Applies To:
Show VersionsLink Controller
- 4.5 PTF-02
Updated Date: 04/18/2019
Summary:
This product temporary fix (PTF) provides enhancements and fixes for the BIG-IP Link Controller software, version 4.5. The PTF includes all fixes released since version 4.5, including fixes originally released in prior PTFs, and it is recommended only for those customers who want the enhancements and fixes listed below. You can apply the software upgrade only to BIG-IP Link Controller software, version 4.5 and later. For information about installing the PTF, please refer to the instructions below.
Contents:
Installing the PTF
Important: If you are upgrading a Link Controller redundant system, both units must be upgraded. We do not support running different PTF versions on a Link Controller redundant system. Additionally, If you are updating the Link Controller module on a BIG-IP system, refer to the BIG-IP, version 4.5 PTF-02 note for instructions on installing the PTF.
Apply the PTF to the BIG-IP Link Controller, version 4.5 using the following process. Note that the installation script saves your current configuration.
Note: If you have installed prior PTFs, this installation does not overwrite any configuration changes that you made for prior PTFs.
Important: If you are upgrading an IP Application Switch or a Link Controller unit that uses a CompactFlash® media drive, use the installation instructions here.
- Change to the /var/tmp/ directory by typing:
cd /var/tmp/
- Connect to the F5 Networks FTP site (ftp.f5.com).
- Use FTP in passive mode from the BIG-IP unit to download the file. To place FTP in passive mode, type pass at the command line before transferring the file.
- Download the PTF file BIGIP_4.5PTF-02.im to the /var/tmp/ directory on the Link Controller.
- To install this PTF, type the following command:
im BIGIP_4.5PTF-02.imThe Link Controller automatically reboots once it completes installation.
To upgrade an IP Application Switch or a CompactFlash media drive, use the following process.
- Create a memory file system, by typing the following:
mount_mfs -s 200000 /mnt
- Type the following command:
cd /mnt
- Connect to the FTP site (ftp.f5.com).
- Download the PTF file, BIGIP_4.5PTF-02.im, from the /crypto/bigip/ptfs/bigip45ptf2/ directory.
- On the BIG-IP unit, run the im upgrade script:
im /mnt/BIGIP_4.5PTF-02.imWhen the im script is finished, the Link Controller reboots automatically.
Note: This procedure provides over 90MB of temporary space on /mnt. The partition and the im package file are deleted upon rebooting.
Software enhancements and fixes
Whats new in this PTF
Enhancements to inbound load balancing
This PTF adds a new load balancing method, fallback, and two new load balancing modes for the fallback method, drop_packet and explicit_ip. The fallback method and load balancing modes are applicable to inbound load balancing only. The Link Controller uses the fallback method when the preferred and alternate load balancing modes do not provide an available virtual server to return as an answer to a query. When you specify the drop_packet mode, the Link Controller does nothing with the packet, and simply drops the request. (Note that a typical LDNS server iteratively queries other authoritative name servers when it times out on a query.) When you specify the explicit_ip mode, the 3-DNS Controller returns the IP address that you specify as the fallback IP as an answer to the query. Note that the IP address that you specify is not monitored for availability before being returned as an answer. When you use the explicit_ip mode, you can specify a disaster recovery site to return when no load balancing mode returns an available virtual server.
You can configure the fallback method only from the command line. For information on configuring the fallback method and load balancing mode, see the Configuring the fallback method for inbound load balancing section of this PTF note.
Whats fixed in this PTF
UDP checksums and TFTP packets (CR22113, CR25181)
In rare instances, the checksums for TFTP packets were incorrect. This issue has been resolved.
Resets (RSTs) with incorrect sequence numbers (CR22219)
Resets (RSTs) from aging-out connections no longer cause some connections to hang due to incorrect sequence numbers for the resets.
Apache web server and the CERT Coordination Center vulnerability, VU#672683 (CR24689)
This PTF addresses the vulnerability in the Tomcat package for the Apache web server that is described in Vulnerability Note VU#672683 on the CERT® Coordination Center website. For more information on the vulnerability, see http://www.kb.cert.org/vuls/id/672683.
iControl BaseServer::get_interfaces function and the 3dnsd process (CR24912)
The following iControl function, ITCMGlobalLB::BaseServer::get_interfaces, no longer causes the 3dnsd process to stop running when you specify an invalid type within the function.
Root servers list for BIND (CR25064)
The root servers list file for BIND, root.hint, has been updated to include the most current list of root servers.
Invalid metrics statistics and graphs for down remote links (CR25146)
The Link Statistics screen, in the Configuration utility, no longer displays very large, invalid values for remote links that are down (red ball). The link statistics graphs now accurately display the data for both the link that is down, and any available links.
Using a serial terminal as a console (CR25183)
This PTF fixes the serial terminal as the console functionality, as described in the 3-DNS Reference Guide, Chapter 6, Monitoring and Administration, so that it works with all 2U controller platforms.
Enhancements and fixes released in prior PTFs
Version 4.5 PTF-01
CA-2002-31, Multiple Vulnerabilities in BIND
This PTF addresses the security vulnerabilities that are listed in CERT® advisory, CA-2002-31, Multiple Vulnerabilities in BIND. This PTF upgrades the BIND package to version 8.3.4. For more information on the CERT advisory, see http://www.cert.org/advisories/CA-2002-31.html.
Support for the 2400 platform
This release includes enhanced support for the F5 Networks 2400 platform.
Viewing licensing error log files from the Configuration utility (CR25055)
You can now view the log files for errors that occur during the licensing process using the Configuration utility. A View Log File button appears on the licensing screen when the licensing process generates errors.
Configuration changes
The following section provides information about optional configuration changes.
Optional configuration changes
Configuring the fallback method for inbound load balancing
You configure the fallback method only at the command line, by editing the wideip.conf file. You can specify either the drop_packet load balancing mode, or the expicit_ip load balancing mode. Note that if you specify the explicit_IP mode, you also specify a fallback IP address (fallback_ip).
To configure the fallback method using the drop_packet mode
- To ensure that the configuration files contain the same information as the memory cache, type the following command:
3ndc dumpdb
- Open the /etc/wideip.conf file in a text editor (either vi or pico).
- Use the syntax highlighted below to configure the fallback method with the drop_packet mode.
- Save and close the file.
- Commit the changes to the configuration by typing:
3ndc reload
wideip { ... pool { name "Pool" dynamic_ratio yes preferred qos alternate rr fallback drop_packet address <vs_ip_address> address <vs_ip_address> |
To configure the fallback method using the explicit_ip mode
- To ensure that the configuration files contain the same information as the memory cache, type the following command:
3ndc dumpdb
- Open the /etc/wideip.conf file in a text editor (either vi or pico).
- Use the syntax highlighted below to configure the fallback method with the explicit_ip mode.
- Save and close the file.
- Commit the changes to the configuration by typing:
3ndc reload
wideip { ... pool { name "Pool" dynamic_ratio yes preferred qos alternate rr fallback explicit_ip fallback_ip <ip_address> address <vs_ip_address> address <vs_ip_address> |
Known issues
The following items are the known issues identified since the release of BIG-IP Link Controller, version 4.5. For a list of the known issues in the 4.5 release, refer to the BIG-IP Link Controller, version 4.5 release note .
Deleting hardware-accelerated connections (CR22494)
You cannot force the BIG-IP system to delete hardware-accelerated connections using the bigpipe command, b conn delete all. The BIG-IP system, however, does delete hardware-accelerated connections when the system initiates the delete command.
Creating pools and the admin VLAN (CR22599)
If you create a pool that uses the admin VLAN, the system cannot use hardware acceleration for that pool. We recommend that you do not use the admin VLAN for load balancing connections.
SNAT automap and acceleration (CR24959)
If you configure SNAT automap and do not associate the SNAT with a virtual server, the traffic is not accelerated. Note that you can associate the SNAT with a wildcard virtual server to accelerate any SNAT automap traffic.
Changing the hardware acceleration mode and resetting connections (CR25009)
When you change the hardware acceleration mode for a pool, and there are current connections for the nodes in the pool, the connections do not reset when you use the b conn reset command. The connections do close when they reach their time-to-live (TTL).
Invalid OID for the shutdown trap in the SNMP MIB (CR25059)
The shutdown trap, in the SNMP MIB, has an invalid object identifier (OID) associated with it. Therefore, this trap does not function properly.
b conn dump verbose command does not display correct values for packet counts or byte counts (CR25119)
The bigpipe command, b conn dump verbose, displays incorrect values for packet counts and byte counts.
Default gateway pool does not display properly when there is only a single pool member (CR25141)
In the Configuration utility, on the Outbound LB screen, the default gateway pool does not display properly when you define only one router when you first run the Setup utility. Once you configure a link for that router, the default gateway pool displays properly on the Outbound LB screen.
Microsoft® Internet Explorer security settings and the Link Configuration screens (CR25444)
If you are using a browser session in Internet Explorer to view the Configuration utility, and you have changed the security level for the browser to a setting higher than Medium (the default), then the Link Configuration screens do not work properly. The errors in the Link Configuration screens occur because the Link Controller's web server uses cookies. To avoid this error, set the security level for the browser session to Medium or lower.
MAC masquerade addresses and forcing a system to standby (CR25453)
When you purposefully change the state on a BIG-IP unit in a redundant system from active to standby, the first octet of the MAC address for any self IPs that you have configured may change to 02. This happens only when your configuration meets all of the following conditions:
- You are running BIG-IP HA software
- You have VLANs that are not a part of a VLAN group
- The self IPs for those VLANs have a MAC masquerade address configured
- You force the active unit in a redundant system to standby, without rebooting
Turning off Total Traffic Limit after setting all limits (CR25466)
In the Configuration utility on the Link Configuration screen, you cannot turn off the total traffic limit for a link once you have configured a limit for total traffic. This occurs only when you configure bandwidth limits for inbound traffic, outbound traffic, and total traffic, and then later try to turn off only the total traffic limit setting. If you want to turn off the limit setting for total traffic, and you have configured limits for inbound traffic, outbound traffic, and total traffic, then you must clear the limits for all three settings, and then reset the limits for inbound traffic and outbound traffic only.
Changes in US and Canada Daylight Saving Time (CR58321)
The Energy Policy Act of 2005, which was passed by the US Congress in August 2005, changed both the start and end dates for Daylight Saving Time in the United States, effective March 2007. Canada is also adopting this change. The resulting changes are not reflected in this version of the product software. To find out more about this issue, refer to SOL6551: F5 Networks software compliance with the Energy Policy Act of 2005.