Applies To:

Show Versions Show Versions

Release Note: BIG-IP LTM version 9.0.3
Release Note

Software Release Date: 12/21/2004
Updated Date: 12/11/2013

Summary:

This release note documents the version 9.0.3 feature release of BIG-IP® Local Traffic Manager and Load Balancer Limited. To review the features introduced in this release, see New features and fixes in this release. For existing customers, you can apply the software upgrade to systems running BIG-IP version 4.5 PTF-04 through version 4.5.11, and to systems running version 9.0 and later. (Note that you cannot apply this upgrade to systems running BIG-IP version 4.6 software.) For information about installing the upgrade, please refer to Installing the software.
Note: F5 now offers both feature releases and maintenance releases. For more information on our new release policies, please see New Versioning Schema for F5 Software Releases.

 

Contents:

- Supported browsers
- Supported platforms
- Installing the software
     - Verifying the BIG-IP software installation
- Re-activating the license on the BIG-IP system
- New features and fixes in this release
- Fixes in this release
- New features and fixes from previous releases
- Optional configuration changes
- Understanding the Fast HTTP profile
- Using the Scripted monitor
- Configuring the LDAP monitor
- Configuring the WAP monitor
- Using SNMP read/write MIBS
- New SNMP OIDs in this release
- Compiling the real_server monitor plug-in for UNIX and Linux systems
- Configuring slow ramp time for a pool
- Using the switchboot utility
- Known issues
     - Updating the statsd utility directory structure


Supported browsers

The Configuration utility (graphical user interface) supports the following browsers:

  • Microsoft® Internet ExplorerTM, version 6.x and later
  • Netscape® NavigatorTM, version 7.1, and other browsers built on the same engine, such as MozillaTM, FirefoxTM, and CaminoTM.

Note that we recommend that you leave the browser cache options at the default settings.

Important: Popup blockers and other browser add-ons or plug-ins may affect the usability of the Configuration utility. If you experience issues with navigation, we recommend that you disable these types of browser plug-ins and add-ons.

[ Top ]

Supported platforms

This release applies only to the supported platforms listed below; each one provides all minimum system requirements. This release supports the following platforms:

  • BIG-IP 1000 (D39)
  • BIG-IP 2400 (D44)
  • BIG-IP 5100 and 5110 (D51)
  • BIG-IP 1500 (C36)
  • BIG-IP 3400 (C62)
  • BIG-IP 6400 (D63)

If you are unsure of which platform you have, look at the sticker on the back of the chassis to find the platform number.

[ Top ]

Installing the software

There are several installation options to consider before you begin the version 9.0.3 software installation.

Important:  You are prompted to install the software on multiple slots if the unit supports the multiple boot option. The BIG-IP 1500 (C36), BIG-IP 3400 (C62), and BIG-IP 6400 (D63) platforms support this functionality. The IM upgrade does not add the multiple boot functionality. If you want this functionality on a supported platform, you must choose another installation method.

  • Version 9.0.3 clean install
    If you do not plan to roll a 4.5.x configuration forward, you can perform a clean installation on the unit. This type of installation allows you to install the software on multiple slots, if your hardware supports multiple slots. For more information about performing a clean install of the version 9.0.3 software, see Performing a clean installation of BIG-IP version 9.0.3 .
     
  • Version 4.5.x to 9.0.3 upgrade
    You can use this upgrade option when you are directly connected to the system you intend to upgrade. The instructions for this upgrade option describe how convert a 4.5.x configuration and license for use on a 9.0 system. For more information about this upgrade option, see Upgrading from BIG-IP software versions 4.5 PTF-04 through 4.5.11 to BIG-IP software version 9.0.3.
     
  • Remote upgrade from version 4.5.x to 9.0.3
    The remote upgrade provides the ability to run the upgrade from a management workstation that is not directly connected to the system you intend to upgrade. The instructions for this upgrade option describe how convert a 4.5.x configuration and license for use on a 9.0 system. For more information about this upgrade option, see Upgrading from BIG-IP software versions 4.5 PTF-04 through 4.5.11 to BIG-IP software version 9.0.3 using the remote upgrade procedure .
     
  • Version 9.0.3 IM upgrade
    The IM upgrade provides the ability to copy an IM package onto the system you intend to upgrade. You can apply the version 9.0.3 upgrade to any supported system version 9.0 or later. The IM upgrade does not install the multiple boot functionality. Also, to apply an IM upgrade to a multiple slot installation, you must boot the system to the slot you want to upgrade, copy the upgrade file to the slot, and then run the IM upgrade. For more information about the IM upgrade, see To install the version 9.0.3 upgrade.

To install the version 9.0.3 upgrade

If you previously installed a version of the software that supports multiple boot functionality, this upgrade method supports the multiple boot configuration. If you are installing this IM upgrade on a system that does not support multiple boot functionality, such as version 9.0 and 9.0.1, the IM upgrade does not add this functionality. To add multiple boot functionality, you must perform a PXE install of the software. For more information about performing a clean install of the version 9.0.3 software, see Performing a clean install of BIG-IP version 9.0.3

  1. Log on as root to the system to be upgraded.
     
  2. Create a temporary read-only memory file system (RAMFS) directory, using the following command:
    mkdir /var/ramfs
     
  3. Mount the file system by typing the following command:
    mount -t ramfs none /var/ramfs
     
  4. Change to the /var/ramfs directory by typing the following command:
    cd /var/ramfs

  5. Go to Downloads site and locate the BIG-IP 9.0.3 upgrade file, Upgrade9.x-to-9.0.3.104.4.im.

     

  6. Download the software image.

    For information about how to download software, refer to SOL167: Downloading software from F5 Networks.

  7. Install the upgrade by typing the following command:
    im /var/ramfs/Upgrade9.x-to-9.0.3.104.4.im
     
  8. Once the upgrade installation is complete, you must reboot the system by typing the following command:
    reboot
    Rebooting the system finalizes the upgrade, and removes both the RAM file system and the upgrade package.

Important: If you are upgrading to version 9.0.3 on one of these platforms: BIG-IP 1500 (C36), BIG-IP 3400 (C62), or BIG-IP 6400 (D63), you must reboot the SCCP (using the following instructions) after you finish the IM upgrade process. This updates the images on the SCCP to the most current version. (CR41385)

To reboot the SCCP

  1. From a console, halt the BIG-IP host by typing the following command:
    halt
  2. After you halt the host, press Esc (.
    The Command Menu opens.
     
  3. From the Command Menu, choose 8.
    The SCCP reboots.

 

[ Top ]

Verifying the BIG-IP software installation

After you complete the installation of the software, you can verify the the installation using the RPM database. For more information, type man rpm to view the RPM man page. Use the verify options to verify the installation.
 
[ Top ]

Re-activating the license on the BIG-IP system

You need to re-activate the license on the BIG-IP system to use some of the new features added in this release.

To re-activate the license on the system

  1. On the Main tab, expand System.
     
  2. Click License.

    The License screen opens.
     
  3. Click the Re-activate button and follow the onscreen instructions to re-activate the license.

 

[ Top ]

New features and fixes in this release

This release includes the following new features and fixes.

Using the Fast HTTP profile(CR41444)
The features provided in the Fast HTTP profile are designed to speed up certain types of HTTP connections. This profile provides the ability to tune these connections for the best possible network performance. When you use this profile with a virtual server, the virtual server processes traffic packet-by-packet and at a significantly higher speed. For more information about the Fast HTTP profile, see Understanding the Fast HTTP profile.

Configuring the FIPS hardware security module (CR40827)
A FIPS hardware security module (HSM) is available for creating and maintaining secure keys for SSL transactions. Currently, the FIPS HSM is available in the BIG-IP 6400 platform. For more information about configuring the FIPS HSM, refer to Configuring and Maintaining a FIPS Security World .

Using the Scripted monitor (CR42585)
The Scripted monitor provides the ability to write a simple script to monitor a server in the network. The Scripted monitor opens a TCP socket and from the file you specify by the filename parameter, reads send lines to be sent over the socket and expect lines to be expected from the socket. To activate this feature, you must re-activate the software license on the BIG-IP system. To re-activate the license on the system, see Re-activating the license on the BIG-IP system. For details about using this monitor, see Using the Scripted monitor.

LDAP monitor enhancements
The LDAP monitor contains a new option Mandatory Attributes. This option causes the LDAP monitor to behave differently if the value is yes or no. It is also important to note that this monitor no longer requires an entry in /etc/hosts for the LDAP servers. For details about using this monitor, see Configuring the LDAP monitor.

Using the WAP monitor (CR34093)
The WAP monitor is a health monitor for Wireless Application Protocol servers. This monitor provides the ability to check the status of a WAP server by checking for various types of information. To activate this feature, you must re-activate the software license on the BIG-IP system. To re-activate the license on the system, see Re-activating the license on the BIG-IP system. For details about using this monitor, see Configuring the WAP monitor.

SNMP: Read/Write SNMP OIDs for enabling and disabling the state of objects (CR42845)
With this release, you can now use SNMP to enable or disable the state of nodes, virtual servers, virtual addresses, and pool members. This provides the ability to use SNMP for certain management functions. For details about using the read/write SNMP OIDs, see Using SNMP read/write OIDs.

SNMP: MIB updates (CR41457, CR42698, CR43036)
This release includes several SNMP OID updates related to new functionality. For details about using the read/write SNMP OIDs, see New SNMP OIDs in this release.

Fixes in this release

The tcpdump utility and viewing MGMT interface traffic (CR33009)
The tcpdump utility now accepts the mgmt argument if you want to view the traffic on the MGMT interface.

CPU performance graph and displaying data on unit with single processor (CR37236)
If you have a platform that has only one processor (CPU) in it, the CPU usage graph, on the Overview > Performance screen displays the CPU usage of all processes.

Log messages on a pre-licensed system (CR39523)
Before a system is licensed, you no longer see excessive warning log messages for features that are not yet available.

Running configuration synchronization between units with different time settings (CR39562)
The configuration synchronization process now verifies the time on the peer unit before attempting to run. If the time difference is greater than 600 seconds, the process stops, and you need to synchronize the times before continuing.

Configuring port mirroring and debug messages on the console (CR39711)
When you configure port mirroring for an interface using the Configuration utility, you no longer see debug messages on the console.

Configuring monitors for wildcard virtual servers (CR39808)
Monitors with a default port of * (any), when paired with a pool member with a destination port of *, now properly use the default port for the particular monitor/service type.

SNMP and multi-word community strings (CR39871)
Creating access records with multi-word community strings corrupts the snmpd.conf file. To avoid this problem, limit community strings to a single word.

Using the Server SSL profile and RSA keys larger than 2048 bits (CR39886)
If your configuration meets all of the following conditions, the system no longer resets server-side connections during the handshake operation:

  • The configuration contains a virtual server whose resource members are servers with RSA keys larger than 2048 bits.
  • The virtual server has a Server SSL profile associated with it.
  • In the Server SSL profile, the Server Certificate authentication option is set to ignore.

 

Link down on standby functionality (CR39902)
The failover link down on standby functionality is implemented in this release.

OTCU: Detecting gigabit fiber port media settings (CR39914)
The OTCU now properly detects the media settings for gigabit fiber ports.

HTTPS monitor no longer fails with EDH cipher (CR40629)
The HTTPS monitor now works properly with the EDH cipher.

The bigpipe utility and cipher names with hyphens (CR40661)
The bigpipe utility now properly recognizes cipher names that contain hyphens, for example, AES128-SHA.

Deleting virtual servers and virtual addresses in the Configuration utility (CR40944)
In the Configuration utility, when you modify a property on a virtual address (change it from the default), and then delete the virtual server with which the virtual address is associated, the system now properly removes the virtual address also.

Changing the system's time zone in the Configuration utility and logging time stamps (CR41149)
When you change the time zone for the system on the System: General Properties screen, the log file entries now properly reflect the updated time.

Obsolete MGMT route and upgrades (CR41382, CR42218)
When you upgrade to version 9.0.3, and apply an existing configuration (in a config.ucs file), if the rolled-forward configuration contains a MGMT route in the 192.168.*.* network, the system now properly deletes the route entry.

Using a USB CD-ROM drive for software installation (CR41543)
When you use a USB CD-ROM drive to install the BIG-IP software, you are now prompted to remove the CD-ROM after the installation has finished.

Cookie hash values are now properly stored in the persistence tables (CR41681)
When you use the Cookie Hash method for Cookie persistence, the system now correctly stores the persist values.

Virtual server with Client SSL profile using SSLv2 and ALL ciphers (CR42211)
If you configure a virtual server that references a Client SSL profile which uses the ciphers SSLv2 and ALL, the SSLv2 connections for the virtual server now complete properly.

Creating an external data group and data group type (CR42249)
If you do not specify a file path when you create an external data group, the system no longer overrides the type setting.

Deleting external data groups and errors in the Configuration utility (CR42252)
In the Configuration utility, when you delete an external data group, the Configuration utility now properly returns you to the Data Group List screen.

Using the HTTP::release option in an iRule and system errors (CR42306)
If you use the HTTP::release option in an iRule, and you do not use the corresponding HTTP::collect option, the system no longer becomes unstable.

IM package upgrades and the /SLOT file (CR42331)
When you update your software to version 9.0.3 using the IM package upgrade, the upgrade now creates the /SLOT file for the slots on the system.

Configuration utility: Displaying virtual servers that use port 32768 or higher (CR42343)
The Configuration utility can now display virtual servers configured to listen on port 32768 or higher.

 

Routing on the management interface (CR42381)
We have corrected a problem with chmand. Chmand should now handle IPv4 routing correctly for the management interface.

MSRDP hash values are now properly stored in the persistence tables (CR42822)
When you enable Microsoft Remote Desktop Protocol persistence, the system now correctly stores the persist values.

Upgrading to version 9.0.3 and name changes to MSRDP persistence profile attribute (CR42972)
The msrdp no session dir <enable | disable> attribute has been renamed to msrdp session directory <enable | disable>. When you upgrade to version 9.0.3 from version 9.0 through 9.0.2, and you roll forward a UCS file that contains an MSRDP persistence profile, the system automatically converts the session directory attribute to the new format.

Upgrading to version 9.0.3 and rolling forward UCS files with SSL iRules (CR43252)
When you upgrade to version 9.0.3 from version 9.0 through 9.0.2, and you roll forward a UCS file that contains one or more SSL iRules, the system no longer generates rule parsing syntax errors.

Upgrading to version 9.0.3 and new configuration requirements for cookie persistence profile (CR43253)
When you upgrade to version 9.0.3, the system now requires that, in a cookie persistence profile, the persistence mode must be cookie hash if the persist mirroring setting is enabled. When you roll forward a UCS file that contains a cookie persistence profile, the system automatically disables the persist mirror setting if the mode is not cookie hash.

Excessive logging for SNAT ANY-IP denials (CR43257)
The system no longer generates excessive log entries for routine ICMP pings when you have SNAT ANY-IP configured.

Log file rotation for the tomcat utility (CR43266)
The system now properly performs log file rotation for the tomcat utility. For the log rotation to function correctly, the tomcat utility restarts every 24 hours.

Data group string classes no longer limited to a 64-character length (CR43414)
If you use the Configuration utility to add a string class to a data group, the string value is no longer truncated to a 64-character string.

Persistence tables are now mirrored properly for sticky persistence (CR43423)
We fixed an issue where persistence tables for a destination address affinity persistence (or sticky persistence) may not mirror properly in a failover.

SSL cipher selection errors (CR43698)
Previously, the system improperly handled SSLv2 cipher suite descriptors, which caused conflicts with Microsoft PCT extended option encodings and other SSLv2 applications. We corrected the issue to resolve these conflicts.

HTTP profile now supports certain unrecognized HTTP methods (CR43477)
Previously, the HTTP profile did not support the unrecognized http method "SEARCH" to post XML to an Exchange server. The HTTP profile now supports these and other unrecognized HTTP methods that contain Content-Length or Transfer-Encoding headers.

The TCP::notify response command no longer causes a system crash (CR43585)
We corrected an issue where the system did not process the TCP::notify response command correctly and caused a system crash.

The Least Connections (node) load balancing method is fixed (CR43644)
Previously, when you selected Least Connections (node) for your load balancing method, this method did not work properly. We corrected this issue so that the Least connections (node) load balancing works properly.

[ Top ]

New features and fixes from previous releases

The current release includes the features and fixes that were distributed in prior releases, as listed below. (Prior releases are listed with the most recent first.)

Version 9.0.2

Multiple boot installations (CR40912)
The version 9.0.2 release includes a new multiple boot capability. With this release, you can now install the software on multiple disk slots in the system. A slot is a portion of a drive with adequate space required for an installation. If the hardware supports multiple slots, you are prompted to install the software on multiple slots during the installation. The BIG-IP 1500 (C36), BIG-IP 3400 (C62), and BIG-IP 6400 (D63) platforms support this functionality. There are several benefits of running a system with a multiple slot installation.

  • The ability to select a different version of the software during boot time from the boot menu.
  • The ability to install a new version of the software on a slot without losing a previous installation on a different slot.
  • The ability to revert back to an old installation without having to re-install, roll back, or lose new installations.

You can use this new feature if the unit contains a supported hardware configuration. more than one drive (for example, a CompactFlash® media drive and a hard disk drive), or a hard drive. After you have installed the software on multiple slots, you can change which slot boots when you start the system. For details about using this functionality, see Using the switchboot utility.

Important:  The IM upgrade does not add the multiple boot functionality. If you want this functionality on a supported platform, you must choose another installation method.

 

High availability: New Restart All action (CR40406)
This release includes a new option for high availability, Restart All. When you select this option for a high availability setting, the system restarts all system services, not just the affected service. For additional information, review the online help for the configuration options on the System >> High Availability screens.

Local traffic pools: New Slow Ramp Time option (CR40590)
When you take a pool member offline, and then bring it back online, the pool member can become overloaded with connection requests, depending on the load balancing mode for the pool. For example, if you use the Least Connections load balancing mode, the system sends all new connections to the newly-enabled pool member (because technically it has the least amount of connections). When you configure the Slow Ramp Time option, the system sends less traffic to the newly-enabled pool member. The amount of traffic is based on the ratio of how long the pool member has been available compared to the slow ramp time. Once the pool member has been online for a time greater than the slow ramp time, the pool member receives a full proportion of the incoming traffic. To configure the slow ramp time option, review Configuring slow ramp time for a pool, in the Optional configuration changes section of this release note.

User authentication method now configurable for SSL client certificate LDAP authentication (CR37259)
If you use SSL client certificate LDAP (SSL CC LDAP) authentication, you can now specify a UserClass object, for client authorization. Previously, you could not configure the UserClass object. The default setting is StrongAuthenticationUser.

New options for iRules (CR40241, CR41153)
The following options have been added to the iRules syntax.

Option Description
HTTP_REQUEST_SEND This server-side event gets raised just before a request is sent to the server.
IP::ttl This command reports the TTL for an inbound IPv4 or IPv6 packet.

 

SNMP MIB updates (CR40526, CR40571, CR40849, CR40893)
This release includes the following SNMP OID updates related to new functionality.

OID Name OID Value
ltmHttpProfileMaxRequests .1.3.6.1.4.1.3375.2.2.6.7.1.2.1.26
ltmUdpProfileDatagramLb .1.3.6.1.4.1.3375.2.2.6.11.1.2.1.7
ltmPoolSlowRampTime .1.3.6.1.4.1.3375.2.2.5.1.2.1.22
ltmTcpProfileDeferredAccept .1.3.6.1.4.1.3375.2.2.6.10.1.2.1.22

 

HTTP profile: New Maximum Requests option (CR40859)
The HTTP profile now includes the Maximum Requests option. This setting specifies a maximum number of requests that can be made on a single keep-alive connection. When the limit is reached, the final response contains a Connection: close header, which closes the connection. The default behavior does not restrict the number of requests per connection.

Version 9.0.2 fixes

Both units in a redundant system remain in active mode after initial configuration (CR34060)
When you configure a redundant system, the first unit now goes into standby mode after you configure the second unit.

Modifying properties of a route (CR36732)
In the Configuration utility, you can now modify the properties of a route, in the Network section. For additional information, see the online help for the route properties screen.

ISO image/CD now includes the source for building the Real Monitor plug-in for UNIX and Linux systems (CR39359)
The version 9.0.2 ISO image now includes the source code for compiling the Real Monitor for RealServer 8.0 on Linux and UNIX systems. If you are load balancing to RealServer 8.0 servers, you need to compile the source so that you can use the real_server monitor. For additional information, see Compiling the real_server monitor plug-in for UNIX and Linux systems, in the Optional configuration changes section of this release note.

Error message when resetting iRules statistics in the Configuration utility (CR39580)
You no longer see the error message Statistics not implemented when you reset the iRules statistics from the Overview > Statistics > iRules screen.

License activation and system time (CR39659)
When you are activating a license, and the hardware clock time is more than 24 hours different than the time on the F5 Licensing server, the system now generates an error and redirects you to the License Keys screen. Re-type the registration keys and continue with the licensing process. The system regenerates the dossier with a current timestamp.

SNMP trap configuration (CR39782)
In the Configuration utility, on the SNMP > Traps > Configuration screen, changing the Device setting now works properly.

Setting active-active or active-standby mode on a redundant system (CR39829)
You no longer need to run the bigstart restart command to get the units in a redundant system into the correct mode.

OTCU: Converting node attributes (CR39842)
The One Time Conversion Utility (OTCU) now explicitly indicates that it does not convert the node attributes virtual or actual, if they are present in a 4.5.X configuration.

Changing failover peer IP address in the Configuration utility (CR39845)
In the Configuration utility, if you change the IP address for the failover peer (in a redundant system), the change now takes effect without additional configuration.

Clearing the Nokia SNMP alarm log (CR39901)
The snmpget command now properly clears the contents of the Nokia SNMP alarm log.

iRules: Setting renegotiation on SSL Client Certificate requirement (CR39918)
The SSL::cert mode require command now properly requires a client certificate for all URLs.

Running Config Sync or restoring a .ucs file and node monitors (CR39923)
When you run the Config Sync operation, or restore a *.ucs file, the system no longer resets all monitor instances for nodes.

Errors in the bigip.conf file and the pvad utility (CR39929)
When you edit the bigip.conf file by hand, and you introduce configuration errors, the pvad utility no longer generates a core file when you try to load the configuration.

Creating VLANs with no interfaces in the Configuration utility (CR40035)
In the Configuration utility, if you create a VLAN and you do not associate any interfaces with it, the system no longer generates a page error.

Resetting interface statistics (CR40059)
In the Configuration utility, if you reset the interface statistics, you no longer see an error message.

Deleting records from the dynamic ARP list in the Configuration utility (CR40073)
Using the Configuration utility to delete records from the dynamic ARP list no longer causes problems.

Manually adding a configuration item in the bigip.conf file and syntax errors (CR40206)
In the bigip.conf file, manually adding a configuration object in front of another object that the system cannot load no longer destabilizes the system.

Certificate chains in SSL (CR40580)
The system now processes intermediate certificates properly, when you have a certificate chain configured.

iRules log messages over 1024 characters (CR40560)
The system no longer experiences fatal errors when log messages for iRules contain more than 1024 characters.

iControl: Loading the SystemServer.so module (CR40684)
The iControl portal now loads the ITCMSystemServer.so module and the SystemServer.so module in the proper order, so that both modules are loaded correctly.

Adding self IP addresses without netmasks (CR40693)
When you add a self IP address, you must also add a netmask. Previously, you could add a self IP without a netmask, which generated errors.

Forcing the 1000baseFX media option for fiber gigabit ports (CR40706)
You can now force the system to use the 1000baseFX media setting for fiber gigabit ports, rather than having the system auto-negotiate the media setting. Note that this does not apply to copper gigabit ports.

BIG-IP version 9.0 examples in the iControl SDK (CR40830)
In the iControl SDK, the examples for BIG-IP version 9.0 now show the correct conversion for 64-bit counters.

Starting the radvd service and ppp0 interface error messages (CR40894)
If you are using the IPv6 module on the BIG-IP system, and you start the route advertising service (radvd) using the instructions in the following file, /etc/radvd.conf.example, you no longer see error messages regarding the ppp0 interface.

iControl: return response to IP addresses that contain all zeros (CR40974)
When an IPv4 or IPv6 address is composed of all zeros, iControl now returns returns 0.0.0.0 (IPv4) or 0:0:0:0:0:0:0:0 (IPv6), instead of none.

SSL hardware accelerator and processing obscure ciphers in OpenSSL (CR41056)
When OpenSSL is processing some obscure ciphers, it no longer causes the SSL hardware accelerator to stop functioning. This issue affected the following platforms: BIG-IP 1000, BIG-IP 2400, BIG-IP 5100, BIG-IP 5110.

Changing HTTP profile settings and updating the system (CR41118)
When you make changes to the HTTP profile settings, the system now properly updates all affected processes with those changes.

HTTP profile: Using Tcl expansion in header insert and fatal system errors (CR41119)
The system no longer experiences fatal errors if you define an HTTP profile with a header insert that uses Tcl expansion, and the expansion fails.

512-bit keys and the SSL hardware accelerator (CR41172)
The system now properly handles 512-bit keys on the following platforms: BIG-IP 1000, BIG-IP 2400, BIG-IP 5100, BIG-IP 5110.

Cookie headers with empty value and cookie parsing (CR41176)
If a Cookie header contains an empty value, cookie parsing no longer fails.

Advanced routing module service (zebosd) now starts by default (CR41329)
The system service that runs the advanced routing modules, zebosd, now starts automatically. Note that the advanced routing modules are available as an add-on feature, and are not part of the system by default.

snmp_dca monitor (CR41400)
The snmp_dca monitor now works properly.

Using multiple LDAP servers and modifying the PAM SSL Client Certificate LDAP Authentication module (CR41590)
If you specify multiple LDAP servers in the SSL Client Certificate LDAP Authentication PAM module, the system now properly manages the server entries.

iControl: Class::add_string_class_member on external read/write class (CR41703)
In the iControl API, if you use the Class::add_string_class_member method on an external read/write class, you now get the proper response instead of Operation Failed.

BGE driver and soft resetting due to transmitter failure error messages (CR42178)
We have corrected the issues that caused the BGE driver for the network interfaces to report the following error message: soft resetting due to transmitter failure.

X509::serial_number option in iRules and large serial numbers (CR42282)
When you use the X509::serial_number option in an iRule, the iRule no longer returns -1 for large serial numbers.

Version 9.0.1

ZLib compression library vulnerability (VU#238678)
We corrected a denial of service vulnerability that was found in the ZLib compression library versions 1.2.x. The problem arose from incorrect error handling in the inflate() and inflateBack() functions. The Common Vulnerabilities and Exposures (CVE) project assigned the ID CAN-2004-0797 to the problem.

SSL client certificate LDAP authentication and start_tls failure (CR38967)
Client certificate LDAP authentication now correctly handles start_tls failures.

LACP support (CR39554, CR39872)
Link aggregation control protocol (LACP) is fully supported in this release.

Connection mirroring (CR39548, CR39779, CR39892, CR39894, CR39895, CR39905)
Connection mirroring is fully implemented in this release.

Truncated subscription ID in error messages and iControl applications (CR39987)
The system no longer truncates the subscription ID when it generates an error message.

bigpipe daemon overdog watchdog disable command writing to bigip.conf correctly (CR40117)
The bigpipe daemon overdog watchdog disable command now handles default settings correctly when writing to the bigip.conf file.

SSL records that straddle packets may destabilize the system (CR40119)
Overlapping SSL records no longer destabilize the system.

[ Top ]

Optional configuration changes

Once you have installed the software, you can use any of the following new configuration options to update your configuration.

[ Top ]

Understanding the Fast HTTP profile

The Fast HTTP profile is a fast implementation of OneConnect and simple HTTP content-switching. It cannot be used in conjunction with Session Persistence, SSL, Deflate, RAM Cache, IPv6, or VLAN groups. It can be used with SNATs.

You can associate the Fast HTTP profile with a virtual server. This profile is incompatible with all other profiles. This profile has the following attributes:

  • client close timeout
    Specifies the number of seconds after which the system closes a client connection, when the system either receives a client FIN packet or sends a FIN packet. This setting overrides the idle timeout setting. The default setting is 5.
     
  • conn pool idle timeout override
    Specifies the number of seconds after which a server-side connection in a OneConnect pool is eligible for deletion, when the connection has no traffic. This setting overrides the idle timeout that you specify. The default is 0 seconds, which disables the override setting.
     
  • conn pool max reuse
    Specifies the maximum number of times that the system can re-use a current connection. The default setting is 0.
     
  • conn pool max size
    Specifies the maximum number of connections to a load balancing pool. A setting of 0 specifies that a pool can accept an unlimited number of connections. The default setting is 2048.
     
  • conn pool min size
    Specifies the minimum number of connections to a load balancing pool. A setting of 0 specifies that there is no minimum. The default setting is 10.
     
  • conn pool step
    Specifies the increment in which the system makes additional connections available, when all available connections are in use. The default setting is 4.
     
  • header insert
    Specifies a string that the system inserts as a header in an HTTP request. If the header exists already, the system does not replace it.
     
  • http11 close workarounds
    Specify to enable or disable HTTP 1.1 close workarounds.
     
  • idle timeout
    Specifies the number of seconds after which a connection is eligible for deletion, when the connection has no traffic.
     
  • insert xforwarded for
    Specifies whether the system inserts the XForwarded For: header in an HTTP request with the client IP address, to use with connection pooling.
    • Enabled: Specifies that the system inserts the XForwarded For: header with the client IP address.
    • Disabled: Specifies that the system does not insert the XForwarded For: header

     
  • max header size
    Specifies the maximum amount of HTTP header data that the system buffers before making a load balancing decision. The default setting is 32768.
     
  • max requests
    Specifies the maximum number of requests that the system can receive on a client-side connection, before the system closes the connection. A setting of 0 specifies that requests are not limited. The default setting is 10.
     
  • mss override
    Specifies a maximum segment size (MSS) override for server-side connections. The default setting is 0, which corresponds to an MSS of 1450. You can specify any integer between 536 and 1450.
     
  • reset on timeout
    Specifies, when enabled, that the system sends a TCP RESET packet when a connection times out, and deletes the connection.
     
  • server close timeout
    Specifies the number of seconds after which the system closes a client connection, when the system either receives a client FIN packet or sends a FIN packet. This setting overrides the idle timeout setting. The default setting is 5.

When you assign the Fast HTTP profile to a virtual server, it processes traffic packet-by-packet and at a significantly higher speed than the typical virtual server.

Using rules with the Fast HTTP profile

The following rule events are supported by the Fast HTTP profile:

  • CLIENT_ACCEPTED
  • SERVER_CONNECTED
  • HTTP_REQUEST

The following HTTP rule commands are supported by the Fast HTTP profile:

  • HTTP::method
  • HTTP::uri
  • HTTP::version
  • HTTP::header exists
  • HTTP::header value
  • HTTP::header insert

 

Additional rule commands supported by the Fast HTTP profile

All L3-L4 rule commands are supported. For example, IP::remote_addr, TCP::local_port, pool, snat, and others. In addition to the L3 and L4 rule commands, all global rule commands are supported. For example, md5, sha1, b64encode, and built-in TCL commands such as string -length, regexp, and others.

 

Statistics available with the Fast HTTP profile

The following statistics are avaiable with the Fast HTTP profile.

Requests statistics

  • Get Requests
    The total number of get requests.
     
  • Post Requests
    The total number of post requests.
     
  • Version 0.9
    The total number of HTTP version 0.9 requests.
     
  • Version 1.0
    The total number of HTTP version 1.0 requests.
     
  • Version 1.1
    The total number of HTTP version 1.1 requests.
     
  • Unbuffered
    The total number of unbuffered requests.
     
  • Pipelined
    The number of pipelined HTTP requests detected.
     
  • Requests
    The total number of HTTP requests.
     
  • Parse Errors
    The total number of request parse errors.
     

Response statistics

  • Successful
    The number of 200-206 (success) server-side responses.
     
  • Redirection
    The number of 300-307 (redirect) server-side responses.
     
  • Client Errors
    The number of 400-417 (client error) server-side responses.
     
  • Server Errors
    The number of 500-505 (server errors) server-side responses.
     
  • Parse Errors
    Number of response parse errors.
     

OneConnect statistics

  • Currently Idle
    The number of available serverside flows in reuse pool.
     
  • Maximum
    The maximum number of serverside flows in reuse pool.
     
  • Total Reuses
    The number of times a serverside flow was reused.
     
  • Exhausted
    The number of times the reuse pool was exhausted.
     

Miscellaneous statistics

  • Client SYNs
    Total number of client SYN cookies generated.
     
  • Client Accepts
    Total number of client TCP accepts.
     
  • Server Connects
    Total number of server TCP connects.
     
  • Client Receive Failures
    The number of bad TCP segments dropped from the client.
     
  • Server Receive Failures
    The number of bad TCP segments dropped from the server.
     
[ Top ]

Using the Scripted monitor

With the scripted monitor, you can write a simple script to monitor a server in the network. The Scripted monitor opens a TCP socket and from the file you specify by the filename parameter, reads send lines to be sent over the socket and expect lines to be expected from the socket. These lines should be in the file in the sequence you want. For example, a simple SMTP sequence might be:
expect 220
send "HELO bigip1.somecompany.net\r\n"
expect "250"
send "quit\r\n"

 

Translation consists of first stripping off the leading send or expect, after determining which one of the two it is. Next, the leading and trailing spaces are stripped off. If there are no enclosing " " (double quotes), the line is not translated any further and is sent as is (note that for a send this means no new line is sent). If the line to be sent is enclosed with double quotes, then the quotes are stripped off and the line is examined for escaped characters, each of which is properly translated.

If the line is to be sent, it is now sent as translated. If the line is expected, then the socket is read until it either receives a line beginning with the expected sequence of characters or it times out. This means it could receive several lines before receiving the one that contains the expected sequence of characters at the beginning of the line. There may be other characters in the received line. The expect sequence of characters may not be the complete line, which can vary from one computer to another, but the first characters must match the expected sequence. The filename should be the name of a file contained in the directory /config/eav. Keeping these files under this directory allows them to be saved with the configuration.

[ Top ]

Configuring the LDAP monitor

The LDAP monitor contains a new option: Mandatory Attributes. This option causes the LDAP monitor to behave differently depending on if is is set to yes or no. It is also important to note that this monitor no longer requires an entry in /etc/hosts for the LDAP servers.

  • When the Mandatory Attributes option is set to yes, the LDAP filter search is a sub tree search (as opposed to the normal one-level search), and if no attributes are returned as a result of the search, the monitor does not report the node as up.
     
  • When the Mandatory Attributes option is set to no, to some other value, or is absent, the LDAP monitor performs a one-level search and does not require any attributes to be returned. For example, if the return indicates zero attributes for this filter, the service is still functioning and the node is considered up. This was the standard behavior of the LDAP monitor in previous versions of the BIG-IP software.

 

[ Top ]

Configuring the WAP monitor

The common usage for the WAP monitor is to specify the send and recv parameters only. The WAP monitor functions by requesting a URL (the send parameter) and finding the string in the receive (recv) parameter somewhere in the data returned by the URL response.

RADIUS accounting is optional. To implement RADIUS accounting, you must set the accounting port to a non-zero value. If the accounting port is set to a non-zero value, then the monitor assumes that RADIUS accounting is needed, and an accounting request is sent to the accounting node/port to Start accounting. This is done before the URL is requested. After the successful retrieval of the URL with the correct data, an accounting request is sent to Stop accounting.

[ Top ]

Using SNMP read/write MIBS

You can use the following SNMP OIDs in read/write mode. However, SNMP is not intended to be used as a general API for configuring the BIG-IP system. You can use the following SNMP OIDs in read/write mode.

OID Name OID Value
ltmVirtualServEnabled Enable/disable virtual server
ltmVirtualAddrEnabled Enable/disable virtual address
ltmNodeAddrNewSessionEnable Enable/disable node address
ltmNodeAddrMonitorState Force up/down node address
ltmPoolMemberNewSessionEnable Enable/disable pool member
ltmPoolMemberMonitorState Force up/down pool member

 

[ Top ]

New SNMP OIDs in this release

This release includes the following SNMP OID updates related to new functionality.

OID Name

OID Value

Description

SysStatHttpRequests

.1.3.6.1.4.1.3375.2.1.1.2.1.56

Scalar OID: The total number of HTTP requests.

SysGlobalFastHttpStat

.1.3.6.1.4.1.3375.2.1.1.2.14

Table OID: The system's global Fast HTTP statistics information. These are the roll-ups of all the individual Fast HTTP profiles' statistics.

SysGlobalXmlStat

.1.3.6.1.4.1.3375.2.1.1.2.1

Table OID: The system's global XML statistics information. These are the roll-ups of all the individual XML profiles' statistics.

LtmFastHttpProfile

.1.3.6.1.4.1.3375.2.2.6.12.1

Table OID: A table containing information of Fast HTTP profile.

LtmFastHttpProfileStat

.1.3.6.1.4.1.3375.2.2.6.12.2

Table OID: A table containing statistic information of Fast HTTP profile.

LtmXmlProfile

.1.3.6.1.4.1.3375.2.2.6.13.1

Table OID: A table containing information of XML profile.

ltmXmlProfileStat

.1.3.6.1.4.1.3375.2.2.6.13.2

Table OID: A table containing statistic information of XML profile.

ltmFastL4ProfileTcpCloseTimeout

.1.3.6.1.4.1.3375.2.2.6.5.1.2.1.20

Scalar OID: Number of seconds without traffic before a connection in the FIN received state is eligible for deletion.

ltmFastL4ProfileLooseInitiation

.1.3.6.1.4.1.3375.2.2.6.5.1.2.1.21

Scalar OID: Option to allow any TCP packet to initiate a connection rather than requiring a SYN.

ltmFastL4ProfileLooseClose

.1.3.6.1.4.1.3375.2.2.6.5.1.2.1.22

Scalar OID: Option to aggressively close out a connection by allowing TMM to switch the ltmFastL4ProfileIdleTimeout to ltmFastL4ProfileTcpCloseTimeout once the first FIN packet has been seen.

ltmTcpProfileSelectiveAcks

.1.3.6.1.4.1.3375.2.2.6.10.1.2.1.23

Scalar OID: The state that if true, enable RFC2018 Selective Acknowledgements.

ltmTcpProfileEcn

.1.3.6.1.4.1.3375.2.2.6.10.1.2.1.24

Scalar OID: The state that if true, enable RFC3168 Extended Congestion Notification (ECN).

bigipCompLimitExceeded

.1.3.6.1.4.1.3375.2.4.0.35

The compression license limit is exceeded alert

ltmHttpProfileCompressCpusaver

.1.3.6.1.4.1.3375.2.2.6.7.1.2.1.27

The state indicating whether CPU saving mode is enable or not when doing compression.

ltmHttpProfileCompressCpusaverHigh

.1.3.6.1.4.1.3375.2.2.6.7.1.2.1.28

The CPU saver high threshold. When CPU utilization exceeds this value, compression is switched to NULL compression.

ltmHttpProfileCompressCpusaverLow

.1.3.6.1.4.1.3375.2.2.6.7.1.2.1.29

The CPU saver low threshold. When CPU utilization drops below this value, compression is switched to full throttle.

[ Top ]


Compiling the real_server monitor plug-in for UNIX and Linux systems

The .iso image for the version 9.0.2 software now includes the source and makefiles for compiling the real_server monitor plug-in for UNIX and Linux systems. The following instructions explain how to access the files you need to compile the plug-in.

  1. Using the .iso image, burn a CD-ROM of the version 9.0.2 software.
     
  2. On the CD, navigate to the /downloads/rsplug-ins directory.
     
  3. Copy the F5RealMon.src.tar.gz tarball to the /var/tmp directory on the BIG-IP system.
     
  4. On the BIG-IP system, change to the /var/tmp directory.
    cd /var/tmp
     
  5. Untar the F5RealMon.src.tar.gz tarball.
    tar xvzf F5RealMon.src.tar.gz
     
  6. Change to the F5RealMon.src directory.
    cd F5RealMon.src
     
  7. To compile the source, use the instructions in the build_unix_note file, in the F5RealMon.src directory. Type ls to view the directory contents.
[ Top ]

Configuring slow ramp time for a pool

The following instructions explain how to configure the new slow ramp time option for local traffic pools, as described in the New features section of this release note. The slow ramp time option specifies a length of time during which a newly enabled pool member receives only a fraction of any new connections to the pool.

To configure slow ramp time using the Configuration utility

  1. In the Main tab, click Local Traffic, and then click Pools.
    The Pools List screen opens.
     
  2. Click a pool name.
    The properties screen for that pool opens.
     
  3. In the Configuration box, select Advanced.
    The configuration options expand.
     
  4. In the Slow Ramp Time box, type the number of seconds.
     
  5. Click the Update button.
    The system saves the change to the configuration file.
[ Top ]

Using the switchboot utility

Beginning with the version 9.0.2 release, functionality was added to install multiple versions of the BIG-IP software on different slots on one unit. A slot is a portion of a drive with adequate space required for an installation. If the hardware supports multiple slots, you are prompted to install the software on multiple slots during the installation. The BIG-IP 1500 (C36), BIG-IP 3400 (C62), and BIG-IP 6400 (D63) platforms support this functionality.

The switchboot utility is available to manage installations on different slots. You can use the switchboot utility from the command line to select which installed image boots. To run the switchboot utility, type the following command:
switchboot

A list of slots and their descriptions displays. Type the number of the slot you want to boot at startup. When you reboot the system, it boots from the slot you specify.

If there is only one slot available, the switchboot utility displays a message similar to this one and exits.
There is only one slot to choose from: title BIG-IP 9.0.2 Build 18.0 - drive hda.1

Note: Any change you make using the switchboot utility is saved in the boot configuration file, grub.conf.

To use switchboot in non-interactive mode

If you know which slot you want to boot, you can type the following command and specify the slot number for <slot_number>:
switchboot -s <slot_number>

To use switchboot to list available slots and the currently active slot

If you want to list the available slots without specifying a new slot from which to boot, type the following command:
switchboot -l

To list options for switchboot

To list the options for the switchboot utility, type the following command:
switchboot -h

To view the contents of the boot configuration file using switchboot

You can view the complete contents of the boot configuration file (grub.conf) with the following command:
switchboot -d

This command is slightly different from switchboot -l in that -l only lists the slot header lines, while -d displays the complete file.

[ Top ]

Known issues

The following items are known issues found since the 9.0 release. For a complete list of known issues in this release, refer to the BIG-IP version 9.0 Release Notes .

When specifying a default route for IPV6, you must specify a destination and netmask (CR40808)
Because the default configuration settings for Network Routes is for IPV4, you must specify both a destination and netmask value to specify a default route for IPV6. To specify an IPV6 default route, you must first choose a type of route instead of default gateway. Then specify the destination as :: and the netmask as :: to set the appropriate IPV6 default route.

Interface statistics tracking (CR40449)
The system may display erroneous statistics data for interfaces, for example, 4GB of dropped packets on a system that has been running for only an hour.

1500, 3400, and 6400 platforms: SSH session remains open after peer unit is rebooted (CR40503)
When you establish an SSH session between two units on the 1500, 3400, or 6400 platforms, and you reboot the unit to which you established the SSH session, the SSH session remains open until it reaches its timeout.

Using trunks on a BIG-IP 2400 (D44) IP Application Switch (CR40507)
On a BIG-IP 2400 platform, if you connect multiple ports to one switch you may form a bridging loop, which causes the TMM to restart repeatedly. To avoid this issue, enable spanning tree protocol if you connect multiple ports to one switch.

SIP persistence and persist iRule commands (CR40579)
In this release, the persist iRule commands do not support SIP persistence.

Client SSL and Server SSL profiles and time stamps on key or certificate files (CR40677)
The Client SSL and Server SSL profiles currently do not add time stamps to SSL certificate or SSL key files.

OTCU: Displaying monitors saved at pool level in the Configuration utility (CR40977)
After you run the OTCU to convert your 4.5.X configuration to a 9.0.X configuration, you cannot view the monitors on pool members until after you run the bigpipe load command twice, from the command line. Alternately, you can reboot the system.

SSL client certificate LDAP authentication and using uppercase letters (CR41295)
In the Authentication profile for SSL client certificate LDAP authentication, you must use only lowercase letters in the name of the profile. The system does not recognize uppercase letters in this instance.

Upgrading the BIG-IP 1500 (C36), BIG-IP 3400 (C62), or BIG-IP 6400 (D63) platforms and SCCP images (CR41385)
If you are upgrading to version 9.0.3, using the IM upgrade process, on one of these platforms: BIG-IP 1500 (C36), BIG-IP 3400 (C62), or BIG-IP 6400 (D63), you must reboot the SCCP after you finish the IM upgrade process. This updates the images on the SCCP to the most current version.

To reboot the SCCP

  1. From a console, halt the BIG-IP host by typing the following command:
    halt
  2. After you halt the host, press Esc (.
    The Command Menu opens.
     
  3. From the Command Menu, choose 8.
    The SCCP reboots.

 

SNMP OID ltmVirtualServPool and reporting pool names (CR41587)
A query of the ltmVirtualServPool OID never returns any data despite having pools associated with a virtual server through a rule.

Time zone inconsistency between system time and log files in the Configuration utility (CR41639)
Currently there is an inconsistency between the system time and the time displayed on the log file entries in the Configuration utility. The log file entries in the Configuration utility do not reflect the system's time. You can view the log files from the command line to see the correct time stamp on the log file entries.

Remote upgrades on version 4.5.X software (CR42160)
If you are performing a remote upgrade to version 9.0.2 on version 4.5.X software, you must use the HTTP protocol to transfer the upgrade files. The NFS protocol is not supported at this time.

SCCP and errors after switching back to a slot with a 9.0.1 installation (CR42216)
On a multiple boot system, when you change to a slot with a 9.0.1 installation from a slot with a 9.0.2 or 9.0.3 installation, you may encounter errors with some system services. To avoid these errors, you must reboot the SCCP after you boot the 9.0.1 software. To reboot the SCCP, follow these instructions.

  1. From a console, halt the BIG-IP host by typing the following command:
    halt
  2. After you halt the host, press Esc (.
    The Command Menu opens.
  3. From the Command Menu, choose 8.
    The SCCP reboots.

 

Configuration utility: case sensitivity in iRule names (CR42312)
In the Configuration utility, the names of iRules are not case-sensitive. If you create two iRules whose names are identical except for the case, the system overwrites the first rule with the second rule. To avoid this issue, use unique names for any iRules that you create.

Excessive Config Sync peer updated log messages (CR42332)
If you enable the Audit log options, and you have a redundant system, the system may generate an excessive amount of log messages related to the Config Sync process.

Installing the software using a PXE server (CR42592)
When you are performing a clean installation of the BIG-IP software using a PXE server, you may see RPM package errors during the installation process. The errors are benign and can be ignored.

Configuration utility: Re-running the Setup Utility and VLAN configuration error messages (CR42790)
When you rerun the Setup Utility and use the Basic Configuration Wizard (which sets up the default internal and external VLANs, the configuration must follow these guidelines. If the configuration violates one of these conditions, you see error messages, and cannot complete the configuration.

  • No more than one non-floating IP may be associated with VLANs named external or internal.
  • No more than one floating IP may be associated with VLANs named external or internal.
  • The self IP addresses associated with the VLANs internal and external must use one of the following port settings: Allow Default, Allow 443, Allow None.
  • If The bigdb variable Statemirror.IPAddr must match the internal self IP.
  • A VLAN group may not be named external or internal.
  • A trunk may not be configured on VLAN external or internal. The default route must be of type Gateway.

MSRDP persistence for session directories bypasses load-balancing (CR42851)
When using session directory MSRDP persistence, the cookie is always present, and the system always hashes it to a pool member. This results in the system not load-balancing.

Using the tcpdump utility and VLANs with trunks (CR42908)
When you run the tcpdump utility on a VLAN that has a trunk configured, the utility does not report any traffic. If you want to see traffic on a VLAN that has a trunk configured, then run the tcpdump utility on the trunk members (interfaces).

The bigpipe route command and self IP link routes (CR42981)
The b route <self_ip address> show command does not display the route for the self IP address. Instead, the command generates an Object not found error.

Using a literal carriage return in a monitor parameter string (CR43128)
The system cannot interpret literal carriage returns in monitor strings that are created by pressing the Enter key. If the string you are creating requires a literal carriage return, type \r\n instead of pressing the Enter key.

Configuration utility: Using the Overwrite existing key or certificate checkbox (CR43155)
When the following conditions exist, the system does not generate an error message, and should:

  • On the Import Keys and Certificates screen, in the Local Traffic > SSL Certificates section of the Configuration utility, you clear the Overwrite existing key or certificate checkbox.
  • You name the key or certificate that you are trying to import with the same name as a key or certificate that already exists on your system.
  • You import the new key or certificate.
    The system does not warn you that you are about to overwrite an existing key or certificate.

 

Archiving SSL keys and certificates (CR43166)
The system does not generate an error if, when you are creating an archive (.tgz) file for SSL keys and certificates, you do not type a name for the archive file.

Cannot create a read-only external data group (class) (CR43305)
Currently, you cannot create an external data group (class) that has read-only access permissions.

Redundant systems and assigning duplicate IP addresses (CR43330)
If you have a redundant system, and on both units you assign the same IP addresses on the internal and external VLANS, the system does not generate an error message, and should. This is not a valid configuration.

Disabled fiber interface continues to pass traffic (CR43355)
When a fiber interface on a 6400 platform is disabled, the interface continues to pass traffic.

Using certain illegal characters in certificate name does not display a warning (CR43365)
When you create an SSL certificate you can use certain special characters, and are warned when you use an illegal character. If you use either an open or close parentheses character ( or ), the Configuration utility does not warn that these are illegal characters. If you use these characters when creating a certificate, the certificate will not save, nor load. If you use special characters when typing a certificate name, ensure that you use only the following special characters: period, asterisk, forward slash, dash, colon, underscore, question mark, equals, at sign, comma, and ampersand (.*/-:_?=@,&).

The system does not preserve license files during a clean installation (CR43489)
If you perform a clean installation of the BIG-IP system, the license files do not carry over to the new installation. You must re-license the system after a clean installation.

Failover and virtual servers with a OneConnect profile, an HTTP profile, and connection mirroring enabled (CR43517)
In a redundant system, if the active unit fails over, and the configuration contains virtual servers with a OneConnect profile, an HTTP profile, and connection mirroring enabled, the failover process does not properly mirror the server-side OneConnect connections to the failover unit.

Changing the virtual server type (CR43546)
If you modify the virtual server type using the bigpipe utility, the Configuration utility may not always display the updated type.

Link activity lights on the BIG-IP 3400 (C62) platform (CR43570)
On the BIG-IP 3400 platform, if you have trunks configured, the link activity lights on the front panel may not properly indicate link activity (turn green).

Configuration utility: Changing the refresh interval on the Preferences screen applies the change only to statistics screens not viewed yet (CR43613)
In the Configuration utility, on the System > Preferences screen, if you change the Default Statistics Refresh interval, view some statistics screens, and then change the Default Statistics Refresh interval again, the system applies the second update only to those statistics screens that you have not viewed yet.

The route advertising daemon (radvd) and special characters in VLAN names (CR43654)
Currently the route advertising daemon (radvd) does not recognize VLAN names that contain dashes or underscores. If you are using the radvd utility, we recommend that you do not use special characters in VLAN names.

Configuration Guide for Local Traffic Management: error in iRules syntax example (CR43689)
In Figure 13.16, on page 13-37, the example syntax for matchclass ($::) is incorrect. The correct syntax is as follows:
if { [matchclass [IP::remote_addr] equals $::aol] } { ... }

The system cannot currently launch a process though email messages (CR43698)
The syslogd function included with the system does not support logging messages to a process.

The bigpipe persist show command and the MSRDP persistence type (CR43699)
When you use the b persist show command to view persistent connections, the command lists the msrdp persistence type as hash.

Serial speed change from SCCP does not propagate to Host (CR43722)
When you change the serial speed from the Host Console Shell (SCCP) command menu, the change is not propagated to the Host motherboard. To work around this issue, always change the serial speed using the following bigpipe command:
bigpipe db serial.console.speed

Using IPv6 addresses and running ConfigSync (CR43832)
Config Sync does not support IPv6 addresses for ConfigSync communications. You must use IPv4 addresses with ConfigSync.

SNMP UDP packets that arrive on the management port exit through a self IP on the system (CR43869)
Underlying architecture issues prevent SNMP UDP packets from returning to the correct requesting address.

Upgrading to version 9.0.3 and statistics on platforms with CompactFlash® drives only (CR44194)
The location for the statsd utility's backup data files has changed in version 9.0.3. As a result, when you upgrade the system from version 9.0.2 to version 9.0.3 using the IM upgrade process, the system generates error logs and the statistics become unusable in the Configuration utility. This happens on platforms that contain only a CompactFlash® drive (no disk drive). You can work around this issue by creating the new directory structure before you run the IM upgrade, as explained in the Updating the statsd utility directory structure workaround, following the Known issues section of this release note.

Node and service messages and SNMP alerts (CR44436)
The BIG-IP system does not trigger node up/down and service up/down alerts on the following events:

Feb 28 09:22:23 fs27lbe000 bigd: 01060002:4: Node address detected UP for 3ffe:81cc:630:2::b monitor icmp.
Feb 28 09:23:09 fs27lbe000 bigd: 01060002:4: Node address detected DOWN for 3ffe:81cc:630:2::b monitor icmp.
Feb 28 09:23:14 fs27lbe000 bigd: 01060001:4: Service detected DOWN for 3ffe:81cc:630:2::b:80 monitor tcp.
Feb 28 09:23:53 fs27lbe000 bigd: 01060001:4: Service detected UP for 3ffe:81cc:630:2::b:80 monitor tcp.

Changes in US and Canada Daylight Saving Time (CR58315)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. The resulting changes are not reflected in this version of the product software. To find out more about this issue, refer to SOL6551: F5 Networks software compliance with the Energy Policy Act of 2005.

[ Top ]

Workarounds for known issues

The following workarounds are related to known issues listed in the previous section of this release note.


Updating the statsd utility directory structure

If you are upgrading a system from version 9.0.2 to version 9.0.3, and the system has only a CompactFlash® drive (no disk drive), then you can use the following workaround to update the directory structure for the statsd utility. See CR44194, in the Known issues section of this release note, for more information about this issue.

Important: You can perform the following workaround either before or after you run the IM upgrade. However, if you choose to apply the workaround after the IM upgrade, you will see several error messages in the log files related to this issue.

  1. Log in as root from a console or SSH session.
     
  2. From the command line, stop the statsd utility:
    bigstart stop statsd
     
  3. Create a new directory for the statistics data file backup:
    mkdir -p /shared/rrd.backup
     
  4. Copy the statistics data file backup to the new directory:
    cp -p /var/shared/rrd.perm/* /shared/rrd.backup
     
  5. Remove the directories that are no longer be needed after the upgrade.
    rm -f /var/shared/rrd.perm/*
    rm -f /shared/rrd.1.0/*

     
  6. Restart the statsd utility:
    bigstart start statsd
[ Top ]

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)