Manual Chapter :
New Features in BIG-IP Version 21.0.0
Applies To:
Show Versions
BIG-IP Distributed Cloud Services
- 21.0.0
BIG-IP APM
- 21.0.0
F5 SSL Orchestrator
- 21.0.0
BIG-IP Analytics
- 21.0.0
BIG-IP Link Controller
- 21.0.0
BIG-IP LTM
- 21.0.0
BIG-IP PEM
- 21.0.0
BIG-IP AFM
- 21.0.0
BIG-IP FPS
- 21.0.0
BIG-IP DNS
- 21.0.0
BIG-IP ASM
- 21.0.0
New Features in BIG-IP Version 21.0.0
General
See the following articles for details of software lifecycle.
Control Plane Performance and Scalability Improvements
Control Plane Performance and Scalability Improvements
BIG-IP 21.0.0 release introduces significant improvements to the BIG-IP control plane, including better scalability and support for large-scale configurations (up to 1 million objects).
Following are the recommended control plane scaling guidelines for BIG-IP configurations:
BIGd Monitors Count:
- TheBIGd Monitors countshould be limited to5,000 monitorsor fewer.
- If the count exceeds 5,000 monitors, it is recommended to useIn-TMM Monitors, with the following guidelines:
- Up to 25,000 In-TMM Monitorssupported when configured.
- AllocateextraMBsetting to8GBfor handling up to 25,000 monitors.
Recommended Total Object Limits:
- The total number of objects managed by the system is limited to30,000 objects for LTM application.
- Specific object limits include:
- Virtual Servers (VS):≤ 10,000
- Pools:≤ 10,000
- Endpoints:≤ 25,000
- Services:≤ 25,000
- iRules:≤ 1,000
- SNAT:≤ 10,000
- In-TMM Monitors:≤ 25,000
- BIGd Monitors:≤ 5,000
Also, from 21.0.0 release onwards, some applications are running 64-bit binaries. So, there is a increase in the resident memory of these applications compared to its 32-bit architecture in the previous release version.
So, in case of lower memory availability after upgrade, increase the host memory using the command "tmsh modify sys db provision.extramb value <value in mb>". This will avoid certain processes getting restarted due to Out of Memory issue.
Enhanced Configuration Persistence
Enhanced Configuration Persistence
Previously, configuration changes were retained only after running save sys config. If the mcpd process restarted before the configuration was saved, the system reverted to the last stored configuration, resulting in potential loss of changes. With the introduction of configuration persistence, any committed changes now remain available even after an mcpd restart, improving reliability and reducing the need to reload configurations.
A new database variable has been introduced:
- dbconfig.reset = false(default): Unsaved configuration changes persist across mcpd restarts.
- dbconfig.reset = true: The system reverts to the previous behavior, loading stored configurations from the conf files after restart. In this case, the unsaved configuration will be lost.
By default, this feature preserves unsaved changes across system restarts, streamlining workflows and preventing accidental configuration loss.
Introduced custom F5 CA bundle
BIG-IP now uses a custom F5 CA bundle, instead of just Entrust CA, to communicate with F5 services, ensuring continued access to F5 services even after the Entrust CA certificate expiry in February 2026.
Control Plane Scalability: MCPD Multithreading
MCPD has been enhanced to support multithreaded request handling, removing the sequential bottleneck of the previous single-threaded design. With multithreading enabled:
- Control-plane scalability is significantly improved.
- Concurrent configuration and system requests (such as SNMP or state - tmstats queries) are processed concurrently by different MCPd worker threads, improving overall responsiveness.
- Control-plane performance is much faster.
Use the following command to configure the number of MCPD worker threads:
tmsh modify sys db mcpd.workerthreads value <number_of_worker_threads>
Note
: By default, MCPd uses 1 worker thread for request handling, but it can be configured to use a range of 0 to 4 worker threads. Setting the value to 0
disables additional worker threads, causing MCPd to operate in single-threaded mode as in earlier releases.Note:
Simultaneous configuration create, update, and delete operations are not
supported. These operations are processed sequentially.Only
query and statistics requests
are processed concurrently along with configuration create, update, and delete operations.Node.js Version for iRules LX
Starting with BIG-IP version 21.1, iRules LX will not support Node.js v0.12. If you have iRules LX workspaces that rely on Node.js v0.12, you need to update them to use Node.js v6 as an interim solution. This is a temporary measure until the platform adopts Rocky Linux, which will include a more recent version of Node.js.
New in LTM
BIG-IP version 21.0.0 introduces the following new features for LTM:
Model Context Protocol support in TMOS
The Model Context Protocol (MCP) is introduced to enhance AI applications using large
language models (LLMs) by addressing the gaps of built-in memory and real-time awareness.
MCP acts as a structured bridge between the models and external systems, ensuring relevant
context is managed and delivered effectively while enabling seamless integration with tools
and data sources. This will enable AI systems to handle conversational context, perform
real-time tasks, and provide more coherent and capable interactions to users.
Default S3 Profiles for TCP and Client SSL Protocols
Introduced default S3 profiles for TCP and Client SSL Protocols to optimize performance and
simplify S3 workload deployments by providing pre-configured settings specifically tuned for
S3 workflows, including enhanced buffer management, optimized congestion control, efficient
SSL session handling, and high-throughput data transfer capabilities. These profiles enable
seamless TLS offload, improve encrypted communication performance, and integrate as
one-click default options within the LTM configuration, offering customers an intuitive,
streamlined experience with reduced complexity while maximizing performance and scalability
for S3 operations.
New in APM
BIG-IP version 21.0.0 introduces the following new features for DNS:
Expanded exclusion support for locked client mode
Expanded exclusion support for locked client mode
Previously, APM locked client mode allowed a maximum of 10 exclusions, preventing administrators from adding more than 10 destinations. This limitation has now been removed, and the exclusion list can contain more than 10 entries.
OAuth Authorization Server max claims data support
OAuth Authorization Server max claims data support
The max claim data size is set to 8kb by default, but large claim size can lead to excessive memory consumption. You must allocate the right amount of memory dynamically as required based on claims configuration
New in DNS
BIG-IP version 21.0.0 introduces the following new features for DNS:
Unbound is upgraded from version 1.20.0 to 1.23.1
The Unbound DNS resolver has been upgraded to version 1.23.1, which includes the latest fixes and improvements.
New DB Variable for DNS64 NXDomain Handling
A new database variable, , has been introduced to control how DNS64 handles
DNS.DNS64NXDomainAsNoError
AAAA NXDomain
responses.When this variable is enabled
, NXDomain errors are treated as NoError
, and the system proceeds to issue an A query
. When disabled
(default), BIG-IP follows RFC 6147
behavior and immediately returns the NXDomain error to the client.Extended DNS Errors (EDE) Support for DNS Forwarding
Extended DNS Errors (EDE) Support for DNS Forwarding
BIG-IP can now process and return Extended DNS Errors (EDE) received from upstream name servers when acting as a DNS forwarder.
This feature is disabled by default and can be enabled using the following DB variable:
sys db dns.forwardextendeddnserrorcode { value "enable" }
To prevent DNS message truncation caused by overly long EDE text fields, the returned EDE text is limited to 64 bytes.
