Applies To:

Show Versions Show Versions

Release Note: BIG-IP LTM version 9.4.0 and TMOS
Release Note

Software Release Date: 12/19/2006
Updated Date: 02/08/2011


This release note documents the version 9.4 feature release of the BIG-IP Local Traffic Manager and TMOS. To review the features introduced in this release, see New features in this release. For existing customers, you can apply the software upgrade to 9.2.x and later. For information about installing the software, please refer to Installing the software.

Note: F5 now offers both feature releases and maintenance releases. For more information on our new release policies, please see SOL2965: New Versioning Schema for F5 Software Releases.

Warning: This is a feature release, not a maintenance release. Unless you need specific features that are new to this feature release, please upgrade to the latest maintenance release instead.


- User documentation for this release
- Minimum system requirements and supported browsers
- Supported platforms
- Installing the software
     - Performing a Windows hosted installation
     - Performing a USB mass storage device installation
     - Performing a local installation
     - Performing a PXE server installation
     - Performing a remote installation
     - Verifying the MD5 checksum of the installation file
- New features in this release
     - New features
- Known issues
- Contacting F5 Networks

User documentation for this release

In addition to these release notes, the following user documentation is relevant to this release.

You can find the product documentation and the solutions database on the Ask F5 Technical Support web site.

Minimum system requirements and supported browsers

The minimum system requirements for this release are:

  • Intel® Pentium® III 933MHz processor
  • 512MB CompactFlash® media drive or 1GB disk drive
  • 512MB RAM

The supported browsers for the BIG-IP Configuration utility are:

  • Microsoft® Internet Explorer®, version 6.x
  • Mozilla® Firefox®, version 1.5x
[ Top ]

Supported platforms

This release supports the following platforms:

  • BIG-IP 520 and 540 (D35), for more information, see 520/540 platform support.
  • BIG-IP 1000 (D39)
  • BIG-IP 1500 (C36)
  • BIG-IP 2400 (D44)
  • BIG-IP 3400 (C62)
  • BIG-IP 5100 and 5110 (D51)
  • BIG-IP 6400 (D63)
  • BIG-IP 6800 (D68)
  • BIG-IP 8400 (D84)
  • BIG-IP 8800 (D88)

If you are unsure which platform you have, look at the sticker on the back of the chassis to find the platform number.

[ Top ]

Installing the software

There are several installation options to consider before you begin the version 9.4 software installation. Before you begin the installation process, you need to determine which installation option is appropriate: Windows® hosted, USB mass storage device, local, PXE server, or remote.

Warning: Version 4.5.x or 4.6.x installation. You cannot upgrade directly from BIG-IP version 4.x to 9.4. You must first upgrade to a 9.2.x version. For details about this installation method, refer to the release notes for one of the 9.2.x releases.

Warning:  Version 9.0.x or 9.1.x installation. You cannot upgrade directly from BIG-IP versions 9.0.x through 9.1.x to 9.4. You must first upgrade to a 9.2.x version. For details about this installation method, refer to the release notes for one of the 9.2.x releases.

Warning: A valid service contract is required to complete this upgrade.

Warning: You must reactivate an expired license on the BIG-IP system you intend to upgrade before you begin the installation.

Warning: Once you reactivate the license, make sure to save your configuration. The system does not roll forward unsaved portions of configurations. You can save your configuration by running the command b config save /config.ucs.

Warning: Once you save your configuration, copy the config.ucs file to a secure, remote location. The installation process overwrites the locally maintained UCS file, so you should maintain the UCS file remotely as a recovery strategy in case the upgrade does not perform as you expect. For more information, see SOL2250: Overview of UCS archives.

Warning: You must turn off mirroring before you attempt to upgrade. Mirroring between units with differing versions of the BIG-IP software is not supported.

Important: You are prompted to install the software on multiple boot images if the unit supports the multiple boot option. The BIG-IP 1500 (C36), BIG-IP 3400 (C62), BIG-IP 6400 (D63), BIG-IP 6800 (D68), BIG-IP 8400 (D84), and BIG-IP 8800 (D88) platforms support this functionality.

Important: You must perform the installation from the management interface (Management) on the BIG-IP system.

Important: You should perform the installation on the standby system in a redundant system. If you are satisfied with the results, initiate failover and apply the upgrade to the other unit in the redundant system.

Important: We recommend that you run the MD5 checksum on any ISO image or IM upgrade file you download. For information about MD5 checksums, see Verifying the MD5 Checksum of the installation file.

Performing a Windows hosted installation

Before performing Windows hosted installation, read the following information.

Performing a USB mass storage device installation

Before performing Windows hosted installation, read the following information.

Performing a local installation

Before performing a local installation, read the following information.

Performing a PXE server installation

The procedure for performing a PXE installation depends on the version of the BIG-IP system you area currently running, and whether you have the 520/540 platform.

Performing a remote installation

The procedure for performing a remote installation depends on the version of the BIG-IP system you area currently running.

[ Top ]

Verifying the MD5 checksum of the installation file

After you download the installation file and its associated MD5 checksum file, and before you perform the installation, we recommend you test the integrity of the install file. This verifies that you have downloaded a good copy of the file. To run the test, type the following commands, where is the name of the file you downloaded, and is the name of its associated MD5 checksum file.

If the output from both commands does not exactly match, download the file again. Repeat the download process until the MD5 checksum of the downloaded file exactly matches the text string in the associated .md5 file.

[ Top ]

New features in this release

This release includes the following new features.

New features

This release includes several new features. Some of these features offer new capabilities for managing traffic, while other features offer enhanced security and system performance. For documentation and details for these features, please refer to the User documentation for this release. New features in this release are:

  • USB thumb-drive installation
    This release includes a utility named umdinstall, which formats a USB mass storage device (that is, a thumb drive). When a USB-boot-capable platform such as the 1500 platform is then booted to the thumb drive, a complete product installation can occur from that device.
  • Windows Installer utility
    You can now install the BIG-IP system using the Windows Installer utility.
  • 8800 platform
    The all-new 8800 platform is a high-end, multi-processor system offering performance designed to meet the needs of large enterprise computing environments. For details about this platform see the Platform Guide: 8400 and 8800. For additional deployment information, refer to 8800 Platform: Deployment Considerations.
  • Integration of the WebAcceleratorTM module
    The BIG-IP system now includes the WebAcceleratorTM module. The WebAccelerator module improves site performance while off-loading traffic from origin servers. Installed on your corporate network between your application users and the servers on which your applications run, the WebAccelerator module accelerates the application response to HTTP requests.
  • Clustered-multiprocessing
    Available on the 8400 and 8800 platforms, clustered multi-processing (CMP) is a traffic acceleration feature that creates a separate instance of the Traffic Management Microkernel (TMM) service for each processing unit on the system. Note that CMP is not available on the 6400 or 6800 platform.
  • Administrative partitions
    This release includes a major security enhancement known as administrative partitions. Using this feature, you can group BIG-IP system objects into partitions that you create. Then, by assigning user roles to BIG-IP system user accounts, you can grant or restrict user access to those partitions. Partitions offer a finer granularity of control because you can configure each user account to grant access to some partitions but not others.
  • User roles
    Another important security enhancement in this release is the addition of new user roles. Each new user role grants a different amount and type of access to BIG-IP system objects. The user roles available in this release are: Administrator, Manager, Application Editor, Operator, Guest, and No Access. By configuring each user account, you can assign a user role that matches the work that the user must perform. For example, users with an operator role can enable and disable nodes and pool members only. They cannot create, modify, or delete BIG-IP system objects.
  • HTTP Class profile
    An HTTP Class profile is a configuration tool that you can use to forward traffic to a pool or a URL, based on an examination of traffic headers or content. Use of an HTTP Class profile is an efficient way for the BIG-IP system to classify traffic based on criteria that you specify. Although you can perform these same traffic-classification functions using the iRules feature, using an HTTP Class profile simplifies this process. With an HTTP Class profile, you can specify strings that match host names, URIs, HTTP headers, or HTTP cookies.
  • HTTP and TCP optimization profiles
    The BIG-IP system now includes a set of custom profiles that are already configured to provide the most efficient processing of TCP traffic, as well as to easily compress and cache HTTP responses.
  • New health monitors
    This release includes three new health monitors. The SASP monitor uses the Server/Application State Protocol (SASP) to communicate and verify availability of resources managed through the IBM® Group Workload Manager. The RPC monitor verifies the availability of Remote Procedure Call (RPC) servers using the rpcinfocommand. Finally, the SMB monitor employs Server Message Block (SMB) to verify whether either an SMB/CIFS server or a specific share on that server is available.
  • Enhancements to the MSSQL and Oracle health monitors
    This release includes a new attribute for the MSSQL and Oracle monitors. The new attribute, count, defines the number of times that the system should use a JDBC connection with the database.
  • Enhanced connection mirroring
    To address issues related to mirroring of Layer 3, 4, and 7 connections, this release includes a number of internal enhancements. Some of these enhancements improve the reliability of long-lived connections, the stability of mirrored connections when system resources are minimal, and maintenence for connections associated with mirrored persistence during failover.
  • iControl attribute for virtual server score
    You can now use iControl to affect how Local Traffic Manager and Global Traffic Manager handle connections. Instead of setting a connection limit on a virtual server, and having the system calculate connections per second, you can set a score for a virtual server within iControl.
  • bigpipe shell
    The bigpipe utility now includes an interactive shell that eases the task of typing bigpipe commands. You can invoke this shell by typing the bigpipe shell command at a BIG-IP system prompt. Using the bigpipeshell, you can type any bigpipe command sequence. The bigpipe shell includes several features designed to optimize your use of the bigpipeutility, such as command history and editing, command completion, and command continuation.
  • New HTTP profile settings
    The HTTP profile type includes several new settings that simplify certain traffic-management tasks. These new settings replace the need to write an iRule to perform these tasks. For example, you can now use an HTTP profile to: watch for HTTP traffic and redirect that traffic to HTTPS on the same host, specify error codes for HTTP responses when you want responses with those error codes to redirect the response to a fallback host, and specify headers to allow in HTTP responses.
  • Manual Resume setting for monitors
    The BIG-IP system includes a new attribute for certain monitors called Manual Resume. With the Manual Resume attribute, you can manually designate a resource (such as a node, pool, or pool member) as available, rather than allowing the BIG-IP system to do that automatically. This feature is useful if a monitor detects a resource as up, but you do not want the resource to begin receiving traffic yet.
  • Certificate Revocation List Distribution Point (CRLDP) authentication module
    This release includes a new authentication module for authenticating application traffic. CRLDP is an industry-standard protocol that offers an alternative method for checking a standard certificate revocation list (CRL) to determine revocation status.
  • Restore of factory default settings
    This release includes a script, sys-reset, that resets the configuration of the BIG-IP system to all of the default settings.
  • Passive monitoring of pool members
    The BIG-IP system now includes a feature known as passive monitoring. With passive monitoring, a pool member can be marked down sooner than the customary three successive bigd health check failures. Implementation of this feature requires the use of the iRulesTM feature.
  • Allocation of disk space for the log file
    With this release, you can use the new resize-logFS command line script to adjust the amount of disk space that the system allocates for the log file. You can allocate additional disk space, or decrease the disk space, if necessary.
  • New iRule capability for remote authentication
    When using a remote LDAP server to authenticate application traffic, you can now write an iRule that queries for the user’s group membership, as well as for an indication that the user’s password has expired. Because this data is typically stored in an LDAP tree as name/value pairs, iRules can perform a query for this information.
  • Changes in US and Canada Daylight Saving Time
    The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. The resulting changes have been addressed in this version of the product software. To find out more about this issue, refer to SOL6551: F5 Networks software compliance with the Energy Policy Act of 2005.
[ Top ]

Known issues

The following items are known issues in the current release.

Error messages and system startup (CR31937, CR80048, CR86695)
The system logs a set of benign error messages upon every startup. They occur because the system is requesting that the CompactFlash® media drive perform a Direct Memory Access (DMA) operation, which it is not capable of (a CompactFlash media drive can perform only programmed i/o data transfer operations). The set of error messages appears similar to the following output:

May 20 21:15:31 localhost hda: SILICONSYSTEMS INC 512MB, ATA DISK drive
May 20 21:15:31 localhost hdc: WDC WD800BB-00FJA0, ATA DISK drive
May 20 21:15:31 localhost ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
May 20 21:15:31 localhost ide1 at 0x170-0x177,0x376 on irq 15
May 20 21:15:31 localhost hda: attached ide-disk driver.
May 20 21:15:31 localhost hda: task_no_data_intr: status=0x51 { DriveReady SeekComplete Error }
May 20 21:15:31 localhost hda: task_no_data_intr: error=0x04 { DriveStatusError }
May 20 21:15:31 localhost hdc: attached ide-disk driver.
May 20 21:15:31 localhost hdc: host protected area => 1
May 20 21:15:31 localhost Chose partition table type 1
May 20 21:15:31 localhost Chose partition table type 1
May 20 21:15:31 localhost 3ware 9000 Storage Controller device driver for Linux v2.24.04.007.
May 20 21:15:31 localhost 3w-9xxx: No cards successfully initialized.
May 20 21:15:31 localhost ip_tables: (C) 2000-2002 Netfilter core team
May 20 21:15:31 localhost RAMDISK: Compressed image found at block 0
May 20 21:15:31 localhost VFS: EINVAL err on root device "UUID=e4b20eaa-b187-44b 0-b477-d3bce40166ec" - -22
May 20 21:15:31 localhost VFS: Mounted root (ext2 filesystem).
May 20 21:15:31 localhost EXT3-fs warning: maximal mount count reached, running e2fsck is recommended
May 20 21:15:33 localhost viper: Cavium FIPS non-blocking PCI driver version 2.03


User names are case-sensitive
The BIG-IP system no longer prevents you from creating user names that differ only by case-sensitivity (for example, david and DAVID.) F5 Networks may re-instate case-sensitivity in a future release.

Configuring IPv6 virtual servers (CR40930)
Although Packet Velocity ASIC does not accelerate IPv6 virtual servers, the BIG-IP system includes IPv6 virtual servers in the maximum number of virtual servers that PVA can accelerate (2000).

Trunk configuration on c62 and c62a platform (CR43570)
When the BIG-IP 3400 and 3400 RoHS systems have trunks configured, the activity lights might not display as often as expected, despite data being sent over the trunk members. This is a display issue only. Data is being sent over the trunk members.

Changing a virtual server from one type to another (CR43770)
If you create and configure a virtual server, and then change only the Type attribute of the virtual server, the BIG-IP system might generate an error message. This occurs because the virtual server attributes are different for each type of virtual server. Changing the Type attribute of a virtual server should reset the attributes of the virtual server, including any hidden attributes, but does not. For example, you can create a Performance (Layer4) virtual server, with Connection Mirroring enabled, and a Connection Limit of 100. Then, if you change only the Type attribute of that virtual server to Performance (HTTP), the BIG-IP system hides the Connection Mirroring attribute because the attribute does not apply to a Performance (HTTP) type of virtual server; however, the Connection Mirroring attribute erroneously remains enabled, even though the attribute is hidden, causing the BIG-IP system to display an error. To correct the situation in this example, change the Type of the virtual server back to Performance (Layer4), disable Connection Mirroring, and then change the type of the virtual server back to Performance (HTTP).

Configuring transparent TCP monitors (CR44991)
A TCP monitor in Transparent mode does not send the last ACK, leaving many of its connections open. There is no workaround at this time.

Non-FIPS key import into FIPS system (CR45853)
If you import non-Federal Information Processing Standard (FIPS) keys to a FIPS system, and then convert the non-FIPS keys to FIPS keys, the system continues to use the non-FIPS keys until you restart the Traffic Management Microkernel (TMM) process. You can perform this task from the command line, by running the command b load.

Using COMPRESS::method commands (CR46701)
The iRule command, COMPRESS::method prefer [gzip|deflate], does not work correctly. To set a preferred compression method, create an HTTP profile and set the compression Preferred Method to either gzip or Deflate.

Tcl and trailing white spaces (CR48213)
If you have a trailing white space on a Tcl If statement, the line continuation of the Else statement breaks.

Setting FDB timeout for servers (CR49238)
The forwarding database timeout setting on server appliance platforms is fixed at 5 minutes, regardless of the value of the setting for the bigdb variable, FDB timeout.

Creating static Neighbor Discovery Protocol entries (CR49467)
When you create a static Neighbor Discovery Protocol entry, the bigpipe utility displays the entry as incomplete, and if there is already a non-static entry, the entry is not replaced by the static entry.

Changing object keys (CR50019)
If an object has two or more distinct configuration keys (attributes), you cannot change one of the keys without changing all of the keys. Doing so causes the BIG-IP system to generate an error indicating that the object cannot be found. For example, if you try to rename a VLAN without also changing the VLAN ID, you receive an error. It is also important to note that if you do not change all of the keys prior to upgrading to 9.4, the configuration may fail to load on startup due to the above mentioned error condition.

Changing the priority of an STP bridge (CR51039)
If you change the priority of an STP bridge, the change may cause an unstable STP topology until the new root bridge converges and the maximum age time is reached.

Swapping the tagged status of VLAN members (CR52674)
If you attempt to swap the tagged status of two interfaces that are members of separate VLANs, the connectivity between the VLANs breaks.
The workaround is to delete the members from both VLANs, and then add them to the VLANs again with the revised tag status.

For example, if you have the following configuration:

vlan vlan1 {
interface 1.1
vlan vlan2 {
interface tagged 1.1

You can swap the tagged status of interface 1.1 between vlan1 and vlan2 by first typing the following commands:

bigpipe vlan vlan1 interface 1.1 delete
bigpipe vlan vlan2 interface 1.1 delete

This deletes member 1.1 from each VLAN. Then, to add the members again, use the following commands:

bigpipe vlan vlan1 interface tagged 1.1 add
bigpipe vlan vlan2 interface 1.1 add

Alternately, you can modify bigip_base.conf file, as follows:

vlan vlan1 {
interface tagged 1.1
vlan vlan2 {
interface 1.1

Finally, you must run the bigpipe base load command.

Configuring RAM Cache for an HTTP profile (CR54077)
If you create an HTTP profile that uses the RAM Cache feature, and you configure the URI Caching attribute with an empty URI Exclude List, the BIG-IP system caches data from all URIs. To work around this issue, you can create a data group (class) of cacheable items and use the commands CACHE::enable or CACHE::disable in an iRule, as follows:

class cacheable {
rule ramcache_rule {
if { [matchclass [HTTP::path] ends_with $::cacheable] } {
else {

HTTP/0.9 statistics and application security (CR54221)
In the system statistics, the BIG-IP system reports any HTTP/0.9 requests that it sends to Application Security Manager as HTTP/1.0 requests. The system also reports the responses to those requests as HTTP/1.0 responses.

Standby Link Downtime feature for redundant systems (CR54343)
If the Standby.LinkDownTime bigdb configuration key is set to a value that is much larger than the Failover.NetTimeoutSec configuration key, problems can occur with the system.
For best results, we recommend the following:
When the Standby Link Downtime feature is required:
Set Failover.Standby.LinkDownTime to 1, and set Failover.NetTimeoutSec to 5.
When the Standby Link Downtime feature is not required, use the default settings:
Failover.Standby.LinkDownTime = 0, Failover.NetTimeoutSec = 3

SSL certificate chains and compat ciphers (CR54400)
The SSL certificate chains that the BIG-IP system constructs for compat ciphers do not include the certificates specified by the chain attribute of the SSL profile. Therefore, when the BIG-IP system negotiates a compat cipher, a user may receive warning dialogs when connecting to SSL virtual servers.

Using selective compression iRules (CR54676)
If you add a selective compression iRule to a virtual server, and the virtual server references an HTTP profile with compression enabled, the BIG-IP system ignores the compression-related profile settings, and does not issue a warning or error. There is no workaround for this condition.

Setting media type (CR54835)
When you set the media type on the Ethernet or fiber port of a BIG-IP 8400 system, the link fails momentarily. The workaround is to leave the media setting at its default value of Auto.

Displaying learned routes (CR55554)
When you use the bigpipe route show command, the system displays the routes learned by the ZebOS Advanced Routing Modules as interface routes, instead of as gateway routes.

Media settings on disabled interfaces (CR55857)
You cannot change the media setting on a disabled interface. If you want to change the media setting on an interface that is currently disabled, you must first enable the interface manually, using the bigpipe interface x.x enable command, and then change the media setting. You can then disable the interface again, using the bigpipe interface x.x disable command.

L7 mirrored connections after restart and failover (CR55926)
If the active unit in a redundant system reboots, the standby unit goes active and handles any established connections that were mirrored. However, when the previously active box comes back up, it does not re-synchronize the state for the mirrored connections. This means that the mirrored connections are lost in a subsequent failure or a forced fail-back. This does not affect connections that end before the second restart and failover. Also, this does not apply to Fast L4 profiles.

Assigning persistence profiles to virtual servers (CR56817)
When using the bigpipe utility to create a virtual server to which you assign a persistence profile, you might see a misleading error message. Please refer to the Configuration Guide for BIG-IP® Local Traffic Management for help in creating a virtual server with the appropriate profiles for the type of persistence that you want to configure.

Mirrored connections on certain platforms (CR56874)
On certain platforms, when the active unit of a BIG-IP redundant system with mirrored connections is under heavy load, the send buffer backs up. There is no workaround for this issue.

Using the bigstart restart command (CR56902)
When you restart the system using the bigstart restart command, pool members and nodes that the system marks as active, are not immediately active. It may take 15 seconds or more for the system to bring these objects to an active state.

tcpdump utility and counter increments (CR57457)
If a switch interface drops an ingress packet based on a no-forwarding decision, the relevant drop counter increments correctly only when the interface is utilizing the tcpdump utility.

Transparent HTTPS monitor support (CR57570)
BIG-IP version 9.4 does not support transparent HTTPS monitors. When you create an HTTPS monitor, the Transparent option is not available.

Compat ciphers and SSL renegotiations (CR58838)
If you use the SSL::renegotiate command or renegotiation timers with compat ciphers, the ServerSSL mid-connection renegotiations fail. If you use compat ciphers, we recommend that you avoid using the SSL::renegotiate command or renegotiation timers.

Creating iRules for serverside events (CR58667)
If you create an iRule for a server-side event, such as HTTP_RESPONSE, you must specify the clientside context when specifying the HTTP::disable command.

Alternative to configuring a fallback host (CR59122)
If you configure a fallback host in an HTTP profile, in some cases the BIG-IP system sends a fallback redirection to the client. To work around this issue, create an iRule to designate the correct fallback host.

Renaming a pool by editing the bigip.conf (CR59739)
If you rename a pool by editing the bigip.conf file, and then reload the configuration file using the bigpipe load command, the system stops monitoring all members of the pool. To resume monitoring of the pool members, perform a second load of the configuration file.

Persistence and pool member selection (CR60667)
If you configure cookie persistence, and you use an iRule to select pool members directly, (for example, you use the iRule command pool <name> member <a.b.c.d>), the BIG-IP system does not insert a cookie into the server HTTP response. The result is that the connections do not persist to the selected pool member.

Resetting statistics for trunks (CR60740)
If you use the Configuration utility to refresh trunk statistics, you may receive this error message: An error has occurred while trying to process your request. If you have only one trunk, the system will clear the statistics for the trunk, even if you receive the error message. If you have multiple trunks, the system will clear the statistics for the first trunk, and then you will receive the error message. To view or refresh the trunk statistics, use the following commands:

  • To display trunk statistics use bigpipe trunk <trunk name> show
  • To reset trunk statistics use bigpipe trunk <trunk name> stats reset

VLAN group forwarding (CR61021)
When forwarding packets through a VLAN group, the BIG-IP system performs a route lookup for the destination IP address. If the next hop to the destination is not the VLAN group on which the packet was received, the BIG-IP system drops the packet. There is no workaround for this issue.

Enabling RAM Cache functionality and the WebAccelerator module (CR61475)
When the WebAccelerator module is licensed and enabled on the BIG-IP system, do not enable the RAM Cache feature in an HTTP profile that you associate with a virtual server handling the accelerated traffic. Enabling the RAM Cache feature in this situation can have an adverse effect on that traffic.

Creating Fast HTTP virtual servers (CR62049)
In the Configuration utility, when you select Performance HTTP from the Type field of the New Virtual Servers screen, the Connection Limit field is available; however, any entry you make in that field is invalid and ignored.

System recognizes imported certificates only after a load is performed (CR62066)
If you import a new certificate using the Local Traffic >> SSL Certificates >> Import SSL Certificates and Keys screen of the Configuration utility, you must run the bigpipe load command to load the new certificate. If you do not run the bigpipe load command, the profiles that reference the certificate do not use the new certificate.

System operation with unreachable pool members (CR62101)
If you simultaneously add a new, unreachable member to a pool while removing an existing, available member from the pool, the system might not accurately report pool-member availability. That is, the BIG-IP system correctly marks the inactive pool as down, but might not accurately evaluate the minimum number of available pool members. This can occur because the system does not correctly evaluate the state of the deleted member. To work around this issue, do not add and remove members in the same operation.

Transferring the BIG-IP system installer to a thumb drive (CR62235)
You cannot successfully transfer the BIG-IP system installer from a 3400, 6400, or 6800 system to a Datatraveler II, Model DTI, thumb drive with firmware revision 1.00. To work around this issue, plug the same thumb drive into a system running Microsoft Windows, and then load the BIG-IP system CD into the Windows system. You can now perform the transfer of the BIG-IP system installer (umdinstall.exe) to the thumb drive. You can find umdinstall.exe in the \windows directory of the CD.

Associating default monitors with pools, pool members, or nodes (CR62569)
The default monitors might not function correctly with every pool, pool member, or node, because an attribute necessary for the pool, pool member, or node is not configured in the default monitor. For example, the value of the Receive String setting in the default HTTP monitor is blank. To work around this issue, use the default HTTP monitor to create a new, custom monitor and specify a receive string. Then, you can associate that monitor with the pool, pool member, or node that you want to monitor.

iRules and loading the configuration file (CR62706)
When you use the bigpipe load command, the BIG-IP system sometimes reformats iRulesTM that are specified in the bigip.conf file. Specifically, the system sometimes removes leading comments and blank lines, adversely affecting the readability of iRules in the bigip.conf file.

Using OneConnect with the Cookie persistence profile (CR62806)
If you use a Cookie persistence profile, and Keep-Alives are enabled on the back-end server, you must also configure a OneConnect profile. Otherwise, the BIG-IP system persists Keep-Alive requests to the node to which the first HTTP request in the Keep-Alive session was load balanced, and ignores any subsequent cookie.

Viewing PVA connection statistics (CR62885)
When you use the Configuration utility to view Packet Velocity® ASIC (PVA) statistics for virtual servers, statistics display in the Bits and Packets columns, but the Current, Maximum, and Total columns display zeroes. To view accurate PVA statistics for a virtual server, use the bigpipe utility to run the bigpipe profile virtual <virtual server key> stats show command.

Creating objects that do not reside in partitions (CR63027)
You cannot create an object in a partition, unless it is an object that must reside in a partition. For example, you cannot create a VLAN or a self IP address in a partition.

Using TCP::release and TCP::connect commands (CR63722)
If you use the TCP::release command in a CLIENT_DATA event, and then use the TCP::collect command to collect a specific amount of data, the TMM service becomes unavailable. To avoid this issue, use the TCP::collect command without an argument, and then use logic to determine whether enough data has been collected in the CLIENT_DATA event.

Missing log messages for pool members in certain states (CR63775)
After rebooting the BIG-IP system, the log file does not display pool members that are in the forced down or down waiting man up states.

Disabling the Trunk.Internal.FFP db variable (CR64209)
On the BIG-IP 8400 and 8800 systems, if you set the db variable, Trunk.Internal.FFP, to Disabled, CMP does not work, and traffic across external trunks may stop working.

How deleting a pool impacts a node within the pool (CR64214)
After you designate a server as a node, you can add the node to a pool as a pool member. When you delete the pool, to which you added the node, the node still exists in its original partition. If you attempt to use that node in a different partition, you will receive an error.

Changing the management IP address (CR64230)
If you use the management port of the BIG-IP system to browse to the Configuration utility, and you change the IP address of the management port, you must immediately browse to a page other than the Platform page. Alternately, you can click the Update button before you submit the request to change the management port IP address.

PVA virtual statistics frames display when using the tcpdump utility (CR64545)
When you use the tcpdump utility on an external VLAN, the BIG-IP system displays PVA virtual statistics frames. For example, 0xf6f6 frames. This message is benign.

Reporting SSL validation errors (CR64709)
When the SSL key pairs and certificates for a connection do not match, the BIG-IP system returns this error message: "BIGpipe client SSL profile modification error: 01070317:3 profile clientssl's key and certificate do not match." This is a general message, and it is not specific to the system or circumstance.

System behavior when describing a partition (CR64832)
The system does not support the plus ( + ) or equals ( = ) characters in the Description field of a partition. When you use the plus character, the system replaces it with a space. When you use an equals character, the system deletes the character and removes any content that precedes it. To work around this condition, do not use the plus or equals characters to describe a partition.

Creating and viewing SNATs (CR64876)
SNAT pools reside in partitions. However, SNATs do not reside in partitions. When you use the Configuration utility to create a SNAT pool, the Configuration utility indicates that you are within a partition, and the SNAT pool resides in that partition. When you use the Configuration utility to create a SNAT, the Configuration utility indicates that you are within a partition; however, the SNAT does not reside in the partition.

Deleting partitions (CR65068)
You can delete all partitions except for the Common partition. If you want to use the Configuration utility to delete all of the partitions you have created, access the System >> Partitions screen. Then, click the Select All box (which selects all of the partitions in the list), and be sure to clear the Select box next to Common. If you do not clear the Select box next to Common, the system attempts to delete the Common partition and you receive an error.

Displaying pool information on the command line (CR65288)
If you try to display information about all the members in a set of pools at the same time using the bigpipe pool <name> <name> ... members all show command, the system displays only the members of the first pool in the list. You can display pool information for one pool at a time.

Results of large persistence table (CR65405)
If the persistence table of the BIG-IP system contains too many records, the Configuration utility cannot display the persistence records. If you attempt to retrieve the persistence records on a system with a large persistence table, you will receive a general database error. You can use the bigpipe utility to display, filter, or capture these records using the bigpipe persist.

Using the Configuration utility to make changes to the resolv.conf file (CR65533)
If you use the Configuration utility to make changes to the resolv.conf file, you must restart the HTTP service; only after the restart will an Apache PAM authentication system recognize the changes you made. To restart the HTTP service, use the bigstart restart httpd command.

System reports clock advances (CR65566)
The BIG-IP 8400 system intermittently reports the following message, 01010029:5: Clock advanced by XXXX ticks. This message is benign.

Using the listen rule command (CR65899)
When using the listen rule command, the local variables of the connection are not available within the argument braces. You must either always use literal values or use global variables.

Setting loose connection limits on the BIG-IP 8400 and 8800 platforms (CR66127)
We do not support a connection limit on a virtual server that is less than the value of the tmm_cmp_size variable. For example on the 8400, the value of tmm_cmp_size is 2; therefore, do not set the Connection Limit on a virtual server to 2M or less, because the limit is not enforced. On the 8800, do not set the Connection Limit on a virtual server to 4 or less. If the virtual server must handle low connection limits, you can disable clustered multi-processing for the virtual server.

Using the bigpipe interface mgmt show all command (CR66757)
The bigpipe interface mgmt show all command reports the correct flow control for the management interface, but then indicates that the reported value is an error. The error report is benign.

Configuring a Client SSL profile (CR66797)
When you configure a Client SSL profile, enabling Cipher server preference in the Options List has no effect, because this option is always active.

Enabling RAM Cache (CR66867)
You can enable the RAM Cache setting on HTTP profiles; however, it is important to remember that even when these profiles reside in different partitions, they share resources (such as memory, which is limited).

Reassigning self IP addresses to VLANs (CR66948)
After you change the self IP address of a VLAN, and then re-assign the old self IP address of that VLAN to a new VLAN, you must issue the bigstart restart command. Only after the restart, will the OSPF (open shortest path first) daemon recognize the self IP address change, and then route traffic accordingly.

Adding link local addresses to VLANs (CR67033)
You can manually add a link local address to one VLAN. However, if you attempt to add a link local address to a second VLAN, you receive an error. There is no workaround for this issue.

Setting hardware baud rate (CR67164)
The BIG-IP system does not support a baud rate of 38400.

Using the Redirect Rewrite option in an HTTP profile (CR67241)
If you set the Redirect Rewrite option in the the HTTP profile to All, and the HTTPS VIP is running on a non-standard port, the system does not insert that port into the rewritten Location URL.

Enabling HTTP monitors for pool members (CR67348)
By default, you cannot enable HTTP monitors for a pool member for which the Service Port is set to All Services. However, you can enable an HTTP monitor for this type of pool member if the pool also has a pool member for which the Service Port is set to All Services. Please note that in this situation, if you remove the pool member for which the Service Port is set to All Services, the BIG-IP system marks that pool member as up even when the HTTP service is down. This behavior persists after a reboot of the system.

Displaying interface media options (CR67429)
The results of the bigpipe interface media show command may show a SFP media option for a copper fixed port in error, but showing this option for a non-shared SFP port is correct.

Updating administrator accounts (CR67609)
If you use the command line interface to assign a user the Administrator role and assign access only to the bigpipe shell, and later update the same user account using the Configuration utility, the BIG-IP system automatically grants that user access to the system prompt (bash shell).

Creating user accounts (CR67672)
If you use the bigpipe user command to create a user account, be sure to use the correct syntax so that you do not inadvertently add an incorrect user. We suggest that you run the bigpipe user list command after you create a user account, the verify the accounts you created. Another option is to use the f5adduser command at the BIG-IP system prompt to add a user account.

Changing the system mode (CR67716)
If you use the command line interface to change the system mode from MSTP to another mode and then back again, you must run the bigpipe base load command.

Loading umdinstall.exe (CR67819)
When loading the installation image onto a USB mass storage device, the system does not offer an option to cancel or quit the umdinstall.exe program once it starts. To cancel or quit the installation, when the system returns, "Press ENTER when ready.", press CTRL+C instead.

Upgrading a D-35 system (CR67847)
When you install an upgrade on a D-35 system, messages may stop displaying on the console, even as the installation continues. It may take up to 20 minutes for the installation to complete and the system to reboot. After the system reboots, check the software version on the machine. The installation completes successfully, despite the missing dialog on the console.

Adding remote users as local users (CR67912)
If a remote user, who does not have a local user account on the BIG-IP system, logs into the system, an administrator cannot subsequently add that user to the system as a local user. To add that user to the system, the administrator must use one of the following approaches:

From the command line interface:

1. Delete the user from the system using the following command at the BIG-IP system prompt: f5rum delete <username>
2. Add the user to the system as a local user.

Alternatively, from the command line interface:

1. Delete all users from the system using the following command at the BIG-IP system prompt: tw_activate_keys users.localonly
2. Add the user to the system as a local user.

From the Configuration utility:

1. Access the Users screen, click the Authentication tab, click the Change button, and then, without making any changes, click the Finished button.
2. Add the user to the system as a local user.

Using the HTTP::header exists expression (CR68246)
Do not use the HTTP::header exists expression to evaluate headers that can have a blank field value. If the value field in a header is not set, and you use the HTTP::header exists expression to try to identify the header, the expression will not find a match. This leads to undesired behavior in an iRule that expects to find a header.

TCP: Handling system shutdown stalls (CR68618)
If you enable Limited Transmit Recovery in a TCP profile, certain traffic patterns may cause the system to ignore TCP-FIN packets. This may cause a stall in the system shutdown process. You can work around this issue by disabling Limited Transmit Recovery in the TCP profile.

Changing the baud rate of the system (CR68644)
If you change the baud rate of the system from the switch card control processor (SCCP), the change does not display on the LCD menu on the unit. We recommend that you change the baud rate of the system either from the LCD menu on the unit, or using the bigpipe hardware baud rate command from the command line interface.

Deprecated variables (CR68720)
These variables are deprecated: Compression.Strategy and Compression.Tmm.MaxCPU.

Rolling forward a system configuration (CR68795)
If you manually roll forward the system backup configuration file, *.ucs, and the file contains a license with an invalid Service Check Date, the system may become inoperative due to the invalid license. Note that if the manual roll forward of the system backup configuration file replaces the system license with the license in the *.ucs file, you receive this message on the console: Replacing the system's license file.... If the license on the system is not replaced, no message displays.

Removing an HTTP Class profile from a virtual server (CR68801)
If you assign an HTTP Class profile to a virtual server in order to make the WebAccelerator module active, and then later remove the profile, the Local Traffic Manager logs a Tcl error for any subsequent traffic.

Installing and rebooting the BIG-IP system (CR68834)
After you run the installation on the BIG-IP system, you reboot the system. On the first reboot, after the installation, you may see negative timestamps in the tcpdump utility. To correct the timestamps, use the bigstart restart command to restart all processes.

Creating a Client SSL profile (CR68842)
When creating a Client SSL profile, do not use the Immediate option for Cache Timeout. Although the Immediate option displays in the Cache Timeout list, it is not a valid option.

Changing partitions (CR68843)
You cannot move an object from one partition to another. You must delete the object and recreate it in another partition. If you try to move an object from one partition to another, you receive an obscure error message.

Running the bigpipe base load command (CR69045)
If you run the bigpipe base load command from the command line interface, even if configuration load is successful, you may see this error message in the log file: Monitor to delete external does not exist.

Displaying the names of objects (CR69266)
When you use the command line to display the names of objects, use the bigpipe <object_type> list or bigpipe <object_type> show commands. Do not use the bigpipe <object_type> all name command, because the system returns an error.

bigpipe unknown operation error (CR69458)
When you use bigpipe commands to perform user operations that result in an error, for example, errors due to partition access permissions, the message, bigpipe unknown operation error: displays before information specific to the error.

Using the log rule command (CR69502)
The log rule command, limits the log messages that the BIG-IP system sends to Syslog. To ensure that the system displays all log messages, use the log <facility> <msg> command to directly specify the log facility.

Handling compression at high concurrency (CR69530)
If you want to set up a BIG-IP system to handle compression at high concurrency, you can create a standard HTTP profile containing compression settings that reduce memory utilization or otherwise aid with concurrency. For more information, see the Configuration Guide for BIG-IP® Local Traffic Management.

Results of stopping a process (CR69604)
If a BIG-IP system process that is accessing statistics is interrupted, you may receive the following message: LTM log - mcpd[20912]: 01070718:4: Unexpected proxy reply from %TMM. Similarly, after you receive the results of a requested operation, but the requesting process has finished, you may receive the same message.

Creating and naming partitions (CR69614)
When you create a partition, enter a name that contains only letters, numbers, and any of the following three special characters: _ (underscore), . (period), and - (dash).

Disabling the default node monitor (CR69634)
Users assigned the Manager and Application Editor roles, who have access to either all partitions or only one partition, can disable the default node monitor. Be aware that this means that users can impact the status of the nodes in a partition to which they do not have access.

Setting baud rates (CR69676)
If you run the bigpipe hardware baud rate <integer> command on the BIG-IP 6400 platform, you may receive an error message even if the command was successful.

Last hop pools only support two members (CR69976)
Do not add more than two members to a Last Hop pool.

CA certification support (CR70002)
When using the SSL client profile with CA authentication, the BIG-IP system authenticates only the first six levels of certificates. This situation typically occurs only when a client attempts to authenticate to the SSL client profile with not only its own certificate, but its ancestors' certificates as well.

Regsub command translates UTF8 codes into unicode (CR70017)
When creating an iRule, the regsub command translates UTF8 code characters into unicode. To prevent this translation, use the regexp and expr commands instead.

Resetting statistics not audited (CR70039)
When you reset statistics for an object, the system does not update the Audit log with the reset action.

Reboot System option and unknown network interface (CR70101)
If you use the Reboot System command from the CD boot menu and the network interface for the system is unknown, the command fails. To reset the system, use the reset switch.

Manager role with limited access and reset status operations (CR70116)
If you attempt to perform operations with a user account other than Administrator, the system returns an error. Depending on the account's access rights, the message may be misleading. For example, if you log on as local_manager (a Manager account with access to a specific partition), and you try to reset global statistics using the bp>conn all delete command, the system returns the following error:

 BIGpipe unknown operation error:    0107071b:3: Access denied: user (local_manager) does not have permission to reset global statistics, user must be an Administrator or be a Manager with a universal role.

Although the message implies that a Manager account with universal access could reset global statistics, that is incorrect. In fact, only Administrators can reset global statistics; Managers with a universal role cannot. The system presents messages with similar misleading text in other areas as well, including IP statistics and ICMP statistics.

Deleting network address translation rules (CR70129)
When deleting network address translation (NAT) rules, the BIG-IP system might still apply the rule in rare circumstances.

Dependent daemons and the bigstart restart command (CR70151)
The man page for the bigstart restart command is incorrect. The bigstart restart command does not restart dependent services; it only restarts the services required for the BIG-IP system functionality.

Monitor attributes and the command line (CR70180)
You cannot disable the following monitor attributes from the command line: transparent, reverse, and manual resume. To disable these attributes, use the Configuration utility.

Deleting VLANs with self IP addresses (CR70470)
When you delete a VLAN that has a self IP address, the system correctly generates an error message, but lists a self IP address of 0, instead of the actual self IP address. To avoid this situation, delete the self IP address before deleting the VLAN.

Multiple config sync operations and low memory (CR70483)
If multiple, consecutive config sync operations (over 300) occur, system memory is reduced. In addition, the system can also fail to import keys. This issue rarely occurs, as such large numbers of consecutive config sync operations are highly uncommon.

Changing IPv6 addresses does not update routing table (CR70575)
When you add the MGMT IP address to the system as an IPv6 address, and then modify or remove it, the BIG-IP system may not update the routing table entry for that address, which can cause misdirected packets.

Fast L4 profiles, iRules, and Packet Velocity virtual server acceleration (CR70618)
For virtual servers that use a Fast L4 profile and have iRulesTM configured, the Packet Velocity® ASIC (PVA) may report the incorrect acceleration mode. Additionally, the PVA may try to accelerate connections that cannot be accelerated. This occurs when you use the connection rebind or clone pool options.

bigpipe conn <ip address> delete command operations (CR70656)
The bigpipe conn <ip address> delete command, when used alone, might not function. The syntax for this command is b conn (client|server) delete; that is, this command works as expected if you insert the word client or server before the IP address, for example,

b conn client delete

Multiple default routes in external VLAN and automatic licensing (CR70793)
If you add multiple default routes to the external VLAN, automatic licensing ceases to function. To re-enable automatic licensing, remove the default route from the VLAN.

WebAccelerator module installation (CR70920)
When installing the BIG-IP system, you cannot select an option that installs both the Local Traffic Manager and the WebAccelerator module. For information on installing the WebAccelerator module, see the BIG-IP® WebAccelerator System Version 9.4 release notes, available on the Ask F5 Knowledge Base web site.

Virtual IP address on tagged VLAN and packet loss (CR70962)
If you have a fully-accelerated virtual IP address enabled on a VLAN with tag 1, the system demotes the IP address; this can cause dropped packets. To resolve this issue, manually demote the virtual IP address.

Using thumb drives (CR70979)
If you plug a thumb drive into a BIG-IP 8400 or 8800 platform while the system is initializing the devices, any process that depends on mounting a local file system has problems. To avoid this issue, wait until the system completely boots up before you plug in the thumb drive. Also note that if you are plugging in the thumb drive for the purpose of booting from it, you must plug it in before you power on or reset the system.

Configuration synchronization using remote user account (CR70985)
If you assign authorization properties locally for a remote Administrator account and then set the authentication source to Local, the user name correctly appears in the list of allowed ConfigSyn users. However, the remote authentication fails when the user types their remote password.

Mapping IPv4 addresses to IPv6 addresses (CR71005)
bigpipe stores all IP addresses as IPv6 addresses. Therefore, entering is exactly the same as entering ::ffff: However, using the IPv4 address causes a bigpipe parsing error.

Command line response with actively logged on user (CR71007)
If users are logged on to the command line when the system administrator changes their partition roles, the system does not respond to the change. To work around this issue, ask users to log out, and then log back in after you make the change.

System response with actively logged in user (CR71012)
When the system administrator changes a partition role for a user who is logged in, the system takes 20 to 30 seconds to respond to the change.

Changing the failover IP address or peer IP address (CR71153)
Resetting the failover.ipaddr or failover.peeripaddr bigdb variables to the default value of :: does not reset these values in the memory. This includes when you use the Configuration utility to change these addresses. To work around this issue, set the failover.ipaddr or failover.peeripaddr variables to a specific IP address instead.

Reported CPU utilization and compression (CR71202)
The system incorrectly reports CPU utilization at 100% when compression tasks are running.

Using the b4encode iRule command (CR71221)
The system cannot properly decode the results of the iRule command, b4encode [SSL::cert 0], because the iRule command incorrectly translates the string 0x00 to 80co.

Mirroring HTTP connections with caching (CR71269)
Mirroring HTTP connections with caching sometimes fails. Failover sometimes resets the existing mirrored connection.

Inconsistent error messages for access denial (CR71319)
The BIG-IP system returns inconsistent error messages to users who attempt to manage objects in a partition to which they do not have access. These error messages vary, depending on the specific type of access they attempt.

Using related connections when no server-side connection exists (CR71326)
If you attempt to set up a related connection without already having a server-side connection in place, the system restarts. This occurs when you use the following commands: cmd_relate, flow_relate_clientside, and flow_relate_serverside. To work around this issue, make sure that the server-side connection exists before setting up a related connection.

Using the browser-based interface to change authentication (CR71444)
If you define authentication filters on the command line, and later try to change the authentication type using the Configuration utility, the defined filter remains, and authentication does not work correctly. Therefore, we advise you to configure all remote authentication settings either from the Configuration utility or from the command line, but not both.

Buffer size for bigpipe shell (CR71445)
If the buffer for the bigpipe shell fills up, (if you enter more than 1021 characters before you press Enter) the shell no longer accepts characters. You must press Ctrl+D to exit the shell.

client_relate function in iRules (CR71451)
The iRulesTM global command, relate_client does not function properly. Do no use this command in an iRule that you create.

Out-of-space condition on successive ConfigSync operations (CR71529)
Running successive ConfigSync operations on the BIG-IP 2400, BIG-IP 5100, or BIG-IP 5110 platforms can result in an out-of-space condition. To work around this issue set the configuration rotation to 1.

Cookie rewrite and extra header (CR71665)
If you select the HTTP Cookie Rewrite option from the Cookie Method list in a Cookie Persistence Profile, the system rewrites the cookie with an extra header. There is no workaround for this issue.

Partner switch activity indicator (CR71696)
On power-up, the partner switch activity indicator on the BIG-IP 6400, BIG-IP 8400, and BIG-IP 8800 platforms may blink rapidly. This affects Ethernet ports (but not fiber ports) that are connected to partner switches. Once the switch driver configures the switch, the erroneous flashing stops, and the link and activity indicators respond as expected.

Pause control value changes on a disabled interface (CR71861)
If you use the bigpipe interface <interface_name> pause command to change the pause control values, and the interface is disabled, the system does not restore the settings when the interface is subsequently enabled. This may result in requested mcpd values that do not match the switch values. To work around this issue, make sure the interface is enabled when you change the pause control value.

Setting asymmetric PHY pause settings (CR71862)
The BIG-IP system supports the following symmetric pause settings: bigpipe interface x.x pause rx tx or bigpipe interface x.x pause none. We recommend that you avoid setting asymmetric PHY pause settings (bigpipe interface x.x pause rx or bigpipe interface x.x pause tx) should be avoided, because these flow control settings may not be advertised correctly.

PVA statistics reset (CR71886)
If you run the command b pva stats reset, the system returns an error and does not reset statistics. You can use the bigstart restart command to reset these statistics.

Using translation addresses to create NATs (CR71903)
When you create a Network Address Translation (NAT) the translation address cannot be a node address or pool member. This is not the case with Secure Network Address Translation (SNAT).

Calculation discrepancy between resize-logFS and the ls command (CR71945)
The resize-logFS command calculates 1 GB as 100000k but the ls command computes 1 GB as 1048576k. That means that the default 7 GB logFS partition appears to be only 6.7 GB according to ls. Any resized partition shows the same discrepancy of being smaller than what you specify. This is a cosmetic issue. The partition is actually the size you specify.

Manually editing the bigip.conf file (CR72012)
You can manually edit the bigip.conf file to define objects (SNATs, SNAT pools, and so forth). However, you should avoid defining the same object more than once. If you define an object multiple times in the bigip.conf file, and subsequently load the file, the pvad service may not restart successfully. To resolve this issue, use the bigpipe save command to remove the duplication definition from the file.

Using compression on the BIG-IP 8800 platform (CR72092)
You may encounter corrupted data when using compression on a BIG-IP 8800 platform, if the server-side maximum segment lifetime (MSL) value is lower than 540. A server-side MSL value that is lower than 540 is very atypical, since such a setting counters the benefits of using compression. To avoid this issue, set the MSL value higher than 540.

Special character support in iRules (CR72139)
iRulesTM do not handle special characters. To work around this issue, do not use special characters such as ampersand ( & ) in iRules.

Fast L4 profiles and the reject command (CR72170)
If you are using a Fast L4 profile with an iRule that contains the reject command, the system does not issue a reset (RST) to the client. The reject command works correctly, even though the system does not send the reset packet. This occurs only with Fast L4 profiles.

Deleting RAM Cache entries (CR72173)
The bigpipe utility has a limited number of arguments that are available for deleting RAM cache entries. To work around this issue, you can delete RAM cache entries in the following ways:

  • To delete an individual RAM cache entry, you must fully specify the URI and host (for example,uri /Badger.html host delete).
  • To delete all of the RAM cache entries for one or more HTTP profiles, you must include the HTTP profiles separated by a space, followed by ramcache entry all delete (for example, bigpipe profile http myhttp yourhttp ramcache entry all delete).
  • To delete all of the ramcache entries for all of the HTTP profiles, use the following command: profile http all ramcache entry all delete

Note that the http profile <profile http key list> ramcache entry show command allows more flexible matching of URI and host names than the above.

Attempting to run the stats reset command (CR72174)
If you have an iRule that is not associated with a virtual server, and you attempt to run the reset command, the system returns an error. To work around this issue, always associate an iRule with a virtual server.

Using the all command (CR72201)
The BIG-IP system does not always complete the action for commands that contain the all parameter. For example, the virtual all snatpool <name> command does not apply the SNAT pool to the virtual server, and the system does not issue an error. This is also true for the following commands:

  •     virtual all rate class <name>
  •     virtual all pool <name>
  •     virtual all lasthop pool <name>
  •     virtual all persist <name>

Changing the role or partition assigned to a user (CR72296)
If a user, who is assigned the Administrator role, attempts to change the role or partition that is assigned to a user who is logged in to the BIG-IP system, the system response time is slow. The system also generates multiple connection pool errors.

Gathering flow control for the management interface (CR72442)
When you use the bigpipe command to query the management interface, the system returns error, instead of tx rx, as the second flow control value. This occurs only on the management interface. To work around this issue, use iControl to query for the flow control value.

Layer 4 virtual servers and PVA (CR72507)
Pinned Layer 4 virtual servers are incompatible when Packet Velocity ASIC (PVA) acceleration is set to assist mode for SYN cookies. There is no workaround for this issue.

Self IP change update (CR72518)
If you modify a self IP address to change the associated VLAN, and then attempt to connect from a remote host to the self IP address, the self IP address continues to be associated with the interfaces of both the original and the new VLAN. The correct behavior is that the self IP address should be associated with the interfaces of the new VLAN only.

No logging for BIG-IP 8800 power-failure recovery (CR72553)
When the BIG-IP 8800 platform recovers from a power failure condition, such as when hot-swapping, the system does not create a log entry. Currently, the most recent log message indicates that the device is shutting down.

BIG-IP 8800 shut down message clarification (CR72554)
When the BIG-IP 8800 shuts down, the system presents the following message: WARNING: Shutting down in 120 sec. The 120-second interval represents the shutdown time for the switch card control processor (SCCP), which controls the hardware for the whole system. The host actually shuts down after 60 seconds. That means that, if you want to swap power supplies, you must complete the operation within 60 seconds, not 120 seconds.

Using reject in CLIENT_ACCEPTED or SERVER_CONNECTED events (CR72623)
Using an iRule containing the reject call in CLIENT_ACCEPTED or SERVER_CONNECTED events causes an unexpected system restart. To work around this condition, do not use the reject call for CLIENT_ACCEPTED or SERVER_CONNECTED events.

Pool member statistics aggregation (CR72652)
On a BIG-IP system with a CMP-enable virtual server, the system divides the number of connections by the number of Traffic Management Microkernel (TMM) instances, and on the Pool Statistics screen, erroneously reports the result as the maximum number of connections allowed. However, the system does correctly respect any configured connection limit.

IP address change in redundant system (CR72676)
If you change unit 2's IP address on unit 1 (StateMirror.PeerIPaddr) of a redundant system, you must restart unit 1 to have the change take effect. If you do not restart unit 1, connection mirroring does not work. The only indication of a problem is in /var/log/ltm on unit 2, where repeated connection with peer lost messages are logged while it tries to connect.

Factory default for management IP address (CR72678)
You can use the command sys-reset -s to reset a system to its factory defaults. However, running this command does not set the management IP address to the factory default on any type of system, except the BIG-IP 2400 platform. To reset the management IP address on other systems, configure the management IP address manually.

Startup process for a BIG-IP 8800 with one power supply (CR72730)
A BIG-IP 8800 requires two power supplies for operation. A BIG-IP 8800 platform that has only one power supply cannot complete the startup process, and shuts down before you can log on.

Setting the VLAN fail-safe option (CR72735)
If you use the Configuration utility to set the VLAN Fail-safe timeout option to 90 seconds (which is the default), the fail-safe timeout setting in the bigip_base.conf file is erroneously set to 30 seconds. To work around this issue in the Configuration utility, set the Fail-safe timeout option to either 89 or91 seconds.

Saving encrypted configuration files (CR72762)
When you use the bigpipe config save <*.ucs> passphrase command, you must include a password on the command line. The BIG-IP system does not prompt you for a password.

Certificate settings and client authentication (CR72799)
In a client SSL profile, if you set Client Certificate to request and Trusted Certificate Authorities to None, the system does not authenticate the client. To work around this issue, you can either select an option other than None from Trusted Certificate Authorities, or you can set Client Certificate to ignore.

Export of FIPS keys (CR72809)
You cannot export FIPS keys. If you attempt to export FIPS keys, the system presents the error: An error has occurred while trying to process your request.

Creating archives of keys and certificates (CR72818)
If you attempt to create an archive consisting of only keys or only certificates, the system presents the error Page Error: there is no page content to display. To work around this issue, include both keys and certificates in an archive.

Missing documentation for the sys-reset command (CR72827)
The -s option is missing from the help presented for the sys-reset command. You can use the command sys-reset -s to prevent changes to the shared partition.

Some platforms do not support SSL hardware acceleration (CR72997)
On the BIG-IP 2400, 5100, and 5110 platforms, you can only configure SSL functionality through the BIG-IP system software.

Editing the bigip.conf file (CR73005)
If you omit a closing brace in a command when you edit the bigip.conf file, and then you run the bigpipe load command, the system may not display any error messages, but it may be inoperative. To correct this, add the missing closing brace to the command in the bigip.conf file, and then run the bigpipe load command.

Chassis temperature status not found message (CR73008)
When you run the bigpipe platform command on the BIG-IP 1000, 2400, and 5100/5110 platforms, the system presents the following message:

unknown query error 1020032 - chassis_temperature_status_not found

This error occurs because these platforms support a reading for the CPU temperature, but not the chassis temperature.

Using the broadcast rate-limiting feature (CR73037)
The BIG-IP 1000, 2400, 5100, and 5110 platforms do not support the broadcast rate-limiting feature. If the following error message appears in the /var/log/ltm directory on these platforms, you can ignore it:

[bs_if_set_rate_limit]bcm_rate_type_set() fails for unit 0: Feature unavailable if_bs.c(1383)

ramcache entry for last-sent date and time (CR73043)
Viewing the ramcache entry shows a line similar to the following:

Received: 2006-12-13 17:28:57 Last sent: 1166059746

Note that the Received date and time is correctly converted, but the Last sent time and date is not.

ICMPv6 filtering (CR73063)
Packet filters that are configured to filter ICMP traffic filter only ICMPv4. We do not currently support ICMPv6 filtering using packet filters.

Fasthttp virtual servers and IPv6 pool members (CR73103)
Performance (HTTP) type virtual servers do not support IPv6 pool members. Though you can create a virtual server of this type, attempts to use this configuration result in a traffic outage due to TMM failure.

Performing configuration synchronization can adversely affect system performance (CR73109)
When a remote user that is logged in as Other External Users performs a configuration synchronization, system performance may be adversely affected. Also, an error message regarding licensing might appear, and the Configuration utility menus might disappear. To correct the error message and menu issues, click a link in the utility.

Errors resulting from configuration synchronization (CR73110)
When a remote user that is logged in as Other External Users performs a configuration synchronization, clicking on the user name at the top of the screen generates an error message. You can ignore this message.

Boot menu does not include an option to install version 9.4 (CR73430)
When using the Windows umdinstall utility, the option to install BIG-IP version 9.4 is not enabled by default. Consequently, if you click Continue without first selecting BIGIP940 from the Product to Install column, the umdinstall utility transfers only the install kernel and presents a boot menu that contains only three options: Configure Network Settings, Reboot System, and Exit to Maintenance Shell.

To work around this issue, run the umdinstall utility again and select the BIGIP940 option from the Product to Install column before you click Continue.

Behavior change for Platform.DiskMonitor.GrowthAlert.var_run variable (CR80622)
To handle an error condition in the BIG-IP system, we have changed the setting of the Platform.DiskMonitor.GrowthAlert.var_run database variable to 25%. Upgrading the software changes the setting of this variable to 25%, so if you specified a different value, you must reset it after you upgrade.

iRule parser and opening brace followed by content (CR85806)
The iRule parser can fail to correctly parse and load an iRule from the command line, even though the iRule loads correctly using the Configuration utility. This issue occurs when the parser encounters an opening brace followed by data or a command. This issue does not affect loading the iRule from the Configuration utility for the first time, but subsequent loads will fail when the iRule is read, as the iRule is copied verbatim to the configuration file. For more information about this issue, see SOL7988: The iRule parser can fail to correctly parse and load an iRule from the command line.

OID F5-BIGIP-LOCAL-MIB::ltmRuleEventScript (CR100412)
The OID F5-BIGIP-LOCAL-MIB::ltmRuleEventScript has been deprecated. As an alternative, you can use iControl functionality to monitor iRule content.

TM.ContinueMatching behavior change (CR112535)
In versions 9.0.x through 9.3.x, the variable bigpipe db TM.ContinueMatching is set to true. Beginning with version 9.4, the variable is set to false. This change in behavior affects how systems process traffic when the desired virtual server is disabled or down and a lower precedence virtual server is available. For more information, refer to SOL8009: Change in Behavior: The bigpipe db TM.ContinueMatching variable is now set to false and SOL6459: Change in Behavior: Order of precedence for virtual servers.

[ Top ]

Contacting F5 Networks

  Phone: (206) 272-6888
Fax: (206) 272-6802

For additional information, please visit

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)