Applies To:
Show Versions
BIG-IP versions 1.x - 4.x
- 4.0 PTF-04
Summary:
Contents:
Installing the PTF
Apply the PTF to the BIG-IP Controller, version 4.0 using the following process. The install script saves your current configuration.
- Connect to the F5 FTP site (ftp.f5.com).
Use FTP in passive mode from the BIG-IP Controller to download the file. To place FTP in passive mode, type pass at the command line before transferring the file.
- Download the correct PTF file to the /var/tmp/ directory on the target BIG-IP Controller.
For crypto controllers, choose PTF-4.0-4-BSD_OS-4.1.im, for non-crypto controllers choose NOCRYPTOPTF-4.0-4-BSD_OS-4.1.im. - Change your directory to /var/tmp/ by typing:
cd /var/tmp/ - Enter the following command to install this PTF:
For crypto, type: im PTF-4.0-4-BSD_OS-4.1.im
For non-crypto, type: im NOCRYPTOPTF-4.0-4-BSD_OS-4.1.im
The BIG-IP Controller automatically reboots once it completes installation.
After you install the PTF, please refer to the Configuring and using the updated software.
[ Top ]
Fixes
This section provides a concise look at the fixes and enhancements included in the PTF. Note that the section is broken down by PTF release number, with the most recent PTF listed first.What's fixed in this PTF (PTF-04)
Bigpipe internal error with long host names on non-crypto systems (CR17161)
Adding a host name with 15 or more characters no longer causes a Segmentation Fault error in bigpipe.
Delayed binding connections with HTTP version 1.0 browsers (CR17280)
Delayed binding connections with HTTP version 1.0 browsers such as Netscape 4.X and wget are no longer problematic.
OneConnect Keep-Alive operation with non HTTP version 1.1 browsers (CR17140)
OneConnect Keep-Alive operation now functions normally with non HTTP version 1.1 browsers.
Symbolic link configuration (CR17193)
Installing PTF-03 no longer causes an error with symbolic links in /config.
SSL proxy header insertion (CR 16869)
The SSL proxy now performs header insertion only on non-pipelined requests using WebDAV and standard (RFC 2616) HTTP methods.
What's fixed from PTF-03
Auto lasthop feature and active FTP (CR15911)
Auto lasthop now properly handles active FTP data connections.
Automap with SSL proxy (CR16312)
SNAT automap now works properly with the SSL proxy.
BIG-IP Controller is now stable under load (CR15119)
The BIG-IP Controller is now stable under load. You no longer see the following error message: t_kill: connection node is NOT in bigip_table!
FIN-PUSH on small responses (CR16646)
The FIN-PUSH for small responses is now propagated properly when you are using rules and cookie persistence.
FTP connection tracking ephemeral ports (CR15893)
Enhanced the tracking of FTP data connections on ephemeral ports.
GateD and address or routing changes (CR15738)
GateD now applies address and routing changes correctly to VLANs.
HTTP redirect (CR16012)
Added the ability to specify a protocol identifier for the HTTP redirect feature. For more information, see Configurable protocol identifier for HTTP redirection.
Interfaces get_version (iControl) (CR16360)
The interfaces get_version IDL now properly reports the iControl version.
Intermittent throughput with SSL/akamaizer gateway (CR16493)
You no longer have intermittent throughput with the SSL/akamaizer gateway.
L2 forwarding (CR15346)
Standby system in an L2 forwarding configuration no longer logs spurious ARP overwrite messages.
Malformed packet instability (CR15940 and CR16336)
Malformed packets no longer cause the BIG-IP Controller to become unstable.
memberStatus reports incorrectly (SNMP) (CR15885)
The memberStatus OID now reports member status correctly.
Network and wildcard virtual servers (CR16364)
You can now disable network and wildcard virtual servers on a VLAN.
Node/member without route (CR15975)
You now receive a warning when you attempt to add a member to a pool that does not have a route.
Setting ARP disable (CR16171)
Disabling ARP on a network virtual server no longer destabilizes the BIG-IP Controller.
SNAT timeout (CR15629)
SNATs with virtual servers defined now time out connections properly.
SNMP node statistics (CR16107)
Made node statistics available through SNMP.
SSL virtual servers (CR16593)
Using SSL connection mirroring and SSL persistence mirroring on virtual servers no longer causes the BIG-IP Controller to become unstable.
Suppressed benign message (CR16703)
Suppressed benign message: parse_http: ignoring unexpected client data.
System information report (iControl) (CR15913)
System information is now reported properly through iControl IDL.
Telnetd security (CR15803)
Updated telnetd to improve security (CERT CA-2001-21.)
VLANs and multicast packets (CR15737)
VLANs now accept multicast packets properly.
What's fixed from PTF-02
Certificate information
You no longer need to re-enter certificate information when you re-run the web-based First-Time Boot utility. (CR15056)
Configuration files
bigpipe now permits you to save very large configuration files. (CR15477)
f5isapi.dll improvements
We improved the performance of the f5isapi.dll. (CR15465)
NIC media types
Using the web-based First-Time Boot utility now correctly sets the media type for NICs. (CR15247)
Portal startup
You no longer see the following spurious error message during bigstart boot-up.
bigstart: startup portal
bigstart: kill portal 10 seconds expired (CR15401)
Product versioning
Using the web-based First-Time Boot utility now correctly sets the XLB version of the product. (CR15232)
Simple persistence
Using simple persistence with any IP or UDP no longer causes the BIG-IP Controller to become unstable. CR15404)
SSD
If a solid state drive is detected, the installation process does not allow you to install the standard PTF. Please contact F5 Services to get the upgrade for SSD. (CR15402)
Static routes
You can now delete static routes manually once the controller is up and running. (CR15373)
Support access
You now configure FTP and Telnet support access with two separate check boxes in the web-based First-Time Boot utility. For more information, see Changes to support access configuration in the web-based First-Time Boot utility. (CR15057)
Using b load under heavy traffic
You can now use the b load command while passing traffic. (CR15288)
VLAN naming
We have adjusted VLAN naming to accommodate multiple interface network cards. (CR15474)
VLANs and VLAN groups
You can no longer delete a VLAN that is a member of a VLAN group. (CR15283)
(CR15284)
What's fixed from PTF-01
Auto lasthop
Auto lasthop for non-TCP traffic on a firewall sandwich no longer leads to routing loops. (CR15088)
Configuration synchronization and IP addresses
Configuration synchronization is no longer dependent on a peer IP address and its hostname IP address. (CR15017)
Configuration synchronization and uptime
Configuration synchronization no longer fails after a week of uptime. (CR15383)
First-Time Boot utility (web-based)
The Properties page for VLANs in the web-based First-Time Boot utility now displays correctly in Internet Explorer version 4.0. (CR15052)
Gigabit NICs
The gigabit NIC now functions with older systems (for example, Pentium II). (CR14994)
Layer 2 forwarding
Layer 2 forwarding can now forward packets to off-interface hosts. (CR15313)
Lasthop routes and the ipforward cached route
The timing issue that was affecting lasthop routes and the ipforward cached route is now fixed. (CR14012)
Monitors
Existing monitors are now retained when a "Monitor instance already exists" error occurs. (CR14908)
Virtual servers
A virtual server with a wildcard service and an HTTP pool with port translation is now enabled. (CR14922)
VLANs (maximum number)
The maximum number of VLANs allowed is now 256. (CR14798)
VLAN renaming
An error no longer appears when you rename a VLAN from the Configuration utility. (CR15053)
Web administrator user account
The default web administrator user account is no longer left available after configuration when using the web-based First-Time Boot Utility. (CR15054)
[ Top ]
New features and enhancements
This section contains descriptions of new features and enhancements added with this release.
Configurable protocol identifier for HTTP redirection
This release includes support for new syntax that allows you to configure a protocol identifier for the HTTP redirection feature. For example, if you want to specify an HTTPS site for www.yoursite.com, you would type fallback https://www.yoursite.com instead of the standard fallback syntax in the bigip.conf file.
The following example defaults to redirect to an HTTP URL:
fallback www.yoursite.com
The following example overrides the protocol identifier with an HTTPS prefix:
fallback https://www.yoursite.com
The following example overrides the protocol identifier with an FTP prefix:
fallback ftp://www.yoursite.com
[ Top ]
Configuring and using the updated software
Media types
Use the following command to get a list of appropriate media types for an interface.
ifconfig -m <interface name>
Tips on setting the preferred controller in redundant BIG-IP Controller installations
If you are using the force_master flag to set a specific controller to be the preferred active unit, we recommend that you set the force_slave flag on the controller that you want to run primarily as a secondary controller. The force_slave flag must be set if you are using network failover. For more information about these flags, see the BIG-IP Reference Guide, v.4.0, Setting a specific controller to be the preferred active unit. (CR12279)
[ Top ]
Known issues
The following items are known issues in the current release.
HTTP headers in client requests
In future releases the BIG-IP Controller will support inserting HTTP headers in client requests with methods specified in RFC 2616. The BIG-IP Controller will also support SEARCH, and any other non-standard methods of which we become aware.
3dnsd
For users of the combined BIG-IP Controller with the 3-DNS module, if you add more than one interface IP address to IIOP HOST (no-crypto) or FSSL HOST (crypto) on the BIG-IP Controller, 3dnsd may become unstable. (CR15392)
VLAN and interface assignments
When you install the BIG-IP Controller from scratch, the default VLAN and interface assignments may not match what the web-based or command line First-Time Boot utility has as the assignments. Once you configure the BIG-IP Controller, the assignments will be correct. (CR15080)
Using the WMI ISAPI Data Gathering agent with the winmgmt service
In order to work around certain functions in the winmgmnt service, the WMI ISAPI Data Gathering agent automatically restarts the winmgmt service every hour. You can customize this restart interval by editing the registry using the following steps:
- Open up the Registry Editor
You can either type regedit at the command line, or click the Start button, click Run, type regedit, and then click OK. - Under HKEY_LOCAL_MACHINE\Software, create a key named "F5":
- Double-click the HKEY_LOCAL_MACHINE key.
- Right-click the Software key, and select New, then select Key.
- Type F5 for the new key name.
- Under the F5 key, create a new subkey named WMIServiceRestartInterval:
- Right-click the newly created F5 key, and select New, then select Key.
- Type WMIServiceRestartInterval for the new subkey name.
- Create registry settings for IntervalUnit and Interval for the WMIServiceRestartInterval subkey:
- Right-click the newly created WMIServiceRestartInterval key, select New and then select String Value.
- Change the name of the String Value to IntervalUnit, and specify an interval unit as the value data. Valid values are: day, hour, minute, and second.
- Right-click the newly created WMIServiceRestartInterval key, select New, then select DWORD Value.
- Change the name of DWORD Value to Interval, and specify a numeric value.
- Close the Registry Editor to save the changes, and restart the IIS Admin Service.
The Windows 2000 Service Pack 2 improves the handle leak in winmgmt service, but, in some cases, the Virtual Memory usage of winmgmt service can still be high due to some caching operations within the winmgmt service. (CR14439)
Using NAT or SNAT with layer 2 forwarding
The layer 2 forwarding feature is not compatible for use with NATs or SNATs. (CR15342)
The OTCU does not migrate customizations to /etc/netstart
The OTCU does not migrate static route customizations to /etc/netstart. After you run the OTCU, you should add static route commands into /config/routes. (CR15528)
Web administrator password cannot contain a dollar sign ($)
Do not use a dollar sign ($) in the Web administrator password. (CR15526)
Installing this release on an unsupported BIG-IP Controller platform
Do not install this release on an unsupported BIG-IP Controller platform. Installing this software on an unsupported platform may prevent the controller from booting up properly. (CR N/A)
Changes to support access configuration in the web-based First-Time Boot utility
The functionality of the web-based First-Time Boot utility now matches the command line version of the First-Time Boot utility.
- In the crypto controller, the controls to allow support access using either Telnet or FTP have been removed from the web-based First-Time Boot utility.
- In the non-crypto version of the software, the checkbox to allow the support account FTP and Telnet access to the controller has been split into two separate check boxes.
