New Features in BIG-IP Version 21.0.0
See the following articles for details of software lifecycle.
BIG-IP 21.0.0 release introduces significant improvements to the BIG-IP control plane, including better scalability and support for large-scale configurations (up to 1 million objects).
Following are the recommended control plane scaling guidelines for BIG-IP configurations:
BIGd Monitors Count:
- The BIGd Monitors count should be limited to 5,000 monitors or fewer.
- If the count exceeds 5,000 monitors, it is recommended to use In-TMM Monitors, with the following guidelines:
- Up to 25,000 In-TMM Monitors supported when configured.
- Allocate extraMB setting to 8GB for handling up to 25,000 monitors.
Recommended Total Object Limits:
- The total number of objects managed by the system is limited to 30,000 objects for LTM application.
- Specific object limits include:
- Virtual Servers (VS): ≤ 10,000
- Pools: ≤ 10,000
- Endpoints: ≤ 25,000
- Services: ≤ 25,000
- iRules: ≤ 1,000
- SNAT: ≤ 10,000
- In-TMM Monitors: ≤ 25,000
- BIGd Monitors: ≤ 5,000
Also, from 21.0.0 release onwards, some applications are running 64-bit binaries. So, there is a increase in the resident memory of these applications compared to its 32-bit architecture in the previous release version.
So, in case of lower memory availability after upgrade, increase the host memory using the command “tmsh modify sys db provision.extramb value <value in mb>”. This will avoid certain processes getting restarted due to Out of Memory issue.
Previously, configuration changes were retained only after running save sys config. If the mcpd process restarted before the configuration was saved, the system reverted to the last stored configuration, resulting in potential loss of changes. With the introduction of configuration persistence, any committed changes now remain available even after an mcpd restart, improving reliability and reducing the need to reload configurations.
A new database variable has been introduced:
dbconfig.reset = false(default): Unsaved configuration changes persist across mcpd restarts.dbconfig.reset = true: The system reverts to the previous behavior, loading stored configurations from the conf files after restart. In this case, the unsaved configuration will be lost.
By default, this feature preserves unsaved changes across system restarts, streamlining workflows and preventing accidental configuration loss.
BIG-IP now uses a custom F5 CA bundle, instead of just Entrust CA, to communicate with F5 services, ensuring continued access to F5 services even after the Entrust CA certificate expiry in February 2026.
MCPD has been enhanced to support multithreaded request handling, removing the sequential bottleneck of the previous single-threaded design. With multithreading enabled:
-
Control-plane scalability is significantly improved.
-
Concurrent configuration and system requests (such as SNMP or state - tmstats queries) are processed concurrently by different MCPd worker threads, improving overall responsiveness.
-
Control-plane performance is much faster.
Use the following command to configure the number of MCPD worker threads:
tmsh modify sys db mcpd.workerthreads value <number_of_worker_threads>
Note: By default, MCPd uses 1 worker thread for request handling, but it can be configured to use a range of 0 to 4 worker threads. Setting the value to 0 disables additional worker threads, causing MCPd to operate in single-threaded mode as in earlier releases.
**Note:**Simultaneous configuration create, update, and delete operations are not supported. These operations are processed sequentially.
Only query and statistics requests are processed concurrently along with configuration create, update, and delete operations.
Starting with BIG-IP version 21.1, iRules LX will not support Node.js v0.12. If you have iRules LX workspaces that rely on Node.js v0.12, you need to update them to use Node.js v6 as an interim solution. This is a temporary measure until the platform adopts Rocky Linux, which will include a more recent version of Node.js.
BIG-IP version 21.0.0 introduces the following new features for LTM:
The Model Context Protocol (MCP) is introduced to enhance AI applications using large language models (LLMs) by addressing the gaps of built-in memory and real-time awareness. MCP acts as a structured bridge between the models and external systems, ensuring relevant context is managed and delivered effectively while enabling seamless integration with tools and data sources. This will enable AI systems to handle conversational context, perform real-time tasks, and provide more coherent and capable interactions to users.
Introduced default S3 profiles for TCP and Client SSL Protocols to optimize performance and simplify S3 workload deployments by providing pre-configured settings specifically tuned for S3 workflows, including enhanced buffer management, optimized congestion control, efficient SSL session handling, and high-throughput data transfer capabilities. These profiles enable seamless TLS offload, improve encrypted communication performance, and integrate as one-click default options within the LTM configuration, offering customers an intuitive, streamlined experience with reduced complexity while maximizing performance and scalability for S3 operations.
BIG-IP version 21.0.0 introduces the following new features for DNS:
Previously, APM locked client mode allowed a maximum of 10 exclusions, preventing administrators from adding more than 10 destinations. This limitation has now been removed, and the exclusion list can contain more than 10 entries.
The max claim data size is set to 8kb by default, but large claim size can lead to excessive memory consumption. You must allocate the right amount of memory dynamically as required based on claims configuration
BIG-IP version 21.0.0 introduces the following new features for DNS:
The Unbound DNS resolver has been upgraded to version 1.23.1, which includes the latest fixes and improvements.
A new database variable, DNS.DNS64NXDomainAsNoError, has been introduced to control how DNS64 handles AAAA NXDomain responses.When this variable is enabled, NXDomain errors are treated as NoError, and the system proceeds to issue an A query. When disabled (default), BIG-IP follows RFC 6147 behavior and immediately returns the NXDomain error to the client.
BIG-IP can now process and return Extended DNS Errors (EDE) received from upstream name servers when acting as a DNS forwarder.
This feature is disabled by default and can be enabled using the following DB variable:
sys db dns.forwardextendeddnserrorcode {
value "enable"
}To prevent DNS message truncation caused by overly long EDE text fields, the returned EDE text is limited to 64 bytes.