Applies To:

Show Versions Show Versions

Release Note: BIG-IP WebAccelerator version 10.2.1
Release Note

Original Publication Date: 08/27/2013

Summary:

This release note documents the version 10.2.1 release of BIG-IP® WebAccelerator system. To review what is new and fixed in this release, refer to New in version 10.2.1 and Fixed in version 10.2.1. For existing customers, you can apply the software upgrade to versions 9.4.x and 10.x. For information about installing the software, refer to Installing the software.

Contents:

- User documentation for this release
- Supported browsers
- Supported platforms and minimum system requirements
- Installing the software
- Supported UCS files
- Supported system configuration files
     - Upgrading from version 9.4.x to 10.2.x
- New in version 10.2.1
- Fixed in version 10.2.1
- Features and fixes introduced in prior release
     - Features introduced in version 10.1
     - Features introduced in version 10.0.0
     - Fixes introduced in version 10.2.0
     - Fixes introduced in version 10.1.0
     - Fixes introduced in version 10.0.0
- Known issues
- Workarounds for known issues
     - Configuring the always proxy feature (CR80537)
- Optional configuration changes
- Enabling the Accept-Encoding gzip feature
- Enabling the half-closed TCP connection management feature
     - Contacting F5 Networks

User documentation for this release

In addition to these release notes, the following user documentation is relevant to this release.

BIG-IP WebAccelerator system documentation

BIG-IP system documentation

Because the BIG-IP® WebAccelerator system now runs on TMOS®, the following documentation is also relevant to this release:

You can find the product documentation and the solutions database on the AskF5 Knowledge Base web site.


Supported browsers

The Configuration utility (graphical user interface) supports the following browsers:

  • Microsoft® Internet Explorer®, version 6.0x and 7.0x
  • Mozilla® Firefox®, version 1.5x, 2.0x, and 3.0x

Note: We recommend that you leave the browser cache options at the default settings.

Important: Popup blockers and other browser add-ons or plug-ins may affect the usability of the Configuration utility. If you experience issues with navigation, we recommend that you disable these types of browser plug-ins and add-ons.

[ Top ]

Supported platforms and minimum system requirements

This release applies only to the supported platforms listed below; each platform provides all minimum system requirements.

  • BIG-IP 3600 (C103)
  • BIG-IP 3900 (C106)
  • BIG-IP 4500 (D43)
  • BIG-IP 6400 (D63)
  • BIG-IP 6800 (D68)
  • BIG-IP 6900 (D104)
  • BIG-IP 8400 (D84)
  • BIG-IP 8800 (D88)
  • BIG-IP 8900 (D106)
  • BIG-IP 8950 (D107)
  • BIG-IP 11050 (E102)
    Note: The BIG-IP WebAccelerator system can be provisioned on a BIG-IP 11050 (E102); however, it cannot be provisioned on a dedicated device.

If you are unsure of which platform you have, look at the sticker on the back of the chassis to find the platform number.

Note: You cannot run this software on a CompactFlash® media drive; you must use the system's hard drive.

[ Top ]

Installing the software

Note: As of version 9.4.4, the BIG-IP® WebAccelerator system can send Accept-Encoding headers with the value of gzip to the origin web server, which optimizes bandwidth requirements in certain network configurations by compressing content. The Accept-Encoding gzip feature is installed, but disabled by default in the pvsystem.conf file. To enable the Accept-Encoding gzip feature, see Enabling the Accept-Encoding gzip feature in the Optional Configuration Changes section.

Note: As of version 9.4.4, the BIG-IP® WebAccelerator system can now manage half-closed TCP connections. The half-closed TCP connection management feature is installed, but disabled by default in the pvsystem.conf file. To enable the half-closed TCP connection management feature, see Enabling the half-closed TCP management feature in the Optional Configuration Changes section.

This section lists only the very basic steps for installing the software. The BIG-IP® Systems: Getting Started Guide contains details and step-by-step instructions for completing an installation. F5 recommends that you consult the getting started guide for all installation operations.

Before you begin, ensure that you have completed the following:

  • Reformat for the 10.1.x and later partition size, if needed (partitions created using version 9.x or 10.0.x do not accommodate the 10.1.x and later software).
  • Reactivate the license and update the service contract.
  • Downloaded the .iso file from F5 Downloads to /shared/images on the source for the operation.
    (If you need to create this directory, use this exact name /shared/images.)
  • Check that the drives have at least minimal formatting.
  • Configure a management port.
  • Set the baud rate to 19200, if it is not already.
  • Log on using the management port of the system you want to upgrade.
  • Log on to an installation location other than the target for the installation.
  • Log on using an account with administrative rights.
  • Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location.
  • Log on to the standby unit, and upgrade the active unit after the standby upgrade is satisfactory.
  • Turn off mirroring.
  • If you are upgrading from 9.3.x or 9.4.x, run im <downloaded_filename.iso> to copy over the new installation utility.
  • If you are running WAN Optimization Module, set the module's provisioning to Minimum before upgrading.

Installation consists of the following steps.

  1. To copy the upgrade utility, run the command im (for first-time 9.x-to-10.x installation).
  2. To install the software and roll forward the configuration on the active installation location, use one of the following methods:

Warning: Do not use the --nomoveconfig option described in the following procedure on systems with existing, running installations of Application Security Manager. Doing so removes all content from the associated database. Instead, ensure that the configuration on the source installation location matches the one on the destination. To do so, save the UCS configuration on the location you want to preserve, and apply that configuration to the destination before or after the installation operation.

  • To format for volumes and migrate the configuration from the source to the destination (for fully 10.x environments), run the command:
    image2disk --format=volumes <downloaded_filename.iso>
  • To format for volumes and preserve the configuration on the destination (for fully 10.x environments), run the command:
    image2disk --nomoveconfig --format=volumes <downloaded_filename.iso>
  • To format for partitions (for mixed 9.x and 10.x environments), run the command:
    image2disk --format=partitions <downloaded_filename.iso>
  • To install from the command line without formatting (not for first-time 10.x installation), run the command:
    bigpipe software desired HD<n.n>version 10.x build <nnnn.n> product BIG-IP
  • To install from the version 10.x browser-based Configuration utility, use the Software Management screens.

After the installation finishes, you must complete the following steps before the system can pass traffic.

  1. Ensure the system rebooted to the new installation location.
  2. Log on to the browser-based Configuration utility.
  3. Run the Setup utility, if needed.
  4. Provision the modules.

Each of these steps is covered in detail in the BIG-IP® Systems: Getting Started Guide, and we strongly recommend that you reference the guide to ensure successful completion of the installation process.

For specific information about the initial configuration of the BIG-IP® WebAccelerator system, see Chapter 3, Configuration and Maintenance, in the Configuration Guide for the BIG-IP® WebAccelerator System. All product documentation is located on the AskF5 Knowledge Base web site.

Supported UCS files

The BIG-IP® WebAccelerator system supports UCS files from all version 9.4 releases.

Supported system configuration files

The BIG-IP® WebAccelerator system saves the system configuration file, pvsystem.conf, to the /config/wa directory for all version 9.4 releases. If you are upgrading from a previous version of the BIG-IP® WebAccelerator system, review the following information.

Upgrading from version 9.4.x to 10.2.x

If you plan to install this version of the software onto a system running 9.4.x, you must perform a one-time upgrade procedure to make your system ready for the new installation process. When you update from software version 9.4.x to 10.2.x, you cannot use the Software Management screens in the Configuration utility. Instead, you must run the image2disk utility on the command line. For information about using the image2disk utility, see the BIG-IP® Systems: Getting Started Guide.

The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.

When upgrading from version 9.4.x to version 10.2.x, the BIG-IP® WebAccelerator system replaces the /config/wa/pvsystem.conf configuration file with the version 10.2.x default configuration and saves the previous version's configuration file as /config/wa/pvsystem.conf.9.4.x. If you modified the default 9.4.x configuration and want to apply the same changes to to version 10.2.x, you must edit the new /config/wa/pvsystem.conf as required.

Important: The 9.4.x configuration file is not fully compatible with version 10.2.x. Do not restore a version 9.4.x configuration file over the default 10.2.x configuration file.

For specific information about how to modify the pvsystem.conf file, refer to the Changing Default Settings chapter of the Configuration Guide for the BIG-IP® WebAccelerator System.

[ Top ]

New in version 10.2.1

This release contains no new features.

Fixed in version 10.2.1

This BIG-IP® WebAccelerator release includes all previously released hot fixes.

This release contains no new fixes.

[ Top ]


Features and fixes introduced in prior release

The current release includes the features and fixes that were distributed in prior releases, as listed below. (Prior releases are listed with the most recent first.)

Features introduced in version 10.2.0

Integrated WebAccelerator Configuration utility
Previously, the WebAccelerator Configuration utility opened in a secondary window. The WebAccelerator Configuration utility is now fully integrated into the BIG-IP® Configuration utility.

Features introduced in version 10.1

Configuration synchronization for an optional symmetrical deployment (CR118165)
To properly synchronize configurations among systems in a symmetric deployment, the clocks on each of the systems in the deployment must be set to the same time, and an NTP server must be configured for each. If you add a new remote system to a symmetrical deployment and the clock is not set to the same time as the central system, or if you do not configure an NTP server, the synchronization fails when you run the wam_add.pl script (required to exchange SSL certificates). Starting in version 10.0.1, when you add a new system to a symmetric deployment and run the wam_add.pl script, the WebAccelerator system checks the time on all of the systems in the symmetric deployment and verifies that an NTP server is specified for each system. If the system clocks are off by more than 15 seconds, or if an NTP server is not specified for each system in the symmetric deployment, the WebAccelerator system returns an error and halts the configuration synchronization. For specific information about configuring an NTP server, see the Configuration and Maintenance Tasks chapter of the Configuration Guide for the BIG-IP® WebAccelerator System.

Features introduced in version 10.0.0

Signed acceleration policies
This release of the WebAccelerator system introduces signed acceleration policies. A signed acceleration policy is created, certified, encrypted, and provided to you by its author, such as a consultant or vendor. You can also create your own signed acceleration policy by signing a user-defined acceleration policy. You can import a signed acceleration policy into any other WebAccelerator system running version 10.0.0. Unlike pre-defined or user-defined acceleration policies, you cannot view, add, or modify rules for a signed acceleration policy. For more information, see the Overview of Acceleration Policies chapter in the Policy Management Guide for the BIG-IP® WebAccelerator System.

Important: Signed acceleration policies are not compatible with versions prior to 10.0.0. If you attempt to import a signed acceleration policy into a WebAccelerator system that is running a version prior to 10.0.0, the acceleration policy appears on the Policies screen and is available for assignment to an application, but the signed acceleration policy does not contain any configured acceleration rules.

New name for the BIG-IP® WebAccelerator System Administrator Guide
The BIG-IP® WebAccelerator System Administrator Guide is now called Configuration Guide for the BIG-IP® WebAccelerator System..

Object types
Starting in this release, you can view and modify pre-defined object types, as well as create new user-defined object types, from the Object Types screen. For more information, see the Changing Default Settings chapter in the Configuration Guide for the BIG-IP® WebAccelerator System.

URL normalization settings
Starting in this release, you can view and modify URL normalization settings from the URL Normalization screen. For more information, see the Changing Default Settings chapter in the Configuration Guide for the BIG-IP® WebAccelerator System.

Connections rules (CR107174)
The Connections rules tab is removed from the Policy Editor. You now configure connection settings, such as those for OneConnect and NTLM, from the interface of the BIG-IP® Local Traffic Manager. For more information about how to configure connection settings, see the Using Additional Profiles chapter of the Configuration Guide for BIG-IP® Local Traffic Manager.

New name for the pre-defined acceleration policy, Oracle Portal (CR100065)
The pre-defined policy previously known as Oracle Portal is now called, Oracle AS 10g Portal.

Support for the 8900 platform
With this release, you can install BIG-IP® WebAccelerator system version 10.0.0 on the 8900 platform. For more information about the 8900 platform, see Platform Guide: 6900 and 8900 on the AskF5 Knowledge Base web site.

Protocol Security Module and WebAccelerator system integration
With this release, you can install the WebAccelerator system and the Protocol Security Module on the same local traffic virtual server. The BIG-IP® Protocol Security Module is designed to perform protocol security checks for the HTTP protocol. You can run the WebAccelerator system with the Protocol Security Module on only the 6900 and 8900 platforms. For more information about the Protocol Security Module, see the Configuration Guide for BIG-IP® Protocol Security Module, the the Securing and Accelerating HTTP Traffic with PSM and WA chapter of the BIG-IP® Local Traffic Manager: Implementations guide, and the BIG-IP® Protocol Security Module Release Note on the AskF5 Knowledge Base web site.

Ghostscript software (CR118488)
This release contains the Ghostscript software, an interpreter for the PostScript language and for PDF. Ghostscript is covered under the GNU Lesser General Public License (LGPL). For more information about LGPL, see http://www.gnu.org/licenses/lgpl.html.

Fixes introduced in version 10.2.0

This release includes the following fixes.

ESI support for remote host content required (CR134226)
ESI inline statements are served from the default BIG-IP Local Traffic Manager pool when the base page is requested by the WebAccelerator system. By default, the WebAccelerator system constructs the inline proxy request with the default pool member's IP as host. This functionality now supports external ESI content, as well. The content record stores the details of the host that served the content. Additionally, a DNS lookup for the host is included in the inline statement.

Fixes introduced in version 10.1.0

This release includes the following fixes.

503 error codes or interruption in service (CR116341)
In previous releases, if the WebAccelerator system received a request  while simultaneously performing an internal process, it returned a 503 error code. This issue no longer occurs.

Error messages after relicensing a system with the Application Security Manager (CR116426)
Previously, if you licensed a WebAccelerator system with the Protocol Security Module, and then remove the Protocol Security Module license and relicensed the WebAccelerator system with the Application Security Manager, you received reset errors. This issue has been resolved and you no longer receive reset errors.

Host names (CR118437)
Previously, the WebAccelerator system was unable to properly manage URLs that contained host names with a leading digit, such as https://www.1myserver.com. This issue is resolved and the WebAccelerator system can now process host names that begin with a digit, including unmapped host names.

X-PvInfo header code S10232 (CR121106)
Previously when an acceleration rule prompted the WebAccelerator system to send a request to the origin web server, the X-PvInfo header in the response did not indicate whether the content that the WebAccelerator system had cached was still valid. Starting in this release, when the WebAccelerator system sends a request to the origin web server and the cached content is still current, the WebAccelerator system places a new code, S10232, in the X-PvInfo header indicating that the content was served from Smart Cache. Conversely if the content is expired, the WebAccelerator system provides the new content and returns the S10202 code in the X-PvInfo header, indicating that the WebAccelerator system received new content from the origin server.

For information about using X-PvInfo headers, see the Troubleshooting chapter of the Configuration Guide for the BIG-IP® WebAcceleratorSystem. For definitions of each X-PvInfo response header code, see the Using HTTP Headers chapter of the Policy Management Guide for the BIG-IP® WebAcceleratorSystem.

Object Types synchronization in a symmetric deployment (CR122601)
In previous releases, object types were not synchronized between WebAccelerator systems in a symmetric deployment. Starting in this release if you modify an existing object type's settings or create a new object type, those changes synchronize with all other WebAccelerator systems in a symmetric deployment. For more information about managing object types, see the Changing Default Settings chapter in the Configuration Guide for the BIG-IP® WebAcceleratorSystem.

 

Fixes introduced in version 10.0.0

This release includes the following fixes.

Invalidating content for a specific application (CR84569)
Previously, if you invalidated content for a specific application, the BIG-IP® WebAccelerator system invalidated the Hot Cache for all applications. Starting in this release, the WebAccelerator system properly invalidates content only for the specified application.

Unexpected proxy reply message after log rotation (CR92646)
In previous releases, the message, Unexpected proxy reply from %TMM, erroneously displayed in the /var/log/ltm file after the WebAccelerator system rotated the log files in the access directory. This issue is resolved and the message no longer displays.

[ Top ]


Known issues

The BIG-IP® WebAccelerator system version 10.1 release contains the following known issues. Known issues are cumulative, and include all known issues for a release.

Modifying settings for the http-acceleration profile (CR76031)
If you make changes to the http-acceleration profile settings, Minimum Object Size, Maximum Object Size, URI Caching, and Ignore Headers, it adversely affects the way the BIG-IP® WebAccelerator system manages HTTP traffic for your site. You should not modify these settings. For more information about the default settings, refer to SOL8780: The default RAM Cache settings for the http-acceleration profile should not be modified.

Support for Basic and Digest Authentication scheme (CR80537)
The BIG-IP® WebAccelerator system does not currently support the Basic and Digest Access Authentication schemes. To ensure that clients receive properly authenticated content, enable the proxying rule option, Always proxy requests for this node, for the acceleration policy that is assigned to the application that is using Basic and Digest Access Authentication schemes. See Enabling the always proxy option, in the Workarounds for known issues section.

Synchronizing configuration changes in a symmetrical deployment (CR80763)
If the comm_srv system process is down on a BIG-IP® WebAccelerator system in a symmetrical deployment, and you make changes to other BIG-IP® WebAccelerator systems in the symmetrical deployment, the configuration changes may not synchronize properly.

Reporting the status of an origin web server in a symmetric deployment (CR80878)
In a symmetric deployment of BIG-IP® WebAccelerator systems, a BIG-IP® Local Traffic Manager http monitor on the remote WebAccelerator system does not properly report the status of the origin web server located behind the central WebAccelerator system. To work around this issue, monitor the status of the origin web server, through the BIG-IP® Local Traffic Manager's http monitor, only on the central WebAccelerator system. For more information about configuring and using http monitors, see the Configuration Guide for BIG-IP® Local Traffic Manager.

Destination hosts for WebAccelerator systems in a symmetric deployment (CR81083)
Destination hosts are not supported for BIG-IP® WebAccelerator systems in symmetric deployments. To use destination hosts, you must configure pools through the BIG-IP® Local Traffic Manager. For information about configuring pools, see the Configuration Guide for BIG-IP® Local Traffic Manager.

Unmapped host processing in a symmetrical deployment (CR81084)
When configured in a symmetrical deployment, the BIG-IP® WebAccelerator system does not properly process requests for unmapped hosts.

Synchronizing changes to a user-defined acceleration policy for a symmetrical deployment (CR81333)
If you modify a user-defined acceleration policy on a BIG-IP® WebAccelerator systems in a symmetrical deployment, and you do not publish the policy before you synchronize the configuration, your changes may be lost. To avoid losing configuration changes to user-defined acceleration policies, always publish the policy you changed before you synchronize the BIG-IP® WebAccelerator systems in a symmetrical deployment.

Hit logs for normalized documents (CR81698)
The hit log does not currently report statistics for documents on which the BIG-IP® WebAccelerator system has performed URL normalization.

HTTP logging report for content served from Hot Cache (CR81829)
The logging feature does not currently report requests that the BIG-IP® WebAccelerator system has served from Hot Cache (previously known as RAM Cache).

Removing an http class profile from a virtual server (CR85606)
If you remove an http class profile from the BIG-IP® Local Traffic Manager system's virtual server's resources, the BIG-IP® WebAccelerator system may continue to accelerate traffic. To resolve this issue, restart the pvac service using the bigstart restart pvac command. Traffic flow may momentarily halt while the service restarts.

PDF linearization (CR95401)
The WebAccelerator system performs PDF linearization on all PDF documents. This setting cannot currently be changed through the user interface, but can be changed by modifying the globalfragment.xml file.

Access to the Configuration utility after modifying provisioning (CR105976)
If you provision or de-provision the WebAccelerator system, the Configuration utility restarts. During this time the Configuration utility is temporarily unavailable. Once the Configuration utility has restarted, it prompts you to continue.

Response code for content served from cache (CR106567)
When running on a platform with multiple CPUs, the WebAccelerator system may serve responses only from Smart Cache (indicated by the S10101 code in the X-PvInfo header), until the Hot Cache associated with each CPU is populated. Platforms with multiple CPUs include: 3600, 3900, 6400, 6800, 6900, 8400, 8800, and 8900.

Importing a policy when the /shared file system is full (CR106990)
If you import an acceleration policy when the /shared file system is full, the acceleration policy appears on the Policies screen, but does not appear in the policies list for an application; therefore, you cannot assign the imported policy to an application. To resolve this issue, free additional space in the /shared file system.

Exception error when publishing a modified acceleration policy in a symmetric deployment (CR107173)
If you modify the same acceleration policy on both the remote and central WebAccelerator systems in a symmetric deployment and then attempt to publish them simultaneously, the WebAccelerator system returns an exception error.

Invalidating cached content for unmapped hosts (CR108671)
If you manually invalidate cached content for unmapped hosts,  the WebAccelerator system invalidates cached content for all applications.

Changing the time for the system clock (CR110577) 
If you change the time on the system clock, the WebAccelerator services pvac and comm_srv may restart, temporarily halting traffic to your applications. In order for you to avoid this issue, F5 Networks recommends that you change the system clock only when the WebAccelerator system is offline and not processing requests.

http-acceleration profile compression setting (CR123170)
If you enable the Compression setting for the http-acceleration profile, the BIG-IP® WebAccelerator system no longer compresses content, regardless of the acceleration policy settings. To avoid this issue, do not modify the http-acceleration profile's Compression setting.

Insufficient disk space and provisioning failure (CR128875)
If you perform an operation that requires loading the configuration on a volume that has insufficient disk space to contain it, the operation fails at the module-provisioning step. Depending on the modules you provision and the space available, the failure might occur when rolling forward a configuration at installation, running bigpipe config install <config.ucs>, or provisioning modules in a command line operation. When the provisioning failure occurs, the system logs a message in the /var/log/ltm file: 01071008:3: Provisioning failed with error 1 - 'Disk limit exceeded. MB are required to provision these modules, but only MB are available.' To recover, free up sufficient disk space by removing unneeded volumes using the command: bigpipe software desired HDn.n delete, and then try the operation again.

Cannot invalidate application (CR132771)
If you create a virtual server enabled for WebAccelerator Module that does not use the pre-defined http-acceleration profile, you cannot invalidate the web application defined for the virtual server.

Frame URL Normalization Method is deprecated (CR134815)
The Frame setting for URL Normalization Method on the URL Normalization page does not function and is deprecated.

Clearing cache with wa_clear_cache can restart hds_prune (CR136453-1)
If you run the wa_clear_cache script to delete the WebAccelerator disk cache while hds_prune is pruning the cache, the hds_prune process can fail and restart. To avoid this issue, shut down hds_prune before running the wa_clear_cache script.

Specially created PNG file may cause libpng to stall or fail (CR137225)
When a PNG file contains a highly compressed ancillary chunk, libpng can stall or fail.

Policy navigation tree is unavailable when booting from 10.1 to 10.2 (CR137453)
When the system is booting from version 10.1 to 10.2, the Policy Editor appears blank on the left side, except for a small rectangular bar at the very top of the policy navigation tree area. To correct this problem, refresh the policy navigation tree, or close and reopen all browser windows.

Leaf node lifetime settings may cause crash (CR137545)
When the WebAccelerator system processes ESI markup tags with a short lifetime setting (for example, 0) for the matching leaf node, stack traces or a pvac core dump might result.

Normalized content excludes s-maxage and max-age values (CR138094)
The WebAccelerator system normalized content excludes s-maxage and max-age values.

Controls hidden when importing signed policy (CR139014)
If you sign a user-defined acceleration policy that has been published, and attempt to import the signed acceleration policy, the message You are attempting to import a Signed Acceleration Policy that will overwrite a Pre-Defined or User-Defined Policy. Do you wish to proceed? is hidden, preventing the ability to click Yes or No.

RamCache expiration that exceeds WebAccelerator expiration prevents re-enabling MultiConnect (CR139143)
If content in RamCache has an expiration that is longer than the expiration in WebAccelerator cache, MultiConnect cannot be re-enabled until the RamCache content expires.

URL Authorization Method does not function when Require Authorization is enabled (CR133821)
The URL setting for Authorization Method on the URL Normalization page does not function when Require Authorization is set to Yes.

Header is modified when using Cache-Control: no-transform (CR136185)
When an origin web server sends a Cache-Control: no-transform header in response to a request, the WebAccelerator system modifies the header. Clearing the Ignore no-cache HTTP headers in the request check box and the Ignore no-cache HTTP headers in the response check box on the Lifetime tab does not prevent the header from being modified.

WA IBR not applied to images in form input (ID 222510)
When using Intelligent Browser Referencing or MultiConnect functionality to accelerate images, using a form input may produce inconsistent results.

wam_add.pl script uses TCP echo-style ping (ID 353432)
In a symmetric deployment, the remote and central WebAccelerator systems communicate over port 4353 and exchange SSL certificates over port 22. If a firewall exists between these systems, you must modify its configuration so that port 4353 and port 22 are open. If you fail to open these ports, the central and remote WebAccelerator systems cannot properly exchange SSL certificates or synchronize. Additionally, TCP echo port 7 is required when setting a symmetric deployment to run /usr/local/wa/scripts/wam_add.pl and use Perl's NET::Ping, which defaults to a TCP ping.

[ Top ]

Workarounds for known issues

The following section describes the workaround for the corresponding known issue listed in the previous section.

Configuring the always proxy feature (CR80537)

If you are using Basic and Digest Access Authentication schemes for certain applications, you must enable the always proxy feature for the user-defined acceleration policy assigned to those applications. For information about this known issue, see Support for Basic and Digest Authentication scheme.

Enabling the always proxy option

  1. On the Main tab of the navigation pane, expand WebAccelerator and click Applications.
    The Applications screen opens in a new window.
  2. On the Main tab of the navigation pane in the new window, click Policies.
    The Policies screen opens, displaying a table of user-defined and pre-defined acceleration policies.
  3. On the User-defined Acceleration Policies table, click the name of the acceleration policy that you want to edit.
    The Policy Editor screen opens.
  4. On the Policy Tree, click the node for which you want to enable the always proxy option.
  5. From the Matching Rules list on the Policy Editor menu bar, select Acceleration Rules.
    The acceleration rules display on the Policy Editor menu bar.
  6. On the Policy Editor menu bar, click Proxying.
    The Proxying rules screen opens.
  7. In the Proxying Options section, click the button next to Always proxy requests for this node.
  8. Click the Save button.

For the new policy to be in effect for your site, you must publish it. For more information, see Chapter 3, Using Acceleration Policies, in the Policy Management Guide for the BIG-IP® WebAccelerator System. Once you publish the acceleration policy, the BIG-IP® WebAccelerator system sends all matched requests to the origin server for content.

[ Top ]

Optional configuration changes

This software release includes the following features:

  • Accept-Encoding gzip
    The Accept-Encoding gzip feature forces the WebAccelerator system to request content from the origin web server that is compressed by using the gzip utility, if it is available.

     
  • Half-closed TCP connection management
    The half-closed TCP connection management feature allows the WebAccelerator system to properly manage half-closed connections.

     

These features are disabled by default. To use these features, you must enable them using the following procedures.

Enabling the Accept-Encoding gzip feature

This software release includes the Accept-Encoding gzip feature, but the feature is disabled by default.

To enable the Accept-Encoding gzip feature

Use the following procedure to enable the Accept-Encoding gzip feature.

  1. Using SSH, log on to the BIG-IP® WebAccelerator system using the root user name and password.

  2. At the command line, switch to the /config/wa directory by typing the following command:

    cd /config/wa

  3. Using a text editor, view the pvsystem.conf file and locate the following line:

    <forceOWSGzippedRequests>false</forceOWSGzippedRequests>

  4. Change the value to true, so the line now appears as follows:

    <forceOWSGzippedRequests>true</forceOWSGzippedRequests>

  5. Save the change and close the text editor.
  6. Restart the BIG-IP® WebAccelerator system by typing the following command:

    bigstart restart

Enabling the half-closed TCP connection management feature

This software release includes the half-closed TCP connection management feature, but the feature is disabled by default.

To enable the half-closed TCP connection management feature

Use the following procedure to enable the half-closed TCP connection management feature.

  1. Using SSH, log on to the BIG-IP® WebAccelerator system using the root user name and password.

  2. At the command line, switch to the /config/wa directory by typing the following command:

    cd /config/wa

  3. Using a text editor, view the pvsystem.conf file and locate the following line:

    <disableHalfClose>true</disableHalfClose>

  4. Change the value to false, so the line now appears as follows :

    <disableHalfClose>false</disableHalfClose>

  5. Save the change and close the text editor.
  6. Restart the BIG-IP® WebAccelerator system by typing the following command:

    bigstart restart

[ Top ]

Contacting F5 Networks

  Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com


Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)