F5 Logo MyF5
Search
  1. MyF5 Home
  2. F5OS-C 1.8.0 Features Release Note
  3. New Features in this Version
Manual Chapter : New Features in this Version

Applies To:

Show Versions Show Versions
Manual Chapter

New Features in this Version

Tenants

BIG-IP Tenants

This release supports tenants running BIG-IP and BIG-IP Next. For more information about compatibility and supported tenants, see the
VELOS platforms
 section of K9476: The F5 hardware/software compatibility matrix. For more information about which tenants are supported on VELOS platforms, see K4309: F5 platform lifecycle support policy.

Software

System webUI enhancements

This release provides following webUI enhancements:
  • The Log Settings screen now has the
    Include Hostname
     field to include the configured hostname for the system in the logs files.
  • The System Security screen now has the
    Deny Root SSH
     field to enable or disable the root users to access the system controller or chassis partition through SSH.
  • You can now configure system information such as system contact, location, and name during SNMP configuration.
  • This release allows you to add Subject Alternative Name (SAN) under the
    AUTHENTICATION & ACCESS
     section.
  • You can now configure a custom remote group ID (GID) to a specific role for all remote authentication methods (LDAP, RADIUS, TACACS+). Additionally, you can also configure an LDAP group to a specific role for the LDAP authentication method.
  • You can view information about CPU allocation among F5OS, Tenants, F5OS Data Mover, and F5OS dedicated categories.
  • You can view real-time and time-series data about CPU, Memory, Disk, and Port interface statistics to analyze the health of the tenant and system.
  • You can now cancel an in-progress file transfer operation.
  • You can now configure the SNMP port from the
    SYSTEM SETTINGS
     >
    SNMP
     Configuration section.

CLI enhancements

This release provides following CLI enhancements:
  • Supports ‌bash shell access for ‌users with superuser role.
  • Shows the status of deny root SSH mode.
  • Supports including the configured hostname for the system in the logs files.
  • Shows detailed reports on log entries for locked accounts and session timeouts.
  • You can now transfer a file or image to the F5OS system using SCP by specifying a virtual path.
  • A CLI command has been implemented to provide the ability to view the system’s uptime.
  • You can view the system status in the system prompts.
  • This release allows you to configure and view the state of the Forward Error Correction for the 100 Gb and 25 Gb interfaces.
  • You can now add the Subject Alternative Name (SAN) while configuring the SSL certificate.
  • You can now configure an LDAP group to a specific role for the LDAP authentication method.
  • You can now install a system license with a proxy server through the CLI.
  • A CLI command has been implemented to set the operational mode prompt to persist over sessions and users.
  • A CLI command has been implemented to set the configuration mode prompt to persist over sessions and users.
  • You can now configure the SNMP port using the CLI commands.
  • Root and non-root users can now log in through the console using TACACS+ authentication.
  • This release enables you to view status of nodes in the cluster on a chassis partition from the CLI.
  • This release enables you to view multus, and kubevirt statuses in the cluster orchestration-manager status on a system controller from the CLI.
  • SNMP System Enhancements
    :
    • SNMP System MIB has been improved now to show the F5 VELOS model number and F5OS software version
      .
    • SNMP Link Traps
      :The following F5OS enterprise traps have been added, which will trigger in parallel with the generic linkUP/DOWN traps. The enterprise linkUP/DOWN traps adds a human-readable interface name.
      • interfaceUP 1.3.6.1.4.1.12276.1.1.1.263168
      • interfaceDOWN 1.3.6.1.4.1.12276.1.1.1.263169
    • SNMP Temparature Value
      :SNMP response for system stats is changed from STRING to INTEGER. These system stats, such as CPU stats, temperature stats, and so on, are now integer values and you can because customers use them for graphical representations.
    • SNMP Components
      : The F5 VELOS component information for the system controller or chassis partition now includes the platform type, serial number, and baud rate for the console.
    • SNMP Host Resource Storage
      : The table ‘hrStorageTable OID: 1.3.6.1.2.1.25.2.3’ shows the file system utilization on a F5 VELOS system controller or chassis partition.
    • SNMP Power Supply Status
      : The table ‘F5-PLATFORM-STATS-MIB:psuStatsTable OID: .1.3.6.1.4.1.12276.1.2.1.9.1
       shows the status and health of the F5 VELOS power supply units.
    • SNMP MIB – LAG Stats
      : The ifMIB and ifXMIB now support LAG stats during ‌SNMP polling.
    • SNMP Trap Support for Failed Logins
      : The system now sends a trap to one of the F5OS user interfaces in case of a failed login. The login-failed trap logs the username and remote host from where the login was attempted.
    • SNMP – Tenant Status MIB
      : You can now get detailed tenant status using the query ‘F5-OS-TENANT-MIB:tenantStateTable OID: 1.3.6.1.4.1.12276.1.5.1.1.1’.

Open telemetry

OpenTelemetry streamlines observability in distributed systems through standardized APIs, libraries, and tools for collecting telemetry data, including traces, metrics, and logs.
F5OS OpenTelemetry enables the efficient collection of streaming metrics and logs in a structured format from the F5OS product to display in your observability platform. The F5OS supports gRPC endpoints and each OpenTelemetry Line Protocol (OTLP) endpoint is provided with the ability to toggle instrument-based filtering.
This release also implements secure connections for telemetry streaming. You can now enable and configure the transport layer security for telemetry streaming. This release also includes exporting the following metrics using the OTEL (OpenTelemetry) Metric exporter: For more information, see section OpenTelemetry Metrics Overview in VELOS Systems: Administration and Configuration documentation.
  • Front-Panel interface counters
  • CPU/Memory/Disk utilization metrics
  • Optic DDM metrics
  • BIG-IP tenant utilization metrics: Memory, Disk, CPU, Interface
  • Platform Hardware sensors, such as temperature and fan speeds.
  • You can use the OpenTelemetry ‘log’ API for Platform-log and ConfD event-log.
  • Data-Path: Metrics related to the flow of data, specifically those that track the data’s movement in and out of the F5OS platform layer for each tenant.
  • Tmstat tables exported as metrics.
  • File-system metrics.

Superuser role

The ‘superuser’ role is a new secondary role that allows existing users with access to ConfD to get bash access. However, this is only possible when the system controller or chassis partition mode is disabled.

Deny root SSH access

This feature provides the ability to disable the root user from logging into a F5 VELOS system controller or chassis partition through SSH when the appliance mode is disabled.

Access ConfD from bash shell using F5sh

The f5sh utility allows a user that is assigned a secondary role of superuser role to execute ConfD CLI commands from bash shell and be able to parse the output.
It does not provide access to the partition CLI.

Improved RESTCONF token authentication

Enables the system to invalidate the RESTCONF token in case when the user:
  • Logs out of the current session
  • Not uses the RESTCONF token for more than one minute (Idle timeout for RESTCONF token is one minute)
  • Changes the current password
  • Changes the user role
  • User account ‌expires
  • Invalidates the RESTCONF token manually

Rollback to previous version of software during/post upgrade

Enables you to restore previous version of software and configuration during and post-upgrade if required. You can restore previous versions of the software from F5OS 1.8.0 and later versions.

Visibility into vCPU allocation

Provides the ability to see information about CPU allocation among F5OS, Tenants, F5OS Data Mover, and F5OS dedicated categories.

Remote Role Groups functionality for management access on F5OS

Allows you to configure LDAP group name for the LDAP authentication method. The LDAP group must be in the form of an LDAP query, such as “cn=....” or “dn=....”, and only one group name can be configured for each role.
RADIUS and TACACS+ authenticated users are not affected.

Generating authorization token using specific URIs when basic authentication is disabled

This enhancement restricts API calls except '/api' or '/api/' URI to log in to the system with username and password as authentication method when the basic authentication is disabled.

Guest user role

The ‘User’ role is introduced to address ‌customer needs at various regions to meet security requirements. This role enables you to view all objects on the system except sensitive data such as events, user login activity, files, and directories, and configuration backup. This user role cannot modify any system configurations, however you can change your own password.

Support syslog uses hostname for local and remote logging

All the messages in the log files from remote syslog servers show the default hostname, such as appliance-1, instead of the configured hostname. Hence, messages across different appliances get aggregated and difficult to identify the origin of the message. This has been addressed by including the user configured hostname in the logs by default with a knob to disable this behavior.

Network Diagnostics

Allows you to troubleshoot a range of network utilities (net-utils and os-utils) to detect and solve ‌network-related problems. It also provides the ability to execute network diagnostics commands from the shell without going back to the original prompt.

Docker Services Restart and Status

This feature provides the ability to manage the platform services lifecycle, such as service restart and viewing status through the ConfD CLI.

Tenant - Stats/Status Visualization in webUI

Provides the ability to display real-time telemetry associated with CPU, Memory, Disk, and Port interface stats to monitor the health of the tenant and system. Additionally, you can change the time series to view the historical data and analyze the utilization.

Supporting cryptographic agility hostkey algorithms

This release provides the ability to enable the ‘ssh-rsa’ by configuring it using the ‘Host key algorithms’ field. By default, ‘ssh-rsa’ host key algorithm is disabled.

VLANs for management interfaces

This feature enables you to create VLANs for management interfaces. You can configure the management VLANs only through the ConfD CLI. These VLANs effectively segregate management traffic, thereby improving network security and stability. For example, with management VLANs, you can:
  • Separate tenants on different VLANs to improve security and maintain clear security zones within the same chassis.
  • Manage IP addresses more effectively.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information