Applies To:

Show Versions Show Versions

Release Note: BIG-IP Virtual Edition 12.1.0
Release Note

Original Publication Date: 12/06/2016

Summary:

BIG-IP Virtual Edition (VE) is a version of the BIG-IP system that runs as a virtual machine. Supported modules include Local Traffic Manager, BIG-IP DNS (formerly Global Traffic Manager), Application Security Manager, Access Policy Manager, Application Acceleration Manager, Policy Enforcement Manager, Application Firewall Manager, and Analytics. BIG-IP VE includes all features of device-based BIG-IP modules running on standard BIG-IP TMOS, except as noted in release notes and product documentation.

Note: The BIG-IP VE product license determines the maximum allowed throughput rate. To view this rate limit, you can display the licensing page within the BIG-IP Configuration utility.

Contents:

- Supported platforms
- BIG-IQ – BIG-IP compatibility
- User documentation for this release
- New in 12.1.0
- Fixes in 12.1.0
- Behavior changes in 12.1.0
- Local Traffic Manager-Virtual Edition known issues
- BIG-IP DNS-Virtual Edition known issues
- Application Security Manager-Virtual Edition known issues
- Access Policy Manager-Virtual Edition known issues
- Application Acceleration Manager-Virtual Edition known issues
- Policy Enforcement Manager-Virtual Edition known issues
- Application Firewall Manager-Virtual Edition known issues
- Analytics-Virtual Edition known issues
- Contacting F5 Networks
- Legal notices

Supported platforms

This version of the software is supported in the following configurations. For a list of VE hypervisor support, see the Virtual Edition and Supported Hypervisors Matrix

Memory: 12 GB or more

All licensable module-combinations may be run on BIG-IP Virtual Edition (VE) guests provisioned with 12 GB or more of memory.

Memory: 8 GB

The following guidelines apply to VE guests configured with 8 GB of memory.

  • No more than three modules should be provisioned together.

Memory: Less than 8 GB and more than 4 GB

The following guidelines apply to VE guests provisioned with less than 8 GB and more than 4 GB of memory.

  • No more than three modules (not including AAM) should be provisioned together.
  • Application Acceleration Manager (AAM) cannot be provisioned with any other module; AAM can only be provisioned standalone.

Memory: 4 GB or less

The following guidelines apply to VE guests provisioned with 4 GB or less of memory.

  • No more than two modules may be configured together.
  • AAM should not be provisioned, except as Dedicated.

BIG-IQ – BIG-IP compatibility

SOL14592: Compatibility between BIG-IQ and BIG-IP releases provides a summary of version compatibility for specific features between the BIG-IQ system and BIG-IP releases.

User documentation for this release

New in 12.1.0

Support for VMware vMotion

You can now live migrate BIG-IP VE instances between VMware hosts.

Support for New Drivers for Broader Virtual Edition Platform Compatibility

BIG-IP Virtual Edition (VE) now supports the Cisco enic driver, which enables support for the Cisco UCS Virtual Interface Card (VIC1240/1340) in VM-FEX mode. BIG-IP VE also now supports the Intel XL710 virtual function driver in SR-IOV mode.

Fixes in 12.1.0

ID Number Description
434713 Licensed bandwidth limit now applies only to application traffic. Bandwidth exceeded messages in the Virtual Edition (VE) log file now portray application performance and not application plus administrative traffic overhead.
502928 This release properly handles memory allocation failures on Virtual Edition (VE) instances running in AWS and Azure, so no TMM cores occur.
524301 Set up a dataplane interface's MTU up to 9198 with this fix. To make a VLAN and the interface from which it derives have the new MTU, run the command: tmsh modify net interface <ifname> mtu <mtu>.
529484 Virtual Edition instances now stays active when instances passing 10 Gbps of traffic on interfaces that support LRO.
534021 BIG-IP HA on AWS dynamically constructs the EC2 service endpoint based on the domain-name and region attached with the running instance.
538010 If Virtual Edition (VE) is provisioned with 1NIC enabled on Amazon AWS or Microsoft Azure public cloud services, you cannot statically assign the management IP when 1NIC provisioning is enabled on supported VE platforms. The system now provides the following warning: 01071ac0:3: DHCP can't be disabled with dbvar 'provision.1nic' enabled.
538012 Virtual Edition (VE) 1NIC provisioning shares the same IP address as both the management IP and self IP address, so VE with 1NIC enabled cannot pass any traffic through the data plane if a different self IP address from the DHCP management IP is assigned. The system now provides the following warning: 01071ac6:3: Invalid Self-IP '10.10.10.11/255.255.252.0': it must be the same as the management-IP '10.10.10.10/255.255.252.0' in VE-1NIC.
544531 "You can configure ConfigSync Only (there is no support of network failover, but it should be selected and disabled when creating the Device Group), for BIG-IP VE provisioned with a single NIC and a single IP address using the following steps: Steps to configure ConfigSync in Azure VE provisioned with a single NIC and a single IP address

-Configure configsync-ip in each VE/device
- run "tmsh modify cm device <bigipX> configsync-ip <self-ip>"
in each VE/device
- in the master VE/device, run the following tmsh cmd-line:
- to add all other VEs/devices to the trust-domain
- run "tmsh modify cm trust-domain Root ca-devices add { <peer-mgmt-ip> } name <bigipX> user <user> password <password>"
for each VE/device
  - to create a new device group for all VEs/devices    
  - run "tmsh create cm device-group <device-group> devices add { <all-device-names-separated-by-space> } type sync-failover auto-sync enabled network-failover disabled
    - run "tmsh run cm config-sync to-group <device-group>"
    to initially sync-up configs among devices in device-group
      
      - Use version 12.0.0 HF1 EHF14 and later images.
      - Use a static private IP address provided by Azure Virtual Network.
      - Set db-var 'provision.1nicautoconfig' to be 'disable' before beginning.
      
* No support of network failover when setting up ConfigSync in Azure.
      
  - A typical setup is as follows:
  
  - Configure configsync-ip in each VE/device.
  - In each VE/device, run the command:
  tmsh modify cm device <bigipX> configsync-ip <self-ip>.
    - In the master VE/device, complete the following steps at the tmsh command line:
    - To add all other VEs/devices to the trust-domain, complete the following steps at the tmsh command line for each VE/device:
    - Run the command:
    tmsh modify cm trust-domain Root ca-devices add { <peer-mgmt-ip> } name <bigipX> user <user> password <password>.
      - To create a new device group for all VEs/devices:  
      - Run the command:
      tmsh create cm device-group <device-group> devices add { <all-device-names-separated-by-space> } type sync-failover auto-sync enabled network-failover disabled.
        -  To initially sync-up configs among devices in device-group, run the command:
        tmsh run cm config-sync to-group <device-group>."

545314 The underlying issue has been fixed such that the vCMP guest BIG-IP or VE BIG-IP will boot up correctly the first time after its disk size has been increased.
550618 The BIG-IP Virtual Edition now successfully loads the default configuration on the Microsoft Azure cloud service.
557648 Include Amazon EC2 web service tools from latest version of the toolset. Included is support for AWS pool autoscale functionality.

Behavior changes in 12.1.0

There are no Virtual Edition-specific behavior changes specified for this release.

Local Traffic Manager-Virtual Edition known issues

ID Number Description
224507 When Virtual Editing (VE) is deployed on VMware, the management port might not correctly reflect the uplink port speed of the vSwitch that it is connected to. VE deployed on VMware. This should have no adverse affects on actual management port traffic. Workaround: None.
351538 F5 Networks strongly recommends that the host system use CPUs with AMD-V or Intel-VT technology. This might require adjusting the systems BIOS or Unified Extensible Firmware Interface (UEFI) configuration. Host systems not using CPUs with AMD-V or Intel-VT technology. For specific hypervisors, hardware assisted virtualization technologies might be required in order to boot BIG-IP VE. For detailed system requirements, see the hypervisor's documentation. Workaround: None.
352856 Errors occur when migrating SCF files between different BIG-IP Virtual Edition (VE) hypervisor software. This occurs on BIG-IP VE. "The configuration does not load, and the system posts the following error: BIGpipe interface creation error: 01070318:3: 'The requested media for interface 1.1 is invalid.'" Workaround: To work around this, remove the entire line that contains 'media fixed' statements for each interface. When the media capabilities are removed from the SCF before load, no error occurs.
358355 When deployed as a Microsoft Hyper-V virtual machine, BIG-IP Virtual Edition (VE) must be configured with Static Memory Allocation. The use of Dynamic Memory Allocation is unsupported and might cause issues. Dynamic Memory Allocation. Dynamic Memory Allocation is unsupported and might cause issues. Workaround: None.
364704 Certain hypervisors support a snapshot of the virtual machine taken with the active state of the memory. On VMware, this temporarily freezes the virtual machine. This might produce undesired results. Taking a snapshot of the virtual machine's memory on VMware. Pauses the virtual machine, which might produce undesired results. Workaround: To avoid this problem on VMware hypervisors, do not include the virtual machine's memory when taking snapshots. On VMware, uncheck the option: Snapshot the virtual machine's memory.
366403 After modifying the BIG-IP system topology by adding or removing Network Interfaces, the interface numbering might appear out of order and NICs may appear that are no longer present. Adding or removing Network Interfaces. Usually the fifth NIC will be the first to induce the problem. Interface numbering might appear out of alignment with the previous boot of the VE. NICs may appear that are no longer present. This impact can be seen even after reconfiguring the VLAN interfaces on the BIG-IP VE to match the new topology and MAC layout. After a binary MCPD database has been created, the system may not correctly detect the change even after a subsequent reboot. Workaround: To ensure that the VE system properly detects the new or removed interfaces, run the command 'rm /var/db/mcpd*' at the BIG-IP VE command prompt, and then reboot the VE. After a new mcpdb file has been created, the VLAN interfaces may need to be reconfigured to map to the correct networks, either on the hypervisor, BIG-IP VE, or both. Interface mapping can be viewed by comparing the MAC addresses of the VE interfaces to the same MAC addresses displayed in the hypervisor configuration for the Virtual Machine definition that the VE resides in. The BIG-IP VE MAC addresses can be found in the BIG-IP Configuration utility on the Network :: Interface page, via tmsh, or other resources, such as iControl and iControl REST.
371458 On a XenServer Host, all interfaces are expected to show up as 100TX-FD within tmsh. XenServer Host. All application traffic handling interfaces will be shown with a media speed of 100 and an Active Duplex of half in the GUI for this release. This speed rating is simply cosmetic and not actually reflective of the speeds and duplex for BIG-IP VE on a XenServer host. The actual link is a high speed internal connection via a Virtual Network Interface within the hypervisor at speeds greater than 100 Mbps. Workaround: None.
371631 BIG-IP Virtual Edition (VE) may incorrectly report the interface media duplex settings as none. The General Properties may show an incorrect Active Duplex setting when you navigate to Network :: Interfaces, and then click the interface. The output from the tmsh show network interface all-properties command may show incorrect information in the Media column. Running the command 'show net interface all-properties'. You are unable to confirm the current duplex setting of an interface. Workaround: "To work around this issue, you can determine the interface media duplex setting for VE configurations not involving SR-IOV by running the following command: tmsh list net interface. Note: This workaround is valid only for VE configurations and only reports the VE's reported link state. A VM cannot determine any vSwitch's upstream link state via its own link state. VE knows about the link between it and the vSwitch, except in SR-IOV deployments, where there is no vSwitch and the link is direct."
372540 Migration of BIG-IP VE, whether live or powered off, commonly incurs an innocuous warning message similar to this on vSphere hypervisors: Virtual Ethernet card: 'Network adapter 1' is not supported. Migration of BIG-IP VE, whether live or powered off. This is not a limitation of the host in general, but of the virtual machine's configured guest OS on the selected host." This message is benign and can safely be ignored. Workaround: None.
394817 Virtual Edition (VE) now supports CMP (that is, multiple TMMs running on the same device). For rate-limited licenses, the throughput rate is divided by the number of TMMs, so each TMM is capped at a fraction of the total licensed limit. VE with CMP enabled and a rate-limited license. After enabling CMP on VE, maximum throughput for one TCP/UDP connection is decreased by the TMM count. For example, If a 200M license with one connection has a throughput of 180Mbits/s before enabling CMP, then for two TMMs the expected throughput would be 90 Mbits/s, and with four TMMs, the expected throughput would be 45 Mbit/s. This is expected functionality. Workaround: None.
401569 On Virtual Edition (VE), if a VLAN was created without any assigned interface, then it will get 00:98:76:54:32:10 MAC address. This address is not functional for accessing any virtual server via such VLAN. The issue is VE-specific due to vmw-compat VLAN MAC assignment policy. This behavior is different from BIG-IP v11.0.0 (and earlier) where VLAN without any interface had MAC address 00:00:00:00:00:00. The 00:98:76:54:32:10 MAC address is not functional for accessing any virtual server via such VLAN. Workaround: "Possible workarounds: 1. Attach/detach an interface. 2. Manually assign 00:00:00:00:00:00 to VLAN (e.g., by using the ip command)."
409234 FastL4 Virtual Servers might experience very low throughput on Virtual Edition (VE) with TCP Segmentation Offload disabled. VE, with at least one FastL4 virtual server configured, and TCP Segmentation Offload (TSO) disabled in the TMM (sys db tm.tcpsegmentationoffload). Numerous Transmit Datagram Errors for the FastL4 profile (tmsh show ltm profile FastL4). FastL4 virtual servers affected might have very low throughput, which might occur if the hypervisor has Large Receive Offload (LRO) enabled. This is a hypervisor configuration issue. Low throughput might also occur when VE is passing traffic to other virtual machines running on the same physical hypervisor. Workaround: There are two workarounds: -- Enable TCP Segmentation Offload by modifying 'sys db tm.tcpsegmentationoffload'. -- Disable LRO on hypervisors running VE.
412817 The BIG-IP system is unreachable for IPv6 traffic via PCI pass-through interfaces, because current ixgbevf drivers do not support multicast receive. When configured to see IPv6 traffic on a PCI pass-through interface, the BIG-IP guest is not able to see this traffic. PCI pass-through interfaces are unable to see IPv6 traffic. Workaround: None.
495523 MCPd goes into a restart loop after a change to the AWS Instance Type. This occurs in Virtual Edition (VE) after changing the underlying instance hardware in AWS, which is not supported behavior. The instance is not usable. There is no error message to indicate the failure. Workaround: Users can save the configuration on the BIG-IP system, instantiate a instance of the desired type, and apply the saved configuration.
517454 BIG-IP VE running on Azure cloud cannot report hostname back to Azure Fabric Controller. Hostname is missing in Azure VE's dashboard in Azure portal. If BIG-IP VE runs on Azure cloud. Although the hostname is missing, there is no impact on BIG-IP VE functionality. Workaround: None.
547047 Older EC2 tools stopped working in some AWS regions. This can happen in some AWS regions. BIG-IP high availability configurations may stop working in some AWS regions. Workaround: None.
554461 Messages do not display during bootup for serial-based Virtual Edition (VE) consoles. This occurs because by design VE grub and kernel configurations defaults to vga (tty0). Any bootup messages of interest cannot be seen on the serial console, which hinders debugging in the event of a boot failure or error. Workaround: "To add the serial console, follow these steps:

            1) Login to the VE and run the following command to edit the grub configuration:
            
            # vi $( grub_open )
            
            2) Add the following two lines after 'timeout=8':
            
            serial --unit=0 --speed=19200
            terminal --timeout=3 serial console
            
            3) Edit each kernel boot entry to define two consoles as follows:
            
            console=tty0 console=ttyS0
            
            4) Write and quit the vi editor with the command :wq
            
            5) Synchronize the grub changes to storage such that they apply on the next boot:
            
            # grub_close

Note: Some Xen variants may need to specify 'hvc0' instead of 'ttyS0' for their serial console. Other Xen variants may need to specify 'ttyS1'. In all cases, leaving 'console=tty0' in place is required to keep VGA console functionality."
563116 Cannot install a hotfix or anything on the second volume if an empty HD1.2 exists before installing. "--BIG-IP Virtual Edition. --HD1.2 is empty before installing." Failed installation occurs with Disk full (volume group). See SOL#10636 message. Workaround: After encountering the disk-full condition described in SOL10636, or to avoid it in the first place, remove HD1.2 before installing. Then install to a new boot location using the create-volume option (in tmsh), or specify a new volume name when installing (in the GUI-based configuration utility).
569331 Traffic will not pass to virtual servers of a traffic group "BIG-IP AWS High Availability AWS network outage" Some of virtual addresses end up associated with the standby BIG-IP; traffic will not pass to their virtual servers. Workaround: "If the desired BIG-IP is standby, failover to the BIG-IP. If the desired BIG-IP is already active, failover from this BIG-IP and then failover back to this BIG-IP."
575027 Tagged VLAN configurations with a cmp-hash setting for the VLAN, might result in performance issues. "This occurs when the following conditions are met: 1. Use of tagged VLANs in the configuration. 2. Change cmp-hash of the tagged VLAN." Throughput is lower than expected. Packets are not being hashed using the hash set in config. (This can be verified by looking at 'tmm/flow_redir_stat'.) Workaround: Use untagged VLANs and hypervisor side tagging.
577785 Loading sys config triggered by MCPD start might fail after removing NICs for VE if the given NICs have been configured as the data-plane interfaces in BIG-IP Virtual Edition (VE). "- BIG-IP VE. - Multi-NICs have been configured as the data-plane interfaces. - One or some of these NICs have been removed from the host side." BIG-IP VE stops working. BIG-IP VE cannot be in ready state since almost all other services depend on MCPD to be up running first. Workaround: Edit /config/bigip_base.conf to delete the net interfaces that have been removed on the host/hypervisor side.
577831 Virtual Edition (VE) does not boot and no boot messages are displayed. This occurs when there is no video device present. This is an issue because by design VE grub and kernel configurations default to vga (tty0). VE does not boot. Workaround: Use a VGA console option when deploying the VE (via virt-admin, or the Xen configuration utility, etc.)
587791 Due to recent changes of the build process /var/lib/waagent didn't have proper execute permission set. This caused failure in executing user custom scripts during deploying. First deployment of VM in Azure, which requires executing custom scripts. Custom scripts cannot be executed. Workaround: N/A

BIG-IP DNS-Virtual Edition known issues

There are no known issues specific to BIG-IP DNS-Virtual Edition.

Application Security Manager-Virtual Edition known issues

There are no known issues specific to Application Security Manager-Virtual Edition.

Access Policy Manager-Virtual Edition known issues

There are no known issues specific to Access Policy Manager-Virtual Edition.

Application Acceleration Manager-Virtual Edition known issues

There are no known issues specific to Application Acceleration Manager-Virtual Edition.

Policy Enforcement Manager-Virtual Edition known issues

There are no known issues specific to Policy Enforcement Manager-Virtual Edition.

Application Firewall Manager-Virtual Edition known issues

There are no known issues specific to Application Firewall Manager-Virtual Edition.

Analytics-Virtual Edition known issues

There are no known issues specific to Analytics-Virtual Edition.

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you are using to subscribe. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.

Legal notices

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)