A BIG-IP system active-active pair for version 10.x includes two BIG-IP systems operating in active mode (Device A and Device B).
After preparing the devices for an upgrade to version 11.x, you force Device B to standby mode and install version 11.x onto Device B (the standby device).
When you finish the installation of version 11.x onto Device B, it creates two traffic groups called traffic-group-1 and traffic-group-2. Both version 11.x traffic groups fail over to active state on Device B, and Device A (the version 10.x device) changes to standby mode. Note that the Unit ID that was used in version 10.x becomes obsolete in version 11.x.
An upgrade of BIG-IP active-active systems to version 11.x involves the following tasks.
|Preparing Device A (active mode on the BIG-IP 1 system) and Device B (active mode on the BIG-IP 2 system)||In preparing to upgrade the active-active BIG-IP systems to version 11.x, you need to understand any specific configuration or functional changes from the previous version, and prepare the systems. You also download the new version of software from the AskF5 web site (www.askf5.com) and import the files onto each device.|
|Forcing Device B to standby mode||When you complete preparing the Device B, you can force Device B to standby mode.|
|Upgrading Device B (the standby mode BIG-IP 2 system)||Once Device B is in standby mode, you can upgrade the software on that device.|
|Upgrading Device A (the standby mode BIG-IP 1 system)||When you complete upgrading Device B, you can prepare Device A, and upgrade the software on Device A.|
|Verifying the upgrade||Finally, you should verify that your active traffic groups on the BIG-IP systems are functioning properly.|
|Configuring module-specific settings||According to your understanding of the configuration and functional changes from the previous version, you can reconfigure any customized module settings.|
BIG-IP redundant system configuration is based on a few key components.
A device is a physical or virtual BIG-IP system, as well as a member of a local trust domain and a device group. Each device member has a set of unique identification properties that the BIG-IP system generates.
A device group is a collection of BIG-IP devices that trust each other and can synchronize, and sometimes fail over, their BIG-IP configuration data.
You can create two types of devices groups:
A BIG-IP device can be a member of only one Sync-Failover group. However, a device can be a member of both a Sync-Failover device group and a Sync-Only device group.
A traffic group is a collection of related configuration objects (such as a virtual IP address and a self IP address) that run on a BIG-IP device and process a particular type of application traffic. When a BIG-IP device becomes unavailable, a traffic group can float to another device in a device group to ensure that application traffic continues to be processed with little to no interruption in service.
Underlying successful operation of device groups and traffic groups is a feature known as device trust. Device trust establishes trust relationships between BIG-IP devices on the network, through mutual certificate-based authentication. A trust domain is a collection of BIG-IP devices that trust one another and can therefore synchronize and fail over their BIG-IP configuration data, as well as exchange status and failover messages on a regular basis. A local trust domain is a trust domain that includes the local device, that is, the device you are currently logged in to.
Folders and sub-folders are containers for the configuration objects on a BIG-IP device. For every administrative partition on the BIG-IP system, there is a high-level folder. At the highest level of the folder hierarchy is a folder named root. The BIG-IP system uses folders to affect the level of granularity to which it synchronizes configuration data to other devices in the device group. You can create sub-folders within a high-level folder, using tmsh.
Only certain types of configuration objects can belong to a traffic group. Examples of traffic group objects are self IP addresses and virtual IP addresses.
An example of a set of objects in a traffic group is an iApps application service. If a device with this traffic group is a member of a device group, and the device becomes unavailable, the traffic group floats to another member of the device group, and that member becomes the device that processes the application traffic.
The upgrade process involves preparation of the two BIG-IP devices (Device A and Device B) configured in an active-active implementation, followed by the installation and verification of version 11.x on each device. When you upgrade each device, you perform several tasks. Completing these tasks results in a successful upgrade to version 11.x on both BIG-IP devices, with an active traffic group configured properly on each device.
Access Policy Manager is not supported in an Active-Active configuration.
Access Policy Manager is supported in an Active-Standby configuration with two BIG-IP systems only.
The BIG-IP Application Security Manager(ASM) system does not require specific preparation when upgrading from version 10.x to version 11.x. No additional configuration is required after completing the upgrade to version 11.x.
If you update two redundant systems that are running as an active-standby pair with BIG-IP Application Security Manager (ASM) and BIG-IP Local Traffic Manager(LTM) provisioned, the system maintains the active-standby status and automatically creates a Sync-Failover device group and a traffic group containing both systems. The device group is enabled for BIG-IP ASM (because both systems have ASM provisioned).
You can manually push or pull the updates (including BIG-IP LTM and ASM configurations and policies) from one system to the other (Config Sync and choose Synchronize TO/FROM Group)., then click
BIG-IP Global Traffic Manager (GTM) systems do not require any preparation to upgrade from version 10.x to version 11.x.
The following feature or functionality changes occur after you complete the upgrade process to version 11.x.
|Feature or Functionality||Description|
|Assigning a BIG-IP system to probe a server to gather health and performance data||Assigning a single BIG-IP system to probe a server to gather health and performance data, in version 10.x, is replaced by a Prober pool in version 11.x.|
The BIG-IP Link Controller (LC) system does not require specific preparation when upgrading from version 10.x to version 11.x. No additional configuration is required after completing the upgrade to version 11.x.
The BIG-IP Local Traffic Manager (LTM) system does not require specific preparation when upgrading from version 10.x to version 11.x. No additional configuration is required after completing the upgrade to version 11.x.
The BIG-IP Protocol Security Module (PSM)does not require specific preparation when upgrading from version 10.x to version 11.x. No additional configuration is required after completing the upgrade to version 11.x.
BIG-IP WebAccelerator systems require specific preparation tasks and changes to upgrade from version 10.x to version 11.x.
Before you upgrade the WebAccelerator systems from version 10.x to version 11.x, you need to prepare the systems, based on your configuration. The following table summarizes the applicable tasks that you need to complete.
|Feature or Functionality||Preparation Task|
|Symmetric deployment||You must reconfigure symmetric WebAccelerator systems as asymmetric systems before
you upgrade them from version 10.x to version 11.x.
Important: Version 11.x does not support symmetric WebAccelerator systems.
|Unpublished policies||You must publish any policies that you want to migrate to version 11.x. Only published policies are migrated into version 11.x.|
|Signed policies||Signed policies are not supported in version 11.x. If you use signed policies, you must replace them with predefined or user-defined policies before upgrading.|
|Configuration files||Upgrading from version 10.x to version 11.x does not include custom changes to
configuration files. After upgrading to version 11.x, you need to manually restore
any customizations made to your configuration files by using the Configuration
utility or Traffic Management Shell (tmsh). The following list includes examples of
configuration files that might have been customized:
|Debug Options||X-PV-Info response headers in version 10.x are changed to X-WA-Info response headers in version 11.x. The default setting for X-WA-Info Headers is None (disabled). To use X-WA-Info response headers, you will need to change this setting, and update any associated iRules or scripts, accordingly.|
When you complete upgrading to version 11.x, you should consider the following feature or functionality changes that occur for the WebAccelerator systems. Depending upon your configuration, you might need to perform these changes after you upgrade the systems.
|Feature or Functionality||Description|
|Web acceleration||Web acceleration functionality requires configuration of the Web Acceleration
Important: You must enable a WebAccelerator application in the Web Acceleration profile to enable the WebAccelerator system.
|Compression||Compression functionality requires configuration of the HTTP Compression profile in version 11.x.|
|Request logging||Request logging does not migrate to version 11.x. You must recreate the configuration after upgrading by using the Request Logging profile.|
|Policy logging||Policy logging does not migrate to version 11.x. You must recreate the configuration after upgrading by using the Request Logging profile.|
|URL normalization||URL normalization is not supported in version 11.x.|
|iControl backward compatibility||Backward compatibility for iControl Compression and RAM Cache API settings in the HTTP profile is not supported in version 11.x. These settings appear in the HTTP Compression and Web Acceleration profiles in version 11.x.|
BIG-IPWAN Optimization Manager (WOM)systems do not require specific preparation when upgrading from version 10.x to version 11.x. However, in a redundant system configuration, you must upgrade the standby system first (to avoid interrupting traffic on the active system), and then upgrade the other system. No additional configuration is required after completing the upgrade to version 11.x.
Your upgrade of the BIG-IP active-active pair from version 10.x to version 11.x is now complete. The version 11.x configuration includes a device group with two devices (Device A and Device B) and two traffic groups (traffic-group-1 and traffic-group-2), with the first traffic group on one device (Device B) in active state and the second traffic group on the other device (Device A) in active state.