Applies To:

Show Versions Show Versions

Release Note: BIG-IP LTM version 9.2.0
Release Note

Software Release Date: 09/28/2005
Updated Date: 12/11/2013

Summary:

This release note documents the version 9.2 feature release of BIG-IP® Local Traffic Manager, Load Balancer Limited, and Application Accelerator. To review the features in this release, see Features in this release. For existing customers, you can apply the software upgrade to systems running BIG-IP version 4.5 PTF-04 through version 4.5.13, and version 4.6 through version 4.6.4, and to systems running version 9.0 and later. For information about installing the upgrade, please refer to Installing the software.

Note: F5 now offers both feature releases and maintenance releases. For more information on our new release policies, please see New Versioning Schema for F5 Software Releases.

Warning: This is a feature release, not a maintenance release. Unless you need specific features that are new to this feature release, please upgrade to the latest maintenance release instead.

Contents:

- Supported browsers
- Supported platforms
- Installing the software
     - Verifying the MD5 checksum of the upgrade file
     - Re-activating the license on the BIG-IP system
- New features in this release
- Optional configuration changes
     - Using SNMP read/write OIDs
     - New SNMP OIDs
     - Using the switchboot utility
- Known issues
- Acknowledgments


Supported browsers

The Configuration utility (graphical user interface) supports the following browsers:

  • Microsoft® Internet ExplorerTM, version 6.X and later
  • Netscape® NavigatorTM, version 7.1, and other browsers built on the same engine, such as MozillaTM, FirefoxTM, and CaminoTM.

Note that we recommend that you leave the browser cache options at the default settings.

Important: Popup blockers and other browser add-ons or plug-ins may affect the usability of the Configuration utility. If you experience issues with navigation, we recommend that you disable these types of browser plug-ins and add-ons.

[ Top ]

Supported platforms

This release applies only to the supported platforms listed below; each one provides all minimum system requirements. This release supports the following platforms:

  • BIG-IP 520 and 540 (D35), for more information, see 520/540 platform support.
  • BIG-IP 1000 (D39)
  • BIG-IP 2400 (D44)
  • BIG-IP 5100 and 5110 (D51)
  • BIG-IP 1500 (C36)
  • BIG-IP 3400 (C62)
  • BIG-IP 6400 (D63)
  • BIG-IP 6800 (D68)

If you are unsure of which platform you have, look at the sticker on the back of the chassis to find the platform number.

[ Top ]

Installing the software

There are several installation options to consider before you begin the version 9.2 software installation. Before you begin the installation process, you need to determine which installation option is appropriate.

Warning:  A valid service contract is required to complete this upgrade.

Warning:  You must reactivate the license on the BIG-IP system you intend to upgrade before you begin the upgrade.

Warning:  You must turn off mirroring before you attempt to upgrade to version 9.2. Mirroring between units with previous versions of the BIG-IP software installed and version 9.2 is not supported.

Important: You are prompted to install the software on multiple boot images if the unit supports the multiple boot option. The BIG-IP 1500 (C36), BIG-IP 3400 (C62), BIG-IP 6400 (D63), and BIG-IP 6800 (D68) platforms support this functionality.

Important: You must perform the installation logged in as root from the management interface (Management) on the BIG-IP system.

Important: We recommend that you run the MD5 checksum on any ISO image or IM upgrade file you download. For information about MD5 checksums, see Verifying the MD5 Checksum of the upgrade file.

Local Installation

PXE Installation

Remote Installation

[ Top ]

Verifying the MD5 checksum of the upgrade file

After you download the installation file and the matching MD5 checksum file, and before you perform the installation, we recommend you test the upgrade file. This verifies that you have downloaded a good copy of the upgrade file. To run the test, type the following commands, where Upgrade9.x.im is the name of the upgrade file you downloaded.

md5sum Upgrade9.x.im
Check the output with the contents of the corresponding MD5 file. If they match, install the file. If they do not match, you should download the file again and repeat the process.

[ Top ]

Re-activating the license on the BIG-IP system

You need to re-activate the license on the BIG-IP system to use some of the new features added in this release.

To re-activate the license on the system

  1. On the Main tab, expand System and click License.

    The License screen opens.
     
  2. Click the Re-activate button and follow the onscreen instructions to re-activate the license.

    For details about each screen, click the Help tab.
[ Top ]

New features and fixes in this release

New features in this release

This release includes the following new features.

Integrated Application Security Module (ASM)
You now have the option to license the TMOS integrated Application Security Module. For more information about the Application Security Module, see the Application Security Module release notes.

520/540 platform support
This release is supported on the 520/540 (D35) platforms. For more information, including memory requirements, see 520/540 Platform: Installing BIG-IP version 9.2 .

End-user diagnostics for hardware
This release contains the end-user diagnostics (EUD) test suite. The EUD provides the ability to diagnose hardware related problems on the 1500 (C36), 3400 (C62), 6400 (D63), and 6800 (D68) platforms. For more information, see End-User Diagnostics: Field Testing Hardware .

Statistics Profile
The Statistics profile provides user-defined statistical counters. Each profile contains 32 fields (Field1 through Field32), which define named counters. Using a Tcl-based iRule command, you can use the names to manipulate the counters while processing traffic. For more information, see Chapter 5, Understanding Profiles, in the Configuration Guide for Local Traffic Management.

Fixes in this release

Configuration utility: application error on New Profile screen (CR54321)
We have corrected a major application error that occurred when you clicked the Next button on the Create New Profile screen.

[ Top ]

Optional configuration changes

Once you have installed the software, you can use any of the following configuration options to update your configuration.

Using SNMP read/write OIDs

You can use the following SNMP OIDs in read/write mode. However, SNMP is not intended to be used as a general API for configuring the BIG-IP system. You can use the following SNMP OIDs in read/write mode.

OID Name OID Value
ltmVirtualServEnabled Enable/disable virtual server
ltmVirtualAddrEnabled Enable/disable virtual address
ltmNodeAddrNewSessionEnable Enable/disable node address
ltmNodeAddrMonitorState Force up/down node address
ltmPoolMemberNewSessionEnable Enable/disable pool member
ltmPoolMemberMonitorState Force up/down pool member
[ Top ]

New SNMP OIDs

The version 9.x releases often include SNMP OID updates related to new functionality. See the document, New SNMP Objects for a complete list.

[ Top ]


Using the switchboot utility

Beginning with the version 9.0.2 release, functionality was added to install multiple versions of the BIG-IP software on different boot images on one unit. A boot image is a portion of a drive with adequate space required for an installation. If the hardware supports multiple boot images, you are prompted to install the software on multiple boot images during the installation. The BIG-IP 1500 (C36), BIG-IP 3400 (C62), BIG-IP 6400 (D63), and BIG-IP 6800 (D68) platforms support this functionality.

The switchboot utility is available to manage installations on different boot images. You can use the switchboot utility from the command line to select which installed image boots. To run the switchboot utility, type the following command:
switchboot

A list of boot images and their descriptions displays. Type the number of the boot image you want to boot at startup. When you reboot the system, it starts from the slot you specify.

If there is only one boot image available, the switchboot utility displays a message similar to this one and exits.
There is only one boot image to choose from: title BIG-IP 9.2.0 Build 167.4 - drive hda.1

Note: Any change you make using the switchboot utility is saved in the boot configuration file, grub.conf.

To use switchboot in non-interactive mode

If you know which boot image you want to boot, you can type the following command and specify the boot image number for <bootimage_number>:
switchboot -s <bootimage_number>

To use switchboot to list available boot images and the currently active boot images.

If you want to list the available boot images without specifying a new boot image from which to boot, type the following command:
switchboot -l

To list options for switchboot

To list the options for the switchboot utility, type the following command:
switchboot -h

To view the contents of the boot configuration file using switchboot

You can view the complete contents of the boot configuration file (grub.conf) with the following command:
switchboot -d

This command is slightly different from switchboot -l in that -l only lists the boot image header lines, while -d displays the complete file.

[ Top ]

Known issues

The following items are known issues in the current release.

1500, 3400, and 6400 platforms: SSH session remains open after peer unit is rebooted (CR40503)
When you establish an SSH session between two units on the 1500, 3400, or 6400 platforms, and you reboot the unit to which you established the SSH session, the SSH session remains open until it reaches its timeout.

Using trunks on a BIG-IP 2400 (D44) IP Application Switch (CR40507)
On a BIG-IP 2400 platform, if you connect multiple ports to one switch, you may form a bridging loop, which causes the TMM to restart repeatedly. To avoid this issue, enable spanning tree protocol if you connect multiple ports to one switch.

SIP persistence and persist iRule commands (CR40579)
In this release, the persist iRule commands do not support SIP persistence.

Client SSL and Server SSL profiles and time stamps on key or certificate files (CR40677)
The Client SSL and Server SSL profiles currently do not add time stamps to SSL certificate or SSL key files.

When specifying a default route for IPV6, you must specify a destination and netmask (CR40808)
Because the default configuration settings for Network Routes is for IPV4, you must specify both a destination and netmask value to specify a default route for IPV6. To specify a IPV6 default route, you must first choose a type of route instead of default gateway. Then specify the destination as :: and the netmask as :: to set the appropriate IPV6 default route.

OTCU: Displaying monitors saved at pool level in the Configuration utility (CR40977)
After you run the OTCU to convert your 4.5.x or 4.6.x configuration to a 9.x configuration, you cannot view the monitors on pool members until after you run the bigpipe load command twice, from the command line. Alternately, you can reboot the system.

Configuration utility: Re-running the Setup Utility and VLAN configuration error messages (CR42790)
When you rerun the Setup Utility and use the Basic Configuration Wizard (which sets up the default internal and external VLANs), the configuration must follow the following guidelines. If the configuration violates one of these conditions, you see error messages, and cannot complete the configuration.

  • No more than one non-floating IP may be associated with VLANs named external or internal.
  • No more than one floating IP may be associated with VLANs named external or internal.
  • The self IP addresses associated with the VLANs internal and external must use one of the following port settings: Allow Default, Allow 443, Allow None.
  • The bigdb variable Statemirror.IPAddr must match the internal self IP.
  • A VLAN group may not be named external or internal.
  • A trunk may not be configured on VLAN external or internal. The default route must be of type Gateway.

Using a literal carriage return in a monitor parameter string (CR43128)
The system cannot interpret literal carriage returns in monitor strings that are created by pressing the Enter key. If the string you are creating requires a literal carriage return, type \r\n instead of pressing the Enter key.

Redundant systems and assigning duplicate IP addresses (CR43330)
If you have a redundant system, and on both units you assign the same IP addresses on the internal and external VLANS, the system does not generate an error message, and should. This is not a valid configuration.

Failover and virtual servers with a OneConnectTM profile, an HTTP profile, and connection mirroring enabled (CR43517)
In a redundant system, if the active unit fails over, and the configuration contains virtual servers with a OneConnect profile, an HTTP profile, and connection mirroring enabled, the failover process does not properly mirror the server-side OneConnect connections to the failover unit.

Link activity lights on the BIG-IP 3400 (C62) platform (CR43570)
On the BIG-IP 3400 platform, if you have trunks configured, the link activity lights on the front panel may not properly indicate link activity (turn green).

Configuration utility: Changing the refresh interval on the Preferences screen applies the change only to statistics screens not viewed yet (CR43613)
In the Configuration utility, on the System > Preferences screen, if you change the Default Statistics Refresh interval, view some statistics screens, and then change the Default Statistics Refresh interval again, the system applies the second update only to those statistics screens that you have not viewed yet.

Attempting to use bigpipe immediately following the bigstart restart (CR44091)
After you run the bigstart restart command, the BIG-IP system takes a minute to initialize. If you run this command, you should wait at least a minute for the system to re-initialize before running additional bigpipe commands.

The BIG-IP system caches unreachable IPv6 destinations regardless of IPv6 route updates (CR44109)
A problem may occur where the BIG-IP system caches an unreachable IPv6 destination. This problem might occur if you add the wrong default route, delete it, and change to the correct route, only to find traffic fails to reach the destination.

Using the discard option during the upgrade process (CR44129)
The discard option does not remove the boot entry for the discarded installation from the grub.conf file. This means that installations that you have discarded may appear as options on the grub.conf list at boot time. The system cannot boot to a discarded installation, even if it appears on the grub.conf list at boot time.

FTP data channel with Layer 7 FTP connections and non-equal MTUs (CR44165)
Non-equal MTUs may cause Layer 7 FTP connections to stall. If you are using a switch to negotiate the MTU with the BIG-IP system, this is not likely to happen.

Fast L4 profile: Reset on timeout disable and the idle timeout value (CR44261)
Changing the Reset value on the timeout option to disable appears to change the idle timeout value. However, this affects only the value displayed by the system, not the system setting and the functionality of the system.

Configuration utility: Deleting floating IP addresses and non-floating IP addresses (CR44297)
In the Configuration utility, we recommend that you always delete floating IP addresses before you delete non-floating IP addresses.

IPv6: Transparent monitors(CR44388, CR44407, CR44408)
The current IPv6 implementation does not support transparent monitors.

Allowing specific UDP ports (CR44590)
You cannot add a specific UDP port to the allow list that includes the allow default setting. To add specific UDP ports to the allow list, remove the allow default setting and add each UDP port you want to add to the allow list.

Supported MTU for BIG-IP systems and IPv6 (CR44733)
The minimum supported MTU for BIG-IP system using IPv6 is 1280.

Error when swapping RADIUS server keys during a re-load after swapping the server IP addresses (CR44769)
You may see an error when you attempt to swap RADIUS server keys during a configuration reload. You can work around this problem by unconfiguring one of the servers before redefining the other.

Various benign error messages on system during an upgrade (CR44783)
You may see various benign error message when you upgrade the system. These errors are harmless.

Brackets in commented sections of rule syntax (CR44839)
Brackets in commented sections of rule syntax are counted in the bracket count. We recommend that you balance the brackets in the comments.

NAT and ICMP (CR44849)
Currently, NATs do not forward ICMP packets.

Configuration utility: Load Balancer Limited and the Fast L4 profile (CR44866)
The BIG-IP Load Balancer Limited product does not provide the ability to create or edit a Fast L4 profile.

Restoring a configuration and overwriting SSH keys (CR45173)
UCS files back up and restore host and root SSH keys, but there are many situations where these keys are stale, and break communications with the SCCP host subsystem.

Validating routes (CR45212)
Currently the system does not fully validate route configurations, and it is possible to add a route to the configuration for which the gateway router is on the destination network.

D39 platform and lock-ups of the host subsystem when transferring large files (CR45269)
On certain D39 platforms, the host subsystem locks up when the system is processing large file transfers. This is a result of a bad BIOS on the motherboard. To verify that your platform is affected, and to update the BIOS, contact Technical Support.

Using automatic licensing and errors in the Configuration utility (CR45369)
In the Configuration utility, when you select Automatic option for licensing, if the system cannot communicate with the F5 Licensing Server, the system generates a major application error. To work around this issue, close the current browser session, open a new session, and select the Manual option instead. Note that this happens only in rare instances.

Display discrepancies between Configuration utility and bigpipe for SSL profile setting (CR45537)
On the SSL Profile screen, select the Renegotiate Period option and leave it at the default setting, Indefinite. When you view the same setting in the bigip.conf file, you see this number, 138635524 (which equates to 4.396 years), instead of indefinite.

Application Accelerator: Logging options display for unavailable features (CR45546)
In the Configuration utility, on the System > Logs > Options screen, you see logging options for the Packet Velocity ASIC. This feature is not available on the Application Accelerator product.

Acceptable characters in SSL certificate names and common names (CR45721, CR45722)
If you create a certificate name or common name that uses invalid characters (for example asterisk, comma, question mark, exclamation, forward slash, ampersand), the system generates an error message that is incorrect. The error message states that these characters are valid, however the only acceptable characters are alphanumeric characters, hyphen, and underscore.

Generating SSL certificates and keys and Configuration utility errors (CR45725)
If you try to generate an archive file for SSL certificates and keys, and you do not type a name for the file, the system generates an error. If you then add a name and click the Generate and Download button, the system saves the file but the Configuration utility remains in the error state. Simply click Cancel after you have saved the file, which returns you to the SSL Certificate list screen.

Empty list notation in iRules in the Configuration utility (CR45767)
In the Configuration utility, on the iRules screen, you can currently specify an empty list with the following notation: {}. The configuration does not load properly with this syntax (no space between the braces). The correct syntax is as follows: { }. Note that the space is required.

Importing non-FIPS keys into a FIPS system (CR45853)
If you import non-FIPS keys to a FIPS system, and then convert the non-FIPS keys to FIPS keys, the system continues to use the non-FIPS keys until you restart the TMM process. You can perform this task from the command line, by typing bigstart restart.

The radvd utility and restarting or rebooting the system (CR45882)

In rare circumstances, the radvd utility may start too early when you restart or reboot the system. As a result, the utility does not properly advertise routes. If you experience this issue, simply restart the radvd utility, on the System > Services screen in the Configuration utility.

IM upgrades and modprobe dependencies error messages (CR45885)
When you upgrade your system using the IM upgrade process, you may see the following error message when the system starts the automatic reboot, after the installation completes:
modprobe: Can't open dependencies file
The error is benign, and can be ignored.

IM upgrades and kernel journalling error messages (CR45970)
When you use the IM upgrade process, you may see kernel journalling error messages on the console after the installation completes. The error messages are benign and can be ignored.

Benign error message when network booting from CD image (CR45998)
You may see the following benign error message when you boot the BIG-IP system from the CD image:

msg insmod e100: no module by that name found

Creating vlans with period in the name (CR46028)
Using the sysctl -a command prints the /proc/sys file system. This command displays the information about each file under the tree as if it were a variable separated by period (.). It also translates the forward slash (/) into a period. When you create a VLAN with a period in the name, sysctl translates that into a forward slash (/), but then cannot read the file name it just created.

Configuration utility: white space in imported certificates (CR46150)
Currently, white space in imported certificates is not handled correctly. Certificates with extra whitespace after the begin certificate or before the end certificate statements are rejected.

Virtual Server - No Nodes Available trap and log message (CR46596)
The No Nodes Available trap and log message do not exist in BIG-IP version 9.x. Currently, when all nodes in a virtual server are marked down, a message is logged for each pool member of the virtual server. For example, you might see a message like this for each member of a pool on the virtual server:

Mar 24 09:01:00 bip6400 mcpd[864]: 01070638:3: Pool member 10.10.10.40:80 monitor status down.

BIG-IP system behavior when the product license expires (CR46636)
Currently, when the product license expires on the BIG-IP system, it does not fail over to a peer system with an active valid license.

Creating a wildcard virtual server without the virtual address entry (CR46657)
If you create a wildcard virtual server without a virtual address entry (0.0.0.0) with ARP disabled, ARP is set to enabled when the configuration is saved. After you create the wildcard virtual server, you can change the ARP setting back to disabled.

Forcing speed and duplex settings on the management interface (CR46765)
Currently, you cannot force the speed and duplex settings on the management interface. The only supported setting is autonegotiate.

Changing an existing pool into a gateway failsafe pool (CR46870)
To change an existing pool into a gateway failsafe pool, you must first delete the existing pool and recreate it as a gateway pool type.

bigtop utility and failover (CR47361)
If you are running the bigtop utility on an active unit, and then the system fails over, you need to restart bigtop to refresh the bigtop statistics.

SSL certificates: native serverssl stack does not support client-side certificates (CR47702)
When using Server SSL (SSL re-encryption) and the node requests a client certificate, the BIG-IP system does not send a client-side certificate. To work around this issue, specify ALL as the cipher in the server SSL profile.

bigpipe: syntax for adding a pool member (CR 47907)
To add a member with a connection limit to an existing pool requires two commands. Use one command to add the member and the other to add the connection limit, like this:

b pool poolname member 10.0.0.5:80 add
b pool poolname member 10.0.0.5:80 limit 5000

SSL session ID persistence breaks on re-handshake (CR 48114)
Session ID persistence is unaware of mid-connection renegotiations. This may cause new persistence entries not to be added for a new session ID if there are any negotiated in the middle of a connection.

Trailing whitespace on Tcl if statement and line continuation of else (CR 48213)
Any trailing whitespace in a Tcl statement breaks the line continuation of the rule statement. To avoid this problem, remove any whitespace at the end of each line of the Tcl statement.

Deleting select ports from a multi-port mirror configuration (CR 48376)
You cannot delete select ports from a multi-port mirror configuration. You must delete the entire multi-port mirror configuration and reconfigure it with a new port list.

LCD reports active while the command line prompt states the system is inoperative (CR 48409)
The LCD can report only three types of system status: Active, Standby, or Standalone. If the system is in a different state, it may not be reported on the LCD screen.

RADIUS: white space in the client ID (CR 48453)
Blank spaces in RADIUS client IDs are not supported. Any part of the ID that appears after the blank space does not display correctly.

Configuring multiple RADIUS server objects that use the same server IP address and port (CR 48464)
You cannot configure multiple radius server objects that share the same server IP address and port.

Loading large external classes (CR 48489)
Loading an external class file with more than 100,000 kilobytes of data may cause the system to become unstable.

TCP::collect implicitly holds the accepted event (CR 48592)
The TCP::collect command is not appropriate for some protocols where the server sends data first, such as banner protocols.

Support for link down time on failover (CR48728)
For BIG-IP 520/540 (D35) systems that make use of VLAN groups, the Link Down Time on Failover feature is unsupported

BIG-IP system now uses UTC time for hardware (CR48737)
After upgrading the system from BIG-IP version 9.1, you may receive timestamp errors when you install a saved BIG-IP version 9.1 UCS file. These errors are benign. The system clock will correct itself.

Using the base FastHTTP profile (CR49182)
Once you configure the BIG-IP system to use the base FastHTTP profile, the profile continues to prime server-side connections, even if there are no virtual servers currently configured to use the FastHTTP profile.

Misconfigured iRule can cause TMM to restart (CR49375)
If an iRule is not configured to use the variable name form to access the class or data group (matchclass or findclass), then TMM restarts.

Checking product version when licensing features. (CR49435)
When you request licensing for additional modules, the license server does not check that you are running a product version that supports those modules.

Using the FastHTTP profile header insert option (CR49530)
The FastHTTP profile's header insert option does not perform a variable expansion in its configured header insert. For example, [IP::client_addr] is inserted literally. Although this is inconsistent with the HTTP profile, this was done to increase HTTP performance. To configure the FastHTTP profile to insert the original client IP address as a standard XForwarded-For header value, modify the FastHTTP profile and enable the XForwarded-For header option. Additionally, FastHTTP supports the HTTP_REQUEST iRule event as well as the HTTP::header insert rule command, which you can use to insert arbitrary HTTP headers.

Timestamps displayed during upgrade (CR49977)
When booting the system after an upgrade, the system might show timestamps for future dates. These dates can be ignored.

Mirroring data between units in a redundant pair (CR50330)
If the configurations for both units in a redundant system do not match, it can cause state mirroring to fail and result in general system instability.

Deleting system authorization iRules (CR50407)
You cannot delete system authorization iRules. If you attempt to use the delete checkbox next to a system authorization iRule in the iRule List, you receive an error.

Creating VLANs with dashes ( - ) in the name (CR50441)
The Linux router advertisement daemon (radvd) cannot process an interface name containing a dash ( - ). To avoid errors, verify that the VLAN name, on which radvd is enabled, does not contain dashes.

Exporting SSL Keys on a BIG-IP 6400 FIPS system (CR50553)
If you attempt to export a non-FIPS SSL Key on a BIG-IP 6400 FIPS system, BIG-IP system returns a Cannot export FIPS keys error. There is no workaround.

Installing BIG-IP version 9.2 on a system with an unformatted boot drive (CR50733)
When installing BIG-IP version 9.2 on a system that contains a boot drive that has not been formatted, or was formatted by an installation of BIG-IP version 4.x, the BIG-IP system returns the following error: 4.x upg : sfdisk: ERROR: sector 32164 does not have an msdos signature. This message is benign and has no affect on the installation.

Loading a new BIG-IP configuration (CR50872)
If you try to load a new configuration that eliminates a network object referenced by another network object in the previous (currently-loaded) configuration, BIG-IP returns an error. To work around this issue, remove from the previous configuration the reference to the object that is eliminated in the new configuration, and then load the new configuration. For example, if in the previous configuration a VLAN is referenced by a VLAN group, and that VLAN does not exist in the new configuration, you must remove from the VLAN group the reference to the eliminated VLAN, before you load the new configuration.

Maximum header size (CR50924)
The BIG-IP system resets a connection it receives in a packet with a segment size higher than the maximum header size, when the maximum header size is set to a value that is less than the maximum segment size (MSS). The BIG-IP system resets the connection under these conditions, even if the packet contains some or all of the body.

ICMP flows (CR51133)
The VLAN failsafe process generates multiple ICMP flows in a 300-second period. These ICMP flows are benign.

Licensing a system that was upgraded from BIG-IP system version 4.6.2 (CR51472)
After you upgrade the BIG-IP system from version 4.6.2 to 9.2 and open the Configuration utility to license the new system, the License screen fails to automatically display the 9.2 registration key. If this occurs, populate the registration key field manually.

Preferred active status and long-lived mirrored connections (CR52003)
If you reboot a BIG-IP unit that has preferred active status enabled (Failover.ForceActive=enabled), the peer unit does not continue to mirror the existing long-lived mirrored connections while the preferred active unit is inactive. This results in dropped long-lived mirrored connections.

The b global stats reset command (CR52004)
The b global stats reset command does not reset the following statistics: PVA assisted connections, HTTP requests, OneConnectTM, and Stream replacements.

Remote RADIUS authentication (CR52073)
When you configure the system to use remote RADIUS authentication, the system also authenticates local users. This is by design.

Display of additional SSL TPS in Configuration utility (CR 52164)
The License screen within the Configuration utility does not display the correct amount of additional SSL TPS licensed for that system.

Modification of destination address for custom transparent monitor (CR 52255)
After creating a custom monitor with Transparent mode set to Yes, you cannot modify the Alias Address and Alias Service Port properties.

Harmless progress messages during product installation (CR 52337)
If you initiate the Installer application using a local-install im package, some of the progress messages might incorrectly refer to a remote installation process, that is, one that requires an installation server. For example, the output of the boot loader application might temporarily list the entry remote-install-<x>. Although incorrect, these references to a remote installation are harmless.

TX/RX pause link negotiation (CR52459)
TX/RX pause negotiation of links is not available on 520/540 (D35) platforms.

Error message regarding externally-stored classes when loading configuration data (CR 52507)
If you are running the One-Time Conversion Utility (OTCU), and a UCS file includes an externally-stored class with a line containing an invalid netmask (such as 255.25.255.0), the bigpipe utility reports an error. In this case, you must find the external file, manually correct the error, and reload and save the configuration data.

Redefining routes when assigning a MAC masquerade address for a VLAN (CR 52602)
When you assign a MAC masquerade address to an existing VLAN, Linux automatically drops any existing static routes pertaining to the interfaces associated with that VLAN. To correct this problem, redefine the static routes using the bigpipe route command, or run the bigstart restart command.

Mirroring connections to IPv6 nodes (CR 52696)
When mirroring connections to a load balancing pool that contains both IPv4 and IPv6 pool members, only the connections to IPv4 nodes are mirrored. Connections to IPv6 nodes are not mirrored.

Resetting ephemeral statistics (CR 52968)
When you reset statistics for a virtual server, the system does not reset ephemeral statistics. As a result, FTP virtual servers and other virtual servers using ephemeral listeners still show values in the output of the bigpipe virtual command, after resetting virtual server statistics.

Changing the terminal baud rate setting (CR 53026)
When performing a PXE boot, you must change the terminal baud speed setting back to 19200.

Mirrored connections for SIP persistence (CR 53039)
Session Initiation Protocol (SIP) persistence does not work for mirrored connections when failover occurs.

Dropping the SX link for a fiber interface (CR53045)
On certain platforms, the SX link is not dropped when a fiber interface is disabled. As a result, the Configuration utility can report the interface as UP even though the interface is actually disabled.

Timeout values for SNAT pool members (CR 53064)
When adding a member to a SNAT pool, the system removes the timeout values that are currently set for the other members of the SNAT pool.

No warning about upgrade of the Load Balancer Limited, Firewall Load Balancer, and Cache Load Balancer products (CR53121)
When upgrading the system from version 4.6.X to 9.2, the system should provide a warning message indicating that the upgrade does not support these products.

Trunk destabilization when loading configuration data (CR 53181)
Reloading configuration data can temporarily destabilize any existing trunks, causing random trunk messages to appear. The trunks eventually return to normal.

Using the trunk command on the BIG-IP 6800 platform (CR53254)
On a 6800 (D68) platform only, when using the bigpipe trunk command to create a trunk, the trunk can fail to pass traffic after you add the first interface to the trunk. To fix the problem, type the following command: bigstart restart bcm56xxd

Behavior when attempting to load a non-existent configuration file (CR 53396)
When you type the command bigpipe load <filename>, the system reloads the full configuration if the specified file does not exist, and does not generate an error message.

Hardware acceleration: virtual servers with mixed software and hardware acceleration attributes (CR53440)
In certain configurations, a virtual server with software and hardware acceleration attributes does not use hardware acceleration (none). To make use of hardware acceleration in this situation, we recommended that you create distinct pools for each virtual server type.

Erroneous HTTP profile setting for virtual servers (CR53645)
On the Configuration utility screen for creating a forwarding type of virtual server, the utility erroneously displays the HTTP Profile setting. You can ignore this setting.

Global Traffic Management as an Early Access feature on D35 platform (CR53674)
On a D35 platform, the global traffic management (GTM) feature is an Early Access (EA) feature. This EA information is not displayed when upgrading from BIG-IP system version 4.X to version 9.2 on a D35 platform.

End User Diagnostics menu item is unavailable after installing version 9.1 (CR53894)
After installation, the End User Diagnostics (EUD) menu item is unavailable. The absence of this menu item does not affect product performance.

Clone pools are not demoted (CR53948)
Clone pools are not accelerated with hardware acceleration.

Changing rule order or priority on virtual servers may destabilize the system (CR54042)
Changing the order of two rules referenced by the same virtual server and reloading the configuration may destabilize the system. In some cases, the symptoms may be unexpected log messages, connection closures, or TMM crashes. Restarting the TMM clears such conditions.

The user interface does not allow you to install an encrypted ucs when the config.encryption flag is set to off (CR54052)
If you disable encryption, you will be unable to install an encrypted ucs file into the system. This issue is resolved by activating the encryption option, and then installing the file.

When rotating log files, the Tomcat service must restart (CR54081)
In the event that the destination for Tomcat log files becomes full, the system automatically rotates log files to ensure that the most recent data is captured. However, Tomcat requires a restart each time it rotates a log file. This issue is resolved by ensuring there is adequate hard disk space for Tomcat, or by archiving log files on a scheduled basis.

User interface cannot install ucs files using special characters (CR54141)
When creating a ucs file, the command-line interface allows you to include special characters. However, these characters are not supported in by the Configuration utility, resulting in the Configuration utility being unable to install the ucs file. This issue is resolved by avoiding special characters when creating ucs files.

The option, Other External User Role is not synchronized across multiple systems (CR54207)
When you assign a value to the Other External User Role option to one system, that value does not overwrite the default value on another system if that system has remained with the default value, No access. You can resolve this issue logging into the additional systems and modifying the value manually.

Config sync user roles remain configurable (CR54267)
If you remove a config sync user through the graphical user interface and do not remove that user as a config sync user, user access errors result. You can resolve this issue by not modifying a config sync user's role until you first remove them as a config sync user.

Server profiles page shows a limited number of actual server profiles (CR54322)
The Server Profiles page bases its display on the number of Client SSL profiles. This results in a limited number of server profiles appearing on the page. For example, if you have 5 Client SSL profiles, you would see a maximum of 10 Server SSL profiles. If you have more than 10 Server SSL profiles, you can view them through the command line interface.

Link down time during failover (CR54343)
When failover occurs, the duration of the active-to-standby transition can take longer than expected. For this reason, we recommend you assign the following values to the Failover.Standby.LinkDownTime and Failover.NetTimeoutSec big db variables, depending on whether you want to use the Standby Link Down Time feature:

If you require the Standby Link Down Time feature:

  • Failover.Standby.LinkDownTime = 1
  • >Failover.NetTimeoutSec = 5

If you want to do not require the Standby Link Down Time feature:

  • Failover.Standby.LinkDownTime = 0
  • >Failover.NetTimeoutSec = 3

ZebOS and MD5 interoperability (CR54440)
On systems running both the ZebOS module and MD5, a race condition can occur when using the MD5 signature settings within a TCP profile. We recommend that you refrain from using the MD5 signature settings within a TCP profile.

Enabling or disabling ConfigSync encryption (CR54446)
If you previously enabled encryption of configuration synchronization data and want to disable it using the Configuration utility, make sure that you first disable encryption using the Encryption setting on the ConfigSync screen. Then use the Preferences screen to set the Archive Encryption setting to Off. Doing these steps in this order prevents the occurrence of unexpected encryption behavior.

L7 mirrored connections are not re-mirrored after reboot and failover (CR55926)
If the active unit in a redundant system reboots, the standby unit goes active and handles any established connections that were mirrored. However, when the previously active box comes back up, it does not re-synchronize the state for the mirrored connections. This means that the mirrored connections are lost in a subsequent failure or a forced fail-back. This does not affect connections that end before the second reboot and failover. Also, this does not apply to Fastl4 profiles.

Swiftcurrent platforms: SSL handshake resume and OCSP and Client Certificate LDAP authentication (CR54511)
If you have one of the following platforms, and you are using OCSP or Client Certificate LDAP authentication, you should not install this version of the BIG-IP software.

  • BIG-IP 1000 (D39)
  • BIG-IP 2400 (D44)
  • BIG-IP 5100 and 5110 (D51)

Changes in US and Canada Daylight Saving Time (CR68781)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. The resulting changes are not reflected in this version of the product software. To find out more about this issue, refer to SOL6551: F5 Networks software compliance with the Energy Policy Act of 2005.

[ Top ]

Acknowledgments

This section lists acknowledgments for software added in this release.

This product includes software developed by Balázs Scheidler <bazsi@balabit.hu>, which is protected under the GNU Public License.

This product includes software developed by Niels Müller <nisse@lysator.liu.se>, which is protected under the GNU Public License.

[ Top ]

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)