Applies To:
Show Versions
Link Controller
- 4.6.3
Updated Date: 04/18/2019
Summary:
This release note documents version 4.6.3 of the Link Controller® software. You can apply the software upgrade to version 4.5 and later. For information about installing the software, please refer to the instructions below.
F5 now offers both maintenance-only and new feature releases. Version 4.6.3 is a feature release that is based on version 4.5.12 code. This release includes all features and fixes included in versions 4.5.12 and 4.6.2. For more information on our new release polices, please see New Versioning Schema for F5 Software Releases.
Warning: This is a feature release, not a maintenance release. Unless you need specific features that are new to this feature release, please upgrade to the latest maintenance release instead.
Contents:
Minimum system requirements and supported browsers
The minimum system requirements for this release are:
- Intel® Pentium® III 550MHz processor
- 512MB disk drive or CompactFlash® card
- 256MB RAM
The supported browsers for the Configuration utility are:
- Microsoft® Internet Explorer 5.0, 5.5, and 6.0
- Netscape® Navigator 4.7x
Installing the software
Important: If you are upgrading a Link Controller redundant system, you must upgrade both units. We do not support running different versions on a Link Controller redundant system. Additionally, If you are updating the Link Controller module on a BIG-IP system, refer to the BIG-IP version 4.6.3 note for instructions on installing the upgrade.
Important: If you are upgrading an IP Application Switch or a Link Controller unit that uses a CompactFlash® media drive, use the installation instructions here.
Note: If you have installed prior releases, this installation does not overwrite any configuration changes that you made for prior releases.
The following instructions explain how to install the BIG-IP Link Controller software version 4.6.3 onto existing systems running version 4.5 and later. The installation script saves your current configuration.
- Go to the Downloads site and locate the BIG-IP 4.6.3 upgrade file, BIGIP_4.6.3_Upgrade.im.
- Download the software image and the BIGIP_4.6.4_Upgrade.md5 file.
For information about how to download software, refer to SOL167: Downloading software from F5 Networks.
- If you downloaded the image file to a directory other than /var/tmp, copy the image file to the /var/tmp/ directory on your BIG-IP system.
- Check the md5 of the upgrade file by typing the following command:
md5 BIGIP_4.6.3_Upgrade.im
cat BIGIP_4.6.3_Upgrade.md5The two md5 values should be identical.
- Install the IM by typing the following command:
im BIGIP_4.6.3_Upgrade.imThe Link Controller automatically reboots once it completes installation.
To upgrade an IP Application Switch or a CompactFlash media drive, use the following process.
- Create a memory file system, by typing the following:
mount_mfs -s 200000 /mnt
- Go to the Downloads site and locate the BIG-IP 4.6.3 upgrade file, BIGIP_4.6.3_Upgrade.im.
- Download the software image and the BIGIP_4.6.3_Upgrade.md5 file.
For information about how to download software, refer to SOL167: Downloading software from F5 Networks.
- If you downloaded the image file to a directory other than /mnt, copy the image file to the /mnt directory on your BIG-IP system.
- Change your directory to /mnt by typing the following command:
cd /mnt - Check the md5 of the upgrade file by typing the following command:
md5 BIGIP_4.6.3_Upgrade.im
cat BIGIP_4.6.3_Upgrade.md5The two md5 values should be identical.
- On the BIG-IP unit, run the im upgrade script:
im /mnt/BIGIP_4.6.3_Upgrade.imThe Link Controller automatically reboots once it completes installation.
Note: This procedure provides over 90MB of temporary space on /mnt. The partition and the im package file are deleted upon rebooting.
Activating the license
Once you install the upgrade and connect the unit to the network, you need a valid license certificate to activate the software. To gain a license certificate, you need to provide two items to the license server: a registration key and a dossier.
The registration key is a 25-character string. You should have received the key by email. The registration key lets the license server know which F5 products you are entitled to license.
The dossier is obtained from the software, and is an encrypted list of key characteristics used to identify the platform.
You can obtain a license certificate using one of the following methods:
- Automatic license activation
You perform automatic license activation from the command line or from the web-based Configuration utility of an upgraded unit. This method automatically retrieves and submits the dossier to the F5 license server, as well as installs the signed license certificate. In order for you to use this method, the unit must be installed on a network with Internet access. - Manual license activation
You perform manual license activation from the Configuration utility, which is the software user interface. With this method, you submit the dossier to, and retrieve the signed license file from, the F5 license server manually. In order for you to use this method, the administrative workstation must have Internet access.
Note: You can open the Configuration utility with Netscape Navigator version 4.7x, or Microsoft Internet Explorer version 5.0, 5.5, or 6.0.
To automatically activate a license from the command line for first time installation
- Type the user name root and the password default at the logon prompt.
- At the prompt, type license. The following prompts display:
IP:
Netmask:
Default Route:
Select interface to use to retrieve license:
The unit uses this information to make an Internet connection to the license server. - After you type the Internet connection information, continue to the following prompt:
The Registration Key should have been included with the software or given when the order was placed. Do you have your Registration Key? [Y/N]:
Type Y, and the following prompt displays:
Registration Key: - Type the 25-character registration key you received. If you received more than one key, enter all of the keys, separating each with a space.
The dossier is retrieved and sent to the F5 license server, and a signed license file is returned and installed. A message displays indicating the process was successful. - You are asked to accept the End User License Agreement.
The system is not fully functional until you accept this agreement. - You are prompted to reboot the system. Press Enter to reboot.
The system is not fully functional until you reboot.
To automatically activate a license from the command line for upgrades
- Type your user name and password at the logon prompt.
- At the prompt, type setup.
- Choose menu option L.
- The following prompt displays:
Number of keys: 1
If you have more than one registration key, enter the appropriate number. - The following prompt displays:
Registration Key:
Type the 25-character registration key you received. If you received more than one key, enter all of the keys, separating each with a space.
The dossier is retrieved and sent to the F5 license server, and a signed license file is returned and installed. A message displays indicating the process was successful. - When you are finished with the licensing process, type the following command to restart the services on the system:
bigstart restart
To manually activate a license using the Configuration utility
- Open the Configuration utility according to the type of BIG-IP unit you are licensing:
- If you are licensing a previously configured BIG-IP unit, open the Configuration utility using the configured address.
- If you are licensing a new BIG-IP unit, from the administrative workstation, open the Configuration utility using one of the following addresses: https://192.168.1.245 or https://192.168.245.245. These are default addresses on the units local area network.
- If you are licensing a previously configured BIG-IP unit, open the Configuration utility using the configured address.
- Type the user name and password, based on the type of BIG-IP unit you are licensing:
- If you are licensing a previously configured BIG-IP unit, type your user name and password at the logon prompt.
- If you are licensing a new BIG-IP system, type the user name root, and the password default at the logon prompt.
- If you are licensing a previously configured BIG-IP unit, type your user name and password at the logon prompt.
- Click License Utility to open the License Administration screen.
- In the Registration Key box, type the 25-character registration key that you received. If you have more than one key to install, click Enter More Keys to install multiple keys. Once you have entered all registration keys, click Manual Authorization.
- At the Manual Authorization screen, retrieve the dossier using one of the following methods:
- Copy the entire contents of the Product Dossier box.
- Click Download Product Dossier, and save the dossier to the hard drive.
- Copy the entire contents of the Product Dossier box.
- Click the link in the License Server box.
The Activate F5 License screen opens in a new browser window. - From the Activate F5 License screen, submit the dossier using one of the following methods:
- Paste the data you just copied into the Enter your dossier box, and click Activate.
- At the Product Dossier box, click Browse to locate the dossier on the hard drive, and then click Activate.
- Paste the data you just copied into the Enter your dossier box, and click Activate.
- Retrieve the license file using one of the following methods:
- Copy the entire contents of the signed license file.
- Click Download license, and save the license file to the hard drive.
- Copy the entire contents of the signed license file.
- Return to the Manual Authorization screen, and click Continue.
- At the Install License screen, submit the license file using one of the following methods:
- Paste the data you copied into the License Server Output box, and click Install License.
- At the License File box, click Browse to locate the license file on the hard drive, and then click Install License.
- Paste the data you copied into the License Server Output box, and click Install License.
- Click License Terms, review the EULA, and accept it.
- At the Reboot Prompt screen, select when you want to reboot the platform.
License activation is complete only after rebooting.
To automatically activate a license using the Configuration utility
- Open the Configuration utility according to the type of BIG-IP unit you are licensing:
- If you are licensing a previously configured BIG-IP unit, open the Configuration utility using the configured address.
- If you are licensing a new BIG-IP unit, from the administrative workstation, open the Configuration utility using one of the following addresses: https://192.168.1.245 or https://192.168.245.245. These are default addresses on the units local area network.
- If you are licensing a previously configured BIG-IP unit, open the Configuration utility using the configured address.
- Type the name and password, based on what type of BIG-IP unit you are licensing:
- If you are licensing a previously configured BIG-IP unit, type your user name and password at the logon prompt.
- If you are licensing a new BIG-IP unit, type the user name root, and the password default at the logon prompt.
- If you are licensing a previously configured BIG-IP unit, type your user name and password at the logon prompt.
- Click License Utility to open the License Administration screen.
- In the Registration Key box, type the 25-character registration key that you received. If you have more than one key to install, click Enter More Keys to install multiple keys. Once you have entered all registration keys, click Automated Authorization.
The License Status screen displays status messages, and Process complete appears when the licensing activation is finished. - Click License Terms, review the EULA, and accept it.
- At the Reboot Prompt screen, select when you want to reboot the platform.
License activation is complete only after rebooting.
Changes to existing features
This release includes the following changes in product behavior.
| Solution | Description |
| SOL739 | Versions of software packages used in this release |
| SOL1020 | Reserved words for this release |
| SOL3689 | Routes in /config/routes and /etc/netstart are removed |
| SOL3746 | The bigpipe vlan fdb command now displays entries arranged by VLAN |
| SOL3747 | The user is now prevented from deleting the LDAP default.key |
| SOL3748 | The FTBU now warns that it can rewrite zone files |
| SOL3804 | All virtual servers that are associated by a dependency are now disabled if any one is disabled |
| SOL3960 | The global syncookie threshold default was changed to 500,000 for PVA-equipped systems |
| SOL3962 | The full option was removed from hardware acceleration |
| SOL3996 | sfd will now respawn if it fails or is killed |
| SOL4001 | Aggregated connections are closed with a reset rather than a FIN |
| SOL4011 | Routes are now reloaded when changes to VLANs, interfaces, or self addresses are made |
| SOL4366 | DNS proxy port now closed by default and a new global to open it |
| SOL4025 | sshd.conf is now backed up when an upgrade is run |
| SOL4045 | New checks on TCP header validity |
| SOL4048 | New check for valid FIN sequence number for delayed binding connections |
| SOL4100 | Hops and round trip time may no longer be used together in QOS calculations |
| SOL4101 | ICMP and UDP high port probing may no longer be used together in RTT calculations |
| SOL4108 | Situations causing virtual server demotion to software acceleration have been reduced |
| SOL4179 | Hardware platforms supported by this release |
| SOL4180 | SEE-IT providers are no longer included in this release |
| SOL4192 | BIG-IP status window no longer uses Java |
| SOL4376 | New versions of big3d are included in this release |
| SOL4402 | big3d will now log a message when it exits |
| SOL4548 | Ties in VS selection will now result in randomized response |
| SOL4557 | Allow "?" to pass the checktrap.pl content test |
New features in this release
This release includes the following new features.
Connection Rate Limit settings (CR24840)
This release of the BIG-IP system includes new Connection Rate and Rate Limit settings with which you can measure the number of connections per second. You can then use this statistic to limit the number of connections to a node address. This feature is useful if there are times when you expect to have insufficient resources to service all requests, but you also want to ensure that all available servers are performing at maximum capacity. For example, if you have a data center that has enough capacity to handle the load when all the servers are functional, but you need to bring down half of the servers at a certain time in order to update the content. In this instance, the load may exceed the capacity of the remaining servers and cause the servers to become overloaded and unable to function at their maximum sustainable capacity. To avoid this situation, you can configure the BIG-IP system node connection rate limits to the maximum sustainable rate for each server. This prevents the servers from becoming over-burdened, and thus fewer requests are discarded.
In addition, if you are using the 3-DNS Controller to load balance traffic between data centers, you can use the virtual server rate limit in conjunction with global Available Connection Rate or Quality of Service load balancing to shift the load from the degraded data center to a data center with sufficient capacity.
For more information on configuring the Connection Rate and Rate Limit settings, see SOL4183: Can BIG-IP limit connections to a node based on the rate of requests rather than the number of concurrent requests?
Configuration load time settings (CR43629)
In this release you can configure the amount of time that the BIG-IP system waits for the configuration to load before it the system begins load balancing traffic. The default setting is 15 seconds, and this should be adequate for most configurations. However, in instances where the configuration takes longer than 15 seconds to load, the BIG-IP system may begin load balancing based on a partially-loaded configuration. This situation can occur if you have an older platform and are loading a very large configuration. If you experience this issue, we recommend that you increase the default timeout for configuration load time. For more information, see SOL4322: How do I configure the configuration load timeout?
New fixes in this release
In the 4.6.3 release, on a trial basis, we have modified the format for displaying CRs for fixes and known issues. The CRs are now listed in a table format, with the corresponding solution listed next to the CR. Clicking the solution link directs you to the more detailed solution document that is posted on the AskF5 Technical Support Web Site. We continually update these solution documents on AskF5 as new details become available. If additional known issues are discovered after we release version 4.6.3, we will update the known issues table with the new CR and solution numbers, with the goal of keeping you current on our known issues.
If you encounter a solution that does not have an active link, it is likely that we have not yet had a chance to get the solution posted on AskF5, but please continue to check this table for new content or links.
This release includes the following new fixes.
| CR | Solution | Description |
| CR14926 | SOL3676 | 3dnsmaint does not copy iQuery keys to remote units |
| CR14955 | SOL5078 | The Configuration utility allows special characters in configuration object names |
| CR14956 | SOL5078 | The Configuration utility allows special characters in configuration object names |
| CR16971 | SOL5078 | The Configuration utility allows special characters in configuration object names |
| CR16972 | SOL5078 | The Configuration utility allows special characters in configuration object names |
| CR16973 | SOL5078 | The Configuration utility allows special characters in configuration object names |
| CR17173 | SOL5078 | The Configuration utility allows special characters in configuration object names |
| CR23634 | SOL3678 | sod reports unnecessary bigapi_unit_mask errors |
| CR26184 | SOL3679 | Adding a member on the loopback network drops network connectivity |
| CR26184 | SOL3732 | Server appliances do not delete FDB entries when a link goes down |
| CR26564 | SOL3684 | Help for bigpipe monitor did not exist |
| CR27161 | SOL3703 | Help for bigpipe interface did not exist |
| CR27161 | SOL3705 | Help for bigpipe reset did not exist |
| CR27161 | SOL3707 | Help for bigpipe list did not exist |
| CR27161 | SOL3710 | Help for bigpipe merge did not exist |
| CR27161 | SOL3711 | Help for bigpipe base save did not exist |
| CR27161 | SOL3712 | Help for bigpipe base list did not exist |
| CR27161 | SOL3713 | Help for bigpipe save did not exist |
| CR27205 | SOL3715 | Syslog listens on UDP port 514 |
| CR27252 | SOL3716 | Auto discovery and configuration does not ignore loopback virtual servers |
| CR27821 | SOL4317 | SNMP walks against bigsnmpd might trigger a memory leak |
| CR27835 | SOL3725 | Creating new virtual servers for an existing address removes any_ip |
| CR27878 | SOL3726 | Probing always uses the same interface and source address |
| CR27915 | SOL3728 | Deleting virtual server, proxy, or SNAT with common address stops ARP response |
| CR28079 | SOL3729 | Server appliances enter a netboot loop after the system issues a halt |
| CR28316 | SOL1660 | Zombie processes may be generated when a terminal server is attached |
| CR28316 | SOL3733 | Duplicate VLANs appear when a self IP address on the 135./8 network is configured |
| CR28408 | SOL2720 | Cannot establish an SSH connection from a new BIG-IP or 3-DNS system received as an RMA |
| CR28434 | SOL3736 | Running bigtop with a negative delay locks the console |
| CR28435 | SOL3736 | Running bigtop with a negative delay locks the console |
| CR28436 | SOL3737 | The FAN_FAILING, CPU_TOO_HOT, CPU_FAN_FAILING, and POWER_FAILED SNMP traps do not work |
| CR28502 | SOL2758 | Nodes might be marked down incorrectly when translucent VLAN groups are used |
| CR28904 | SOL3749 | Half-closed connections might be terminated while data is still being transferred |
| CR29158 | SOL3750 | Out of order, zero length packets might cause header insert functions to fail |
| CR29255 | SOL3768 | The description of the OID loadBalTrapPortString is incorrect |
| CR29282 | SOL3803 | SNAT connections and health monitors might experience overlapping connections |
| CR29349 | SOL3769 | SNAT connection limits can only be removed by setting them to zero |
| CR29456 | SOL3770 | Duplicate ARPs might be sent when determining the destination of a packet |
| CR29599 | SOL3739 | Automatic discovery and configuration occur even when it is globally disabled |
| CR29629 | SOL3779 | Changing a VLAN tag might change the IP address of network virtual servers |
| CR29660 | SOL3781 | mrad might become unstable and produce core files on platforms that do not contain a PVA |
| CR29730 | SOL3715 | Syslog listens on UDP port 514 |
| CR29751 | SOL3783 | The bigpipe verify load command rejects configurations using SNAT connection mirroring |
| CR29793 | SOL3785 | Inaccurate VLAN tag error message exists in the Configuration utility |
| CR29809 | SOL3786 | Retransmitted packets larger than the original are not accepted in some cases |
| CR29843 | SOL3787 | BIG-IP 2400, 5000, and 5100 units might lock up during reboot |
| CR30142 | SOL3805 | sysObjectID is not correctly mapped in the MIB |
| CR30152 | SOL3806 | The global l2_aging_time might be saved in the wrong location |
| CR30152 | SOL3808 | The global VLANs unique_mac might be saved in the wrong location |
| CR30235 | SOL3809 | Spurious "No nodes up" messages are logged |
| CR30583 | SOL3812 | Random pool selection is not random and will select the same pool every time |
| CR30995 | SOL3815 | Fiber gigabit ports show output errors on switch appliances |
| CR31393 | SOL3821 | The global reaper setting can be set to zero |
| CR31551 | SOL3822 | Disabling a datacenter does not cause another 3-DNS to become principle |
| CR31944 | SOL3824 | If an HTTP header match string is longer than the HTTP headers, a hang can result |
| CR32148 | SOL3825 | sync_zones may leave a stale pid file and refuse to run |
| CR32258 | SOL4094 | If pools or members are removed from an active configuration the system might become unstable |
| CR32362 | SOL3895 | ARP responses might be ignored if a VLAN and VLAN group share the same MAC address |
| CR32375 | SOL3896 | Dropped packet counters in netstat and bigpipe interface might be inconsistent |
| CR32760 | SOL3898 | Gratuitous ARP responses are not passed by VLAN groups |
| CR32797 | SOL3899 | The output from bigpipe pool show has omitted priority and ratio information |
| CR32874 | SOL3902 | Use of a forwarding pool with syn cookies can result in the system becoming unstable |
| CR32975 | SOL3904 | One-time auto discovery would continue to run each time 3dnsd was restarted |
| CR32977 | SOL758 | BIG-IP doesn't provide a list from which to select an option in the wide IP port field |
| CR33286 | SOL3906 | The /etc/syslog.conf comments indicate the wrong location of checktrap.pl |
| CR33614 | SOL3907 | The status legend was incorrect |
| CR33627 | SOL3909 | The BIG-IP system attempts to re-use connections to servers that did not close their side |
| CR33664 | SOL3910 | Connections might be reset with a 0 sequence number after a failover |
| CR33713 | SOL3911 | Packets sent from node to client do not reset the connection timer |
| CR33803 | SOL3912 | Unintended limit is placed on the size of input from text boxes using POST |
| CR34199 | SOL3913 | Unstable condition can occur during connection setup with syncookies enabled |
| CR34446 | SOL3915 | Problems with internal interface drivers might make the BIG-IP system unresponsive |
| CR34472 | SOL3915 | 3dpipe syncgroup will not report principle status |
| CR34525 | SOL3917 | The standby may send a gratuitous ARP using the floating IP address |
| CR34608 | SOL3919 | The bigsnmpd might cause the system to become unstable if all interface statistics are read |
| CR34635 | SOL3920 | Error 331789 can occur in the Configuration utility |
| CR34786 | SOL3921 | Dependencies can only be removed in the same multiples they were added |
| CR34852 | SOL3922 | The PVA can become unresponsive if directed to delete connections |
| CR34952 | SOL3957 | System can hang when subjected to a syn flood with SNAT enabled |
| CR35007 | SOL3958 | SNAT can take a long time to find a source port |
| CR35124 | SOL4109 | SSL connections that are not cleanly shutdown are reaped at 1005 seconds |
| CR35216 | SOL3961 | Connections sending data after zero receive window was requested are reset |
| CR35576 | SOL3969 | 3dnsd may crash due to internal mishandling of long error messages |
| CR35420 | SOL3965 | Packets passing through a forwarding virtual server have their TOS bit set to zero |
| CR35424 | SOL3966 | Changing the netmask of a network virtual server does not work |
| CR35476 | SOL3967 | Querying the OID .1.3.6.1.2.1.17.1.1 when FDB has many entries can cause bigsnmpd to become unstable |
| CR35525 | SOL4318 | The system does not send a reset when an established but unused connection is timed out |
| CR35552 | SOL3968 | VLAN failsafe does not always work properly on PVA-equipped systems |
| CR35576 | SOL3969 | 3dnsd may crash due to internal mishandling of long error messages |
| CR35588 | SOL3184 | The bigpipe verify never passes a configuration that contains external classes |
| CR35631 | SOL3971 | Use of very large classes is inefficient and could make the BIG-IP system unresponsive |
| CR35745 | SOL3972 | SMTP health checks can fail if a DNS server is not available |
| CR36548 | SOL4107 | Monitors created in the Configuration utility might have an additional carriage return |
| CR36659 | SOL3922 | Internal commands might cause the PVA to become unresponsive |
| CR36661 | SOL3922 | Internal commands might cause the PVA to become unresponsive |
| CR36863 | SOL3979 | Routers probed by SNMP v1 may be weighted incorrectly |
| CR36926 | SOL3981 | vs_capacity was able to choose down or disabled virtual servers |
| CR36998 | SOL3982 | 3-DNS did not always choose the closest prober |
| CR37147 | SOL3987 | The system might become unstable when running the ANIP kernel and using the bpf device |
| CR37260 | SOL3988 | DMA support is disabled on the D35 platform |
| CR37308 | SOL3989 | Link Controller does not display links that do not match the gateway addresses |
| CR37627 | SOL3991 | Header erase feature is case sensitive |
| CR37627 | SOL3992 | Header erase feature can modify header names |
| CR37741 | SOL3997 | SFD might queue more messages than it can transmit, and might transmit at bad times |
| CR38330 | SOL3277 | mod_ssl is subject to the vulnerability described in CERT VU#303448 |
| CR38332 | SOL4002 | OneConnect drops client acknowledgements while in split pending state |
| CR38368 | SOL4003 | Both reaper water marks are not written when either one is configured |
| CR38372 | SOL3277 | mod_ssl was subject to the vulnerability described in CERT VU#303448 |
| CR38377 | SOL4003 | Both reaper water marks are not written when either one is configured |
| CR38514 | SOL4004 | SNAT processing is inefficient and could cause instability |
| CR38795 | SOL4006 | 3dns could crash during a config sync |
| CR38838 | SOL4007 | Upgrade process did not successfully update the root.hint file |
| CR38873 | SOL4008 | bigipprovider.cgi can not read pool names longer than 32 characters |
| CR39078 | SOL4009 | libpng version 1.0.9 contain security vulnerabilities |
| CR39088 | SOL4010 | Reboot of the active system might result in a failback after reboot |
| CR39175 | SOL4015 | 3-DNS units may become unresponsive when inter-communicating |
| CR39184 | SOL4016 | External ports are set to forwarding rather than blocking mode during start-up |
| CR39211 | SOL4073 | An unstable system might result from inadequate pre-allocated memory pages |
| CR39890 | SOL4022 | FTP health check writes file to /var/tmp |
| CR39978 | SOL4046 | Timeout on SYN retransmission to nodes is reset by client traffic |
| CR39978 | SOL4047 | FIN wait timeout is set based on the time the FIN is received from the client |
| CR39978 | SOL4050 | Lost FIN packets are not retransmitted when closing node-side connections |
| CR39978 | SOL4051 | Client FIN packets are honored while a delayed binding connection is being set up |
| CR39981 | SOL4052 | Multicast traffic is processed, but should be passed unmodified |
| CR40010 | SOL4046 | Timeout on SYN retransmission to nodes is reset by client traffic |
| CR40010 | SOL4047 | FIN wait timeout is set based on the time the FIN is received from the client |
| CR40010 | SOL4050 | Lost FIN packets are not retransmitted when closing node-side connections |
| CR40010 | SOL4051 | Client FIN packets are honored while a delayed binding connection is being set up |
| CR40015 | SOL4055 | Header and cookie insertion is tied to connections, rather than pools |
| CR40034 | SOL4056 | The openssl command might become unstable with ca or ocsp options |
| CR40049 | SOL4046 | Timeout on SYN retransmission to nodes is reset by client traffic |
| CR40049 | SOL4047 | FIN wait timeout is set based on the time the FIN is received from the client |
| CR40049 | SOL4050 | Lost FIN packets are not retransmitted when closing node-side connections |
| CR40049 | SOL4051 | Client FIN packets are honored while a delayed binding connection is being set up |
| CR40055 | SOL4057 | The Configuration utility can become unstable when you define more than 160 SSL proxies |
| CR40106 | SOL4053 | The patch for VU#303448 breaks the interaction between config and genkey |
| CR40135 | SOL4053 | The patch for VU#303448 breaks the interaction between config and genkey |
| CR40193 | SOL4062 | The final FIN acknowledgement is sent with an incorrect sequence number |
| CR40234 | SOL4065 | If you modify or delete a class member, it causes the system to become unstable |
| CR40286 | SOL4068 | Creating a virtual server with an invalid address creates a wildcard virtual |
| CR40294 | SOL4070 | POST requests beginning with a byte value greater than 128 might cause proxyd to become unstable |
| CR40389 | SOL4371 | It is now possible to set the size of the TCP reassembly queue |
| CR40390 | SOL3369 | The BIG-IP system and the 3-DNS Controller are vulnerable to VU#395670 / CAN-2004-0171 |
| CR40428 | SOL3372 | SNMP traps are sent using the wrong OID base |
| CR40433 | SOL4073 | An unstable system might result from an inadequate number of pre-allocated memory pages |
| CR40589 | SOL4075 | SFD might enter a loop and cause high CPU utilization |
| CR40715 | SOL4077 | ICMP checksums are not always updated when changes are made to ICMP messages |
| CR40815 | SOL4076 | UDP packets that lack a checksum have one inserted |
| CR40889 | SOL4083 | Gateway failsafe does not recover when a gateway responds after countdown begins |
| CR40923 | SOL4084 | Bridging storms can cause the system to become unstable |
| CR41017 | SOL4086 | Creating large SNAT pools can cause the system to become unstable |
| CR41076 | SOL3456 | OpenBSD RADIUS authentication bypass vulnerability |
| CR41099 | SOL4087 | The qkview utility might enter an infinite loop and produce a large output file |
| CR41113 | SOL4088 | The syslog utility does not attempt enough retries when logging many simultaneous messages |
| CR41203 | SOL4089 | root.hint file is missing after clean installation |
| CR41220 | SOL3717 | NTP fails when you load the configuration using the Configuration utility |
| CR41267 | SOL4378 | The man page for the dig command is omitted |
| CR41279 | SOL4090 | Deleting all self IP addresses associated with a route might cause the system to become unstable |
| CR41411 | SOL4092 | HTTP version 1.0 keep-alive sessions might not be properly identified |
| CR41473 | SOL4320 | The unit ID of a virtual server may be changed when a rule or pool is modified |
| CR41502 | SOL4094 | If pools or members are removed from an active configuration the BIG-IP system might become unstable |
| CR41519 | SOL4095 | The BIG-IP system rejects HTTP GET requests containing characters with values greater than 128 |
| CR41567 | SOL4380 | Large TCP and UDP timeout values are displayed incorrectly |
| CR41599 | SOL2884 | SNMP VLAN input packet statistics display only bridged packets |
| CR41599 | SOL3024 | The netstat utility does not display VLAN MAC addresses correctlys |
| CR41687 | SOL4398 | Using the bigpipe node command to assign a monitor can cause the BIG-IP system to become unstable |
| CR41715 | SOL4321 | The 3dns_add script would prompt the user to sync a default named.conf file |
| CR41770 | SOL4318 | A reset is not sent when an established but unused connection is timed out |
| CR41863 | SOL4321 | The 3dns_add script would prompt the user to sync a default named.conf file |
| CR41879 | SOL3372 | SNMP traps are sent using the wrong OID base |
| CR41880 | SOL4404 | Adding too many members to a class can cause the Configuration utility to become unstable |
| CR41881 | SOL4405 | High speed interface statistics are reported in the wrong units |
| CR41942 | SOL4407 | Header insert displays error 331903 if the header is too long |
| CR41948 | SOL4408 | Inability to delete files during an upgrade can result in unallocated iNodes |
| CR41952 | SOL3965 | Packets passing through a forwarding virtual server causes the TOS bit to be set to zero |
| CR41969 | SOL4320 | The unit ID of a virtual server might be changed when a rule or pool is modified |
| CR41970 | SOL4409 | Classes that are in use can be deleted |
| CR41971 | SOL3024 | The netstat utility does not display VLAN MAC addresses correctly |
| CR42016 | SOL4107 | Monitors created in the Configuration utility might have an additional carriage return |
| CR42055 | SOL4076 | UDP packets that lack a checksum have one inserted |
| CR42074 | SOL4317 | SNMP walks against bigsnmpd might trigger a memory leak |
| CR42215 | SOL3694 | The bigpipe pool stats reset command can cause a core dump |
| CR42216 | SOL3694 | The bigpipe pool stats reset command can cause a core dump |
| CR42283 | SOL4203 | 3-DNS does not respond to AAAA or A6 records |
| CR42397 | SOL4097 | The Configuration utility might become unstable |
| CR42428 | SOL4097 | The Configuration utility might become unstable |
| CR42429 | SOL4207 | Apache mod_include vulnerability CAN-2004-0940 |
| CR42468 | SOL4099 | Apache mod_include vulnerability CAN-2004-0940 |
| CR42764 | SOL4209 | RRD graphs are being improperly cached |
| CR42842 | SOL4322 | You can now configure the timeout period for loading the configuration |
| CR42843 | SOL4326 | System crashes, panics, and hangs that have been fixed in this release |
| CR42898 | SOL4102 | IP forwarding fails if return traffic matches a SNAT |
| CR43320 | SOL4035 | Web aggregation fails if the server does not advertise MSS |
| CR43392 | SOL4323 | An unnecessary DNS lookup can cause loading of static routes to fail |
| CR43494 | SOL4324 | You can now configure whether or not 3-DNS probes disabled objects |
| CR43530 | SOL4324 | You can now configure whether or not 3-DNS probes disabled objects |
| CR43575 | SOL4325 | Fragmented packets might not be handled correctly |
| CR43577 | SOL4325 | Fragmented packets might not be handled correctly |
| CR43583 | SOL4328 | The ntpd daemon fails to run when more than 128 VLANs exist |
| CR43628 | SOL4326 | System crashes, panics, and hangs that have been fixed in this release |
| CR43629 | SOL4322 | You can now configure the timeout period for loading the configuration |
| CR43633 | SOL4323 | An unnecessary DNS lookup can cause loading of static routes to fail |
| CR43637 | SOL4318 | A reset is not sent when an established but unused connection is timed out |
| CR43643 | SOL4328 | The ntpd daemon fails to run when more than 128 VLANs exist |
| CR43645 | SOL4330 | HTTP HEAD requests might not work with rules, cookie persistence, or web aggregation |
| CR43681 | SOL4409 | Classes that are in use can be deleted |
| CR43682 | SOL4409 | You can configure BIG-IP to use a class that does not exist |
| CR43718 | SOL3633 | Dynamic ratio can select a node that is down |
| CR43810 | SOL3737 | FThe FAN_FAILING, CPU_TOO_HOT, CPU_FAN_FAILING, and POWER_FAILED SNMP traps do not work |
| CR44028 | SOL3325 | The system can become unstable when FTP data connections are reaped |
| CR44246 | SOL4152 | Critical security flaw in the BIG-IP system when OneConnect is enabled |
| CR44247 | SOL4152 | Critical security flaw in the BIG-IP system when OneConnect is enabled |
| CR44248 | SOL4152 | Critical security flaw in the BIG-IP system when OneConnect is enabled |
| CR44270 | SOL4334 | The 3dpipe command now disables a datacenter correctly |
| CR44301 | SOL4326 | System crashes, panics, and hangs that have been fixed in this release |
| CR44302 | SOL4326 | System crashes, panics, and hangs that have been fixed in this release |
| CR44372 | SOL4351 | BIND VU#938617 |
| CR44375 | SOL4326 | System crashes, panics, and hangs that have been fixed in this release |
| CR44376 | SOL4326 | System crashes, panics, and hangs that have been fixed in this release |
| CR44450 | SOL4334 | The 3dpipe command now disables a datacenter correctly |
| CR44557 | SOL4326 | System crashes, panics, and hangs that have been fixed in this release |
| CR44610 | SOL4317 | SNMP walks against bigsnmpd might trigger a memory leak |
| CR44712 | SOL4326 | 3dnsd might become unstable due to internal mishandling of long error messages |
| CR44780 | SOL4336 | The config_ssh script may time out prematurely when attempting to connect |
| CR44781 | SOL4336 | The config_ssh script may time out prematurely when attempting to connect |
| CR45051 | SOL4341 | Connections might be persisted to a down node when any_ip is enabled |
| CR45110 | SOL4341 | Connections might be persisted to a down node when any_ip is enabled |
| CR45121 | SOL3969 | 3dnsd may crash due to internal mishandling of long error messages |
| CR45187 | SOL4550 | The bigpipe man page references incorrect locations for the named.conf and named.boot files |
| CR45207 | SOL4397 | Virtual servers that match a network virtual server might be demoted to software |
| CR45302 | SOL4347 | A specific type of security scan can cause a panic and reboot |
| CR45303 | SOL4347 | A specific type of security scan can cause a panic and reboot |
| CR45349 | SOL3325 | The system can become unstable when FTP data connections are reaped |
| CR45359 | SOL4551 | Any remaining components of the node virtual configuration have been removed |
| CR45383 | SOL4381 | Connections might hang when content length in the response is missing or incorrect |
| CR45386 | SOL4553 | Adding a rate filter causes an error |
| CR45417 | SOL4553 | Adding a rate filter causes an error |
| CR45476 | SOL4555 | The configsync process might not be able to locate required executables |
| CR45477 | SOL4555 | The configsync process might not be able to locate required executables |
| CR45625 | SOL4559 | A small memory leak occurs in 3dnsd when snmpd is restarted |
| CR45736 | SOL4559 | A small memory leak occurs in 3dnsd when snmpd is restarted |
| CR45926 | SOL4542 | Walking the dot1dTpFdbAddress table does not generate any data |
| CR47021 | SOL4551 | Any remaining components of the node virtual configuration have been removed |
Features and fixes released in prior releases
The current release includes the features and fixes that were distributed in prior feature releases, as listed below.
Version 4.6.2
System statistics screen (CR28085)
This release includes a System Graph Statistics screen in the Configuration utility that displays statistics about the BIG-IP system in a graphical format so that you can view changes and trends in statistics over time. The System Graph Statistics screen displays statistics including CPU usage, memory usage, throughput, connections per second, and packets per second.
To view the System Graph Statistics screen, in the left pane of the Configuration utility, click Statistics and then click System Graphs.
ARP requests with incorrect source protocol IP address (CR34526)
The BIG-IP system no longer uses inactive floating self-IP addresses or virtual server addresses in the source protocol address field for ARP requests. If the system cannot generate an ARP request because there is no usable IP address available on a VLAN, the BIG-IP system logs the following warning message to /var/log/messages:
kernel: arpresolve: no usable src addr on iface: <interface_index>
The system may log this message during a config sync from active to standby or during a configuration load on the standby unit. The system may also log this message on BIG-IP systems that have a VLAN configured with only floating self-IP addresses; this type of configuration is not supported.
Support for BIND 9.2.2
This version of the BIG-IP software includes the BIND DNS server version 9.2.2. This version of the BIND software contains security enhancements as well as DNS protocol enhancements. For added security, the named utility now runs in a chroot environment. This version of the Link Controller software does not support A6 or ipv6 (AAAA) records.
Important: If you are currently using BIND version 8, be aware that the file system layout has changed and there are new executables and scripts in version 9.2.2. If you have named.conf or zone-files stored in non-standard locations, you need to move these files before you upgrade to this version of the software. For more information see, BIND 9 file system migration in the Required configuration changes section of this release note.
RSA SecurID authentication
This version of the BIG-IP software includes support for RSA SecurID® authentication, the remote authentication protocol used by RSA ACE/Server® software. RSA SecurID authentication is a two-part authentication mechanism that requires both a user ID and a passcode that changes every 60 seconds. For more information on RSA SecurID authentication, please see http://www.rsasecurity.com/node.asp?id=1156. To configure RSA SecurID authentication, see Configuring RSA SecurID authentication in the Optional configuration changes section of this release note.
Version rollback script
This release includes a rollback script that allows you to return to the previous version of the BIG-IP software, after you upgrade. This script is designed to allow you to rollback the software version in instances where you upgrade before you discover that the new version of the software is incompatible with your specific network configuration. You can use the script to return only within the major version (see SOL4476: BIG-IP Software Lifecycle Policy) of the BIG-IP software that was installed on the system prior to the upgrade. Any configuration changes you make after the upgrade are lost when you run the rollback script.
To use the rollback feature you must create a rollback IM package before you upgrade to a different version of the software.
To create a rollback IM package in /var/tmp/rb using the version 4.6.3 mkrb file, use the following procedure:
- Change your directory to /var/tmp by typing the following command:
cd /var/tmp - Extract the mkrb file from the 4.6.3 upgrade package by typing the following command:
-tar -xzf BIGIP_4.6.3_Upgrade.im usr/local/bin/mkrb - Create the necessary rollback files by typing the following command:
./usr/local/bin/mkrb BIGIP_4.6.3_Upgrade.im
This creates an IM package that you can run on the BIG-IP system if you want to return to the previous version of the software. The IM upgrade package you create is located in the /var/tmp/rb directory.
To install the rollback IM package, type the following commands:
cd /var/tmp/rb
im <rollback_im_package_name>.im
Note: If you install the rollback package created by the script and decide that you want to upgrade to a later version of the software in the future, you will need to use the im -force /var/tmp/rb/<rollback_im_package_name>.im command to install the IM package.
named watchdog
A new variable is included in this release that initiates a failover and restarts the named utility if the named utility fails for any reason. You can enable this variable using the command line utility. Use the following command to enable this feature:
bigpipe db set "Common.Bigip.Failover.OnNamedFail" = true
After you enable or disable this variable, we recommend that you start, stop, and restart the named utility using the following commands:
bigstart startup named
bigstart shutdown named
bigstart restart named
Support for TFTP
This version of the BIG-IP software includes support for TFTP (Trivial File Transport Protocol rev 2 - rfc1350) traffic control. TFTP configuration objects must use TFTP port 69.
System health monitor timing
The algorithm used by the BIG-IP system to perform health monitoring at offset intervals in order to prevent spikes in CPU consumption is improved in this release.
SNMP link up/down traps
New SNMP traps are included in this release. Traps are now issued each time a link goes up or down. The new traps are loadBalTrapLinkUp and loadBalTrapLinkDown.
Version 4.6.1
The OpenSSL package has been upgraded to version 0.9.7d (CR33306) (CR33755)
The OpenSSL package has been upgraded to version 0.9.7d. This upgrade addresses several recent security issues with OpenSSL described in Technical Cyber Security Alert TA04-078A. This version addresses CERT vulnerabilities VU#288574 and VU#484726. For more information on the resolved security issues, see http://www.us-cert.gov/cas/techalerts/TA04-078A.html.
Version 4.6
Passing ICMP packets through a SNAT (CR25315)
This release includes improvements in the way the BIG-IP system handles ICMP echo replies through a SNAT.
When two clients each send an ICMP echo through a SNAT on the BIG-IP system, the system now routes the ICMP echo replies and the ICMP time exceeded message back to the correct client.
In addition, when the BIG-IP system is configured to perform ICMP monitoring, and a client sends an ICMP echo through SNAT automap on the BIG-IP system, the system now correctly routes replies to either the BIG-IP system or the client, as appropriate.
Known issues
The following items are known issues in the current release.
| CR | Solution | Description |
| CR9333 | SOL5189 | Multiple instances of the Configuration utility may overwrite each other |
| CR14294 | SOL765 | 3dnsmaint copies iQuery keys twice to BIG-IP/3-DNS combination systems |
| CR19648 | SOL320 | The splash screen displayed by the first time configuration utility contained erroneous instructions |
| CR20183 | SOL5179 | 3dpipe will not allow pool names that consist only of numerals |
| CR20213 | SOL327 | QOS values may be changed when you configure QOS as the LB mode for a pool |
| CR21513 | SOL334 | The Configuration utility may crash if a router is configured with multiple self addresses |
| CR22131 | SOL327 | QOS values may be changed when you configure QOS as the LB mode for a pool |
| CR23224 | SOL5032 | The Configuration utility does not correctly modify wide IP names |
| CR23564 | SOL783 | Saved a new copies of snmptrap.conf can conflict after an upgrade |
| CR24687 | SOL5277 | Link Controller displays available remote Wide IPs as green, rather than gray |
| CR24734 | SOL5230 | Auto-configuration may incorrectly set the Unit IDs on 3-DNS redundant pairs |
| CR24735 | SOL5230 | Auto-configuration may incorrectly set the Unit IDs on 3-DNS redundant pairs |
| CR24976 | SOL815 | Link to the BIG-IP Link Controller Solutions Guide is missing |
| CR25821 | SOL816 | F5 source addresses are not added to hosts.allow when the support account is enabled |
| CR26154 | SOL327 | QOS values may be changed when you configure QOS as the LB mode for a pool |
| CR26610 | SOL336 | Disabling SNMP traps using the configuration utility causes an error |
| CR27037 | SOL5186 | Changing a self IP address does not change associated bigdb entries |
| CR27219 | SOL5055 | 3dns_add will run on a Link Controller even when no sync group is configured |
| CR27260 | SOL371 | Default gateway pools cannot be changed using the config command |
| CR27486 | SOL389 | BIG-IP Link Controller provides an unhelpful error when you attempt to add grey virtual servers to a Wide IP |
| CR27501 | SOL399 | The config command reports an unnecessary error when a copy of 3dnsd is already running |
| CR27547 | SOL298 | Ratio settings are not available when ratio is used as the alternate load balancing mode |
| CR27650 | SOL433 | Hops factories must be configured by hand before hops LB will work on a Link Controller |
| CR27791 | SOL437 | An error is logged to /var/log/3dns when a router is not configured for a datacenters |
| CR27799 | SOL445 | An error may be reported when syncronizing iQuery keys |
| CR28057 | SOL461 | Changing the port of a virtual server will result in multiple virtual server statements |
| CR28072 | SOL467 | It is possible to partially remove a link by deleting its self address and VLAN |
| CR28099 | SOL486 | 3-DNS will still use BIG-IPs for probing when all prober factories have been deleted |
| CR28228 | SOL509 | The BIG-IP Link Controller might display a 331781 memory error, but not fail the operation that caused the error |
| CR28529 | SOL509 | The BIG-IP Link Controller might display a 331781 memory error, but not fail the operation that caused the error |
| CR29751 | SOL3783 | The verify command rejects configurations using SNAT connection mirroring |
| CR29967 | SOL2853 | The Wide IP Port drop down box can only list pre-configured ports |
| CR30783 | SOL2942 | Default gateway entry is converted to a default gateway pool |
| CR31239 | SOL1865 | Must use the command line to clear LDNS statistics |
| CR31946 | SOL1902 | Must configure a self IP address for a new system before using 3dnsmaint to set up SSH communication |
| CR32755 | SOL573 | In rare cases, a BIG-IP object with an address of 127.0.0.1 may be created |
| CR32762 | SOL591 | The random pool load balancing mode distributes connections using a fixed ratio |
| CR32977 | SOL2853 | The Wide IP Port drop down box can only list pre-configured ports |
| CR33161 | SOL604 | Autoconf may not add all virtual servers when intially run after configuring the 3-DNS |
| CR33815 | SOL761 | The table that contains Nokia NetAct SNMP traps may grow very large and use disk space |
| CR34267 | SOL4717 | BIG-IP changes the interface media settings after running the Setup utility |
| CR34599 | SOL2325 | The gray virtual server status was not documented |
| CR35019 | SOL763 | Link Controllers will not display stats for virtual servers that are not part of a Wide IP |
| CR35320 | SOL309 | The telnet and FTP servers are not started when you enable telnet and FTP |
| CR36729 | SOL764 | Wide IPs created in the Link Controller Configuration utility are not included in NameSurfer |
| CR36811 | SOL310 | Link statistics are not displayed correctly after links are added or removed |
| CR37919 | SOL676 | File locking is not performed when running the 3dns_add and sync_zones scripts |
| CR38086 | SOL145 | Copper gigabit switch ports should not allow manual media settings |
| CR38087 | SOL145 | Copper gigabit switch ports should not allow manual media settings |
| CR38163 | SOL681 | The Explicit IP, Return to DNS, None, and Drop Packet load balancing modes do not work correctly |
| CR38193 | SOL688 | The hops, RTT, and QOS LB modes will return a single virtual server if probing is disabled |
| CR38340 | SOL692 | Sync groups will allow synchronization across versions |
| CR38491 | SOL688 | The hops, RTT, and QOS LB modes will return a single virtual server if probing is disabled |
| CR39381 | SOL150 | Disabling a link by name in an application object does not work |
| CR40319 | SOL694 | An error is displayed if you refresh the Configuration utility after creating a link |
| CR41799 | SOL298 | Ratio settings are not available when ratio is used as the alternate load balancing mode |
| CR41803 | SOL2942 | Default gateway entry is converted to a default gateway pool |
| CR41805 | SOL309 | The telnet and FTP servers are not started when you enable telnet and FTP |
| CR41807 | SOL310 | Link statistics are not displayed correctly after links are added or removed |
| CR41810 | SOL320 | Cannot access the Configuration utility after running the Setup utility |
| CR41811 | SOL327 | QOS values may be changed when you configure QOS as the LB mode for a pool |
| CR41812 | SOL328 | Ports List page does not display the ports enabled for a wide IP |
| CR41814 | SOL334 | For multi-homed routers, you must configure 3-DNS with a link to the router that uses a self IP address on each of the multi-homed networks |
| CR41824 | SOL371 | Default gateway pools cannot be changed using the config command |
| CR41825 | SOL389 | BIG-IP Link Controller provides an unhelpful error when you attempt to add grey virtual servers to a Wide IP |
| CR41826 | SOL399 | The config command reports an unnecessary error when a copy of 3dnsd is already running |
| CR41828 | SOL433 | Hops factories must be configured by hand before hops LB will work on a Link Controller |
| CR41829 | SOL437 | An error is logged to /var/log/3dns when a router is not configured for a datacenters |
| CR41830 | SOL445 | An error may be reported when syncronizing iQuery keys |
| CR41832 | SOL461 | Changing the port of a virtual server will result in multiple virtual server statements |
| CR41833 | SOL467 | It is possible to partially remove a link by deleting its self address and VLAN |
| CR41834 | SOL486 | 3-DNS will still use BIG-IPs for probing when all prober factories have been deleted |
| CR41837 | SOL509 | The BIG-IP Link Controller might display a 331781 memory error, but not fail the operation that caused the error |
| CR41844 | SOL573 | In rare cases, a BIG-IP object with an address of 127.0.0.1 may be created |
| CR41845 | SOL591 | The random pool load balancing mode distributes connections using a fixed ratio |
| CR41847 | SOL604 | Autoconf may not add all virtual servers when intially run after configuring the 3-DNS |
| CR41854 | SOL676 | File locking is not performed when running the 3dns_add and sync_zones scripts |
| CR41855 | SOL681 | The Explicit IP, Return to DNS, None, and Drop Packet load balancing modes do not work correctly |
| CR41856 | SOL688 | The hops, RTT, and QOS LB modes will return a single virtual server if probing is disabled |
| CR41857 | SOL692 | Sync groups will allow synchronization across versions |
| CR41858 | SOL688 | The hops, RTT, and QOS LB modes will return a single virtual server if probing is disabled |
| CR41860 | SOL694 | An error is displayed if you refresh the Configuration utility after creating a link |
| CR41876 | SOL2853 | The Wide IP Port drop down box can only list pre-configured ports |
| CR41877 | SOL761 | The table that contains Nokia NetAct SNMP traps may grow very large and use disk space |
| CR41878 | SOL763 | Link Controllers will not display stats for virtual servers that are not part of a Wide IP |
| CR41882 | SOL764 | Wide IPs created in the Link Controller Configuration utility are not included in NameSurfer |
| CR41884 | SOL765 | 3dnsmaint copies iQuery keys twice to BIG-IP/3-DNS combination systems |
| CR41889 | SOL783 | Saved a new copies of snmptrap.conf can conflict after an upgrade |
| CR41890 | SOL815 | Link to the BIG-IP Link Controller Solutions Guide is missing |
| CR41891 | SOL816 | F5 source addresses are not added to hosts.allow when the support account is enabled |
| CR41894 | SOL5055 | 3dns_add will run on a Link Controller even when no sync group is configured |
| CR41909 | SOL1865 | Must use the command line to clear LDNS statistics |
| CR41912 | SOL1902 | Must configure a self IP address for a new system before using 3dnsmaint to set up SSH communication |
| CR42147 | SOL4717 | BIG-IP changes the interface media settings after running the Setup utility |
| CR46509 | SOL4497 | Switch appliances do not send an SNMP trap when booting because the switch ports are disabled |
| CR46906 | SOL5150 | The default values shown for WideIP load-balancing in on-line help and wideip.conf are incorrect |
| CR46907 | SOL5150 | The default values shown for WideIP load-balancing in on-line help and wideip.conf are incorrect |
| CR47235 | SOL4572 | The login.conf file may be overwritten during an upgrade |
| CR47236 | SOL4572 | The login.conf file may be overwritten during an upgrade |
| CR47276 | SOL4574 | BIG-IP and 3-DNS will not prevent you from installing unsupported versions on older hardware |
| CR47330 | SOL5219 | Auto-configuration is disabled by default for Link Controller |
| CR47331 | SOL5219 | Auto-configuration is disabled by default for Link Controller |
| CR48152 | SOL4809 | BIG-IP and 3-DNS are vulnerable to CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280 |
| CR48153 | SOL4809 | BIG-IP and 3-DNS are vulnerable to CAN-2005-1278, CAN-2005-1279, and CAN-2005-1280 |
| CR49272 | SOL4532 | The BIG-IP system and 3-DNS Controller are vulnerable to CAN-2005-0758, CAN-2005-0988, and CAN-2005-1228 |
| CR49273 | SOL4532 | The BIG-IP system and 3-DNS Controller are vulnerable to CAN-2005-0758, CAN-2005-0988, and CAN-2005-1228 |
| CR49336 | SOL4616 | BIG-IP and 3-DNS are vulnerable to CAN-2005-0488 |
| CR49337 | SOL4616 | BIG-IP and 3-DNS are vulnerable to CAN-2005-0488 |
| CR58321 | SOL6551 | Changes in US and Canada Daylight Saving Time |
