Release Notes :
BIG-IQ Device, 4.5.0
Applies To:
Show Versions
BIG-IQ Device
- 4.5.0
Original Publication Date: 06/08/2015
Updated Date: 04/18/2019
Summary:
This release note documents version 4.5.0 of BIG-IQ Device.
Contents:
- Product description
- Screen resolution requirement
- Browser support
- Supported BIG-IP versions
- User documentation for this release
- Software installation
- Upgrading BIG-IQ Device
- New features
- Fixes
- Known issues
- Removing BIG-IQ system services from a BIG-IP device
- Contacting F5 Networks
- Legal notices
Product description
As a network administrator, you can use BIG-IQ Device to centrally manage multiple physical and virtual BIG-IP devices. This management includes pool and utility license management, software image installation, back up and restoration of UCS files, and back up and restoration of specific configuration files to one or more BIG-IP devices. BIG-IQ Device also helps you with device inventory tasks by keeping you apprised of every detail about your managed devices, including health, and provides you with the infrastructure to use SNMP to manage system events and send email alerts.
Screen resolution requirement
To properly display, the BIG-IQ system requires that your screen resolution is set to 1280x1024 or higher.
Browser support
BIG-IQ Device supports the following browsers and versions:
- Microsoft Internet Explorer version 9 and later
- Mozilla Firefox version 29.x and later
- Google Chrome version 34.x and later
Supported BIG-IP versions
SOL14592 provides a summary of version compatibility for specific features between the BIG-IQ system and BIG-IP releases.
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IQ Device version 4.5.0 documentation page.
Software installation
For procedures about specifying network options and performing initial configuration, refer to the BIG-IQ System: Licensing and Initial Configuration guide.
Upgrading BIG-IQ Device
Before you can upgrade the BIG-IQ system, you must perform the following tasks:
- Download the .iso file for the upgrade from F5 Downloads to /shared/images on the BIG-IQ system. If you need to create this directory, use the exact name /shared/images.
- Select a disk volume on which to install the upgrade. You must install the BIG-IQ software on an available volume.
- Locate the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to another system for safe keeping.
Warning: These procedures require that the BIG-IQ system is temporarily unavailable and unable to manage BIG-IP devices until the upgrade is complete. BIG-IP devices can continue to manage traffic during this time.
If you have configured the BIG-IQ system in a high availability cluster, perform these steps on each BIG-IQ system in the cluster in immediate succession. It is important to get the cluster members on the same software version as quickly as possible to avoid potential user experience issues.
For specific instructions about upgrading the BIG-IQ system, refer to the BIG-IQ System: Licensing and Initial Configuration guide.
New features
Configuration templates
Use configuration templates to help you easily manage required configuration changes (such as changes to DNS, default gateways, route domains, NTP, or SNMP) for a large number of BIG-IP devices. You define changes once in the configuration template, then push the template out to specified devices. This can save a significant amount of time because you are not required to log in to each device individuallySupport for scheduling UCS backups
It is best practice to create a backup of the UCS file for each device in your network (including the BIG-IQ system itself), on a regular basis to ensure network stability in the event that a system needs to be restored. BIG-IQ Device can now create backup UCS archives for managed devices automatically, at scheduled intervals.Enhanced licensing options
You can centrally manage BIG-IP virtual edition (VE) licenses for a specific set of F5 offerings (for example, BIG-IP LTM 25M, BIG-IP LTM 200G, and BIG-IP LTM 1G). When a device is no longer needed, you can revoke the license instance and assign it to another BIG-IP VE device. This flexibility keeps operating costs fixed, and allows for a variety of provisioning options. There are three license options: 1) Pool licenses, which are purchased once, and assignable to a specific number of concurrent BIG-IP VE devices, as defined by the license. These licenses do not expire. 2) Utility licenses, which are purchased only as you need them, and billed at a specific interval (hourly, daily, monthly, or yearly). And 3) Volume licenses, which are prepaid for a fixed number of concurrent devices, for a set period of time.Fixes
| Issue | Description |
|---|---|
| ID 437741 | BIG-IP devices no longer populate the restjavad.o.logs with repeated messages from the IdentifiedDeviceWorker when the BIG-IQ system discovers the BIG-IP device on a VLAN other than a VLAN named internal. |
| ID 474147 | It previously took up to 30 seconds for a new administrative user to appear in the list of users after you added it. Now a new administrative user appears in the list immediately. |
| ID 474827 | After you upgrade the BIG-IQ system to version 4.5.0, any user interface preferences you specified (such as panel widths, panel order, and hidden panels) now persist. |
| ID 474728 | BIG-IQ Device no longer allows you to deploy incompatible tasks that previously resulted in an error. |
| ID 475470 | Template objects now properly appear after you expand a template node in the Device Templates panel. |
| ID 475766 | Previously, a BIG-IQ system in a high availability group sometimes displayed a warning status for an unhealthy peer (displaying a yellow triangle in the BIG-IQ Systems panel) with no additional information supplied. This no longer occurs. |
| ID 482453 | The ShellShock bash vulnerability is now fixed, and this release includes patches for CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187. |
| ID 486246 | Creating a large file, such as a UCS archive file, no longer results in an increase in CPU utilization. |
Known issues
| Issue | Description | Workaround (if available) |
|---|---|---|
| ID 428383 | When you use the search field to filter for a number or phrase associated with a particular BIG-IP device, you may get some unexpected results. This occurs because BIG-IQ Device filters on all fields, not just those displayed in the Devices panel. | |
| ID 431398 | While booting, the BIG-IQ system may display the following warning in the console or logs: "SKIPPING unix_config_httpd: /defaults/config/templates/xui.tmpl doesn't exist!!!" | This message has no impact on the BIG-IQ system's functionality. You can ignore this benign message. |
| ID 435629 | When two BIG-IQ 7000 Platform devices are configured in a high availability pair, communication might work in only one direction between the two devices. When this occurs, Device A is marked as standby, and reports its peer as active. Device B is marked as active, and reports its peer as down. When this happens, Device B always assumes Device A is down, and always remains active." | Re-initialize the certificates. Alternatively, if resetting the configuration to factory settings is an option, type the following commands on each BIG-IQ system: bigstart stop restjavad; rm -rf /shared/em/ssl.crt/*.*; rm -rf /shared/em/ssl.key/*.*; rm -rf /var/config/rest/storage; rm -rf /var/config/rest/index/; bigstart start restjavad . If resetting the configuration is not an option, perform the following steps on each device: 1) On the High Availability panel, delete the HA peer and any associated devices. 2) From the command line, type the following command to delete the local device: curl -X DELETE http://localhost:8100/shared/resolver/device-groups/cm-shared-all-big-iqs/devices . 3) To remove the existing certificates and restart the service, type the following commands on each device: bigstart stop restjavad; rm -rf /shared/em/ssl.crt/*.*; rm -rf /shared/em/ssl.key/*.*;bigstart start restjavad" |
| ID 440333 | If you delete a BIG-IQ peer from a high availability active-active pair, then add the same BIG-IQ system back to the same (or to another) high availability pair, data between the devices no longer synchronizes. | After you delete a BIG-IQ system from a high availability active-active pair, create a backup of the BIG-IQ system. Then reset the system to factory settings by typing the following command on that BIG-IQ system: bigstart stop restjavad && rm -rf /var/config/rest && bigstart start restjavad Then, you can add it as a new backup in a high availability pair, and they properly synchronize. |
| ID 449063 | After upgrading or restarting a BIG-IQ system, the login screen displays with a message that your user credentials are invalid and does not allow you to log in. | Clear the browser cache and refresh. (You may have to refresh several times.) When the login screen properly displays the host name of the BIG-IQ system, you can successfully log in. |
| ID 450658 | If you deploy a job to perform a "Factory Install" to a physical BIG-IP device, and specify configuration files to deploy as part of that job, the job might fail unexpectedly and display the following message in the log file: /var/log/restjavad.0.log on the target machine: com.f5.rest.workers.autodeploy.ConfigInstallTaskWorker$ProcessTaskException: Failed to run command: [tmsh, -a, load, sys, config] Followed by several lines that appear similar to: 01070605:3: Cannot delete IP 10.10.0.1 because it would leave a pool member (pool /Common/Pool34-b) unreachable. | To avoid this, the name field of the self IP address must equate to the address field (excluding the netmask). For example, if the address field is "1.2.3.4/15", the name field must be "1.2.3.4". If the job failed due to this issue, you can complete the job by running the command tmsh load sys config on the target BIG-IP device. |
| ID 455957 | If the icrd log file contains "RestServer, SEVERE,accept(...) returned unknown errno 24" and iControl REST calls are timing out | |
| ID 468310 | If you configure a user with multiple attributes on the RADIUS server (such as Class <value>), the BIG-IQ system returns an error when that user attempts to log in. | To resolve this issue, edit the configuration file on the RADIUS server so the user has only a single instance of each specific attribute name. |
| ID 472377 | When manually activating a pool registration key with two or more offering licenses, BIG-IQ Device does not verify that the license matches the offering SKU. For example, if you mean to activate offering SKU for "X" and paste the license into BIG-IQ where offering SKU "Y" is expected, BIG-IQ Device does not detect the discrepancy. If this occurs, and you deploy that license to a BIG-IP device, BIG-IQ Device applies the incorrect license and the BIG-IP device might not have the expected features enabled. | If this occurs in your environment, re-active the pool registration key, taking care to paste the correct license text for each offering SKU license. |
| ID 474096 | You cannot access the BIG-IQ system's user interface using Mozilla Firefox version 31 or later. | This issue is caused because of security changes in Firefox. You can view more specific information here: https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/ . This workaround has security implications. To work around this issue: 1) Type about:config in the navigation bar of the Firefox browser. 2) Double-click "security.use mozillapix verification" to set it to false. |
| ID 474767 | After you delete a BIG-IP device from the BIG-IQ system, associated objects (such as interfaces, self IP addresses, and VLANs) might continue to display in the BIG-IQ system user interface for up to 5 minutes. After that time, they no longer display. | |
| ID 475095 | When discovering a BIG-IP device running version 11.3.x or 11.4.x with a BIG-IQ system running version 4.2 or later, the process might fail with the error message. You must update the device's framework before you can manage it. | Delete the file /config/f5-rest-device-id from the BIG-IP device, discover the device again, select the Auto Update Framework check box, and provide the admin and root credentials. |
| ID 483739 | You can create deployment jobs (Apply Config, Upgrade Software, License Device) only for devices that belong to the Managed BIG-IPs group. You cannot create a deployment job for devices in any other group. | Add the device, for which you want to create a deployment job, to the Managed BIG-IPs group. |
| ID 485346 | When using Mozilla Firefox 33, the BIG-IQ system user interface might freeze and not allow you to view the log in screen. | In Mozilla Firefox, open a new tab and in to the browser bar, type "about:support", then click the Reset Firefox button. Alternatively, use Google Chrome version 34.x or later to access the BIG-IQ system. |
| ID 489584 | After upgrading the BIG-IQ system from version 4.3.0 to version 4.5.0, rediscovery of a previously managed BIG-IP device running version 11.5.1-HF6 BIG-IP software might fail. | Update the BIG-IP device using the update_bigip.sh script, and then reimport and DMA the version 11.5.1-HF6 BIG-IP device. |
| ID 490343 | The framework upgrade process on a BIG-IP vCMP guest that spans multiple slots on the host system fails with the following error: "Discovery Failed: Failed to upgrade REST framework on 172.27.78.240: java.lang.IllegalStateException: One or more slot upgrades failed." | Run the following commands to manually update the framework: /usr/lib/dco/packages/upd-adc/update_bigip.sh and ./update_bigip.sh |
| ID 490976 | Deploying a configuration template to a BIG-IP device occasionally fails and the BIG-IQ system returns a JSON configuration error. This occurs because configuration templates may support attributes that are not supported by the version of the managed BIG-IP device. | If the error occurred because the configuration template includes a BIG-IP object attribute that does not exist in the targeted BIG-IP version, you may be able to work around the issue by editing the template through the REST API and removing the incompatible field. You cannot perform this change from the user interface. Note that the template API is not a supported API, and is subject to change or removal without notice. Templates are stored in a collection at the path /mgmt/cm/autodeploy/simple-templates. To make this change, perform a GET to retrieve the current state, edit that state, then perform a PUT or PATCH to apply the updated state. You need to edit only the content field. |
| ID 497002 | If you discover a BIG-IP device from BIG-IQ Security and then later attempt to discover that same BIG-IP device from BIG-IQ Device, you might receive a duplicate item error. | Discover the BIG-IP device again from BIG-IQ Security, and then again from BIG-IQ Device. |
| ID 499273 | When managing a large number (dozens to hundreds) of devices, you might notice the memory utilization for the BIG-IQ system is high and reports OutOfMemory exceptions in the /var/log/restjavad.*.log or /var/tmp/restjavad.out file. | If you cannot communicate with the managed BIG-IP devices, attempt to fix any network communication problems by pinging or routing the BIG-IP device from the BIG-IQ system, and then restart the restjavad process on the BIG-IQ system by typing the following command: # bigstart restart restjavad |
| ID 509028 | When a BIG-IP Device Cluster is used with the F5 HNV Gateway Provider Plugin, and one device is unavailable, the F5 HNV Gateway Provider Plugin cannot apply configuration updates to the remaining devices. | |
| ID 513613 | If someone makes a modification to the certificate information on a managed device (for example, changing the certificate's canonical name), that device becomes unavailable to the BIG-IQ system managing it. | There are two workarounds for this situation. The first (A) is the recommended workaround: Workaround (A) With this solution, communication (and device discovery) is restored and socket reuse is disabled for the BIG-IQ system. Disabling reuse can impact performance, but future changes to the authentication certificate do not disable management for the device. 1. Using SSH, log in to the BIG-IQ system as root. 2. Stop restjavad by typing the command, bigstart stop restjavad 3. In /etc/bigstart/scripts/restjavad, edit ARGS="--port=8100 ..." to read as follows: ARGS="--port=8100 --isConnectionReUseDisabled=true ..." 4. Start restjavad by typing, bigstart start restjavad Workaround (B) With this solution, communication (and device discovery) is restored, but future changes to the managed device's authentication certificate again disables device management and requires a restjavad restart. 1. Using SSH, log in to the BIG-IQ system as root. 2. Start restjavad by typing the command, bigstart start restjavad. |
Removing BIG-IQ system services from a BIG-IP device
To manage a BIG-IP device using the BIG-IQ system, you must install specific BIG-IQ system components onto that device using the procedure outlined in the BIG-IQ Device: Device Management guide. In the event that you have to remove these services for any reason, use this procedure.
Contacting F5 Networks
| Phone: | (206) 272-6888 |
| Fax: | (206) 272-6802 |
| Web: | http://support.f5.com |
| Email: | support@f5.com |
For additional information, please visit http://www.f5.com.
How to Contact F5 Support or the SOC
You can contact a Network Support Center as follows:
- By phone in the U.S. (accessible 24x7): 888-88askf5 (888-882-7535).
- International contact numbers: http://www.f5.com/training-support/customer-support/contact/.
- The Support Coordinator can contact the SOC as needed.
You can manage cases online at F5 WebSupport (registration required). To register email CSP@F5.com with your F5 hardware serial numbers and contact information.
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
- The F5 Networks Technical Support web site: http://www.f5.com/support/
- The AskF5 web site: http://support.f5.com/kb/en-us.html
- The F5 DevCentral web site: http://devcentral.f5.com/
- AskF5 TechNews
F5 Networks Technical Support
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5
AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
F5 DevCentral
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
AskF5 TechNews
- Weekly HTML TechNews
- The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
- Periodic plain text TechNews
- F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you are using to subscribe. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.
