Applies To:

Show Versions Show Versions

Release Note: BIG-IQ Device, 4.5.0
Release Note

Original Publication Date: 06/08/2015

Summary:

This release note documents version 4.5.0 of BIG-IQ Device.

Contents:

- Product description
- Screen resolution requirement
- Browser support
- Supported BIG-IP versions
- User documentation for this release
- Software installation
- Upgrading BIG-IQ Device
- New features
- Fixes
- Known issues
- Removing BIG-IQ system services from a BIG-IP device
- Contacting F5 Networks
- Legal notices

Product description

As a network administrator, you can use BIG-IQ Device to centrally manage multiple physical and virtual BIG-IP devices. This management includes pool and utility license management, software image installation, back up and restoration of UCS files, and back up and restoration of specific configuration files to one or more BIG-IP devices. BIG-IQ Device also helps you with device inventory tasks by keeping you apprised of every detail about your managed devices, including health, and provides you with the infrastructure to use SNMP to manage system events and send email alerts.

Screen resolution requirement

To properly display, the BIG-IQ system requires that your screen resolution is set to 1280x1024 or higher.

Browser support

BIG-IQ Device supports the following browsers and versions:

  • Microsoft Internet Explorer version 9 and later
  • Mozilla Firefox version 29.x and later
  • Google Chrome version 34.x and later

Supported BIG-IP versions

SOL14592 provides a summary of version compatibility for specific features between the BIG-IQ system and BIG-IP releases.

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IQ Device version 4.5.0 documentation page.

Software installation

For procedures about specifying network options and performing initial configuration, refer to the BIG-IQ System: Licensing and Initial Configuration guide.

Upgrading BIG-IQ Device

Before you can upgrade the BIG-IQ system, you must perform the following tasks:

  • Download the .iso file for the upgrade from F5 Downloads to /shared/images on the BIG-IQ system. If you need to create this directory, use the exact name /shared/images.
  • Select a disk volume on which to install the upgrade. You must install the BIG-IQ software on an available volume.
  • Locate the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to another system for safe keeping.
Warning: These procedures require that the BIG-IQ system is temporarily unavailable and unable to manage BIG-IP devices until the upgrade is complete. BIG-IP devices can continue to manage traffic during this time.

If you have configured the BIG-IQ system in a high availability cluster, perform these steps on each BIG-IQ system in the cluster in immediate succession. It is important to get the cluster members on the same software version as quickly as possible to avoid potential user experience issues.

For specific instructions about upgrading the BIG-IQ system, refer to the BIG-IQ System: Licensing and Initial Configuration guide.

New features

Configuration templates

Use configuration templates to help you easily manage required configuration changes (such as changes to DNS, default gateways, route domains, NTP, or SNMP) for a large number of BIG-IP devices. You define changes once in the configuration template, then push the template out to specified devices. This can save a significant amount of time because you are not required to log in to each device individually

Support for scheduling UCS backups

It is best practice to create a backup of the UCS file for each device in your network (including the BIG-IQ system itself), on a regular basis to ensure network stability in the event that a system needs to be restored. BIG-IQ Device can now create backup UCS archives for managed devices automatically, at scheduled intervals.

Enhanced licensing options

You can centrally manage BIG-IP virtual edition (VE) licenses for a specific set of F5 offerings (for example, BIG-IP LTM 25M, BIG-IP LTM 200G, and BIG-IP LTM 1G). When a device is no longer needed, you can revoke the license instance and assign it to another BIG-IP VE device. This flexibility keeps operating costs fixed, and allows for a variety of provisioning options. There are three license options: 1) Pool licenses, which are purchased once, and assignable to a specific number of concurrent BIG-IP VE devices, as defined by the license. These licenses do not expire. 2) Utility licenses, which are purchased only as you need them, and billed at a specific interval (hourly, daily, monthly, or yearly). And 3) Volume licenses, which are prepaid for a fixed number of concurrent devices, for a set period of time.

Fixes

Issue Description
ID 437741 BIG-IP devices no longer populate the restjavad.o.logs with repeated messages from the IdentifiedDeviceWorker when the BIG-IQ system discovers the BIG-IP device on a VLAN other than a VLAN named internal.
ID 474147 It previously took up to 30 seconds for a new administrative user to appear in the list of users after you added it. Now a new administrative user appears in the list immediately.
ID 474827 After you upgrade the BIG-IQ system to version 4.5.0, any user interface preferences you specified (such as panel widths, panel order, and hidden panels) now persist.
ID 474728 BIG-IQ Device no longer allows you to deploy incompatible tasks that previously resulted in an error.
ID 475470 Template objects now properly appear after you expand a template node in the Device Templates panel.
ID 475766 Previously, a BIG-IQ system in a high availability group sometimes displayed a warning status for an unhealthy peer (displaying a yellow triangle in the BIG-IQ Systems panel) with no additional information supplied. This no longer occurs.
ID 482453 The ShellShock bash vulnerability is now fixed, and this release includes patches for CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187.
ID 486246 Creating a large file, such as a UCS archive file, no longer results in an increase in CPU utilization.

Known issues

Issue Description Workaround (if available)
ID 428383 When you use the search field to filter for a number or phrase associated with a particular BIG-IP device, you may get some unexpected results. This occurs because BIG-IQ Device filters on all fields, not just those displayed in the Devices panel.
ID 431398 While booting, the BIG-IQ system may display the following warning in the console or logs: "SKIPPING unix_config_httpd: /defaults/config/templates/xui.tmpl doesn't exist!!!" This message has no impact on the BIG-IQ system's functionality. You can ignore this benign message.
ID 435629 When two BIG-IQ 7000 Platform devices are configured in a high availability pair, communication might work in only one direction between the two devices. When this occurs, Device A is marked as standby, and reports its peer as active. Device B is marked as active, and reports its peer as down. When this happens, Device B always assumes Device A is down, and always remains active." Re-initialize the certificates. Alternatively, if resetting the configuration to factory settings is an option, type the following commands on each BIG-IQ system: bigstart stop restjavad; rm -rf /shared/em/ssl.crt/*.*; rm -rf /shared/em/ssl.key/*.*; rm -rf /var/config/rest/storage; rm -rf /var/config/rest/index/; bigstart start restjavad . If resetting the configuration is not an option, perform the following steps on each device: 1) On the High Availability panel, delete the HA peer and any associated devices. 2) From the command line, type the following command to delete the local device: curl -X DELETE http://localhost:8100/shared/resolver/device-groups/cm-shared-all-big-iqs/devices . 3) To remove the existing certificates and restart the service, type the following commands on each device: bigstart stop restjavad; rm -rf /shared/em/ssl.crt/*.*; rm -rf /shared/em/ssl.key/*.*;bigstart start restjavad"
ID 440333 If you delete a BIG-IQ peer from a high availability active-active pair, then add the same BIG-IQ system back to the same (or to another) high availability pair, data between the devices no longer synchronizes. After you delete a BIG-IQ system from a high availability active-active pair, create a backup of the BIG-IQ system. Then reset the system to factory settings by typing the following command on that BIG-IQ system: bigstart stop restjavad && rm -rf /var/config/rest && bigstart start restjavad Then, you can add it as a new backup in a high availability pair, and they properly synchronize.
ID 449063 After upgrading or restarting a BIG-IQ system, the login screen displays with a message that your user credentials are invalid and does not allow you to log in. Clear the browser cache and refresh. (You may have to refresh several times.) When the login screen properly displays the host name of the BIG-IQ system, you can successfully log in.
ID 450658 If you deploy a job to perform a "Factory Install" to a physical BIG-IP device, and specify configuration files to deploy as part of that job, the job might fail unexpectedly and display the following message in the log file: /var/log/restjavad.0.log on the target machine: com.f5.rest.workers.autodeploy.ConfigInstallTaskWorker$ProcessTaskException: Failed to run command: [tmsh, -a, load, sys, config] Followed by several lines that appear similar to: 01070605:3: Cannot delete IP 10.10.0.1 because it would leave a pool member (pool /Common/Pool34-b) unreachable. To avoid this, the name field of the self IP address must equate to the address field (excluding the netmask). For example, if the address field is "1.2.3.4/15", the name field must be "1.2.3.4". If the job failed due to this issue, you can complete the job by running the command tmsh load sys config on the target BIG-IP device.
ID 455957 If the icrd log file contains "RestServer, SEVERE,accept(...) returned unknown errno 24" and iControl REST calls are timing out
ID 468310 If you configure a user with multiple attributes on the RADIUS server (such as Class <value>), the BIG-IQ system returns an error when that user attempts to log in. To resolve this issue, edit the configuration file on the RADIUS server so the user has only a single instance of each specific attribute name.
ID 472377 When manually activating a pool registration key with two or more offering licenses, BIG-IQ Device does not verify that the license matches the offering SKU. For example, if you mean to activate offering SKU for "X" and paste the license into BIG-IQ where offering SKU "Y" is expected, BIG-IQ Device does not detect the discrepancy. If this occurs, and you deploy that license to a BIG-IP device, BIG-IQ Device applies the incorrect license and the BIG-IP device might not have the expected features enabled. If this occurs in your environment, re-active the pool registration key, taking care to paste the correct license text for each offering SKU license.
ID 474096 You cannot access the BIG-IQ system's user interface using Mozilla Firefox version 31 or later. This issue is caused because of security changes in Firefox. You can view more specific information here: https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/ . This workaround has security implications. To work around this issue: 1) Type about:config in the navigation bar of the Firefox browser. 2) Double-click "security.use mozillapix verification" to set it to false.
ID 474767 After you delete a BIG-IP device from the BIG-IQ system, associated objects (such as interfaces, self IP addresses, and VLANs) might continue to display in the BIG-IQ system user interface for up to 5 minutes. After that time, they no longer display.
ID 475095 When discovering a BIG-IP device running version 11.3.x or 11.4.x with a BIG-IQ system running version 4.2 or later, the process might fail with the error message. You must update the device's framework before you can manage it. Delete the file /config/f5-rest-device-id from the BIG-IP device, discover the device again, select the Auto Update Framework check box, and provide the admin and root credentials.
ID 483739 You can create deployment jobs (Apply Config, Upgrade Software, License Device) only for devices that belong to the Managed BIG-IPs group. You cannot create a deployment job for devices in any other group. Add the device, for which you want to create a deployment job, to the Managed BIG-IPs group.
ID 485346 When using Mozilla Firefox 33, the BIG-IQ system user interface might freeze and not allow you to view the log in screen. In Mozilla Firefox, open a new tab and in to the browser bar, type "about:support", then click the Reset Firefox button. Alternatively, use Google Chrome version 34.x or later to access the BIG-IQ system.
ID 489584 After upgrading the BIG-IQ system from version 4.3.0 to version 4.5.0, rediscovery of a previously managed BIG-IP device running version 11.5.1-HF6 BIG-IP software might fail. Update the BIG-IP device using the update_bigip.sh script, and then reimport and DMA the version 11.5.1-HF6 BIG-IP device.
ID 490343 The framework upgrade process on a BIG-IP vCMP guest that spans multiple slots on the host system fails with the following error: "Discovery Failed: Failed to upgrade REST framework on 172.27.78.240: java.lang.IllegalStateException: One or more slot upgrades failed." Run the following commands to manually update the framework: /usr/lib/dco/packages/upd-adc/update_bigip.sh and ./update_bigip.sh
ID 490976 Deploying a configuration template to a BIG-IP device occasionally fails and the BIG-IQ system returns a JSON configuration error. This occurs because configuration templates may support attributes that are not supported by the version of the managed BIG-IP device. If the error occurred because the configuration template includes a BIG-IP object attribute that does not exist in the targeted BIG-IP version, you may be able to work around the issue by editing the template through the REST API and removing the incompatible field. You cannot perform this change from the user interface. Note that the template API is not a supported API, and is subject to change or removal without notice. Templates are stored in a collection at the path /mgmt/cm/autodeploy/simple-templates. To make this change, perform a GET to retrieve the current state, edit that state, then perform a PUT or PATCH to apply the updated state. You need to edit only the content field.
ID 497002 If you discover a BIG-IP device from BIG-IQ Security and then later attempt to discover that same BIG-IP device from BIG-IQ Device, you might receive a duplicate item error. Discover the BIG-IP device again from BIG-IQ Security, and then again from BIG-IQ Device.
ID 499273 When managing a large number (dozens to hundreds) of devices, you might notice the memory utilization for the BIG-IQ system is high and reports OutOfMemory exceptions in the /var/log/restjavad.*.log or /var/tmp/restjavad.out file. If you cannot communicate with the managed BIG-IP devices, attempt to fix any network communication problems by pinging or routing the BIG-IP device from the BIG-IQ system, and then restart the restjavad process on the BIG-IQ system by typing the following command: # bigstart restart restjavad
ID 509028 When a BIG-IP Device Cluster is used with the F5 HNV Gateway Provider Plugin, and one device is unavailable, the F5 HNV Gateway Provider Plugin cannot apply configuration updates to the remaining devices.
ID 513613 If someone makes a modification to the certificate information on a managed device (for example, changing the certificate's canonical name), that device becomes unavailable to the BIG-IQ system managing it. There are two workarounds for this situation. The first (A) is the recommended workaround: Workaround (A) With this solution, communication (and device discovery) is restored and socket reuse is disabled for the BIG-IQ system. Disabling reuse can impact performance, but future changes to the authentication certificate do not disable management for the device. 1. Using SSH, log in to the BIG-IQ system as root. 2. Stop restjavad by typing the command, bigstart stop restjavad 3. In /etc/bigstart/scripts/restjavad, edit ARGS="--port=8100 ..." to read as follows: ARGS="--port=8100 --isConnectionReUseDisabled=true ..." 4. Start restjavad by typing, bigstart start restjavad Workaround (B) With this solution, communication (and device discovery) is restored, but future changes to the managed device's authentication certificate again disables device management and requires a restjavad restart. 1. Using SSH, log in to the BIG-IQ system as root. 2. Start restjavad by typing the command, bigstart start restjavad.

Removing BIG-IQ system services from a BIG-IP device

To manage a BIG-IP device using the BIG-IQ system, you must install specific BIG-IQ system components onto that device using the procedure outlined in the BIG-IQ Device: Device Management guide. In the event that you have to remove these services for any reason, use this procedure.
  1. Log in to the command line of the BIG-IP device.
  2. Stop any running BIG-IQ system services.
    Note: The msgbusd service might not be installed. You can use the bigstart status command to see if it is running.

    $ bigstart stop restjavad

    $ bigstart stop msgbusd

  3. Remove the RPM packages related to the BIG-IQ system.

    mount -o remount,rw /usr

    rpm -qa | grep f5-rest-java | xargs rpm -e --nodeps

    rpm -qa | grep msgbusd | xargs rpm -e  --nodeps

    mount -o remount,ro /usr

    This removes, from the BIG-IP device, the BIG-IQ system components, including the F5-contributed cloud connector iApp template (cloud_connector.tmpl).

  4. Optional: Reinstall the F5-contributed cloud connector iApp template:
    1. Download the cloud_connector.tmpl iApp template from F5 DevCentral, https://devcentral.f5.com/wiki/iApp.Cloud_Connector_iApp_Template.ashx.
      Note: You need an account to access the DevCentral site.
    2. Unzip the file, and on the BIG-IP system, upload it to the /var/local/app_template directory.
    3. Install the template with this command: tmsh load / sys application template cloud_connector.tmpl

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com.

How to Contact F5 Support or the SOC

You can contact a Network Support Center as follows:

You can manage cases online at F5 WebSupport (registration required). To register email CSP@F5.com with your F5 hardware serial numbers and contact information.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you are using to subscribe. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.

Legal notices

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)