Updated Date: 03/08/2011
This release note documents the version 9.6.0 release of VIPRION™. We recommend this general sustaining release only for those customers who want the fixes listed in New features and fixes in this release. You can run this version of the software only on the VIPRION chassis.
Note: F5 offers general availability releases and general sustaining releases. For detailed information on our policies, refer to Solution 8986, F5 Networks software lifecycle policy, which is available in the AskF5SM Knowledge Base, http://support.f5.com.
In addition to these release notes, the following user documentation is relevant to this release.
The minimum system requirements for this release are a VIPRION system with a four-slot chassis with two blades installed.
The supported browsers for the BIG-IP Configuration utility are:
Note that we recommend that you leave the browser cache options at the default settings.
Important: Popup blockers and other browser add-ons or plug-ins might affect the usability of the Configuration utility. If you experience issues with navigation, we recommend that you disable these types of browser plug-ins and add-ons.
This release includes the following new features and fixes.
This release includes the following new features.
VIPRION system chassis hardware support
This release exists to support the VIPRION™ four-slot chassis. The multi-slot chassis significantly reduces the amount of rack space required for your systems by housing blades instead of traditional switch systems. Hardware resources such as cooling and power systems, normally required for individual BIG-IP systems, are now part of the chassis instead.
This version of Traffic Management Operating System™ (TMOS™) supports clustering of up to four blades in a chassis, so that the system can be managed as a single unit (cluster). The VIPRION™ system's cluster technology means that all blades in the cluster function as one high-performance VIPRION system. A cluster is a group of slots in the VIPRION system chassis. Each slot in the cluster represents a cluster member, and any blades that you insert into the slots of a cluster work together as a single VIPRION system to process application traffic. At all times, one of the blades functions as the primary blade, accepting management and application traffic requests and dispersing the workload to other blades in the cluster. With cluster technology, you utilize the power of multiple blades, but manage the entire cluster as if it were a single system.
This release adds support for session persistence mirroring when the Traffic Management Microkernel (TMM) is running in clustered multi-processing (CMP) mode. Previous releases of Traffic Management Operating System™ (TMOS™) supported persistence, but not when operating in CMP mode. Persistence mirroring is a mode of operation where the VIPRION system mirrors persistence records to other blades in the same cluster, or to the other cluster in a redundant system.
Clustered Live Install and configuration synchronization
It is possible to upgrade a cluster using the Configuration utility or the command line using the Live Install mechanism, so it's easier than ever to deploy a new software release. When you upgrade the software on the primary blade in the cluster of a running system, the system automatically propagates that software to the open boot location on other blades, with no interruption in traffic processing. When you configure Layer 2 and local traffic objects on the primary blade, and then insert a secondary blade, the system automatically propagates that configuration data to the secondary blade.
This release includes no new fixes.
This release contains the following known issues.
IPv6 addresses and prefixlen or slash notation (CR46710)
In IPv6-formatted addresses, you cannot use the prefixlen or slash notation (/24) for self IP address configuration. There is no workaround for this issue.
Sort order of profiles on different blades in a cluster (CR70849)
When you use the b profile <profile type> list command to display a specific type of profile, the sort order might differ from one blade to another in a cluster. There is no workaround for this issue.
Power cycle while Linux is loading during boot (CR71117)
Cycling the power at random intervals when Linux is loading during system boot can corrupt the file system in in random and varying degrees. This occurs only while Linux is loading during system boot; after Linux is booted and the system starts up, the problem does not occur.
Dynamic routing support (CR73516, CR89823)
This version of the software does not support dynamic routing. The installation image contains references to ZebOS® and tmrouted RPMs; however, there is no support for dynamic routing in this release.
Platform ID and system failure (CR74172)
Occasionally, a system failure might cause the system to return the messages system_id = unknown and Initialized platform: <platform_name>. A blade reboot usually solves this platform ID failure, but you might have to manually remove and re-insert the blade.
iControl: get_boot_image_information command and save_active_config (CR76743)
The save_active_config call is used in the System.SoftwareManagement.get_boot_image_information() command. However, because save_active_config should really only be required in set_boot_image_information(), this is an extraneous call.
Duplicated ping replies on initial communication between trunks (CR79205)
When using the ping utility to communicate from a VLAN with a trunk on the same blade to a VLAN on a trunk with cross-blade interfaces, there are multiple duplicated Internet Control Message Protocol (ICMP) replies the first time the system processes the ping request. When sending a ping request from the other direction (that is, from the VLAN with cross-blade interfaces to the single-blade VLAN), there are no duplicate replies. After the initial duplicate entries, subsequent ping operations from the single-blade VLAN do not cause duplicated ICMP replies.
General licensing properties display and browser refresh (CR79546)
Occasionally, the General Properties screen for Licensing does not display until you refresh the browser window. This does not happen every time, but it might occur more frequently when you click the Activate button after a clean installation. To recover from this condition, click the browser's refresh button to reload the page.
tomcat4 and httpd4 processes restart at certificate synchronization (CR80089)
The tomcat4 and httpd4 processes restart when the system synchronizes the web server certificate using the rsync utility. This is expected behavior. However, these processes might also occasionally restart even when not synchronizing the web server certificate.
Set baud rate and serial console (CR80191)
If there is a low baud rate setting on the terminal console when you access the console, you might not be able to set a higher baud rate, so you will be unable to see the serial console.
Pool members status and connection limits (CR81778-1)
When the connection limit is reached on a pool member configured with a connection limit, the browser-based Configuration utility alternately marks the pool and the pool member unavailable and then available. The system should leave the pool and pool member unavailable until something causes a connection to close, at which time the system should change the status as appropriate.
Management traffic through external switches (CR81800)
The current version of the software does not automatically forward all management traffic to the cluster primary blade. As a consequence, you must connect each blade's management interface to an external switch on the management network. Doing so allows you to reach the cluster primary through the cluster management IP address, even if the cluster primary fails over from one blade to another.
iRules using the persist command and connection failure (CR82113, CR82129, CR82130, CR82131)
Using the persist lookup or persist add command in an iRule might cause a failure that ends the connection in the following cases:
The workaround is to avoid using these persist commands in these cases. This condition might occur unpredictably because of how distributing persistence works in clustered multi-processing (CMP) systems, which could make it difficult to recognize the reason for this failure.
Link status after replacing tri-speed copper SFP with fiber SFP (CR83207)
If you replace a tri-speed copper small form-factor pluggable (SFP) module with a fiber SFP, you may have to reinsert the fiber SFP module a second time before it accurately reports link status.
Configuration errors in bigip_base prevent config templates instantiation (CR84135)
The first time you configure a unit, if there is a configuration error in the bigip_base.conf file during load, the system does not instantiate several commands. For example, the system and dns commands are unavailable until the base load completes. That means that there is also no command-line-level help available for these commands. Instead, you can consult the Configuration Guide for the VIPRION™ System.
Misleading error message when creating duplicate-name monitor (CR84843)
If you attempt to create a monitor using a name that represents an existing monitor in another partition, the system presents a misleading error message. For example, if you try to create a monitor named gate, and a monitor named gate exists in another partition, the system presents the following error message: The requested monitor template (gate 1) already exists. The message content should be similar to the following error message: The requested monitor template (gate ltm_obj) already exists.
Outstanding SYN cookies and mirroring to peer blade (CR85850)
If you are running within-cluster mirroring and you enable SYN cookies, the system does not retain any issued SYN cookies if a failover occurs. This results in a reset of a client response that received a synchronize-acknowledgement (SYN-ACK) response with a SYN cookie prior to the failover, but did not reply with an acknowledgement (ACK) until after the failover. A retry from the client succeeds after the failover. Note that issue rarely occurs, since the embryonic connection count must exceed a predefined threshold (default 16384 * number of CPUs) before any SYN cookies are issued.
Cluster floating IP address of all zeroes (CR86078)
You cannot remove a cluster floating IP address of all zeros (0) using the command b cluster default addr none. To remove an IP address in this case, use the specific IP address instead.
ha table query lag time (CR86622)
Running the command bigpipe ha table can take a very long time to respond if you run the command within a short interval after the failover daemon is started. It might appear as if the system is halted, but it is not.
Cluster disable in Configuration utility and login requirement (CR86716, CR90538)
If you use the Configuration utility to disable the cluster, you must login again to reestablish a connection.
Activity and link LED reporting for management interfaces (CR86824)
The activity and link LEDs do not accurately indicate the speed and duplex mode of the management interface. The following table shows the current and correct functionality.
turns solid green
turns solid amber
turns solid amber
turns solid green
half duplex mode
full duplex mode
Slot number reported by blade swapped to new slot (CR87103)
If you swap a blade from one slot to another, until the system has fully reached the high configuration phase, the blade still sends syslog messages using the previously active slot number.
Unexpected proxy reply from %TMM (CR87279-1)
If the system sends a reset_stats message after a start_transaction message that has not been concluded with an end_transaction message, an error occurs similar to the following message: Oct 23 15:25:20 slot1.poritrin warning mcpd: 01070718:4: Unexpected proxy reply from %TMM.
Device error messages in ltm log (CR87961)
In the ltm.log file, the system logs the following errors as critical errors. In fact, these messages are innocuous.
Oct 24 14:57:27 slot2.tmm crit tmm: 01010025:2: Device error: hsb
control 1 HSB hypertransport error flags 0x00004000 are nonzero
Oct 24 14:57:27 slot2.tmm crit tmm: 01010025:2: Device error: hsb
control 1 HSB hypertransport error 0x00004000, SEEN_N_NONZERO_FUNCNUM
Oct 24 14:57:27 slot2.tmm warning tmm: 01230114:4: port movement
detected for 00:01:23:45:67:20, vlan vlan4095 - 0.0 to 0.1
Firefox browser halt on image import cancellation (CR87968)
Canceling an image import while in progress causes the Mozilla® Firefox® browser to close unexpectedly and report an application error. Because the import partially completed, the failed operation leaves behind a file, named similar to the following: /shared/images/upload_00000005.tmp. This issue occurs only in Firefox browsers, and does not occur when using Microsoft® Internet Explorer®, version 6.x.
Error reporting for b mgmt route command (CR87969)
If you specify a management route that is not valid, the system does not post an error message as it should. The system also does not post an error message when a default route already exists and you specify another one. However, doing so has no effect.
clusterd restart and fpdd restart with errors (CR88195)
When the clusterd process restarts, the fpdd process restarts as well, and writes out error messages indicating what has happened. There is no workaround.
iControl support (CR88376, CR88434, CR88499, CR88695)
Not all methods available in the bigpipe utility are available in this release of iControl®. For example, this version of iControl supports some of the basic methods for the configuration of clustering, but not some of the more sophisticated capabilities that are specific to this release of the software.
session commands in iRules (CR88446)
Using the session command in an iRule does not work in this release.
syslog-ng error in boot.log when starting or restarting (CR88600-1)
Any time the syslog process is started or restarted, the system writes an error similar to the following: Nov 2 08:16:49 simsway syslog-ng: Macro escaping can only be specified for inline templates; to the boot.log file. This error indicates that the macro escaping template has not been loaded.
Licensing or re-licensing from secondary blades (CR88721)
Although the system only supports licensing or re-licensing from the primary blade, the Configuration utility does not prevent you from doing so on secondary blades; however, the system then returns error messages. The error messages presented do not indicate the resolution, which is for you to complete licensing and re-licensing from the primary blade only.
Redundant system configuration (CR88878, CR90022)
When you configure a new redundant system, both units go offline momentarily until peer state is established. There is no workaround for this issue.
Cluster member status color (CR88918-15)
When you disable a cluster member, the Configuration utility correctly shows that member as black (unavailable), but running the b cluster command incorrectly reports the same member as green (available).
bp load bigip_base.conf and daemon restart (CR88980)
The command bp load bigip_base.conf is not the correct command to run to start a load operation. The correct command is base load. Running the command bp load bigip_base.conf restarts all running processes.
Case sensitivity for b software desired command parameter (CR89082)
The b software desired command parameter is case sensitive. Therefore, if you run the command b software desired HD1.1 active enable product big-ip version 9.6.0 build 572.0, it fails. If you run the command b software desired HD1.1 active enable product BIG-IP version 9.6.0 build 572.0, it completes successfully.
Empty data group (class) and configuration load (CR89147)
The command line interface does not prevent you from creating a data group with no entries. However, if you attempt to load the configuration, it fails.
Interface mirroring across blades (CR89283, CR89817)
This release does not support interface mirroring across blades. If you configure interface mirroring across blades, the system presents an error message and rejects the operation.
mcpd process on secondary blade when configuration validation fails (CR89312)
In this release, the mcpd process restarts and attempts to load the configuration again on the secondary blade when configuration validation fails.
Configuration changes during installation (CR89407)
During upgrade of an inactive boot location, if you make configuration changes after the installation process has started, the new installation does not reflect those changes. You should complete all configuration changes before installing software on the inactive boot location.
System description tables not found message when booting up (CR89447)
Every time the system boots, the system posts the following message:
Starting new kernel
ACPI: System description tables not found
ide2: ports already in use, skipping probe
Red Hat nash version 3.5.13 starting
Mounting /proc filesystem
These messages are benign, and you can safely ignore them.
Software Updates Auto Refresh Disabled option and screen refresh (CR89475)
If you select the Disabled option for Auto Refresh on the Software Updates screen and then manually refresh the screen, the system selects the 10 seconds option, and you must reselect Disabled.
b export command on a secondary blade (CR89508)
The system does not prevent you from running the command bp export <name>.scf file on a secondary blade; however, doing so causes the secondary blade to have files that the primary blade does not. Therefore, we recommend that you do not the bp export command on the secondary blade.
b interface stats reset command on management interfaces (CR89594)
Running the b stats reset command has no effect on management interfaces. Management interfaces on all slots are ignored and statistics are not reset.
stp parameter limits (CR89762)
The Configuration utility does not prevent you from specifying an stp configuration revision parameter that is higher than the 65535 limit. The system converts those out-of-range values to other values. For example, the system translates 65536 to 0, and 65555 to 19. To avoid the issue, specify values between 0 and 65535. The command line correctly limits the values you can specify.
diskmonitor error in the var/log/ltm file (CR89776)
After installation, the system writes a diskmonitor error message similar to the following, to the /var/log/ltm file once every half hour. Nov 26 10:01:03 local/ltm59 err diskmonitor: 011d0003: Error parsing df -k output. These messages are benign, so you can safely ignore them.
LICENSE INVALID in temporary license file prompt (CR89807)
After a clean installation, if the license file has not yet propagated to the secondary system, the process creates a placeholder license file containing the following content:
[root@localhost:/S1-P:LICENSE INVALID] config # cat bigip.license
# Placeholder for mprov memory calculations
[root@localhost:/S1-P:LICENSE INVALID] config #
Once you complete a valid licensing procedure, this content is replaced with the correct information.
VLAN failsafe and bigstart restart command (CR89893)
If you disable a configured VLAN failsafe and then reenable it, the failsafe does not work until you run the bigstart restart command.
SYN cookies issued from fastL4-enabled virtual servers with persistence (CR89941-1)
If a SYN cookie is issued from a fastL4-enabled virtual server that also has persistence enabled, a multi-packet client request might initially experience packet loss. Once the server responds to the initial request, the connection continues without problems. Note that the virtual server does not issue SYN cookies unless you enable software SYN cookies on the fastL4 virtual server, and then only after the SYN threshold is exceeded.
System services restart required message in Configuration utility (CR89976)
If, after activating the license on a newly installed system, the system asks for a restart, run the clsh bigstart restart command from the bash shell (not the bigpipe utility) on the primary blade. Doing so runs the command on all blades. Note that only an administrator with shell access or root can run the clsh bigstart restart command.
httpd hostnamelookups default value (CR90021)
If you use the default httpd hostnamelookups value, the system writes the value to the bigip_sys.conf file. This is different from how the system treats most default values, where the system typically does not display the default value or explicitly write the default value to the configuration file. This does not affect httpd hostnamelookups functions.
HTTP profiles for lan/wan optimized and b load requirement (CR90037)
After installation, if you find that the default HTTP profiles for http-lan-optimized-caching, http-wan-optimized-compression, http-wan-optimized-compression-caching did not automatically load, you can run the b load command to load them.
Relicensed chassis and bigdbd process restart (CR90086)
When you relicense the chassis, the bigdbd process restarts. The action produces no core file, just a message on the console that the process has restarted.
New license activation and daemon restart (CR90110)
When you activate a new license or add-on module on the chassis, the system posts a message that the daemons must be restarted. You must manually restart a system after activating a new license or add-on module.
clusterd logs and min up members setting (CR90118)
When you specify a value for min up members, but you have not enabled the min up members feature, the clusterd process still log the action clusterd: 013a0006:5: Too many members known unavailable, triggering min up members action, even though the system takes no action.
Manual resume and unexpected output from b pool commands (CR90139)
When you enable the manual resume option, the commands # b pool <pool name> show and # b pool <pool name> list all shows unexpectedly differing results. The pools work correctly, only difference in output is a display issue only.
Network failover command (CR90158)
Network failover continues to work even when set to disable.
Failover multicast traffic over a VLAN on a cross-blade trunk (CR90202)
Failover multicast traffic over a VLAN on a cross-blade trunk does not work.
bigpipe commands after blade swap (CR90244)
If a blade goes down unexpectedly, certain subsequent bigpipe commands do not complete. This includes bigpipe commands to retrieve the connection or persist tables, the RAM cache information, the Address Resolution Protocol (ARP) table, and the high availability (HA) table. When the blade comes back up, the commands work again. If the blade stays down, these commands function properly again in approximately 16 minutes. To avoid the delay, before removing a blade, issue the command bigstart stop on the blade you are taking out of service.
Active/standby cycling for units in a redundant system (CR90248)
If both units in a redundant system meet the min active members conditions, then the units both cycle through active and standby states indefinitely; therefore, you should use care when configuring the min active members conditions on units in a redundant system.
STP hello time error message in log does not match system action (CR90281)
Running the stp hello command results in a logged error message does not match what the system does. A sample message is: Dec 4 15:21:02 slot1/P5-001 err stpd: 01280005:3: failed to set bridge parameters: Incompatible combination of Forward Delay, Max Age, and Hello Time. Contrary to this message, the system accepts even invalid parameters. This is true for all combinations of Forward Delay, Max Age, and Hello Time. Valid parameters for the stp hello command should be twice the value of Hello Time plus 1, is less than or equal to the value of Maximum Age (that is, 2*(Hello Time + 1) <= Maximum Age).
Configuration utility changes between IPv4 and IPv6 formats for cluster and management IP addresses (CR90309)
When you use the Configuration utility to change between IPv4 and IPv6 formats for cluster and management IP addresses, the system posts a general database error. To make this type of change without an error, use the command line utility.
External class file deleted after configuration (CR90363)
When you create an external class file, make sure you have at least one entry in the file. Otherwise, the system deletes the file, and the system cannot load the configuration.
Logon prompt without a corresponding password prompt (CR90556)
If you have LDAP configured as the authentication scheme, and try to log on through the console with an invalid password, the next series of logon prompts does not display a password prompt.
Invalid interface added to a trunk (CR90557)
The system does not prevent you from adding an invalid interface to a trunk. The system then displays the invalid interface when you run the the b interface command, but the invalid interface does not work. The trunk should still work, however.
Layer 7 connection loss of 1% on TMM failure events (CR90690)
For a redundant system configured for between-cluster mirroring, high concurrency (150,000 connections) results in a reset of approximately 1% (2000) of connections in a Traffic Management Microkernel (TMM) failure event.
Software image deletion while performing an installation (CR90691)
The system does not prevent you from deleting an installation image that is in the process of installing. The system should post an error message, and prevent the action.
Configuration files from the Windows environment (CR90692)
If you load a single configuration file that was created or modified on the Microsoft® Windows® platform, the system returns parsing errors. This is caused by the way the Windows operating system handles carriage returns in text files. You can work around this issue by creating configuration files in the Linux environment, or by stripping any carriage returns from the configuration file using the dos2unix or a similar utility.
USB drive support (CR90773, CR90966)
In this version, the system does not support using a USB thumb drive as a source for an installation image. The system does support using a USB CD-ROM drive as a source for an installation image.
New blade in lower slot number than the primary blade (CR90945)
If you stop all blades and then configure a new blade in a lower slot number than the blade configured as the primary, the new, lower-slot-number blade immediately becomes the primary. Initially, the secondary blades might fail to load the new configuration, which causes the system to restart all daemons. Once the daemons restart on the secondary blades, the configuration loads correctly.
Unlicensed system and bigpipe commands (CR90946)
When a box is unlicensed, many bigpipe commands are not available on the secondary system, and some configuration changes such as hostname or ntp configuration are not propagated to the secondary system.
Common partition and other external user access (CR91050)
This release does not support partitions other than Common. The system ignores other external user access partitions.
tmctl utility and results delay (CR91064)
There is a ten-second or so delay when you use the tmctl command to display the blade tmm and hsb0_trunk_table tables from the High Speed Bridge (HSB). The tmctl utility is a debug tool, and there is a delay between configuration and display of the trunk.
EUD installation (CR91068)
In this release, you cannot use the Software Management feature to install the End User Diagnostics (EUD). To update the EUD, you can perform a complete software installation using net-boot or CD-ROM installation.
SCF import from previous SCF and benign daemon restart (CR91102)
If you import a modified a 9.4.3 or 9.4.2 single configuration file (SCF) that includes cluster information and new interface names, on import of the SCF file, all daemons restart. There are no core files associated with the restart action, just a benign restart of all daemons.
Remote authentication information in configuration file (CR91148)
Some information for remote system authentication might remain in the bigip.conf file after an import default operation. The system does not use the information, since the default configuration is local authentication.
Duplicate certificate subject display (CR91241)
In this release, the Configuration utility displays duplicate entries in the Certificate Subject(s) list on the Trusted Device Certificates screen, available under the Device Certificates item on the System menu.
Blade-specific management IP address (CR91355)
When you create a blade-specific management IP address, first make sure the blade is up and running. Otherwise, the system deletes the management IP address when you plug in the blade.
Mirroring FTP virtual servers (CR91356)
When you configure a redundant system with inter-clustering (between-cluster) mirroring, if you enable mirroring on a virtual server configured using the FTP profile, file transfers through that virtual server might cause a sudden system halt. In this release, do not configure virtual servers using the FTP profile with mirroring enabled.
Cluster online help (CR91359)
Some of the options in the Cluster online help do not match the screen. In the online help, there should be an entry for Software Build, with the following description: Displays the number of any software build installed on the cluster. Also, Hotfix Version should be Hotfix Build. Finally, there is an entry for Chassis 400 Level BOM Number, which lists the bill-of-materials (BOM) number for the chassis.
no cluster mbr address found message (CR91381)
When you click the Enable or Disable/Yield button on a Properties screen of a secondary device, the system incorrectly issues an error message similar to the following in /var/log/ltm: Dec 20 14:06:23 local/RackB29 err clusterd: 013a0004:3: no cluster mbr address found. The action correctly enables or disables the device, and the message is correct, however, the system should issue the message as a debug or verbose debug message rather than an error.
AUTH_RESULT and suspend commands (CR140154)
This release does not support using a command that suspends iRule processing (session, persist add/lookup/delete, table, after) in the AUTH_RESULT event in an iRule. There is no workaround for this issue.
For additional information, please visit http://www.f5.com