Applies To:

Show Versions Show Versions

Release Note: BIG-IP LTM version 9.0.4
Release Note

Software Release Date: 01/27/2005
Updated Date: 12/11/2013

Summary:

This release note documents the version 9.0.4 feature release of BIG-IP® Local Traffic Manager and Load Balancer Limited. To review the features introduced in this release, see New features and fixes in this release. For existing customers, you can apply the software upgrade to systems running BIG-IP version 4.5 PTF-04 through version 4.5.11, and to systems running version 9.0 and later. (Note that you cannot apply this upgrade to systems running BIG-IP version 4.6 software.) For information about installing the upgrade, please refer to Installing the software.

Note: F5 now offers both feature releases and maintenance releases. For more information on our new release policies, please see New Versioning Schema for F5 Software Releases.

Contents:

- Supported browsers
- Supported platforms
- Installing the software
     - Verifying the BIG-IP software installation
     - Re-activating the license on the BIG-IP system
- New features and fixes in this release
     - Fixes in this release
     - New features and fixes from previous releases
- Optional configuration changes
     - Using the Scripted monitor
     - Configuring the LDAP monitor
     - Configuring the WAP monitor
     - Using SNMP read/write OIDs
     - New SNMP OIDs in this release
     - Compiling the real_server monitor plug-in for UNIX and Linux systems
     - Configuring slow ramp time for a pool
     - Using the switchboot utility
- Known issues
- Workarounds for known issues
     - Updating the statsd utility directory structure


Supported browsers

The Configuration utility (graphical user interface) supports the following browsers:

  • Microsoft® Internet ExplorerTM, version 6.x and later
  • Netscape® NavigatorTM, version 7.1, and other browsers built on the same engine, such as MozillaTM, FirefoxTM, and CaminoTM.

Note that we recommend that you leave the browser cache options at the default settings.

Important: Popup blockers and other browser add-ons or plug-ins may affect the usability of the Configuration utility. If you experience issues with navigation, we recommend that you disable these types of browser plug-ins and add-ons.

[ Top ]

Supported platforms

This release applies only to the supported platforms listed below; each one provides all minimum system requirements. This release supports the following platforms:

  • BIG-IP 1000 (D39)
  • BIG-IP 2400 (D44)
  • BIG-IP 5100 and 5110 (D51)
  • BIG-IP 1500 (C36)
  • BIG-IP 3400 (C62)
  • BIG-IP 6400 (D63)
  • BIG-IP 6800 (D68)

If you are unsure of which platform you have, look at the sticker on the back of the chassis to find the platform number.

[ Top ]

Installing the software

There are several installation options to consider before you begin the version 9.0.4 software installation.

Important: You are prompted to install the software on multiple slots if the unit supports the multiple boot option. The BIG-IP 1500 (C36), BIG-IP 3400 (C62), and BIG-IP 6400 (D63) platforms support this functionality. The IM upgrade does not add the multiple boot functionality. If you want this functionality on a supported platform, you must choose another installation method.

Important: We recommend that you perform the installation through the management interface (MGMT) on the BIG-IP system.

Important: We recommend that you run the MD5 checksum on any ISO image or IM upgrade file you download. For information about MD5 checksums, see Verifying the MD5 Checksum of the upgrade file.

 

To install the version 9.0.4 upgrade on a platform with a CompactFlash® card
This procedure describes how to use an IM package to upgrade a BIG-IP platform that contains a CompactFlash®. The BIG-IP platforms that contain a CompactFlash® card are:

  • BIG-IP 1000 (D39)
  • BIG-IP 2400 (D44)
  • BIG-IP 5100 and 5110 (D51)
  1. Log on as root to the system to be upgraded.

  2. Save the current running configuration by typing the following command:

    bigpipe config save backup_upgrade

  3. Stop all the system daemons by typing the following command:

    bigstart shutdown

  4. Create a temporary read-only memory file system (RAMFS) directory, using the following command:
    mkdir /var/ramfs

  5. Mount the file system by typing the following command:
    mount -t ramfs none /var/ramfs

  6. Change to the /var/ramfs directory by typing the following command:
    cd /var/ramfs
  7. Go to Downloads site and locate the BIG-IP 9.0.4 upgrade file, Upgrade9.x-to-9.0.4.118.5-a.im.

     

  8. Download the software image.

    For information about how to download software, refer to SOL167: Downloading software from F5 Networks.

  9. Install this upgrade by typing the following command:
    im /var/ramfs/Upgrade9.x-to-9.0.4.118.5-a.im

    Note:The upgrade quits if you did not save the configuration. If the upgrade quits, and you want to create a new backup, you must reboot the system and restart the upgrade process. If the backup UCS found on the system is older than two hours, you are warned to create a new one. However, you can continue.

  10. Once the upgrade installation is complete, the system reboots. Rebooting the system finalizes the upgrade, and removes both the RAM file system and the upgrade package.

Note: You may see "clearing orphaned inode" error messages during the upgrade process. These messages are benign.

Note: You may see configuration save error messages during the upgrade process. These messages are benign. See the known issue for CR44854 for more information.

 

To install the version 9.0.4 IM upgrade on a platform with a hard drive
This procedure describes how to use an IM package to upgrade a BIG-IP platform that contains a hard drive. The BIG-IP platforms that contain a hard drive are:

  • BIG-IP 1500 (C36)
  • BIG-IP 3400 (C62)
  • BIG-IP 6400 (D63)
  • BIG-IP 6800 (D68)

If you previously installed a version of the software that supports multiple boot functionality, this upgrade method supports the multiple boot configuration. If you are installing this IM upgrade on a system that does not support multiple boot functionality, such as version 9.0 and 9.0.1, the IM upgrade does not add this functionality. To add multiple boot functionality, you must perform a PXE install of the software. For more information about performing a clean install of the version 9.0.4 software, see Performing a clean installation of BIG-IP version 9.0.4 .

  1. Log on as root to the system to be upgraded.

  2. Save the current running configuration by typing the following command:

    bigpipe config save backup_upgrade

  3. Change to the /var/tmp directory by typing the following command:
    cd /var/tmp

  4. Go to Downloads site and locate the BIG-IP 9.0.4 upgrade file, Upgrade9.x-to-9.0.4.118.5-a.im.

     

  5. Download the software image.

    For information about how to download software, refer to SOL167: Downloading software from F5 Networks.

  6. Stop all the system daemons by typing the following command:

    bigstart shutdown

  7. Install this upgrade by typing the following command:
    im /var/tmp/Upgrade9.x-to-9.0.4.118.5-a.im

    Note:The upgrade quits if you did not save the configuration. If the upgrade quits, and you want to create a new backup, you must reboot the system and restart the upgrade process. If the backup UCS found on the system is older than two hours, you are warned to create a new one. However, you can continue.

  8. Once the upgrade installation is complete, the system reboots. Rebooting the system finalizes the upgrade, and removes both the RAM file system and the upgrade package.

Note: You may see "clearing orphaned inode" error messages during the upgrade process. These messages are benign.

Note: You may see configuration save error messages during the upgrade process. These messages are benign. See the known issue for CR44854 for more information.

[ Top ]

Verifying the BIG-IP software installation

After you complete the installation of the software, you can verify the the installation using the RPM database. For more information, type man rpm to view the RPM man page. Use the verify options to verify the installation.

[ Top ]

Re-activating the license on the BIG-IP system

You need to re-activate the license on the BIG-IP system to use some of the new features added in this release. To re-activate the license on the system

  1. On the Main tab, expand System.

  2. Click License.
    The License screen opens.

  3. Click the Re-activate button and follow the onscreen instructions to re-activate the license.

 

[ Top ]

New features and fixes in this release

This release includes the following new features and fixes.

Configuring the BIG-IP system to respond to ARPs from multicast MAC addresses
In certain cases, the BIG-IP system ignores ARP requests from certain firewalls. When configured as a cluster, some firewalls use a multicast MAC address as their source address. The BIG-IP system does not answer ARP requests from multicast MAC addresses. A new feature in this release provides the ability to configure the BIG-IP system to answer ARPs with multicast source addresses. To enable this feature, set the following bigdb key:

bigpipe db TM.AllowEthernetSourceType unicast-multicast

UDP datagram by datagram load balancing (CR40787)
Normally, the BIG-IP system treats UDP packets coming from the same IP address and port as part of a connection and sends those packets to the same node as long as the connection lives. In some cases, it is preferable to ensure packet-by-packet UDP load balancing.

You can now configure the BIG-IP system to accept these packets. To configure this feature and enable the feature, add the parameter datagram lb enable to the UDP Profile.

 

To configure datagram by datagram load balancing

  1. On the Main tab, expand Local Traffic.

  2. Click Profiles.
    The Profiles screen opens.

  3. Click the UDP profile you want to configure.

  4. For Datagram LB, click a check in the box.

  5. Click Finished.

 

Fixes in this release

SSL version 2 connections to Virtual Servers with clientssl profiles (CR42211)
SSL virtual servers with Client SSL profiles now accept SSL version 2 connections.

iRules: HTTP::release command (CR42306)
iRules that use the HTTP::release command no longer destabilize the BIG-IP system.

Configuration utility: Displaying virtual servers that use port 32768 or higher (CR42343)
The Configuration utility can now display virtual servers configured to listen on port 32768 or higher.

 

iRules: x509::cert_fields and segmentation faults (CR42500)
We have corrected a problem that destabilized the BIG-IP system when an HTTP header was inserted using the X509::cert_fields command.

iRules: payload replace commands and binary data (CR42507)
The payload replace command now accepts typical binary values. In previous releases, this command only accepted small binary values.

IPv6 connection mirroring and the HTTP profile (CR42551)
The BIG-IP system can now mirror IPv6 connections successfully when using TCP or HTTP profiles.

Virtual Servers configured with OneConnect and SSL profiles (CR42946)
OneConnect can now handle SSL connections correctly.

Memory leak in HTTP profile when HTTP requests are rejected for exceeding the configured Maximum Header Size value (CR42967)
We have corrected a problem that caused memory utilization on the BIG-IP system to increase consistently under high HTTP traffic load when the header size exceeded the configured Maximum Header Size.

IP fragmentation handling and TMM stability (CR42979)
The system no longer becomes unstable when IP fragmentation is necessary, such as when handling large UDP packets, or when there is an MTU mismatch between client and server networks.

HTTP Pipelining between two pools may cause TMM to become unstable (CR43000)
The TMM no longer becomes unstable when a rule attempts to change the pool to which it is sending a pipelined HTTP request.

Data beyond a single request or use of a fallback host in an iRule and system stability (CR43780)
The fallback host now functions correctly.

Insufficient user space memory may cause lack of response from programs other than TMM (CR43812, CR43825, CR44092)
Sufficient memory is now allocated for user space programs.

Compression and truncated packets (CR44037)
We have corrected a problem where compression was truncating packets causing the system to resend the packets. The correct packets were resent, however, system performance was impacted.

Compression and CPU usage (CR44042)
The system no longer drops packets when compression is enabled and it is handling a high traffic load.

Error messages when a node responds to a POST before data transfer is completed (CR44110, CR44128)
The system no longer generates an error in the following situation:

  1. A client sends a POST or a PUT.
  2. The server replies before the client transmits the declared content length.
  3. The client closes the connection.
  4. The BIG-IP sees the FIN from the client, it resets the connection.

The iRule COMPRESS:: commands (CR44116)
The COMPRESS:: commands now work properly.

The HTTP::header remove command (CR44134)
The HTTP::header remove command now removes all instances of the specified header.

BIG-IP system and partial acknowledgements(CR44149)
We have corrected a problem where an incorrect response by the BIG-IP system caused large data transfers to fail.

Client window scaling and slow connections (CR44159)
The BIG-IP system no longer ignores client window scaling.

HTTP::respond rules may cause a crash when OneConnect transformations are disabled (CR44161)
The HTTP::respond rule now functions correctly with OneConnect transformations disabled

TCP keep-alive probes may not be passed to the client (CR44178)
TCP keep-alives now time out properly.

Packet length and selective acknowledgements (CR44330)
The selective acknowledgement feature now handles packet lengths correctly.

The IPv6 routing table and health checks (CR42666)
The IPv6 destination route cache is now managed properly.

Certain mis-formatted HTTP packets (CR44669)
We have corrected a problem where certain types of mis-formatted HTTP packets caused the TMM the system to become unstable.

[ Top ]

New features and fixes from previous releases

The current release includes the features and fixes that were distributed in prior releases, as listed below. (Prior releases are listed with the most recent first.)

Version 9.0.3

Using the fast HTTP profile(CR41444)
The features provided in the fast HTTP profile are designed to speed up certain types of HTTP connections. This profile provides the ability to tune these connections for the best possible network performance. When you use this profile with a virtual server, the virtual server processes traffic packet-by-packet and at a significantly higher speed.

Configuring the FIPS hardware security module (CR40827)
A FIPS hardware security module (HSM) is available for creating and maintaining secure keys for SSL transactions. Currently, the FIPS HSM is available in the BIG-IP 6400 platform. For more information about configuring the FIPS HSM, refer to Configuring and Maintaining a FIPS Security World.

Using the Scripted monitor (CR42585)
The Scripted monitor provides the ability to write a simple script to monitor a server in the network. The Scripted monitor opens a TCP socket and from the file you specify by the filename parameter, reads send lines to be sent over the socket and expect lines to be expected from the socket. To activate this feature, you must re-activate the software license on the BIG-IP system. To re-activate the license on the system, see Re-activating the license on the BIG-IP system. For details about using this monitor, see Using the Scripted monitor.

LDAP monitor enhancements
The LDAP monitor contains a new option Mandatory Attributes. This option causes the LDAP monitor to behave differently if the value is yes or no. It is also important to note that this monitor no longer requires an entry in /etc/hosts for the LDAP servers. For details about using this monitor, see Configuring the LDAP monitor.

Using the WAP monitor (CR34093)
The WAP monitor is a health monitor for Wireless Application Protocol servers. This monitor provides the ability to check the status of a WAP server by checking for various types of information. To re-activate the license on the system, see Re-activating the license on the BIG-IP system. For details about using this monitor, see Configuring the WAP monitor.

SNMP: Read/Write SNMP OIDs for enabling and disabling the state of objects (CR42845)
With this release, you can now use SNMP to enable or disable the state of nodes, virtual servers, virtual addresses, and pool members. This provides the ability to use SNMP for certain management functions. For details about using the read/write SNMP OIDs, see Using SNMP read/write OIDs.

SNMP: MIB updates (CR41457, CR42698, CR43036)
This release includes several SNMP OID updates related to new functionality. For details about using the read/write SNMP OIDs, see New SNMP OIDs in this release.

Version 9.0.3 fixes

The tcpdump utility and viewing MGMT interface traffic (CR33009)
The tcpdump utility now accepts the mgmt argument if you want to view the traffic on the MGMT interface.

CPU performance graph and displaying data on unit with single processor (CR37236)
If you have a platform that has only one processor (CPU) in it, the CPU usage graph, on the Overview > Performance screen displays the CPU usage of all processes.

Log messages on a pre-licensed system (CR39523)
Before a system is licensed, you no longer see excessive warning log messages for features that are not yet available.

Running configuration synchronization between units with different time settings (CR39562)
The configuration synchronization process now verifies the time on the peer unit before attempting to run. If the time difference is greater than 600 seconds, the process stops, and you need to synchronize the times before continuing.

Configuring port mirroring and debug messages on the console (CR39711)
When you configure port mirroring for an interface using the Configuration utility, you no longer see debug messages on the console.

Configuring monitors for wildcard virtual servers (CR39808)
Monitors with a default port of * (any), when paired with a pool member with a destination port of *, now properly use the default port for the particular monitor/service type.

SNMP and multi-word community strings (CR39871)
Creating access records with multi-word community strings corrupts the snmpd.conf file. To avoid this problem, limit community strings to a single word.

Using the Server SSL profile and RSA keys larger than 2048 bits (CR39886)
If your configuration meets all of the following conditions, the system no longer resets server-side connections during the handshake operation:

  • The configuration contains a virtual server whose resource members are servers with RSA keys larger than 2048 bits.
  • The virtual server has a Server SSL profile associated with it.
  • In the Server SSL profile, the Server Certificate authentication option is set to ignore.

 

Link down on standby functionality (CR39902)
The failover link down on standby functionality is implemented in this release.

OTCU: Detecting gigabit fiber port media settings (CR39914)
The OTCU now properly detects the media settings for gigabit fiber ports.

HTTPS monitor no longer fails with EDH cipher (CR40629)
The HTTPS monitor now works properly with the EDH cipher.

The bigpipe utility and cipher names with hyphens (CR40661)
The bigpipe utility now properly recognizes cipher names that contain hyphens, for example, AES128-SHA.

Deleting virtual servers and virtual addresses in the Configuration utility (CR40944)
In the Configuration utility, when you modify a property on a virtual address (change it from the default), and then delete the virtual server with which the virtual address is associated, the system now properly removes the virtual address also.

Changing the system's time zone in the Configuration utility and logging time stamps (CR41149)
When you change the time zone for the system on the System: General Properties screen, the log file entries now properly reflect the updated time.

Obsolete MGMT route and upgrades (CR41382, CR42218)
When you upgrade to version 9.0.3, and apply an existing configuration (in a config.ucs file), if the rolled-forward configuration contains a MGMT route in the 192.168.*.* network, the system now properly deletes the route entry.

Using a USB CD-ROM drive for software installation (CR41543)
When you use a USB CD-ROM drive to install the BIG-IP software, you are now prompted to remove the CD-ROM after the installation has finished.

Cookie hash values are now properly stored in the persistence tables (CR41681)
When you use the Cookie Hash method for Cookie persistence, the system now correctly stores the persist values.

Virtual server with Client SSL profile using SSLv2 and ALL ciphers (CR42211)
If you configure a virtual server that references a Client SSL profile which uses the ciphers SSLv2 and ALL, the SSLv2 connections for the virtual server now complete properly.

Creating an external data group and data group type (CR42249)
If you do not specify a file path when you create an external data group, the system no longer overrides the type setting.

Deleting external data groups and errors in the Configuration utility (CR42252)
In the Configuration utility, when you delete an external data group, the Configuration utility now properly returns you to the Data Group List screen.

Using the HTTP::release option in an iRule and system errors (CR42306)
If you use the HTTP::release option in an iRule, and you do not use the corresponding HTTP::collect option, the system no longer becomes unstable.

IM package upgrades and the /SLOT file (CR42331)
When you update your software to version 9.0.3 using the IM package upgrade, the upgrade now creates the /SLOT file for the slots on the system.

Routing on the management interface (CR 42381)
We have corrected a problem with chmand. Chmand should now handle IPv4 routing correctly for the management interface.

MSRDP hash values are now properly stored in the persistence tables (CR42822)
When you enable Microsoft Remote Desktop Protocol persistence, the system now correctly stores the persist values.

Upgrading to version 9.0.3 and name changes to MSRDP persistence profile attribute (CR42972)
The msrdp no session dir <enable | disable> attribute has been renamed to msrdp session directory <enable | disable>. When you upgrade to version 9.0.3 from version 9.0 through 9.0.2, and you roll forward a UCS file that contains an MSRDP persistence profile, the system automatically converts the session directory attribute to the new format.

Upgrading to version 9.0.3 and rolling forward UCS files with SSL iRules (CR43252)
When you upgrade to version 9.0.3 from version 9.0 through 9.0.2, and you roll forward a UCS file that contains one or more SSL iRules, the system no longer generates rule parsing syntax errors.

Upgrading to version 9.0.3 and new configuration requirements for cookie persistence profile (CR43253)
When you upgrade to version 9.0.3, the system now requires that, in a cookie persistence profile, the persistence mode must be cookie hash if the persist mirroring setting is enabled. When you roll forward a UCS file that contains a cookie persistence profile, the system automatically disables the persist mirror setting if the mode is not cookie hash.

Excessive logging for SNAT ANY-IP denials (CR43257)
The system no longer generates excessive log entries for routine ICMP pings when you have SNAT ANY-IP configured.

Log file rotation for the tomcat utility (CR43266)
The system now properly performs log file rotation for the tomcat utility. For the log rotation to function correctly, the tomcat utility restarts every 24 hours.

Data group string classes no longer limited to a 64-character length (CR43414)
If you use the Configuration utility to add a string class to a data group, the string value is no longer truncated to a 64-character string.

Persistence tables are now mirrored properly for sticky persistence (CR43423)
We fixed an issue where persistence tables for a destination address affinity persistence (or sticky persistence) may not mirror properly in a failover.

SSL cipher selection errors (CR43698)
Previously, the system improperly handled SSLv2 cipher suite descriptors, which caused conflicts with Microsoft PCT extended option encodings and other SSLv2 applications. We corrected the issue to resolve these conflicts.

HTTP profile now supports certain unrecognized HTTP methods (CR43477)
Previously, the HTTP profile did not support the unrecognized http method "SEARCH" to post XML to an Exchange server. The HTTP profile now supports these and other unrecognized HTTP methods that contain Content-Length or Transfer-Encoding headers.

The TCP::notify response command no longer causes a system crash (CR43585)
We corrected an issue where the system did not process the TCP::notify response command correctly and caused a system crash.

The Least Connections (node) load balancing method is fixed (CR43644)
Previously when you selected Least Connections (node) for your load balancing method, this method did not work properly. We corrected this issue so that the Least Connections (node) load balancing works properly.

Version 9.0.2

Multiple boot installations (CR40912)
The version 9.0.2 release includes a new multiple boot capability. With this release, you can now install the software on multiple disk slots in the system. A slot is a portion of a drive with adequate space required for an installation. If the hardware supports multiple slots, you are prompted to install the software on multiple slots during the installation. The BIG-IP 1500 (C36), BIG-IP 3400 (C62), and BIG-IP 6400 (D63) platforms support this functionality. There are several benefits of running a system with a multiple slot installation.

  • The ability to select a different version of the software during boot time from the boot menu.
  • The ability to install a new version of the software on a slot without losing a previous installation on a different slot.
  • The ability to revert back to an old installation without having to re-install, roll back, or lose new installations.

You can use this new feature if the unit contains a supported hardware configuration. more than one drive (for example, a CompactFlash® media drive and a hard disk drive), or a hard drive. After you have installed the software on multiple slots, you can change which slot boots when you start the system. For details about using this functionality, see Using the switchboot utility.

Important:  The IM upgrade does not add the multiple boot functionality. If you want this functionality on a supported platform, you must choose another installation method.

 

High availability: New Restart All action (CR40406)
This release includes a new option for high availability, Restart All. When you select this option for a high availability setting, the system restarts all system services, not just the affected service. For additional information, review the online help for the configuration options on the System >> High Availability screens.

Local traffic pools: New Slow Ramp Time option (CR40590)
When you take a pool member offline, and then bring it back online, the pool member can become overloaded with connection requests, depending on the load balancing mode for the pool. For example, if you use the Least Connections load balancing mode, the system sends all new connections to the newly-enabled pool member (because technically it has the least amount of connections). When you configure the Slow Ramp Time option, the system sends less traffic to the newly-enabled pool member. The amount of traffic is based on the ratio of how long the pool member has been available compared to the slow ramp time. Once the pool member has been online for a time greater than the slow ramp time, the pool member receives a full proportion of the incoming traffic. To configure the slow ramp time option, review Configuring slow ramp time for a pool, in the Optional configuration changes section of this release note.

User authentication method now configurable for SSL client certificate LDAP authentication (CR37259)
If you use SSL client certificate LDAP (SSL CC LDAP) authentication, you can now specify a UserClass object, for client authorization. Previously, you could not configure the UserClass object. The default setting is StrongAuthenticationUser.

New options for iRules (CR40241, CR41153)
The following options have been added to the iRules syntax.

Option Description
HTTP_REQUEST_SEND This server-side event gets raised just before a request is sent to the server.
IP::ttl This command reports the TTL for an inbound IPv4 or IPv6 packet.

 

SNMP MIB updates (CR40526, CR40571, CR40849, CR40893)
This release includes the following SNMP OID updates related to new functionality.

OID Name OID Value
ltmHttpProfileMaxRequests .1.3.6.1.4.1.3375.2.2.6.7.1.2.1.26
ltmUdpProfileDatagramLb .1.3.6.1.4.1.3375.2.2.6.11.1.2.1.7
ltmPoolSlowRampTime .1.3.6.1.4.1.3375.2.2.5.1.2.1.22
ltmTcpProfileDeferredAccept .1.3.6.1.4.1.3375.2.2.6.10.1.2.1.22

 

HTTP profile: New Maximum Requests option (CR40859)
The HTTP profile now includes the Maximum Requests option. This setting specifies a maximum number of requests that can be made on a single keep-alive connection. When the limit is reached, the final response contains a Connection: close header, which closes the connection. The default behavior does not restrict the number of requests per connection.

Version 9.0.2 fixes

Both units in a redundant system remain in active mode after initial configuration (CR34060)
When you configure a redundant system, the first unit now goes into standby mode after you configure the second unit.

Modifying properties of a route (CR36732)
In the Configuration utility, you can now modify the properties of a route, in the Network section. For additional information, see the online help for the route properties screen.

ISO image/CD now includes the source for building the Real Monitor plug-in for UNIX and Linux systems (CR39359)
The version 9.0.2 ISO image now includes the source code for compiling the Real Monitor for RealServer 8.0 on Linux and UNIX systems. If you are load balancing to RealServer 8.0 servers, you need to compile the source so that you can use the real_server monitor. For additional information, see Compiling the real_server monitor plug-in for UNIX and Linux systems, in the Optional configuration changes section of this release note.

Error message when resetting iRules statistics in the Configuration utility (CR39580)
You no longer see the error message Statistics not implemented when you reset the iRules statistics from the Overview > Statistics > iRules screen.

License activation and system time (CR39659)
When you are activating a license, and the hardware clock time is more than 24 hours different than the time on the F5 Licensing server, the system now generates an error and redirects you to the License Keys screen. Re-type the registration keys and continue with the licensing process. The system regenerates the dossier with a current timestamp.

SNMP trap configuration (CR39782)
In the Configuration utility, on the SNMP > Traps > Configuration screen, changing the Device setting now works properly.

Setting active-active or active-standby mode on a redundant system (CR39829)
You no longer need to run the bigstart restart command to get the units in a redundant system into the correct mode.

OTCU: Converting node attributes (CR39842)
The One Time Conversion Utility (OTCU) now explicitly indicates that it does not convert the node attributes virtual or actual, if they are present in a 4.5.X configuration.

Changing failover peer IP address in the Configuration utility (CR39845)
In the Configuration utility, if you change the IP address for the failover peer (in a redundant system), the change now takes effect without additional configuration.

Clearing the Nokia SNMP alarm log (CR39901)
The snmpget command now properly clears the contents of the Nokia SNMP alarm log.

iRules: Setting renegotiation on SSL Client Certificate requirement (CR39918)
The SSL::cert mode require command now properly requires a client certificate for all URLs.

Running Config Sync or restoring a .ucs file and node monitors (CR39923)
When you run the Config Sync operation, or restore a *.ucs file, the system no longer resets all monitor instances for nodes.

Errors in the bigip.conf file and the pvad utility (CR39929)
When you edit the bigip.conf file by hand, and you introduce configuration errors, the pvad utility no longer generates a core file when you try to load the configuration.

Creating VLANs with no interfaces in the Configuration utility (CR40035)
In the Configuration utility, if you create a VLAN and you do not associate any interfaces with it, the system no longer generates a page error.

Resetting interface statistics (CR40059)
In the Configuration utility, if you reset the interface statistics, you no longer see an error message.

Deleting records from the dynamic ARP list in the Configuration utility (CR40073)
Using the Configuration utility to delete records from the dynamic ARP list no longer causes problems.

Manually adding a configuration item in the bigip.conf file and syntax errors (CR40206)
In the bigip.conf file, manually adding a configuration object in front of another object that the system cannot load no longer destabilizes the system.

Certificate chains in SSL (CR40580)
The system now processes intermediate certificates properly, when you have a certificate chain configured.

iRules log messages over 1024 characters (CR40560)
The system no longer experiences fatal errors when log messages for iRules contain more than 1024 characters.

iControl: Loading the SystemServer.so module (CR40684)
The iControl portal now loads the ITCMSystemServer.so module and the SystemServer.so module in the proper order, so that both modules are loaded correctly.

Adding self IP addresses without netmasks (CR40693)
When you add a self IP address, you must also add a netmask. Previously, you could add a self IP without a netmask, which generated errors.

Forcing the 1000baseFX media option for fiber gigabit ports (CR40706)
You can now force the system to use the 1000baseFX media setting for fiber gigabit ports, rather than having the system auto-negotiate the media setting. Note that this does not apply to copper gigabit ports.

BIG-IP version 9.0 examples in the iControl SDK (CR40830)
In the iControl SDK, the examples for BIG-IP version 9.0 now show the correct conversion for 64-bit counters.

Starting the radvd service and ppp0 interface error messages (CR40894)
If you are using the IPv6 module on the BIG-IP system, and you start the route advertising service (radvd) using the instructions in the following file, /etc/radvd.conf.example, you no longer see error messages regarding the ppp0 interface.

iControl: return response to IP addresses that contain all zeros (CR40974)
When an IPv4 or IPv6 address is composed of all zeros, iControl now returns returns 0.0.0.0 (IPv4) or 0:0:0:0:0:0:0:0 (IPv6), instead of none.

SSL hardware accelerator and processing obscure ciphers in OpenSSL (CR41056)
When OpenSSL is processing some obscure ciphers, it no longer causes the SSL hardware accelerator to stop functioning. This issue affected the following platforms: BIG-IP 1000, BIG-IP 2400, BIG-IP 5100, BIG-IP 5110.

Changing HTTP profile settings and updating the system (CR41118)
When you make changes to the HTTP profile settings, the system now properly updates all affected processes with those changes.

HTTP profile: Using Tcl expansion in header insert and fatal system errors (CR41119)
The system no longer experiences fatal errors if you define an HTTP profile with a header insert that uses Tcl expansion, and the expansion fails.

512-bit keys and the SSL hardware accelerator (CR41172)
The system now properly handles 512-bit keys on the following platforms: BIG-IP 1000, BIG-IP 2400, BIG-IP 5100, BIG-IP 5110.

Cookie headers with empty value and cookie parsing (CR41176)
If a Cookie header contains an empty value, cookie parsing no longer fails.

Advanced routing module service (zebosd) now starts by default (CR41329)
The system service that runs the advanced routing modules, zebosd, now starts automatically. Note that the advanced routing modules are available as an add-on feature, and are not part of the system by default.

snmp_dca monitor (CR41400)
The snmp_dca monitor now works properly.

Using multiple LDAP servers and modifying the PAM SSL Client Certificate LDAP Authentication module (CR41590)
If you specify multiple LDAP servers in the SSL Client Certificate LDAP Authentication PAM module, the system now properly manages the server entries.

iControl: Class::add_string_class_member on external read/write class (CR41703)
In the iControl API, if you use the Class::add_string_class_member method on an external read/write class, you now get the proper response instead of Operation Failed.

BGE driver and soft resetting due to transmitter failure error messages (CR42178)
We have corrected the issues that caused the BGE driver for the network interfaces to report the following error message: soft resetting due to transmitter failure.

X509::serial_number option in iRules and large serial numbers (CR42282)
When you use the X509::serial_number option in an iRule, the iRule no longer returns -1 for large serial numbers.

Version 9.0.1

ZLib compression library vulnerability (VU#238678)
We corrected a denial of service vulnerability that was found in the ZLib compression library versions 1.2.x. The problem arose from incorrect error handling in the inflate() and inflateBack() functions. The Common Vulnerabilities and Exposures (CVE) project assigned the ID CAN-2004-0797 to the problem.

SSL client certificate LDAP authentication and start_tls failure (CR38967)
Client certificate LDAP authentication now correctly handles start_tls failures.

LACP support (CR39554, CR39872)
Link aggregation control protocol (LACP) is fully supported in this release.

Connection mirroring (CR39548, CR39779, CR39892, CR39894, CR39895, CR39905)
Connection mirroring is fully implemented in this release.

Truncated subscription ID in error messages and iControl applications (CR39987)
The system no longer truncates the subscription ID when it generates an error message.

bigpipe daemon overdog watchdog disable command writing to bigip.conf correctly (CR40117)
The bigpipe daemon overdog watchdog disable command now handles default settings correctly when writing to the bigip.conf file.

SSL records that straddle packets may destabilize the system (CR40119)
Overlapping SSL records no longer destabilize the system.

[ Top ]

Optional configuration changes

Once you have installed the software, you can use any of the following new configuration options to update your configuration.

[ Top ]

Using the Scripted monitor

With the scripted monitor, you can write a simple script to monitor a server in the network. The Scripted monitor opens a TCP socket and from the file you specify by the filename parameter, reads send lines to be sent over the socket and expect lines to be expected from the socket. These lines should be in the file in the sequence you want. For example, a simple SMTP sequence might be:
expect 220
send "HELO bigip1.somecompany.net\r\n"
expect "250"
send "quit\r\n"


Translation consists of first stripping off the leading send or expect, after determining which one of the two it is. Next, the leading and trailing spaces are stripped off. If there are no enclosing " " (double quotes), the line is not translated any further and is sent as is (note that for a send this means no new line is sent). If the line to be sent is enclosed with double quotes, then the quotes are stripped off and the line is examined for escaped characters, each of which is properly translated.

If the line is to be sent, it is now sent as translated. If the line is expected, then the socket is read until it either receives a line beginning with the expected sequence of characters or it times out. This means it could receive several lines before receiving the one that contains the expected sequence of characters at the beginning of the line. There may be other characters in the received line. The expect sequence of characters may not be the complete line, which can vary from one computer to another, but the first characters must match the expected sequence. The filename should be the name of a file contained in the directory /config/eav. Keeping these files under this directory allows them to be saved with the configuration.

[ Top ]

Configuring the LDAP monitor

The LDAP monitor contains a new option: Mandatory Attributes. This option causes the LDAP monitor to behave differently depending on if is is set to yes or no. It is also important to note that this monitor no longer requires an entry in /etc/hosts for the LDAP servers.

  • When the Mandatory Attributes option is set to yes, the LDAP filter search is a sub tree search (as opposed to the normal one-level search), and if no attributes are returned as a result of the search, the monitor does not report the node as up.

  • When the Mandatory Attributes option is set to no, to some other value, or is absent, the LDAP monitor performs a one-level search and does not require any attributes to be returned. For example, if the return indicates zero attributes for this filter, the service is still functioning and the node is considered up. This was the standard behavior of the LDAP monitor in previous versions of the BIG-IP software.

 

[ Top ]

Configuring the WAP monitor

The common usage for the WAP monitor is to specify the send and recv parameters only. The WAP monitor functions by requesting a URL (the send parameter) and finding the string in the receive (recv) parameter somewhere in the data returned by the URL response.

RADIUS accounting is optional. To implement RADIUS accounting, you must set the accounting port to a non-zero value. If the accounting port is set to a non-zero value, then the monitor assumes that RADIUS accounting is needed, and an accounting request is sent to the accounting node/port to Start accounting. This is done before the URL is requested. After the successful retrieval of the URL with the correct data, an accounting request is sent to Stop accounting.

[ Top ]

Using SNMP read/write OIDs

You can use the following SNMP OIDs in read/write mode. However, SNMP is not intended to be used as a general API for configuring the BIG-IP system. You can use the following SNMP OIDs in read/write mode.

OID Name OID Value
ltmVirtualServEnabled Enable/disable virtual server
ltmVirtualAddrEnabled Enable/disable virtual address
ltmNodeAddrNewSessionEnable Enable/disable node address
ltmNodeAddrMonitorState Force up/down node address
ltmPoolMemberNewSessionEnable Enable/disable pool member
ltmPoolMemberMonitorState Force up/down pool member

 

[ Top ]

New SNMP OIDs in this release

This release includes the following SNMP OID updates related to new functionality.

OID Name

OID Value

Description

SysStatHttpRequests

.1.3.6.1.4.1.3375.2.1.1.2.1.56

Scalar OID: The total number of HTTP requests.

SysGlobalFastHttpStat

.1.3.6.1.4.1.3375.2.1.1.2.14

Table OID: The system's global Fast HTTP statistics information. These are the roll-ups of all the individual Fast HTTP profiles' statistics.

SysGlobalXmlStat

.1.3.6.1.4.1.3375.2.1.1.2.1

Table OID: The system's global XML statistics information. These are the roll-ups of all the individual XML profiles' statistics.

LtmFastHttpProfile

.1.3.6.1.4.1.3375.2.2.6.12.1

Table OID: A table containing information of Fast HTTP profile.

LtmFastHttpProfileStat

.1.3.6.1.4.1.3375.2.2.6.12.2

Table OID: A table containing statistic information of Fast HTTP profile.

LtmXmlProfile

.1.3.6.1.4.1.3375.2.2.6.13.1

Table OID: A table containing information of XML profile.

ltmXmlProfileStat

.1.3.6.1.4.1.3375.2.2.6.13.2

Table OID: A table containing statistic information of XML profile.

ltmFastL4ProfileTcpCloseTimeout

.1.3.6.1.4.1.3375.2.2.6.5.1.2.1.20

Scalar OID: Number of seconds without traffic before a connection in the FIN received state is eligible for deletion.

ltmFastL4ProfileLooseInitiation

.1.3.6.1.4.1.3375.2.2.6.5.1.2.1.21

Scalar OID: Option to allow any TCP packet to initiate a connection rather than requiring a SYN.

ltmFastL4ProfileLooseClose

.1.3.6.1.4.1.3375.2.2.6.5.1.2.1.22

Scalar OID: Option to aggressively close out a connection by allowing TMM to switch the ltmFastL4ProfileIdleTimeout to ltmFastL4ProfileTcpCloseTimeout once the first FIN packet has been seen.

ltmTcpProfileSelectiveAcks

.1.3.6.1.4.1.3375.2.2.6.10.1.2.1.23

Scalar OID: The state that if true, enable RFC2018 Selective Acknowledgements.

ltmTcpProfileEcn

.1.3.6.1.4.1.3375.2.2.6.10.1.2.1.24

Scalar OID: The state that if true, enable RFC3168 Extended Congestion Notification (ECN).

bigipCompLimitExceeded

.1.3.6.1.4.1.3375.2.4.0.35

The compression license limit is exceeded alert.

ltmHttpProfileCompressCpusaver

.1.3.6.1.4.1.3375.2.2.6.7.1.2.1.27

The state indicating whether CPU saving mode is enable or not when doing compression.

ltmHttpProfileCompressCpusaverHigh

.1.3.6.1.4.1.3375.2.2.6.7.1.2.1.28

The CPU saver high threshold. When CPU utilization exceeds this value, compression is switched to NULL compression.

ltmHttpProfileCompressCpusaverLow

.1.3.6.1.4.1.3375.2.2.6.7.1.2.1.29

The CPU saver low threshold. When CPU utilization drops below this value, compression is switched to full throttle.

[ Top ]


Compiling the real_server monitor plug-in for UNIX and Linux systems

The .iso image for the version 9.0.2 software now includes the source and makefiles for compiling the real_server monitor plug-in for UNIX and Linux systems. The following instructions explain how to access the files you need to compile the plug-in.

  1. Using the .iso image, burn a CD-ROM of the version 9.0.2 software.

  2. On the CD, navigate to the /downloads/rsplug-ins directory.

  3. Copy the F5RealMon.src.tar.gz tarball to the /var/tmp directory on the BIG-IP system.

  4. On the BIG-IP system, change to the /var/tmp directory.
    cd /var/tmp

  5. Untar the F5RealMon.src.tar.gz tarball.
    tar xvzf F5RealMon.src.tar.gz

  6. Change to the F5RealMon.src directory.
    cd F5RealMon.src

  7. To compile the source, use the instructions in the build_unix_note file, in the F5RealMon.src directory. Type ls to view the directory contents.
[ Top ]

Configuring slow ramp time for a pool

The following instructions explain how to configure the new slow ramp time option for local traffic pools, as described in the New features section of this release note. The slow ramp time option specifies a length of time during which a newly enabled pool member receives only a fraction of any new connections to the pool.

To configure slow ramp time using the Configuration utility

  1. In the Main tab, click Local Traffic, and then click Pools.
    The Pools List screen opens.

  2. Click a pool name.
    The properties screen for that pool opens.

  3. In the Configuration box, select Advanced.
    The configuration options expand.

  4. In the Slow Ramp Time box, type the number of seconds.

  5. Click the Update button.
    The system saves the change to the configuration file.
[ Top ]

Using the switchboot utility

Beginning with the version 9.0.2 release, functionality was added to install multiple versions of the BIG-IP software on different slots on one unit. A slot is a portion of a drive with adequate space required for an installation. If the hardware supports multiple slots, you are prompted to install the software on multiple slots during the installation. The BIG-IP 1500 (C36), BIG-IP 3400 (C62), and BIG-IP 6400 (D63) platforms support this functionality.

The switchboot utility is available to manage installations on different slots. You can use the switchboot utility from the command line to select which installed image boots. To run the switchboot utility, type the following command:
switchboot

A list of slots and their descriptions displays. Type the number of the slot you want to boot at startup. When you reboot the system, it starts from the slot you specify.

If there is only one slot available, the switchboot utility displays a message similar to this one and exits.
There is only one slot to choose from: title BIG-IP 9.0.2 Build 18.0 - drive hda.1

Note: Any change you make using the switchboot utility is saved in the boot configuration file, grub.conf.

To use switchboot in non-interactive mode

If you know which slot you want to boot, you can type the following command and specify the slot number for <slot_number>:
switchboot -s <slot_number>

To use switchboot to list available slots and the currently active slot

If you want to list the available slots without specifying a new slot from which to boot, type the following command:
switchboot -l

To list options for switchboot

To list the options for the switchboot utility, type the following command:
switchboot -h

To view the contents of the boot configuration file using switchboot

You can view the complete contents of the boot configuration file (grub.conf) with the following command:
switchboot -d

This command is slightly different from switchboot -l in that -l only lists the slot header lines, while -d displays the complete file.

[ Top ]

Known issues

The following items are known issues found since the 9.0 release. For a complete list of known issues in this release, refer to the BIG-IP version 9.0 Release Notes .

Interface statistics tracking (CR40449)
The system may display erroneous statistics data for interfaces, for example, 4GB of dropped packets on a system that has been running for only an hour.

1500, 3400, and 6400 platforms: SSH session remains open after peer unit is rebooted (CR40503)
When you establish an SSH session between two units on the 1500, 3400, or 6400 platforms, and you reboot the unit to which you established the SSH session, the SSH session remains open until it reaches its timeout.

Using trunks on a BIG-IP 2400 (D44) IP Application Switch (CR40507)
On a BIG-IP 2400 platform, if you connect multiple ports to one switch you may form a bridging loop, which causes the TMM to restart repeatedly. To avoid this issue, enable spanning tree protocol if you connect multiple ports to one switch.

SIP persistence and persist iRule commands (CR40579)
In this release, the persist iRule commands do not support SIP persistence.

Client SSL and Server SSL profiles and time stamps on key or certificate files (CR40677)
The Client SSL and Server SSL profiles currently do not add time stamps to SSL certificate or SSL key files.

When specifying a default route for IPV6, you must specify a destination and netmask (CR40808)
Because the default configuration settings for Network Routes is for IPV4, you must specify both a destination and netmask value if to specify a default route for IPV6. To specify a IPV6 default route, you must first choose a type of route instead of default gateway. Then specify the destination as :: and the netmask as :: to set the appropriate IPV6 default route.

OTCU: Displaying monitors saved at pool level in the Configuration utility (CR40977)
After you run the OTCU to convert your 4.5.X configuration to a 9.0.X configuration, you cannot view the monitors on pool members until after you run the bigpipe load command twice, from the command line. Alternately, you can reboot the system.

SSL client certificate LDAP authentication and using uppercase letters (CR41295)
In the Authentication profile for SSL client certificate LDAP authentication, you must use only lowercase letters in the name of the profile. The system does not recognize uppercase letters in this instance.

SNMP OID ltmVirtualServPool and reporting pool names (CR41587)
A query of the ltmVirtualServPool OID never returns any data despite having pools associated with a virtual server through a rule.

Time zone inconsistency between system time and log files in the Configuration utility (CR41639)
Currently there is an inconsistency between the system time and the time displayed on the log file entries in the Configuration utility. The log file entries in the Configuration utility do not reflect the system's time. You can view the log files from the command line to see the correct time stamp on the log file entries.

Remote upgrades on version 4.5.X software (CR42160)
If you are performing a remote upgrade to version 9.0.2 on version 4.5.X software, you must use the HTTP protocol to transfer the upgrade files. The NFS protocol is not supported at this time.

Configuration utility: case sensitivity in iRule names (CR42312)
In the Configuration utility, the names of iRules are not case-sensitive. If you create two iRules whose names are identical except for the case, the system overwrites the first rule with the second rule. To avoid this issue, use unique names for any iRules that you create.

Excessive Config Sync peer updated log messages (CR42332)
If you enable the Audit log options, and you have a redundant system, the system may generate an excessive amount of log messages related to the Config Sync process.

Installing the software using a PXE server (CR42592)
When you are performing a clean installation of the BIG-IP software using a PXE server, you may see RPM package errors during the installation process. The errors are benign and can be ignored.

Configuration utility: Re-running the Setup Utility and VLAN configuration error messages (CR42790)
When you rerun the Setup Utility and use the Basic Configuration Wizard (which sets up the default internal and external VLANs, the configuration must follow these guidelines. If the configuration violates one of these conditions, you see error messages, and cannot complete the configuration.

  • No more than one non-floating IP may be associated with VLANs named external or internal.
  • No more than one floating IP may be associated with VLANs named external or internal.
  • The self IP addresses associated with the VLANs internal and external must use one of the following port settings: Allow Default, Allow 443, Allow None.
  • If The bigdb variable Statemirror.IPAddr must match the internal self IP.
  • A VLAN group may not be named external or internal.
  • A trunk may not be configured on VLAN external or internal. The default route must be of type Gateway.

MSRDP persistence for session directories bypasses load-balancing (CR42851)
When using session directory MSRDP persistence, the cookie is always present, and the system always hashes it to a pool member. This results in the system not load-balancing.

Using the tcpdump utility and VLANs with trunks (CR42908)
When you run the tcpdump utility on a VLAN that has a trunk configured, the utility does not report any traffic. If you want to see traffic on a VLAN that has a trunk configured, then run the tcpdump utility on the trunk members (interfaces).

The bigpipe route command and self IP link routes (CR42981)
The b route <self_ip address> show command does not display the route for the self IP address. Instead, the command generates an Object not found error.

Using a literal carriage return in a monitor parameter string (CR43128)
The system cannot interpret literal carriage returns in monitor strings that are created by pressing the Enter key. If the string you are creating requires a literal carriage return, type \r\n instead of pressing the Enter key.

Configuration utility: Using the Overwrite existing key or certificate checkbox (CR43155)
When the following conditions exist, the system does not generate an error message, and should:

  • On the Import Keys and Certificates screen, in the Local Traffic > SSL Certificates section of the Configuration utility, you clear the Overwrite existing key or certificate checkbox.
  • You name the key or certificate that you are trying to import with the same name as a key or certificate that already exists on your system.
  • You import the new key or certificate.
    The system does not warn you that you are about to overwrite an existing key or certificate.

 

Archiving SSL keys and certificates (CR43166)
The system does not generate an error if, when you are creating an archive (.tgz) file for SSL keys and certificates, you do not type a name for the archive file.

Cannot create a read-only external data group (class) (CR43305)
Currently, you cannot create an external data group (class) that has read-only access permissions.

Redundant systems and assigning duplicate IP addresses (CR43330)
If you have a redundant system, and on both units you assign the same IP addresses on the internal and external VLANS, the system does not generate an error message, and should. This is not a valid configuration.

Disabled fiber interface continues to pass traffic (CR43355)
When a fiber interface on a 6400 platform is disabled, the interface continues to pass traffic.

Using certain illegal characters in certificate name does not display a warning (CR43365)
When you create an SSL certificate you can use certain special characters, and are warned when you use an illegal character. If you use either an open or close parentheses character ( or ), the Configuration utility does not warn that these are illegal characters. If you use these characters when creating a certificate, the certificate will not save, nor load. If you use special characters when typing a certificate name, ensure that you use only the following special characters: period, asterisk, forward slash, dash, colon, underscore, question mark, equals, at sign, comma, and ampersand (.*/-:_?=@,&).

The system does not preserve license files during a clean installation (CR43489)
If you perform a clean installation of the BIG-IP system, the license files do not carry over to the new installation. You must re-license the system after a clean installation.

Failover and virtual servers with a OneConnect profile, an HTTP profile, and connection mirroring enabled (CR43517)
In a redundant system, if the active unit fails over, and the configuration contains virtual servers with a OneConnect profile, an HTTP profile, and connection mirroring enabled, the failover process does not properly mirror the server-side OneConnect connections to the failover unit.

Changing the virtual server type (CR43546)
If you modify the virtual server type using the bigpipe utility, the Configuration utility may not always display the updated type.

Link activity lights on the BIG-IP 3400 (C62) platform (CR43570)
On the BIG-IP 3400 platform, if you have trunks configured, the link activity lights on the front panel may not properly indicate link activity (turn green).

Configuration utility: Changing the refresh interval on the Preferences screen applies the change only to statistics screens not viewed yet (CR43613)
In the Configuration utility, on the System > Preferences screen, if you change the Default Statistics Refresh interval, view some statistics screens, and then change the Default Statistics Refresh interval again, the system applies the second update only to those statistics screens that you have not viewed yet.

The route advertising daemon (radvd) and special characters in VLAN names (CR43654)
Currently the route advertising daemon (radvd) does not recognize VLAN names that contain dashes or underscores. If you are using the radvd utility, we recommend that you do not use special characters in VLAN names.

Configuration Guide for Local Traffic Management: error in iRules syntax example (CR43689)
In Figure 13.16, on page 13-37, the example syntax for matchclass ($::) is incorrect. The correct syntax is as follows:
if { [matchclass [IP::remote_addr] equals $::aol] } { ... }

The system cannot currently launch a process though email messages (CR43698)
The syslogd function included with the system does not support logging messages to a process.

The bigpipe persist show command and the MSRDP persistence type (CR43699)
When you use the b persist show command to view persistent connections, the command lists the msrdp persistence type as hash.

Serial speed change from SCCP does not propagate to Host (CR43722)
When you change the serial speed from the Host Console Shell (SCCP) command menu, the change is not propagated to the Host motherboard. To work around this issue, always change the serial speed using the following bigpipe command:
bigpipe db serial.console.speed

Using IPv6 addresses and running ConfigSync (CR43832)
Config Sync does not support IPv6 addresses for ConfigSync communications. You must use IPv4 addresses with ConfigSync.

SNMP UDP packets that arrive on the management port exit through a self IP on the system (CR43869)
Underlying architecture issues prevent SNMP UDP packets from returning to the correct requesting address.

Upgrading to version 9.0.3 and statistics on platforms with CompactFlash® drives only (CR44194)
The location for the statsd utility's backup data files has changed in version 9.0.3. As a result, when you upgrade the system from version 9.0.2 to version 9.0.3 using the IM upgrade process, the system generates error logs and the statistics become unusable in the Configuration utility. This happens on platforms that contain only a CompactFlash® drive (no disk drive). You can work around this issue by creating the new directory structure before you run the IM upgrade, as explained in the Updating the statsd utility directory structure workaround, following the Known issues section of this release note.

Node and service messages and SNMP alerts (CR44436)
The BIG-IP system does not trigger node up/down and service up/down alerts on the following events:

Feb 28 09:22:23 fs27lbe000 bigd: 01060002:4: Node address detected UP for 3ffe:81cc:630:2::b monitor icmp.
Feb 28 09:23:09 fs27lbe000 bigd: 01060002:4: Node address detected DOWN for 3ffe:81cc:630:2::b monitor icmp.
Feb 28 09:23:14 fs27lbe000 bigd: 01060001:4: Service detected DOWN for 3ffe:81cc:630:2::b:80 monitor tcp.
Feb 28 09:23:53 fs27lbe000 bigd: 01060001:4: Service detected UP for 3ffe:81cc:630:2::b:80 monitor tcp.

No valid configuration to save error messages during IM upgrade process (CR44854)
When you upgrade the software using the IM package, you may see the following error message:
BIGpipe: 010a0033:3: There is no valid configuration to save.

The message is generated in error; the system does save the configuration, and does not impact the upgrade.

Changes in US and Canada Daylight Saving Time (CR58315)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. The resulting changes are not reflected in this version of the product software. To find out more about this issue, refer to SOL6551: F5 Networks software compliance with the Energy Policy Act of 2005.

[ Top ]

Workarounds for known issues

The following workarounds are related to known issues listed in the previous section of this release note.


Updating the statsd utility directory structure

If you are upgrading a system from version 9.0.2 to version 9.0.3, and the system has only a CompactFlash® drive (no disk drive), then you can use the following workaround to update the directory structure for the statsd utility. See CR44194, in the Known issues section of this release note, for more information about this issue.

Important: You can perform the following workaround either before or after you run the IM upgrade. However, if you choose to apply the workaround after the IM upgrade, you will see several error messages in the log files related to this issue.

  1. Log in as root from a console or SSH session.

  2. From the command line, stop the statsd utility:
    bigstart stop statsd

  3. Create a new directory for the statistics data file backup:
    mkdir -p /shared/rrd.backup

  4. Copy the statistics data file backup to the new directory:
    cp -p /var/shared/rrd.perm/* /shared/rrd.backup

  5. Remove the directories that are no longer be needed after the upgrade.
    rm -f /var/shared/rrd.perm/*
    rm -f /shared/rrd.1.0/*


  6. Restart the statsd utility:
    bigstart start statsd
[ Top ]

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)