Applies To:
Show Versions
BIG-IP versions 1.x - 4.x
- 1.8.1
Summary:
Contents:
Things You Must Know If Upgrading From An Earlier Version
In order to support the many new features in this version, the syntax of some bigpipe commands has changed. This means that any configuration files (particularly, the default configuration file, /etc/bigip.conf) must be modified.
-
The bigpipe vip command syntax has changed. Please refer to the Command Reference in the BIG/ip Installation and User's Guide for complete information.
Previously you defined VIPs by doing:
bigpipe vip <vip> define <node_ip> <node_ip> ...Now the syntax is:
bigpipe vip <vip:port> define <node_ip:port> <node_ip:port> ...Separate bigpipe vip commands must be issued for each service name or port number. Other variations of this command are used to set connection limits (see New Features below.)
-
The bigpipe node command syntax has changed. Previously, it was necessary to define nodes. Now nodes are implicitly defined when they are specified in a VIP definition. The svc_on, svc_off, and svc_read options are now obsolete. The node command is now used to read information about nodes and to set connection limits (see New Features below.)
-
Manual configuration changes are required to support the new Configuration Synchronization command. (See New Features - Configuration Syncronization below.)
New Features In Version 1.8.1
-
Multiport Configurability
BIG/ip now offers finer-grain control over VIPs and nodes. Each invocation of bigpipe vip now defines a virtual path for a single virtual IP address and port combination to a set of node IP address and port combinations. This is best described by example:
bigpipe vip 192.168.101.10:80 define node1:80 node1:8001 node2:80
bigpipe vip 192.168.101.10:443 define node3:443 node4:443
This configuration would send 1/3 of the HTTP traffic to a second web server on node1 that is attached to port 8001. It would route all of the SSL traffic (port 443) to node3 and node4 instead of node1 and node2.
-
NAT (Network Address Translation)
NAT is a very powerful feature that gives nodes behind BIG/ip transparent access to the network in front of BIG/ip. This is particularly useful when nodes need access to database servers that are located somewhere else on the intranet or Internet. For example, if you previously configured a static route or ran the routing daemon on BIG/ip, or ran a DNS proxy on BIG/ip to allow your web servers to make DNS queries, you may find it more convenient and secure to just set up a NAT and allow your web servers direct access to the servers they need to talk to. Use the bigpipe nat command to define NAT paths through BIG/ip.
-
SSL
BIG/ip now load balances SSL (Secure Sockets Layer), the WWW standard for secure web servers and web browsers. A special command, bigpipe ssl, is required to enable SSL on specific ports since BIG/ip must keep multiple connections in a single SSL session going to the same node.
-
Passive FTP
Passive FTP is the file transfer mode used by FTP clients which are built into current versions of the popular web browsers. When BIG/ip is configured for FTP, it now supports traditional (active) FTP and passive FTP.
-
UDP
BIG/ip now load balances UDP (User Datagram Protocol) for connectionless services such as DNS servers. Use the bigpipe udp command to enable UDP on specific ports and set persistance for those ports.
-
New Load Balancing Modes
BIG/ip now features 6 different load balancing algorithms:
- Round Robin
- Ratio
- Least Connection
- Fastest
- Observed
- Predictive
The bigpipe lb command selects which algorithm is used. The default is round_robin, which is the same as prior versions of BIG/ip. An additional command, bigpipe ratio is used in conjunction with ratio mode.
-
Configurable Connection Limits
Users may now set maximum number of concurrent connections by port, VIP, VIP/port, node, or node/port. The default is unlimited. Refer to the bigpipe vip, bigpipe node, and bigpipe port commands in the Command Reference.
-
Active Service Ping
Previously, BIG/ip pinged services by connecting to the specified port on a server and then immediately disconnecting. That mode is still the default, but now users may configure BIG/ip to do Active Service Ping, in which an actual request is written to a server and then a response is read back from the server. The request is user configurable and the response is matched against a user-defined regular expression. Refer to the manual section on Controlling Pings for information on configuring this feature.
-
The new command bigpipe configsync, simplifies propagating configuration changes to the other BIG/ip in a BIG/ip HA configuration. This command is called after one or more bigpipe commands have changed the kernel configuration. The command writes the current configuration to the file, /etc/bigip.conf, and then if SSH RSA Authentication is properly configured between the two BIG/ip, the command also copies /etc/bigip.conf on the local BIG/ip to /etc/bigip.conf on the remote BIG/ip and then loads the the new configuration file to the kernel on the remote BIG/ip.
The bigpipe configsync command is a shortcut for the following commands:
bigpipe -s /etc/bigip.conf
scp /etc/bigip.conf root@<ip-address>:/etc/bigip.conf
ssh -l root <ip-address> /sbin/bigpipe -f /etc/bigip.confTo use the bigpipe configsync command, it is necessary to make the following configuration changes on each BIG/ip Controller:
-
Create a /etc/bigip.failover file, containing the real IP address of the internal interface of the other BIG/ip. The file should contain one line in the following format:
FailoverIp <ip-address>
-
In the /etc/sshd_config file, verify that the AllowHosts line includes the IP address of the other BIG/ip.
-
Run the following command to generate the /root/.ssh/identity and /root/.ssh/identity.pub files that incorporate NULL passphrases. Respond to all questions by pressing the <return> key as show below:
# ssh-keygen <return>
Enter file in which to save the key(/root/.ssh/identity): <return>
Enter passphrase: <return>
Enter the same passphrase again: <return> -
Append the contents of the /root/.ssh/identity.pub file to the remote BIG/ip's /root/.ssh/authorized_keys file, using the following command:
cat /root/.ssh/identity.pub | ssh -l root \
<ip-address-of-remote-BIGip
> 'cat >> /root/.ssh/authorized_keys'
-
-
IP Filtering and Rate Shaping
This feature allows you to control and/or prioritize access and bandwidth for each VIP by client IP, port, IP/port combo. Refer to the manual section on IP Filtering and Rate Shaping for information on configuring this feature.
-
New bigtop Utility
A new utility bigtop is now included with BIG/ip. It is a convenient way to monitor VIP and node statistics using a terminal or SSH session. Simply log in to BIG/ip and type bigtop.
-
Support For Very Large Configurations
BIG/ip is now capable of handling up to 10,000 VIPs. If you have more than a few thousand VIPs or nodes, please contact F5 Networks Technical Support to discuss your configuration. In some of these cases, a memory upgrade may be required.
Known Problems In This Release
-
Serial port TERM environment variable is fixed to ibmpc3.
For 'dumb' terminals this causes problems when using the serial port of a BIG/ip for the first time boot and configuration script.
-
Bigtop will hang with no VIP's defined.
Running bigtop before defining VIP's will hang the bigtop process. Simply type Cntl-C to exit.
-
ping command for broadcast address on BIG/ip internal net.
On BIG/ip, the ping command cannot be used to ping the broadcast address on the internal network. (NOTE: This will not effect the normal BIG/ip operation.)
Upgrade Installation Instructions
Please refer to the README-v1.8.1update file.
Where To Find More Info
-
New Manual
The thoroughly revised and updated manual for version 1.8 describes all of the new commands and features. Please contact F5 Networks Technical Support to obtain a copy if you don't already have one.
-
Check Out Our Web Site at www.f5.com
