Applies To:Show Versions
BIG-IP versions 1.x - 4.x
- 2.0.4 PTF-01
Installing the PTF
You can apply this release to version 2.0.4.
Use the following process to install the software:
- Click here and follow the instructions for using the F5 Networks FTP site.
- Download the v204ptf1domkit.tar file to the /var/tmp/ directory on the target BIG/ip
International customers need to use FTP in passive mode from the BIG/ip Controller to download the v204ptf1intlkit.tar file. To place FTP in passive mode, type pass from the command line before transferring the file.
- Enter the following commands to install this PTF:
tar -xvpf v204ptf1domkit.tar(Domestic HA/HA+ and LB)
tar -xvpf v204ptf1intlkit.tar(International HA/LB)
- Run the following commands:
- Follow the on-screen instructions.
The install script will back up a copy of snmpd.conf from the /etc directory to /var/save before making any modifications to it.
The checksums for this PTF are available in a file called sums, which can be downloaded from the FTP site.
Once you have installed the PTF software, please refer to the Configuring and using the updated software section below.
What's fixed in this PTF
The BIG/ip Controller version 2.0.4PTF-01 provides fixes for the following issues.
- Fix 766: ECV default send string was "GET/".
Previously, if you did not specify a send string for ECV, the default send string "GET /" was used. Now, when no send string is specified, no send string will be sent. For details, see Known Issues.
- Fix 1818: bigtop was not showing VIPs or nodes.
The BIG/ip Controller now supports TELNET clients that do not support RFC 1073 (window size negotiation) by defaulting to 24 lines by 80 columns.
- Fix 1882: Unable to mount /dev/fd0 when memory is more than 512MB.
We have corrected the problem with mounting a floppy drive with over 512MB of memory.
- Fix 2144: Suppress the CMOS drive warning message at bootup.
An unnecessary warning message was removed from the startup sequence.
- Fix 2170: Add a switch to disable logging that is vulnerable to DoS
We have created a new system control variable, bigip.verbose_log_level, that allows customers to turn on logging of port denials when desired. This reverses the previous default of logging all messages. For details, see Logging port denials .
- Fix 2171: bigdnode should look up host names when logging.
Log messages that are related to service checking will now include host names.
- Fix 2181: Request to provide the ability to configure an alternate port for sending
BIG/ip Controller now supports sending traps to different ports (other than port 162). Users can configure the port to which they send the authentication, cold start, and syslog-generated traps.
- Fix 2182: Variable Bindings (association between nodes and services) are needed for
The BIG/ip Controller SNMP trap mechanism now supports variable bindings for the SNMP management applications that can distinguish between traps sent on the same OID to avoid writing over previously sent traps.
- Fix 2183: Modify SNMP so that it distinguishes between reset and reboot, and sends a
different trap for each.
The BIG/ip Controller now sends different traps depending on whether the entire system was restarted or the configuration has been reloaded.
- Fix 2187: GNIC-II was dropping gratuitous ARP broadcasts.
If the BIG/ip Controller has GNIC cards, it now sends out ARP packets appropriately upon fail-over.
Configuring and using the updated software
There are no configuration changes required for this PTF.
Logging port denials
A customer is concerned that a Denial-of-Service attack could affect the BIG/ip Controller by making constant log Port Denial messages. A new system control variable was created to allow customers to turn on logging of port denials when desired. This variable reverses the way that logging of port denials works, changing the default from logging to no logging. This variable is:
The variable defaults to zero, specifying no logging. Add any of the following values to affect logging:
|sysctl -w bigip.verbose_log_level=0||No logging.|
|sysctl -w bigip.verbose_log_level=1||Log UDP port denials (to BIG/ip address).|
|sysctl -w bigip.verbose_log_level=2||Log TCP port denials (to the BIG/ip Controller address).|
|sysctl -w bigip.verbose_log_level=4||Log UDP port denials (to VIP address).|
|sysctl -w bigip.verbose_log_level=8||Log TCP port denials (to VIP address).|
|sysctl -w bigip.verbose_log_level=15||Log all of the above.|
In order to set the logging function permanently to other than the default setting, you must set that variable in the system control file.
ECV null send string is not supported in the F5 Configuration utility.
Fix 766 is not currently supported in the F5 Configuration utility. If you set up ECV in the F5 Configuration utility and leave the send string blank (null), the default send string that is issued is GET /. The F5 Configuration utility does not allow the send string to be null. If you require a null in the send string, you should set this up by manually editing the /etc/bigd.conf file.
If you have this set up to use null in the send string, and then use the Global Node Port Properties screen or the Node Properties screen to change any option on this screen (or if you just hit the Apply button), it updates the ECV service check, and will then generate a GET / in the send string.