Original Publication Date: 11/03/2017
BIG-IP Virtual Edition (VE) is a version of the BIG-IP system that runs as a virtual machine. Supported modules include Local Traffic Manager, BIG-IP DNS (formerly Global Traffic Manager), Application Security Manager, Access Policy Manager, Application Acceleration Manager, Policy Enforcement Manager, Application Firewall Manager, and Analytics. BIG-IP VE includes all features of device-based BIG-IP modules running on standard BIG-IP TMOS, except as noted in release notes and product documentation.
This version of the software is supported in the following configurations. For a list of VE hypervisor support, see the Virtual Edition and Supported Hypervisors Matrix
All licensable module-combinations may be run on BIG-IP Virtual Edition (VE) guests provisioned with 12 GB or more of memory.
The following guidelines apply to VE guests configured with 8 GB of memory.
The following guidelines apply to VE guests provisioned with less than 8 GB and more than 4 GB of memory.
The following guidelines apply to VE guests provisioned with 4 GB or less of memory.
SOL14592: Compatibility between BIG-IQ and BIG-IP releases provides a summary of version compatibility for specific features between the BIG-IQ system and BIG-IP releases.
For a list of Virtual Edition (VE) hypervisor support, see the Virtual Edition and Supported Hypervisors Matrix.
You can now live migrate BIG-IP VE instances between VMware hosts.
BIG-IP Virtual Edition (VE) now supports the Cisco enic driver, which enables support for the Cisco UCS Virtual Interface Card (VIC1240/1340) in VM-FEX mode. BIG-IP VE also now supports the Intel XL710 virtual function driver in SR-IOV mode.
|434713||Licensed bandwidth limit now applies only to application traffic. Bandwidth exceeded messages in the Virtual Edition (VE) log file now portray application performance and not application plus administrative traffic overhead.|
|502928||This release properly handles memory allocation failures on Virtual Edition (VE) instances running in AWS and Azure, so no TMM cores occur.|
|524301||Set up a dataplane interface's MTU up to 9198 with this fix. To make a VLAN and the interface from which it derives have the new MTU, run the command: tmsh modify net interface <ifname> mtu <mtu>.|
|529484||Virtual Edition instances now stays active when instances passing 10 Gbps of traffic on interfaces that support LRO.|
|534021||BIG-IP HA on AWS dynamically constructs the EC2 service endpoint based on the domain-name and region attached with the running instance.|
|538010||If Virtual Edition (VE) is provisioned with 1NIC enabled on Amazon AWS or Microsoft Azure public cloud services, you cannot statically assign the management IP when 1NIC provisioning is enabled on supported VE platforms. The system now provides the following warning: 01071ac0:3: DHCP can't be disabled with dbvar 'provision.1nic' enabled.|
|538012||Virtual Edition (VE) 1NIC provisioning shares the same IP address as both the management IP and self IP address, so VE with 1NIC enabled cannot pass any traffic through the data plane if a different self IP address from the DHCP management IP is assigned. The system now provides the following warning: 01071ac6:3: Invalid Self-IP '10.10.10.11/255.255.252.0': it must be the same as the management-IP '10.10.10.10/255.255.252.0' in VE-1NIC.|
|544531||"You can configure ConfigSync Only (there is no support of network failover, but it should be selected and disabled when creating the Device Group), for BIG-IP VE provisioned with a single NIC and a single IP address using the following steps: Steps to configure ConfigSync in Azure VE provisioned with a single NIC and a single IP address
-Configure configsync-ip in each VE/device
|545314||The underlying issue has been fixed such that the vCMP guest BIG-IP or VE BIG-IP will boot up correctly the first time after its disk size has been increased.|
|550618||The BIG-IP Virtual Edition now successfully loads the default configuration on the Microsoft Azure cloud service.|
|557648||Include Amazon EC2 web service tools from latest version of the toolset. Included is support for AWS pool autoscale functionality.|
There are no Virtual Edition-specific behavior changes specified for this release.
|224507||When Virtual Editing (VE) is deployed on VMware, the management port might not correctly reflect the uplink port speed of the vSwitch that it is connected to. VE deployed on VMware. This should have no adverse affects on actual management port traffic. Workaround: None.|
|351538||F5 Networks strongly recommends that the host system use CPUs with AMD-V or Intel-VT technology. This might require adjusting the systems BIOS or Unified Extensible Firmware Interface (UEFI) configuration. Host systems not using CPUs with AMD-V or Intel-VT technology. For specific hypervisors, hardware assisted virtualization technologies might be required in order to boot BIG-IP VE. For detailed system requirements, see the hypervisor's documentation. Workaround: None.|
|352856||Errors occur when migrating SCF files between different BIG-IP Virtual Edition (VE) hypervisor software. This occurs on BIG-IP VE. "The configuration does not load, and the system posts the following error: BIGpipe interface creation error: 01070318:3: 'The requested media for interface 1.1 is invalid.'" Workaround: To work around this, remove the entire line that contains 'media fixed' statements for each interface. When the media capabilities are removed from the SCF before load, no error occurs.|
|358355||When deployed as a Microsoft Hyper-V virtual machine, BIG-IP Virtual Edition (VE) must be configured with Static Memory Allocation. The use of Dynamic Memory Allocation is unsupported and might cause issues. Dynamic Memory Allocation. Dynamic Memory Allocation is unsupported and might cause issues. Workaround: None.|
|364704||Certain hypervisors support a snapshot of the virtual machine taken with the active state of the memory. On VMware, this temporarily freezes the virtual machine. This might produce undesired results. Taking a snapshot of the virtual machine's memory on VMware. Pauses the virtual machine, which might produce undesired results. Workaround: To avoid this problem on VMware hypervisors, do not include the virtual machine's memory when taking snapshots. On VMware, uncheck the option: Snapshot the virtual machine's memory.|
|366403||After modifying the BIG-IP system topology by adding or removing Network Interfaces, the interface numbering might appear out of order and NICs may appear that are no longer present. Adding or removing Network Interfaces. Usually the fifth NIC will be the first to induce the problem. Interface numbering might appear out of alignment with the previous boot of the VE. NICs may appear that are no longer present. This impact can be seen even after reconfiguring the VLAN interfaces on the BIG-IP VE to match the new topology and MAC layout. After a binary MCPD database has been created, the system may not correctly detect the change even after a subsequent reboot. Workaround: To ensure that the VE system properly detects the new or removed interfaces, run the command 'rm /var/db/mcpd*' at the BIG-IP VE command prompt, and then reboot the VE. After a new mcpdb file has been created, the VLAN interfaces may need to be reconfigured to map to the correct networks, either on the hypervisor, BIG-IP VE, or both. Interface mapping can be viewed by comparing the MAC addresses of the VE interfaces to the same MAC addresses displayed in the hypervisor configuration for the Virtual Machine definition that the VE resides in. The BIG-IP VE MAC addresses can be found in the BIG-IP Configuration utility on the Network :: Interface page, via tmsh, or other resources, such as iControl and iControl REST.|
|371458||On a XenServer Host, all interfaces are expected to show up as 100TX-FD within tmsh. XenServer Host. All application traffic handling interfaces will be shown with a media speed of 100 and an Active Duplex of half in the GUI for this release. This speed rating is simply cosmetic and not actually reflective of the speeds and duplex for BIG-IP VE on a XenServer host. The actual link is a high speed internal connection via a Virtual Network Interface within the hypervisor at speeds greater than 100 Mbps. Workaround: None.|
|371631||BIG-IP Virtual Edition (VE) may incorrectly report the interface media duplex settings as none. The General Properties may show an incorrect Active Duplex setting when you navigate to Network :: Interfaces, and then click the interface. The output from the tmsh show network interface all-properties command may show incorrect information in the Media column. Running the command 'show net interface all-properties'. You are unable to confirm the current duplex setting of an interface. Workaround: "To work around this issue, you can determine the interface media duplex setting for VE configurations not involving SR-IOV by running the following command: tmsh list net interface. Note: This workaround is valid only for VE configurations and only reports the VE's reported link state. A VM cannot determine any vSwitch's upstream link state via its own link state. VE knows about the link between it and the vSwitch, except in SR-IOV deployments, where there is no vSwitch and the link is direct."|
|372540||Migration of BIG-IP VE, whether live or powered off, commonly incurs an innocuous warning message similar to this on vSphere hypervisors: Virtual Ethernet card: 'Network adapter 1' is not supported. Migration of BIG-IP VE, whether live or powered off. This is not a limitation of the host in general, but of the virtual machine's configured guest OS on the selected host." This message is benign and can safely be ignored. Workaround: None.|
|394817||Virtual Edition (VE) now supports CMP (that is, multiple TMMs running on the same device). For rate-limited licenses, the throughput rate is divided by the number of TMMs, so each TMM is capped at a fraction of the total licensed limit. VE with CMP enabled and a rate-limited license. After enabling CMP on VE, maximum throughput for one TCP/UDP connection is decreased by the TMM count. For example, If a 200M license with one connection has a throughput of 180Mbits/s before enabling CMP, then for two TMMs the expected throughput would be 90 Mbits/s, and with four TMMs, the expected throughput would be 45 Mbit/s. This is expected functionality. Workaround: None.|
|401569||On Virtual Edition (VE), if a VLAN was created without any assigned interface, then it will get 00:98:76:54:32:10 MAC address. This address is not functional for accessing any virtual server via such VLAN. The issue is VE-specific due to vmw-compat VLAN MAC assignment policy. This behavior is different from BIG-IP v11.0.0 (and earlier) where VLAN without any interface had MAC address 00:00:00:00:00:00. The 00:98:76:54:32:10 MAC address is not functional for accessing any virtual server via such VLAN. Workaround: "Possible workarounds: 1. Attach/detach an interface. 2. Manually assign 00:00:00:00:00:00 to VLAN (e.g., by using the ip command)."|
|409234||FastL4 Virtual Servers might experience very low throughput on Virtual Edition (VE) with TCP Segmentation Offload disabled. VE, with at least one FastL4 virtual server configured, and TCP Segmentation Offload (TSO) disabled in the TMM (sys db tm.tcpsegmentationoffload). Numerous Transmit Datagram Errors for the FastL4 profile (tmsh show ltm profile FastL4). FastL4 virtual servers affected might have very low throughput, which might occur if the hypervisor has Large Receive Offload (LRO) enabled. This is a hypervisor configuration issue. Low throughput might also occur when VE is passing traffic to other virtual machines running on the same physical hypervisor. Workaround: There are two workarounds: -- Enable TCP Segmentation Offload by modifying 'sys db tm.tcpsegmentationoffload'. -- Disable LRO on hypervisors running VE.|
|412817||The BIG-IP system is unreachable for IPv6 traffic via PCI pass-through interfaces, because current ixgbevf drivers do not support multicast receive. When configured to see IPv6 traffic on a PCI pass-through interface, the BIG-IP guest is not able to see this traffic. PCI pass-through interfaces are unable to see IPv6 traffic. Workaround: None.|
|495523||MCPd goes into a restart loop after a change to the AWS Instance Type. This occurs in Virtual Edition (VE) after changing the underlying instance hardware in AWS, which is not supported behavior. The instance is not usable. There is no error message to indicate the failure. Workaround: Users can save the configuration on the BIG-IP system, instantiate a instance of the desired type, and apply the saved configuration.|
|517454||BIG-IP VE running on Azure cloud cannot report hostname back to Azure Fabric Controller. Hostname is missing in Azure VE's dashboard in Azure portal. If BIG-IP VE runs on Azure cloud. Although the hostname is missing, there is no impact on BIG-IP VE functionality. Workaround: None.|
|547047||Older EC2 tools stopped working in some AWS regions. This can happen in some AWS regions. BIG-IP high availability configurations may stop working in some AWS regions. Workaround: None.|
|554461||Messages do not display during bootup for serial-based Virtual Edition (VE) consoles. This occurs because by design VE grub and kernel configurations defaults to vga (tty0). Any bootup messages of interest cannot be seen on the serial console, which hinders debugging in the event of a boot failure or error. Workaround: "To add the serial console, follow these steps:
1) Login to the VE and run the following command to edit the grub configuration:
|563116||Cannot install a hotfix or anything on the second volume if an empty HD1.2 exists before installing. "--BIG-IP Virtual Edition. --HD1.2 is empty before installing." Failed installation occurs with Disk full (volume group). See SOL#10636 message. Workaround: After encountering the disk-full condition described in SOL10636, or to avoid it in the first place, remove HD1.2 before installing. Then install to a new boot location using the create-volume option (in tmsh), or specify a new volume name when installing (in the GUI-based configuration utility).|
|569331||Traffic will not pass to virtual servers of a traffic group "BIG-IP AWS High Availability AWS network outage" Some of virtual addresses end up associated with the standby BIG-IP; traffic will not pass to their virtual servers. Workaround: "If the desired BIG-IP is standby, failover to the BIG-IP. If the desired BIG-IP is already active, failover from this BIG-IP and then failover back to this BIG-IP."|
|575027||Tagged VLAN configurations with a cmp-hash setting for the VLAN, might result in performance issues. "This occurs when the following conditions are met: 1. Use of tagged VLANs in the configuration. 2. Change cmp-hash of the tagged VLAN." Throughput is lower than expected. Packets are not being hashed using the hash set in config. (This can be verified by looking at 'tmm/flow_redir_stat'.) Workaround: Use untagged VLANs and hypervisor side tagging.|
|577785||Loading sys config triggered by MCPD start might fail after removing NICs for VE if the given NICs have been configured as the data-plane interfaces in BIG-IP Virtual Edition (VE). "- BIG-IP VE. - Multi-NICs have been configured as the data-plane interfaces. - One or some of these NICs have been removed from the host side." BIG-IP VE stops working. BIG-IP VE cannot be in ready state since almost all other services depend on MCPD to be up running first. Workaround: Edit /config/bigip_base.conf to delete the net interfaces that have been removed on the host/hypervisor side.|
|577831||Virtual Edition (VE) does not boot and no boot messages are displayed. This occurs when there is no video device present. This is an issue because by design VE grub and kernel configurations default to vga (tty0). VE does not boot. Workaround: Use a VGA console option when deploying the VE (via virt-admin, or the Xen configuration utility, etc.)|
|587791||Due to recent changes of the build process /var/lib/waagent didn't have proper execute permission set. This caused failure in executing user custom scripts during deploying. First deployment of VM in Azure, which requires executing custom scripts. Custom scripts cannot be executed. Workaround: N/A|
There are no known issues specific to BIG-IP DNS-Virtual Edition.
There are no known issues specific to Application Security Manager-Virtual Edition.
There are no known issues specific to Access Policy Manager-Virtual Edition.
There are no known issues specific to Application Acceleration Manager-Virtual Edition.
There are no known issues specific to Policy Enforcement Manager-Virtual Edition.
There are no known issues specific to Application Firewall Manager-Virtual Edition.
There are no known issues specific to Analytics-Virtual Edition.
For additional information, please visit http://www.f5.com.
You can find additional support resources and technical documentation through a variety of sources.
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.