Release Notes : BIG-IP 11.5.3 VE Release Notes

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 11.5.3

BIG-IP APM

  • 11.5.3

BIG-IP GTM

  • 11.5.3

BIG-IP Link Controller

  • 11.5.3

BIG-IP Analytics

  • 11.5.3

BIG-IP LTM

  • 11.5.3

BIG-IP AFM

  • 11.5.3

BIG-IP PEM

  • 11.5.3

BIG-IP ASM

  • 11.5.3
Release Notes
Original Publication Date: 03/18/2018 Updated Date: 04/18/2019

Summary:

BIG-IP Virtual Edition (VE) is a version of the BIG-IP system that runs as a virtual machine. Supported modules include Local Traffic Manager, Global Traffic Manager, Application Security Manager, Access Policy Manager, Application Acceleration Manager, Policy Enforcement Manager, Application Firewall Manager, and Analytics. BIG-IP VE includes all features of device-based BIG-IP modules running on standard BIG-IP TMOS, except as noted in release notes and product documentation.

Note: The BIG-IP VE product license determines the maximum allowed throughput rate. To view this rate limit, you can display the licensing page within the BIG-IP Configuration utility.

Contents:

Supported platforms

This version of the software is supported in the following configurations. For a list of VE hypervisor support, see the Virtual Edition and Supported Hypervisors Matrix

Memory: 12 GB or more

All licensable module-combinations may be run on BIG-IP Virtual Edition (VE) guests provisioned with 12 GB or more of memory.

Memory: 8 GB

The following guidelines apply to VE guests, configured with 8 GB of memory.

  • No more than three modules should be provisioned together.

Memory: Less than 8 GB and more than 4 GB

The following guidelines apply to VE guests provisioned with less than 8 GB and more than 4 GB of memory.

  • No more than three modules (not including AAM) should be provisioned together.
  • Application Acceleration Manager (AAM) cannot be provisioned with any other module; AAM can only be provisioned standalone.

Memory: 4 GB or less

The following guidelines apply to VE guests provisioned with 4 GB or less of memory.

  • No more than two modules may be configured together.
  • AAM should not be provisioned, except as Dedicated.

User documentation for this release

New in 11.5.3

There are no new features specific to Virtual Edition.

New in 11.5.2

There are no new features specific to Virtual Edition.

New in 11.5.1

There are no new features specific to Virtual Edition.

New in 11.5.0

Reduced Disk Size Options

With this release, there are 3 new disk size options available.

Disk Size Modules Supported Features Supported
7 GB LTM only on a single slot You cannot install upgrades or hotfixes to this version.
31 GB LTM only on two slots This option can be extended and upgraded with new versions and hot fix updates. It does not allow installing any modules besides LTM, GTM, or LTM + GTM.
100 GB Supports all modules This option can be extended and upgraded with new versions and hot fix updates. It allows installing any combination of other modules supported by the current version of BIG-IQ VE software.

Extensible disk size

After you deploy the BIG-IP VE, if the hypervisor supports it, you can now expand the disk size to provide additional space for VE log, trace, config, and core files. Instruction for this task varies depends on your hypervisor type and is documented in the BIG-IP VE Setup Guide for your hypervisor.

High-Performance 10Gbps VE configuration for virtual appliance

This release provides high-performance 10Gbps VE configuration for virtual appliance deployments using VMware.

Increased Max SSL throughput

This release provides increased Max SSL throughput to 4Gbps for 10 GB BIG-IP LTM VE deployments.

25Mbps throughput license

25Mbps throughput license for high-density deployments with individual applications, a small number of applications, or a single tenant on all major hypervisors and AWS.

Updated hypervisors and Linux distributions

This release provides support for updated hypervisors and Linux distributions. For a list of VE hypervisor support, see the Virtual Edition and Supported Hypervisors Matrix.

Fixes in 11.5.3

ID Number Description
ID 471860 When you disable an interface, the state shows DISABLED. When you enable that interface, the indication for the interface now shows ENABLED.
ID 484733 The reassignment of IP addresses for forwarding virtual servers with SNATs defined in the configuration now occurs as expected in Amazon Web Services (AWS).

Fixes in 11.5.2

ID Number Description
ID 482434 Throughput and new connections per/sec are now comparable in AWS for SR-IOV enabled instances and in other instances.

Fixes in 11.5.1

ID Number Description
ID 448299 The emulated IDE storage driver has been replaced with PV (para-virtualized) SCSI storage driver. PV SCSI driver gracefully handles disk I/O timeouts and recovers from them.

Fixes in 11.5.0

ID Number Description
ID 367759 On BIG-IP VE, modifying an interface's VLAN configuration from tagged to untagged, or untagged to tagged, can result in unavailability of traffic on that interface. Restarting the tmm with "bigstart restart tmm" will correct this condition, as will deleting and recreating the VLAN with desired tagging attributes.
ID 427415 AWS instances with core counts (vCPUs) higher than 4 is able to license and operate in the expected way.
ID 428612 "In order to make Intel SR-IOV work out-of-box, Intel VF's MTU has been reduced to 1500 in BIG-IP VE. VF's MTU has to be changed to be equal to or greater than its VLAN's MTU to support jumbo frame. A new feature is provided to make it happen. Steps to increase Intel VF's MTU in BIG-IP VE: - Append the following line to /etc/modprobe.d/f5-platform-virtual-applicance.conf file options unic max_mtu=<max_mtu_size> - reboot BIG-IP VE - OR, run: bigstart stop tmm rmmod unic modprobe unic bigstart start tmm"
ID 430655 Improved debugging on TMM to include DB variable provision.

Behavior changes in 11.5.3

There are no Virtual Edition-specific behavior changes specified for this release.

Behavior changes in 11.5.2

There are no Virtual Edition-specific behavior changes specified for this release.

Behavior changes in 11.5.1

There are no Virtual Edition-specific behavior changes specified for this release.

Behavior changes in 11.5.0

There are no known release-specific behavior changes.

Local Traffic Manager-Virtual Edition known issues

ID Number Description
ID 224507 When VE is deployed on VMware, the management port might not correctly reflect the uplink port speed of the vSwitch that it is connected to. This should have no adverse affects on actual management port traffic. Workaround: None.
ID 324960 "big3d daemon on Services screen (CR134045, ID 324960) The big3d daemon appears on the Services screen of the BIG-IP Configuration utility even though the daemon is not installed on the system." Workaround: None.
ID 346083 "When you remove an interface from all VLANs, and then add the same interface, the interface status remains UNINITIALIZED, and you can only access the system from the console. To recover, manually edit bigip_base.conf, deleting the entries and running the command: 'load sys config'. An entry appears similar to the following: net interface 1.3 { media-fixed 10000T-FD }" Workaround: None.
ID 351199 When importing an OVA into XenServer, CPU priority is not set. It is recommended that a higher priority be set on the VM. Using XenCenter, click on the General tab of the VM. Then click Properties. On the CPU and Memory tab, the VCPU priority should be configured at the highest value. Workaround: None.
ID 351538 "F5 Networks strongly recommends that the host system use CPUs with AMD-V or Intel-VT technology. This might require adjusting the systems BIOS or Unified Extensible Firmware Interface (UEFI) configuration. For specific hypervisors, hardware assisted virtualization technologies might be required in order to boot BIG-IP VE. For detailed system requirements, see the hypervisor's documentation." Workaround: None.
ID 352856 Errors occur when migrating SCF files between different BIG-IP Virtual Edition (VE) hypervisor software. This occurs on BIG-IP VE. "The configuration does not load, and the system posts the following error: BIGpipe interface creation error: 01070318:3: 'The requested media for interface 1.1 is invalid.'" Workaround: To work around this, remove the entire line that contains 'media fixed' statements for each interface. When the media capabilities are removed from the SCF before load, no error occurs.
ID 358355 When deployed as a Microsoft Hyper-V virtual machine, BIG-IP VE must be configured with Static Memory Allocation. The use of Dynamic Memory Allocation is unsupported and might cause issues. Workaround: None.
ID 364704 Taking a snapshot of the virtual machine's memory often pauses the virtual machine and may produce undesired results. To correct this problem on VMware hypervisors, do not include the virtual machine's memory when snapshots are taken. Workaround: None.
ID 366403 After modifying the BIG-IP system configuration by adding or removing Network Interfaces, the interface numbering might appear out of order and NICs may appear that are no longer present. If the virtual interfaces on the BIG-IP VE system are changed after a binary MCPD database has been created, the system may not detect the change even after a subsequent reboot. To ensure that the system properly detects the new or removed interfaces, type the command "rm /var/db/mcpd*" at the BIG-IP VE command prompt, and reboot the system. TMM-to-vSwitch interface mapping can be viewed by comparing the MAC addresses of the interfaces displayed in the BIG-IP Configuration utility to those displayed in the hypervisors configuration. The interfaces may need a simple adjustment to map to the correct networks. Workaround: None.
ID 367862 Network Interface Port Mirroring is not supported by BIG-IP VE with this release. Workaround: None.
ID 370367 On BIG-IP VE only, changing the interface used by a VLAN from one to another might show degraded performance in the event that both interfaces are configured to participate on the same broadcast network. Restarting the TMM with "bigstart restart tmm" will restore performance and resolve the issue. Workaround: None.
ID 371458 On a XenServer Host, all interfaces are expected to show up as 100TX-FD within tmsh. All application traffic handling interfaces will be shown with a media speed of 100 and an Active Duplex of half in the GUI for this release. This speed rating is simply cosmetic and not actually reflective of the speeds and duplex for BIG-IP VE on a XenServer host. The actual link is a high speed internal connection via a Virtual Network Interface within the hypervisor at speeds greater than 100Mbps. Workaround: None.
ID 371631 BIG-IP Virtual Edition (VE) may incorrectly report the interface media duplex settings as none. The General Properties may show an incorrect Active Duplex setting when you navigate to Network :: Interfaces, and then click the interface. The output from the tmsh show network interface all-properties command may show incorrect information in the Media column. Running the command 'show net interface all-properties'. You are unable to confirm the current duplex setting of an interface. Workaround: To work around this issue, you can determine the interface media duplex setting for VE configurations not involving SR-IOV by running the following command: tmsh list net interface. Note: This workaround is valid only for VE configurations and only reports the VE's reported link state. A VM cannot determine any vSwitch's upstream link state via its own link state. VE knows about the link between it and the vSwitch, except in SR-IOV deployments, where there is no vSwitch and the link is direct.
ID 372540 Migration of BIG-IP VE, whether live or powered off, will commonly incur an innocuous warning message similar to this on vSphere hypervisors: Virtual Ethernet card 'Network adapter 1' is not supported. This is not a limitation of the host in general, but of the virtual machine's configured guest OS on the selected host." This message is benign and can safely be ignored. Workaround: None.
ID 374064 Import verification of the .ova may fail when using the XenCenter 5.6. OVA import wizard. It is suggested that XenCenter 5.6 users verify the .ova file signature as described on AskF5. Workaround: None.
ID 388118 For IPv6 to work on KVM using a macvtap interface, the IFF_ALLMULTI setting must be enabled on the host interface. This is done by using "ifconfig <name of interface> allmulti". Workaround: None.
ID 394817 "VADC now supports CMP (that is, multiple TMMs running on the same box). For a rate limited license, the limit is divided by the number of TMMs, so each TMM is capped at a fraction of the total licensed limit. For example, if a 200M license with one connection has a throughput of 180Mbits/s before enabling CMP, then for two TMMs the expected throughput would be 90 Mbits/s, and with four TMMs, the expected throughput would be 45 Mbit/s." Workaround: None.
ID 404628 BIG-IP Virtual Edition hosted on XenServer cannot have more than six network interfaces configured in the virtual machine definition for this release of software. Workaround: None.
ID 413587 "The customer will see an extra interface when a Big-IP Virtual Edition is deployed on Citrix XenServer 6.1. This extra interface will have the same MAC address as the VE instance's management interface. The shell command 'ip list' will show one more interface that the user has configured through the hypervisor, and two of those interfaces shown will have the same MAC address." Virtual Edition deployed on Citrix XenServer 6.1 The management interface may be exposed to the TMM as a traffic interface. Workaround: A customer should use SR-IOV interfaces for VE instances deployed on Citrix XenServer 6.1.
ID 416201 Community Xen: Only 2 PCI pass-through interfaces can be seen on the guest. This is an issue in the CentOS domain 0, and not the BIG-IP guest. Workaround: None.
ID 420092 Non TCP packets from Linux host exceeds MTU need to be fragmented. Workaround: Disable tm.tcpsegmentoffload.
ID 450794 VE devices working in AWS can fail to obtain, and in some cases lose (unpredictably) their DNS resolver information and thus become unable to look up any DNS names when attempts are made to call external servers by name. "As a BIG-IP will be unable to make any API calls to EC2. In particular this will affect HA functionality of BIG-IPs. An example is a case when during fail-over VIPs from one instance's interface are moved to another instance's interface . In this circumstance a fail-over does occur, but EC2 will route all IP traffic destined for the traffic group's VIPs to BIG-IP on which the traffic group was previously active." Workaround: None.
ID 495523 MCPd goes into a restart loop after a change to the AWS Instance Type. This occurs in Virtual Edition (VE) after changing the underlying instance hardware in AWS, which is not supported behavior. The instance is not usable. There is no error message to indicate the failure. Workaround: Users can save the configuration on the BIG-IP system, instantiate a instance of the desired type, and apply the saved configuration.
ID 500631 Customers might see performance degradation in BIG-IP, and in some cases, BIG-IP might receive packets greater than MTU. This has been observed for BIG-IP VE on KVM hypervisor with no SRIOV support. Performance degradation. Workaround: "Turn off LRO from the host as follows: ethtool -K <related interfaces> rx off ethtool -K <related interfaces> tx off ethtool -K <related interfaces> gro off ethtool -K <related interfaces> lro off Related interfaces indicates all interfaces connected to vswitch related to data plane virtual interfaces."
ID 510100 Minor debug-only additions in aws-init script. Amazon AWS. Minor. Workaround: None.
ID 517236 Administrators cannot access the virtual servers on the VE, such as testing the pool members running web servers using curl command-line inside of VE. Azure and Auto-scale AWS VEs provisioned with a single NIC and a single IP No local access to virtual servers on VE, but the administrator can still access to virtual servers through another computer Workaround: None.
ID 519246 If you check your Azure VE's /var/log/waagent.log after provisioning, you might find some error lines for HTTP post requests. They are complete with some successful HTTP response codes (2xx) but tagged as errors It will happen on BIG-IP VE v12.x+ provisioned on Microsoft Azure public cloud. There's no any impact on BIG-IP VE to work appropriately since the retries will succeed at last. Workaround: None.

Global Traffic Manager-Virtual Edition known issues

There are no known issues specific to Global Traffic Manager/Link Controller-Virtual Edition.

Application Security Manager-Virtual Edition known issues

There are no known issues specific to Application Security Manager-Virtual Edition.

Access Policy Manager-Virtual Edition known issues

There are no known issues specific to Access Policy Manager-Virtual Edition.

Application Acceleration Manager-Virtual Edition known issues

There are no known issues specific to Application Acceleration Manager-Virtual Edition.

Policy Enforcement Manager-Virtual Edition known issues

There are no known issues specific to Policy Enforcement Manager-Virtual Edition.

Application Firewall Manager-Virtual Edition known issues

There are no known issues specific to Application Firewall Manager-Virtual Edition.

Analytics-Virtual Edition known issues

There are no known issues specific to Analytics-Virtual Edition.

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com.

How to Contact F5 Support or the SOC

You can contact a Network Support Center as follows:

You can manage cases online at F5 WebSupport (registration required). To register email CSP@F5.com with your F5 hardware serial numbers and contact information.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you are using to subscribe. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.

Legal notices