
  • Download the .iso file (if needed) from F5 Downloads to /shared/images on the source for the operation. (If you need to create this directory, use the exact name /shared/images.)
  • Configure a management port.
  • Set the console and system baud rate to 19200, if it is not already.
  • Log on as an administrator using the management port of the system you want to upgrade.
  • Boot into an installation location other than the target for the installation.
  • Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to a safe place on another device.
  • Log on to the standby unit, and only upgrade the active unit after the standby upgrade is satisfactory.
  • Turn off mirroring.
  • If you are running WAN Optimization Manager, set provisioning to Minimum.

Installing the software

You can install the software at the command line using the Traffic Management shell, tmsh, or in the browser-based Configuration utility using the Software Management screens, available in the System menu. Choose the installation method that best suits your environment.
Installation method Command
Install to existing volume, migrate source configuration to destination tmsh install sys software image [image name] volume [volume name]
Install from the browser-based Configuration utility Use the Software Management screens in a web browser.

Sample installation command

The following command installs version 11.2.0 to volume 3 of the main hard drive.

tmsh install sys software image BIGIP- volume HD1.3

Post-installation tasks

This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP System: Upgrading Active/Standby Systems and BIG-IP System: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.

After the installation finishes, you must complete the following steps before the system can pass traffic.
  1. Ensure the system rebooted to the new installation location.
  2. Log on to the browser-based Configuration utility.
  3. Run the Setup utility.
  4. Provision the modules.
  5. Convert any bigpipe scripts to tmsh. (Version 11.x does not support the bigpipe utility.)
Note: You can find information about running the Setup utility and provisioning the modules in the BIG-IP TMOS implementations Creating an Active/Standby Configuration Using the Setup Utility and Creating an Active-Active Configuration Using the Setup Utility.

Installation tips

  • The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.
  • You can check the status of an active installation operation by running the command watch tmsh show sys software, which runs the show sys software command every two seconds. Pressing Ctrl + C stops the watch feature.
  • If installation fails, you can view the log file. The system stores the installation log file as /var/log/liveinstall.log.

Upgrading from earlier versions

Your upgrade process differs depending on the version of software you are currently running. Software version 10.x introduced the ability to run multiple modules based on platform. The number and type of modules that can be run simultaneously is strictly enforced through licensing. For more information, see SOL10288: BIG-IP software and platform support matrix.

Warning: Do not use the 10.x installation methods (the Software Management screens, the b software or tmsh sys software commands, or the image2disk utility) to install/downgrade to 9.x software or operate on partitions. Depending on the operations you perform, doing so might render the system unusable. If you need to downgrade from version 10.x to version 9.x, use the image2disk utility to format the system for partitions, and then use a version 9.x installation method described in the version 9.x release notes to install the version 9.x software.

Upgrading from version 10.x or 11.x

When you upgrade from version 10.x or 11.x software, you use the Software Management screens in the Configuration utility to complete these steps. To open the Software Management screens, in the navigation pane of the Configuration utility, expand System, and click Software Management. For information about using the Software Management screens, see the online help.

Upgrading from versions earlier than 10.x

You cannot roll forward a configuration directly to this version from BIG-IP version 4.x, or from BIG-IP versions 9.0.x through 9.6.x. You must be running version 10.x software. For details about upgrading to those versions, see the release notes for the associated release.

Automatic firmware upgrades

If this version includes new firmware for your specific hardware platform, after you install and activate this version, the system might reboot additional times to perform all necessary firmware upgrades.

Fixes in 11.0.0

Bug Description
226783 [Global Traffic Manager] Global Traffic Manager now correctly performs name resolution for the IPv6 addresses, and BIND responds correctly to DNS requests against IPv6 self IP addresses.
223590, CR130729 [Global Traffic Manager] This release provides the functionality for clearing link statistics.
343798 [Global Traffic Manager] This version of the software adds two read-only fields to gtm_dnssec_key_generation: creator and key_tag. The value of creator is a string representing the host name of the BIG-IP system that created the DNSSEC key generation. The value of key_tag is a hash calculated from the DNSKEY resource record (RR) for that generation. You can use these fields to help debug DNSSEC deployments. In addition, this release provides better constraint on which generations can rollover, which helps mitigate a potential race condition. Finally, this release provides additional debug logging.
348726 [Global Traffic Manager] The online help page for custom GTM SNMP monitors has been provided.

Known issues

This release contains the following known issues.

ID Bug Description
ID 222220 [Global Traffic Manager] Distributed application statistics shows requests passed only to its first wide IP. It does not add requests passed to other wide IPs - members of this distributed app to the total numbers.
ID 225759 [Global Traffic Manager] Upgrading a BIG-IP Global Traffic Manager synchronization group to version 10.1 or later. When you upgrade a BIG-IP Global Traffic Manager synchronization group to version 10.1.0 or later, the master key is not synchronized to all members within the synchronization group. For step-by-step instructions to fix this known issue, see SOL11868 on AskF5.
ID 341722 [Global Traffic Manager] The Global Traffic Manager uses BIND 9.7.3. This version of BIND can log a complicated message about not being able to load managed keys from a master file. If you have not configured the Global Traffic Manager for DNSSEC Lookaside Validation (DLV), you might receive this message. It is cosmetic and you can ignore it. This is a known issue in BIND.
ID 343798 [Global Traffic Manager] Constraint calculation for DNSSEC keys(ID 343798) In previous releases, the value of the Rollover Period for a DNSSEC key had to be equal to or greater than one third the value of the Expiration Period of the key, and less than the Expiration Period. In this release, the value of the Rollover Period must be equal to or greater than one half the value of the Expiration Period, and less than the Expiration Period. If your DNSSEC keys do not meet this criteria, before you upgrade to this version, change the value of the Rollover Period for each DNSSEC key.
ID 344048 [Global Traffic Manager] In previous releases, BIG-IP Global Traffic Manager set the time-to-live (TTL) on a name server (NS) record generated by a wide IP to 500. The system now sets the TTL on an NS record generated by a wide IP to 0 (zero) to ensure that the client does not retain the value, but instead obtains the value from the authoritative name server.
ID 346551 [Global Traffic Manager]BIND 9.7.3 requires behavior change BIG-IP Global Traffic Manager now includes BIND version 9.7.3. This version of BIND requires that when a zone is created with a name server (NS) record that is contained in the zone, that NS record must have a matching A record. With this release, when you create a wide IP that requires the creation of a zone, BIG-IP GTM automatically creates not only an NS record, but also an A record for the NS record that points to the local host. The NS and A records are given a time-to-live (TTL) of 0 (zero). The administrator should change the NS record to match the desired NS record.
ID 347791 [Global Traffic Manager] Shortened expiration period of DNSSEC key affects upgrade to 11.0. When you upgrade a BIG-IP Global Traffic Manager to version 11.0, if you have configured the expiration period of any DNSSEC keys to be greater than 49709 days, the configuration upgrade will fail. You must change the expiration period for all DNSSEC keys to 49709 days or less.
ID 357361 [Global Traffic Manager] DNSSEC objects are owned by gtm (due to need for wide-area sync). A load of ltm only does a mark/sweep for ltm objects, not gtm. Therefore an attempt (in the sweep) to delete the unsaved folder fails because an object not attempt to be swept, the dnssec object, still exists.
ID 359703 [Global Traffic Manager/Link Controller] Zone transfers are made via a self-ip due to the global nature of the dns-express database.
ID 363134 [Link Controller] Links get auto-discovered when global Auto-Discovery is disabled and Link Discovery is on.
ID 363142 [Link Controller] global Auto-Discovery can be disabled while having a link with bigip_link monitor
ID 365582 [Global Traffic Manager] A GTM iRule that refers to a pool in /Common/ without specifying the full path (i.e., [pool pool1]), will not dynamically switch if you create another pool with the same name in a nested folder (i.e., /Common/folder1/) where the wide IP that the iRule is assigned to resides.
ID 403125 [Global Traffic Manager] If GTM v11.x has LTM v10.x virtual servers auto-discovered and later LTM gets upgraded to 11.x, GTM auto-discovers a new set of virtual servers with their names in 11.x format (with partition path being added to their 10.x names). If virtual server discovery was enabled, LTM virtual servers get re-discovered with the new names effectively deleting their previous memberships in the GTM pools. If virtual server discovery was enabled with no delete option then the pre-existing set of LTM virtual servers and their pool memberships stay intact but a second set of LTM virtual servers with the new names gets auto-discovered by the GTM.

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802

For additional information, please visit

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it's providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure you get the most from your F5 technology.


AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news on your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, fill out the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email). To subscribe, send a blank email to from the email address you would like to subscribe with. Unsubscribe by sending a blank email to

Legal notices

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)