Release Notes : BIG-IP AAM 11.4.1

Applies To:

Show Versions Show Versions


  • 11.4.1
Release Notes
Original Publication Date: 05/20/2014 Updated Date: 04/18/2019


This release note documents the version 11.4.1 release of BIG-IP Application Acceleration Manager. You can apply the software upgrade to systems running software versions 10.1.0 (or later) or 11.x.


Supported platforms

This version of the software is supported on the following platforms:

Platform name Platform ID
BIG-IP 800 (LTM only) C114
BIG-IP 1600 C102
BIG-IP 3600 C103
BIG-IP 3900 C106
BIG-IP 6900 D104
BIG-IP 8900 D106
BIG-IP 8950 D107
BIG-IP 11000 E101
BIG-IP 11050 E102
BIG-IP 2000s, BIG-IP 2200s C112
BIG-IP 4000s, BIG-IP 4200v C113
BIG-IP 5000s, BIG-IP 5200v

BIG-IP 5x50 (requires 11.4.1 HF3)

BIG-IP 7000s, BIG-IP 7200v

BIG-IP 7x50 (requires 11.4.1 HF3)

BIG-IP 10x50 (requires 11.4.1 HF3) D112
BIG-IP 10000s, BIG-IP 10200v D113
VIPRION B2100 Blade A109
VIPRION B2150 Blade A113
VIPRION B2250 Blade (requires 11.4.1 HF1) A112
VIPRION C2400 Chassis F100
VIPRION B4100, B4100N Blade A100, A105
VIPRION B4200, B4200N Blade A107, A111
VIPRION B4300, B4340N Blade A108, A110
VIPRION C4400, C4400N Chassis J100, J101
VIPRION C4480, C4480N Chassis J102, J103
VIPRION C4800, C4800N Chassis S100, S101
Virtual Edition (VE) Z100
vCMP Guest Z101

These platforms support various licensable combinations of product modules. This section provides general guidelines for module support.

Most of the support guidelines relate to memory on the platform or provisioned guest. For vCMP support and for Policy Enforcement Module (PEM), Carrier-Grade NAT (CGNAT), and the BIG-IP 800 platform, the following list applies for all memory levels:

  • vCMP supported platforms
    • VIPRION B2100, B2150, B2250, B4200, B4300, B4340N
    • BIG-IP 5200v, 7200v, 10200v
  • PEM and CGNAT supported platforms
    • VIPRION B2150, B2250, B4300, B4340N
    • BIG-IP 5200v, 7200v, 10200v
    • BIG-IP Virtual Edition (VE) (Not including Amazon Web Service Virtual Edition)
    • PEM and CGNAT may be provisioned on the VIPRION B4200, but it is not recommended for production, only for evaluation. PEM may be provisioned on the VIPRION B2100, but it is not recommended for production, only for evaluation. Use the B4300 or B4340N instead.
  • BIG-IP 800 platform support
    • The BIG-IP 800 platform supports Local Traffic Manager (LTM) only, and no other modules.

Memory: 12 GB or more

All licensable module-combinations may be run on platforms with 12 GB or more of memory, and on VE and vCMP guests provisioned with 12 GB or more of memory.

Memory: 8 GB

The following guidelines apply to the BIG-IP 2000s, 2200s, 3900, 6900 platforms, to the VIPRION B4100 and B4100N platforms, and to VE guests configured with 8 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus does not fit in this category.)

  • No more than three modules should be provisioned together.
  • On the 2000s and 2200s, Application Acceleration Manager (AAM) can be provisioned with only one other module.
  • Note that Global Traffic Manager (GTM) and Link Controller (LC) do not count toward the module-combination limit.

Memory: Less than 8 GB and more than 4 GB

The following guidelines apply to platforms, and to VE and vCMP guests provisioned with less than 8 GB and more than 4 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus fits in this category).

  • No more than three modules (not including AAM) should be provisioned together.
  • Application Acceleration Manager (AAM) cannot be provisioned with any other module; AAM can only be provisioned standalone.
  • Note that GTM and LC do not count toward the module-combination limit.
  • Analytics (AVR) counts towards the two module-combination limit (for platforms with less than 6.25 GB of memory).

Memory: 4 GB or less

The following guidelines apply to the BIG-IP 1600 and 3600 platforms, and to VE and vCMP guests provisioned with 4 GB or less of memory.

  • No more than two modules may be configured together.
  • AAM should not be provisioned, except as Dedicated.

VIPRION and vCMP caching and deduplication requirements

Application Acceleration Manager (AAM) supports the following functionality when configuring vCMP and VIPRION platforms.

  • AAM does not support disk-based caching functionality on vCMP platforms. AAM requires memory-based caching when configuring it to run on vCMP platforms.
  • AAM supports disk-based caching functionality on VIPRION chassis or blades.
  • AAM does not support deduplication functionality on vCMP platforms, or VIPRION chassis or blades.

vCMP memory provisioning calculations

The amount of memory provisioned to a vCMP guest is calculated using the following formula: (platform_memory - 3 GB) x (cpus_assigned_to_guest / total_cpus).

As an example, for the B2100 with two guests, provisioned memory calculates as: (16-3) x (2/4) ~= 6.5 GB.

Configuration utility browser support

The BIG-IP Configuration Utility supports these browsers and versions:

  • Microsoft Internet Explorer 8.x and 9.x
  • Mozilla Firefox 15.0.x
  • Google Chrome 21.x

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IP AAM / VE 11.4.1 Documentation page.

New in 11.4.1

Configuration utility configuration for Application Acceleration Manager

This release provides browser-based controls for configuring symmetric Application Acceleration Manager deployments.

Maximized Enterprise Application Delivery Value

To make it easier and more affordable to get the Software Defined Application Services capabilities all organizations need, F5 introduces three software bundle offerings: Good, Better, and Best.
Provides intelligent local traffic management for increased operational efficiency and peak network performance of applications.
Good plus enhanced network security, global server load balancing, and advanced application delivery optimization.
Better plus advanced access management and total application security. Delivers the ultimate in security, performance, and availability for your applications and network.
You can learn more about these new software bundles from your F5 Networks Sales Representative.

New in 11.4.0

Integrated Application Acceleration Manager

This release integrates WebAccelerator module (WAM) and WAN Optimization Manager (WOM) functionality into the Application Acceleration Manager (AAM). When licensed, you can provision this functionality by configuring the Application Acceleration Manager (AAM) settings on the Resource Provisioning screen.

Application Acceleration Manager (AAM) VCMP

In this release, the Application Acceleration Manager (AAM) runs on a Virtual Clustered Multiprocessing (vCMP) hypervisor.

Minification and Inlining

In this release, you can use inlining optimization of CSS and JavaScript files to reduce the number and sizes of files transferred across a network, thus improving the acceleration of traffic, and use minification, and reordering to improve the speed that browsers render content.

Symmetric Functionality

Operating symmetrically, the BIG-IP acceleration functionality, using both Web Application and Symmetric Optimization functionality, or using Web Application functionality alone, caches objects from origin web servers and delivers them directly to clients. The BIG-IP device handles both static content and dynamic content, by processing HTTP responses, including objects referenced in the response, and then sending the included objects as a single object to the browser. This form of caching reduces server TCP and application processing, improves web page loading time, and reduces the need to regularly expand the number of web servers required to service an application.

Video Delivery Optimization

BIG-IP video delivery optimization provides you with the ability to retrieve and accelerate an on-demand video stream from an origin web server. The BIG-IP system sends client requests for the video stream to an origin web server, caches the response video segments, and sequentially sends optimized video responses to all authorized users. Additionally, video delivery optimization enables you to associate video advertisements with a video stream, providing the ability to preroll advertisements, or to insert advertisements as specified by a video advertisement policy.

SPDY Profile

This release provides a Local Traffic Manager SPDY profile that you can use for SPDY client requests and responses. You can use a SPDY profile to minimize latency of HTTP requests by multiplexing streams and compressing headers. When you assign a SPDY profile to an HTTP virtual server, the HTTP virtual server informs clients that a SPDY virtual server is available to respond to SPDY requests.

Forward Error Correction (FEC)

FEC is an acceleration technique that controls data transmission errors over unreliable or lossy communication channels, without retransmission.

IPComp Support in IPsec

IP Payload Compression Protocol (IPComp) provides a mechanism to compress non-TCP traffic in iSession deployments, resulting in improved bandwidth utilization across WAN.

Jumbo frames support

In this release, iSession deployments now support jumbo frames.

Installation overview

This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Active-Standby Systems and BIG-IP Systems: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.

Installation checklist

Before you begin:

  • Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x).
  • Update/reactivate your system license, if needed, to ensure that you have a valid service check date.
  • Ensure that your system is running version 10.1.0 or later and is using the volumes formatting scheme.
  • Download the .iso file (if needed) from F5 Downloads to /shared/images on the source for the operation. (If you need to create this directory, use the exact name /shared/images.)
  • Configure a management port.
  • Set the console and system baud rate to 19200, if it is not already.
  • Log on as an administrator using the management port of the system you want to upgrade.
  • Boot into an installation location other than the target for the installation.
  • Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to a safe place on another device.
  • Log on to the standby unit, and only upgrade the active unit after the standby upgrade is satisfactory.
  • Turn off mirroring.
  • If you are running Application Acceleration Manager, set provisioning to Minimum.
  • If you are running Policy Enforcement Manager, set provisioning to Nominal.
  • If you are running Advanced Firewall Manager, set provisioning to Nominal.

Installing the software

You can install the software at the command line using the Traffic Management shell, tmsh, or in the browser-based Configuration utility using the Software Management screens, available in the System menu. Choose the installation method that best suits your environment.
Installation method Command
Install to existing volume, migrate source configuration to destination tmsh install sys software image [image name] volume [volume name]
Install from the browser-based Configuration utility Use the Software Management screens in a web browser.

Sample installation command

The following command installs version 11.2.0 to volume 3 of the main hard drive.

tmsh install sys software image BIGIP- volume HD1.3

Post-installation tasks

This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Active-Standby Systems and BIG-IP Systems: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.

After the installation finishes, you must complete the following steps before the system can pass traffic.
  1. Ensure the system rebooted to the new installation location.
  2. Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x).
  3. Log on to the browser-based Configuration utility.
  4. Run the Setup utility.
  5. Provision the modules.
  6. Convert any bigpipe scripts to tmsh. (Version 11.x does not support the bigpipe utility.)
Note: You can find information about running the Setup utility and provisioning the modules in the BIG-IP TMOS implementations Creating an Active-Standby Configuration Using the Setup Utility and Creating an Active-Active Configuration Using the Setup Utility.

Installation tips

  • The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.
  • You can check the status of an active installation operation by running the command watch tmsh show sys software, which runs the show sys software command every two seconds. Pressing Ctrl + C stops the watch feature.
  • If installation fails, you can view the log file. The system stores the installation log file as /var/log/liveinstall.log.

Upgrading from earlier versions

Your upgrade process differs depending on the version of software you are currently running.

Warning: Do not use the 10.x installation methods (the Software Management screens, the b software or tmsh sys software commands, or the image2disk utility) to install/downgrade to 9.x software or operate on partitions. Depending on the operations you perform, doing so might render the system unusable. If you need to downgrade from version 10.x to version 9.x, use the image2disk utility to format the system for partitions, and then use a version 9.x installation method described in the version 9.x release notes to install the version 9.x software.

Upgrading from version 10.1.0 (or later) or 11.x

When you upgrade from version 10.1.0 (or later) or 11.x software, you use the Software Management screens in the Configuration utility to complete these steps. To open the Software Management screens, in the navigation pane of the Configuration utility, expand System, and click Software Management. For information about using the Software Management screens, see the online help.

Upgrading from versions earlier than 10.1.0

You cannot roll forward a configuration directly to this version from BIG-IP version 4.x, or from BIG-IP versions 9.0.x through 9.6.x. You must be running version 10.1.0 software. For details about upgrading to those versions, see the release notes for the associated release.

Automatic firmware upgrades

If this version includes new firmware for your specific hardware platform, after you install and activate this version, the system might reboot additional times to perform all necessary firmware upgrades.

Fixes in 11.4.1

ID Number Description
ID 420893 When RAM or disk space becomes low abruptly while under heavy image optimization or pdf linearization load, wamd will no longer core.
ID 417901 Validation check now accepts valid mime-type and regex characters.
ID 416872 Remote WA now honors OWS's 'Cache-Control: no-store' header.
ID 416527 "Remote WAM is now able to see the central's WA-Info header. However, due to some limitation in WAM, central's WA-Info code only gets updated on 200 responses. More specifically, if remote proxies to central due to cache expiration or invalidation, the central's WA-Info code remains the same at the remote if the response is a 304."
ID 408694 Broadcast setting is now correctly retained after changing a rule.
ID 406205 WebAccelerator now passes traffic after changing AAM provisioning to Dedicated.

Fixes in 11.4.0

ID Number Description
ID 382841 WebAccelerator Performance Reports no longer report an error with a wrong node name.
ID 387886 Fixed a crash in the woc_plugin process when running the WAN Optimization Manager.
ID 394065 Invalidation of cached contents on a cluster no longer causes one re-validation per blade.
ID 394536 Fixed a defect which could cause TMM to core and restart when Access Policy Manager or WebAccelerator handles certain poorly formatted HTML href attributes.
ID 395915 WA now handles a rare out of memory condition and successfully tears down the connection when it happens, avoiding a TMM core.
ID 396982 A memory leak has been eliminated.
ID 397761 Fixed a potential memory leak in mcpd when running WebAccelerator.
ID 399507 When a URL is embedded within a query string and its response had previously been cached in WAM, we no longer erroneously serve that response to the client rather than processing the URL that is being requested.
ID 399967 Client connections are no longer incorrectly reset for virtual servers with Application Security Manager and WebAccelerator configured after a change is done in the associated Web Acceleration profile.
ID 403954 Range requests and linearized PDFs now return correct content when requesting any content in up to the last 256K of the file's content.

Behavior changes in 11.4.1

There are no Application Acceleration Manager-specific behavior changes specified for this release.

Behavior changes in 11.4.0

ID Number Description
385953 Since this change, WAM will IBR content that has variation setting on Method.
390273 WA will only cache after seeing 5 hits.
410616 Some previously WAM- and WOM-provisionable platforms will no longer be provisionable for AAM.

Known issues

ID Number Description
ID 204432 (CR109097) The system does not log a warning if local advertised routes conflict with advertised routes on remote endpoints. Having two systems with conflicting routes is most likely a configuration error. Workaround:
ID 219763 If a virtual server running both the Application Security Manager and the WebAccelerator system receives an HTTP request that contains a null character, the WebAccelerator system replaces the null character with a space. The null character is removed from the HTTP request header, so this request does not trigger the HTTP Protocol Compliance violation Null in request. This behavior has no other effect on how the request is processed. Workaround:
ID 222201 If you change the compression or deduplication options for the iSession profile on a BIG-IP system that is running both the WAN Optimization Module and the WebAccelerator system, you must also clear the RAM cache from the command line. To clear the RAM cache, use the command b profile http <http profilename> ramcache entry all delete. If you do not clear the RAM cache after changing these options, the WebAccelerator system may not accelerate the HTTP traffic as expected. Workaround:
ID 222545 In the case of an abnormal TCP connection reset, the iSession connection is terminated and reset. While this action is transparent to the user, this action might appear in diagnostics. Workaround:
ID 223191 (CR128182) If you remove all remote endpoints from a configuration, any active dashboard continues to show the last remote endpoint as connected. To refresh the screen, close the dashboard and then reopen it. Workaround:
ID 223434 (CR129753) For active FTP, the system changes the data ports advertised by the server, so the client might see a different port than the one originally sent by the server. For passive FTP, the system changes the data ports advertised by the client, so the server might see a different port than the one originally sent by the client. In both cases, the data transfers are successful. Workaround:
ID 223624 An initial active FTP connection fails when dynamic discovery is enabled and allow routing is disabled on the remote peer. Active FTP connections are initiated from the FTP server to the FTP client. When the FTP server initiates this connection, the allow routing option of the remote endpoint is enabled. To avoid the initial failure, enable outbound connections before initiating FTP traffic. On the Remote Endpoints List screen (Acceleration > Symmetric optimization > Remote Endpoints), click the name of the remote endpoint. On the Properties screen that opens, select the Outbound Connections check box, and then click Update. Workaround:
ID 223947 When the BIG-IP system is under a heavy load, you may see occasional spikes on the Bandwidth Gain graphs on the WAN Optimization dashboard. A system delay in reporting the statistics to the dashboard causes the delay, which is usually about twice the average amount. Workaround:
ID 293593 (CR132785) If the datastor disk mode is disabled when you provision Application Acceleration Manager (AAM) along with any other module and then you enable the datastor disk, you must restart the system to show the correct datastor size. Workaround:
ID 335216 (CR128965) If you use the smbclient (version 3.2 or later) program to get a file, CIFS read optimization does not occur. Workaround:
ID 335217 (CR130507) If you map a network drive and create a new folder, it takes more than 10 seconds for the folder to appear in the directory and does not allow you to name the folder. To name the folder, right-click it and select rename. Workaround:
ID 342251 "If you are trying to remove the iSession connection between two peers, to prevent reconnection, you must delete the remote endpoint before you delete the local endpoint. If you are using the browser interface, the procedure is as follows: 1. On the Discovery screen (Acceleration > Remote Endpoints > Discovery), disable (clear) the settings Allow Remote Endpoints to Discover This Endpoint and Automatically save discovered Remote Endpoints. 2. On the Remote Endpoints screen, select the remote endpoint and click Delete. 3. On the Local Endpoint screen, click Delete." Workaround:
ID 346536 If resources for PDF linearization become unavailable while accepting a PDF file, the linearization and connection to client will abort. No workaround is available; however, if the origin web server supplies Content-Length headers for PDF content, this condition becomes less likely. Workaround:
ID 346875 Even though the vg-reserved attribute is shown via "tmsh list sys disk" command. It is not supported on SSDs, and does not reserve the 1024 that is shown. Workaround:
ID 348741 If you are upgrading from 10.x to 11.x, and you are rolling over existing iSession configurations, the bzip2 compression option (enabled) is added to all existing iSession profiles. For best performance, after the upgrade, review all iSession profiles to ensure that the compression settings are correct. In some cases, you might want to disable the bzip2 compression option. Workaround:
ID 348816 When rolling forward a WebAccelerator 10.x configuration to version 11.0.0, access logging configuration on the acceleration policy is not rolled forward. Workaround: To enable access logging for BIG-IP WebAccelerator version 11.0.0, please see Using the Request Logging Profile (chapter 18) in the WebAccelerator Implementations guide.
ID 354983 Requests for expired cached items are not recorded as expired in WebAccelerator Performance Reports if the origin web server response is 304 (Not Modified). Instead, the response is recorded in the Performance Reports as a cache hit. However, if the response from the origin web server is 200 (OK), the response is recorded in the performance reports as expired, and all subsequent re-validations, where the origin web server responds with 304 (Not Modified), are recorded as expired. Workaround:
ID 356245 A COMPRESS::enable or COMPRESS:disable iRule does not take effect on cached items. Workaround:
ID 356867 Earlier versions of the BIG-IP WebAccelerator module allowed importing of identically named acceleration policies without selecting the Overwrite existing policy of the same name check box, resulting in a number appended to the imported acceleration policy name. In this version, you must select the Overwrite existing policy of the same name check box to import identically named acceleration policies. Or you can ensure the policy you are importing has a unique name. Workaround:
ID 356875 During configuration migrations, BIGIP version 11.0 does not issue a warning to report that it is converting a WebAccelerator system configuration that had the Unmapped Hosts (forward proxy) options enabled (the Unmapped Hosts elements of the configuration will be lost). Workaround:
ID 357320 For iRules associated with a virtual server that has an associated Web Acceleration profile, [CACHE::disable] can only be used if there is no WebAccelerator Application enabled in the Web Acceleration profile, and [WAM::disable] can only be used if there is a WebAccelerator Application enabled in the Web Acceleration profile. Workaround: Edit the iRules to use the correct command, either CACHE::disable or WAM::disable, for the virtual server's Web Acceleration profile.
ID 357706 In the BIG-IP Dashboard, in the Web Acceleration view, on the Performance pane, with the Errors tab in focus, Requests bypassed due to overload shows zero statistics because the WebAccelerator module does not bypass traffic due to resource constraints. Workaround:
ID 357712 The stat field proxied_per_iRule, in the stat table tmctl wam_application_stat, remains at zero. Workaround:
ID 357720 File copying might be significantly slower when IPsec encapsulation is used with CIFS optimization. Workaround:
ID 357921 The Configuration utility should provide a specific error message when an extension or MIME type for an object type is not unique, instead of a generic error message. Workaround:
ID 358109 Invalidation rules on a given node are only effective in invalidating one single extension. Workaround:
ID 358530 Various matching parameters in WebAccelerator Configuration utility that contain a regular expression with a pipe symbol (|) are incorrectly formatted for display. Workaround:
ID 358785 The WebAccelerator GUI displays dormant proxy rules on a node even when it is set to Always Proxy. Workaround:
ID 359062 This version does not include query parameters in a POST body for any rules: matching, variation, proxy, or invalidation. Workaround:
ID 359075 Deprovisioning AAM (for example, changing the provisioning level from Dedicated to None) may require a reboot, even though the reboot prompt may not be visible. Workaround:
ID 359093 "If you want to receive an HTTP POST request and decompress it before sending it to the origin web server, and the client software sends an Expect: 100-continue header and the HTTP request-chunking mode is set to preserve, the request will not be decompressed. Specifically, the following iRule will not decompress the request in the presence of the Expect header with request-chunking set to preserve: when HTTP_REQUEST { DECOMPRESS::enable } Instead, to receive an HTTP POST request and decompress it before sending it to the origin web server, do one of the following steps: - Ensure that the client doesn't send an Expect header. - Change the request-chunking to selective, instead of preserve." Workaround:
ID 359498 In tmsh, the WebAccelerator module can assemble hostnames that include IP addresses with MultiConnect prefixes, for example, wa1. In tmsh, specify zero (0) for the number of HTTP and HTTPS subdomains on any WebAccelerator hostnames that are IP addresses. Workaround:
ID 359835 Deprovisioning AAM (for example, changing the provisioning level from Dedicated to None) may require a reboot, even though the reboot prompt may not be visible. Workaround:
ID 360211 Invalidation rules that match on components not in the UCI will not invalidate content if it is first accessed without those components matching the rule before it is accessed with those components matching the rule. Workaround:
ID 360229 If you are upgrading from 10.x to 11.x, and you receive the warning DISK MGMT REQUIRED, try rebooting the BIG-IP system. Workaround:
ID 360488 Using the Configuration utility to make changes to the WebAccelerator configuration, such as deleting an Acceleration Policy or Object Type, might take up to 30 seconds to write to disk. This process can result in deleted objects reappearing in the configuration if it is reloaded immediately after making the change. Workaround:
ID 361243 Under certain conditions, Adaptive Compression does not perform as well as a static algorithm. If you experience this issue, in the iSession profile you are using, disable the option Adaptive, and manually select a compression codec. Workaround:
ID 361490 If a device between the BIG-IP iSession endpoints strips out unknown TCP options, the BIG-IP TCP acceleration optimizations might fail to negotiate, which can reduce overall performance. Workaround:
ID 361618 When an MCPD communication failure occurs, the WebAccelerator wamd process does not automatically restart. There is no workaround for this issue. Workaround:
ID 361810 If two invalidation rules match the same path but have different extensions, one will match and one will not. Workaround:
ID 361852 Invalidation rules that specify cached content by protocol invalidate content regardless of the protocol. Workaround:
ID 361869 An invalidation rule that specifies Client IP as a condition for invalidation never matches. The trigger can match an IP; however, the content to invalidate cannot match. Workaround:
ID 361875 An invalidation rule that specifies an empty or absent Query Parameter for Cached Content to Invalidate is not functional. This invalidation rule works, however, if you specify a non-empty Query Parameter value for Cached Content to Invalidate. Workaround:
ID 361982 Some combinations of spaces and tabs, before and after HTTP header values, are not properly ignored and defeat invalidation that is based on those headers. The workaround is to remove the leading/trailing whitespace from the values. Workaround:
ID 362005 A message needs to be logged when the Cache-Control header is truncated to a maximum length of 256 characters. Workaround:
ID 362275 "Setting the Web Acceleration Profile to optimized-acceleration for a virtual server without enabling a WebAccelerator Application will result in an error message similar to the following: cache memory assigned to Web Acceleration profiles (6144MB) exceeds the maximum amount (697MB) defined by Ramcache.MaxMemoryPercent (50) The optimized-acceleration profile is designed for use with the WebAccelerator module. If you are not using the WebAccelerator module with your virtual server and wish to use standard cache, you should use the optimized-caching profile, or create a customized webacceleration profile that uses either the optimized-caching profile or basic webacceleration profile as the parent." Workaround:
ID 363059 Renaming a top-level policy node may cause an unintended re-ordering of policy nodes, resulting in a different prioritization of matching criteria. Workaround:
ID 363171 "Validation of Web Acceleration profiles can fail during a config sync when the sum of the cache sizes exceeds the Datastor volume size on the receiving BIG-IP system. For all BIG-IP systems in the Device Group: 1) Run each BIG-IP system with identical provisioning. 2) Ensure that each BIG-IP system has the same volume size for Datastor: # tmsh show sys disk application-volume datastor 3) Configure the Web Acceleration profiles. 4) Sync each BIG-IP system to the Device Group." Workaround:
ID 363402 Specifying content to invalidate as the Referer header from the invalidation trigger (which specifies request-data-type referrer) is not functional. Workaround:
ID 363413 Specifying content to invalidate as the User-Agent header from the invalidation trigger (which specifies request-data-type user-agent) is not functional. Workaround:
ID 363699 "The WebAccelerator module Configuration utility incorrectly allows creation of nodes with reserved keyword names, which results in the configuration improperly loading the next time that the unit is rebooted or the configuration is loaded. This issue also causes config sync in a High Availability pair to fail. When creating WebAccelerator policy node names in the Configuration utility, avoid using the following reserved keywords. invalidations matching order proxy substitutions variation code description" Workaround:
ID 363821 On the server-facing BIG-IP system, if you configure the iSession receiving virtual server to target another virtual server, connection resets might occur. To avoid this problem, set the Zero Window Timeout setting value for the client-side TCP profile on the targeted virtual server to at least 300000. Workaround:
ID 364338 The WebAccelerator module allows the creation of Object Types that contain a space in the identifier name on the Object Types page in the Configuration utility and by using TMSH. Including a space prevents the ability to delete the object type from the Configuration utility. When you create an identifier name for an object type from the Configuration utility or in TMSH, do not include a space in the name. If you have an object whose name contains a space, you can delete it using TMSH. Workaround:
ID 364603 For this version, in the BIG-IP Dashboard, in the Web Acceleration view, on the Cache pane, with the Entries tab in focus, the graph displays an incorrect value. The graph displays the number of cache transactions per second, instead of displaying the number of entries in cache. Workaround:
ID 365390 If the BIG-IP platform you are using has hardware compression, and the intended use case is a single connection, you might see compression performance issues in some scenarios. Workaround: As a work around, F5 recommends that you disable hardware compression to achieve better single-connection performance on platforms that support hardware compression. To disable hardware compression, change the Deflate Level setting in the iSession profile to a number greater than or equal to 3, using the browser interface (click Local Traffic > Virtual Servers > Services > iSession, and then click the iSession profile you are using) or the command-line interface (type tmsh modify wom profile isession isession deflate-compression-level 3).
ID 365600 In the BIG-IP Dashboard, in the Web Acceleration view, reporting of statistics show spikes at irregular intervals with a magnitude of 2 to 3 times the average traffic through the WebAccelerator module. This was observed for the 5-min interval window. Workaround:
ID 366387 In the WAM Dashboard, the Entries graph in the Cache window incorrectly calculates a moving average for the number of entries. This is misleading because this can lead to fractional values whereas the graph label suggests the values will be in whole numbers. Workaround:
ID 368823 A user account restricted to a certain partition, can invalidate the cache associated with any Application, regardless of in which partition the application resides. Workaround:
ID 368982 Disabling any virtual server stops traffic from passing through the BIG-IP WOM device, even though other virtual servers may be enabled. To avoid this issue, you can delete the virtual server rather than disabling it. Workaround:
ID 369282 On a BIG-IP provisioned LTM/WAM nominal, when WAM is de-provisioned back to none, the load average of the system spikes to 30+ making the box basically unresponsive for roughly 5 minutes. After this time, the system appears to return to normal and the prompt status returns to REBOOT REQUIRED. Workaround:
ID 369961 The space character in a path prefix is not evaluated correctly. Workaround: To work around this, use the regular expression in a path segment match.
ID 370139 WebAccelerator performance reports record some non-error cache bypass conditions as errors. Workaround:
ID 370311 "If you create a virtual server with Type set to Reject, or change the Type setting to Reject for an existing virtual server and update the screen, when you open the screen to modify the virtual server, a second iSession Profile setting appears in the browser interface. The additional setting lacks a Context field, and has no effect on the configuration." Workaround:
ID 375477 Beginning with version 11.2.0, WAM parses and IBR/MC links inside a CSS file. Four new settings "IBR-to", "IBR-within", "MC-to", and "MC-within" are added to replace "IBR" and "MC" settings at WAM policy assembly page. For custom policies that have "IBR" and "MC" enabled, "IBR-to", "IBR-within", "MC-to", and "MC-within" will be enabled too after migration to this release. In other words, WAM will IBR/MC CSS files for these policies. If you prefer not to use this feature, you must disable the settings on corresponding policy nodes. Workaround:
ID 378430 "When upgrading to version 11.x, with a WAM policy containing no nodes, the upgrade fails with the following error message: Tmsh load failed: 01071419:3: Published policy (/Common/empty_policy) must have at least one node. Unexpected Error: Loading configuration process failed." Workaround: "There are two options for working around this problem: 1. Before upgrading, add a new node to the empty policy with the default settings. Publish the policy and then upgrade. 2. Before upgrading, remove the empty policy from any applications and delete the policy. You may create a copy of the policy before deleting, as long as you do not publish the copied policy. Proceed to upgrade."
ID 381229 When cached documents are served, the browser workarounds configuration option is ignored. Workaround:
ID 381712 In an active/standby configuration, modifying the WAN optimization codec from SDD v2 to SDD v3, or the reverse, requires that you issue a bigstart restart command on the standby BIG-IP system for the change to take affect. Workaround:
ID 382629 If you update or delete an iSession self IP, and then create a new self IP before deleting the associated local endpoint and iSession listener, the local endpoint becomes unmodifiable. Workaround: To avoid this issue, delete the local endpoint and associated iSession listener before creating another self IP on the same VLAN.
ID 382725 The TCP progressive stack used in WOM configurations performs autotuning of the send buffer and receive window in order to simplify deployments. In high latency environments, the TCP stack incorrectly increases the receive window, which can result in inappropriately large send buffer on the peer. This can cause overdriving of the network resulting in large packet drops in the internal switch and very poor performance. This problem can be more severe on some platforms, and when the WOM deployment is a bridge mode rather than a routed mode deployment. Workaround: "To work around this issue, disable the autotuning and use the WOM quickstart to set the buffers, or manually configure the buffers for the actual deployment scenario. The command to disable autotuning is: tmsh modify sys db tm.tcpprogressive.autobuffertuning value disable"
ID 382744 Exporting Excel or CSV performance monitor reports will generate a file with an unexpected extension in some browsers. In most instances the saved file will have a .do extension. The workaround is to rename the file with the correct extension. Workaround:
ID 382976 Erroneously enabling image optimization on policy nodes matching HTML or CSS content causes that content to become uncacheable with S10206. Workaround:
ID 383398 Cache entries that are being constantly refreshed due to traffic cannot be cleared with wa_clear_cache if the configured lifetime is less than 4 seconds. Workaround:
ID 383444 If the origin web server and BIG-IP clocks are significantly different or a long network delay exists, the actual MTag and cache lifetime values will not match. Workaround:
ID 383945 During automation tests with AVR enabled, memory leaks can occur, and the WebAccelerator system might crash. Workaround:
ID 383985 When you configure WAN optimization using the Quick Start screen, the BIG-IP system creates two virtual servers for HTTP traffic, http_optimize_client and http_optimize_client_v6, which specify a default network destination of (all networks). If you change the destination to point to a specific subnet, and then attempt to change the IP Encapsulation Type on either the Quick Start or Local Endpoint screen, the user interface displays an error message, and the change does not take effect. Workaround: As a workaround, you can make the change using the command-line interface. For example, after you update the virtual servers to point to a specific subnet, modify the ip_encap_type attribute for the local-endpoint component by typing 'tmsh modify wom local-endpoint ip-encap-type ipsec ip-encap-profile replace-all-with {default-ipsec-policy}'.
ID 384068 When large files are served from cache, the optional X-WA-Info header may, on occasion, incorrectly contain S10205 when no invalidation/revalidation occurred. Workaround:
ID 384759 For best performance, F5 recommends using the SDD v2 symmetric deduplication codec for CIFS Layer 7 optimization. Workaround:
ID 385722 If a Web Acceleration profile has more than one WebAccelerator application enabled, ESI and triggered invalidations rules in version 11.0 through 11.2 incorrectly invalidate content regardless of which WebAccelerator application cached it. Workaround:
ID 385740 You cannot configure IP encapsulation on an iSession local endpoint that uses an IPv6 address. Workaround:
ID 390863 When a Path matching rule is longer than 940 bytes, it is ignored and is not matched, and a less specific leaf node is used instead. To work around this issue, F5 recommends that you limit the length of the Path matching rules to fewer than 900 bytes, and use multiple nodes if you want to exceed this limit. For more information, see SOL13746: Long BIG-IP WebAccelerator Path matching rules may cause matching failure ( Workaround:
ID 392479 It has been observed, under rare conditions, that clicking save on the lifetime page without making any modifications causes inheritance settings to be overridden. Workaround:
ID 392549 The Performance Monitor Data Retention Period setting for WAM application is not being recognized properly. Performance Monitor data will be removed after 30 days regardless of the retention period setting. There is no workaround. Workaround:
ID 393966 The BIG-IP 4000 platform supports hardware accelerated compression. However, it does not decompress using hardware, as other BIG-IP platforms do. Workaround:
ID 395368 When specifying the Requested Host in a Web Accelerator Application, using a port number causes IBR to not be used. Workaround:
ID 396155 "After caching an uncompressed document, requesting a specific compressed range of the document results in either no compression and the specific range being asked for, or only the range of the original document compressed, depending on the length of the range being requested. The reason is that it only compresses the range being requested rather than the whole document, so if you only ask for 1000 bytes in the range, it falls under the compression profile's minimum. Also, upon content expiration from the cache, it seems that the uncompressed version of the document is evicted from the cache." Workaround:
ID 396167 If you cache a compressed document normally, and then switch to asking for a range beyond the end of the document, you get a 416 Requested Range Not Satisfiable response from WAM, but only while the cached content has a positive lifetime. As soon as the document expires and needs re-validation with the OWS, the response from WAM is a complete bypass, with no WAM related headers at all, resulting in partial content reflecting the full uncompressed content-range. Workaround:
ID 397789 Under certain low-memory situations, it is possible for WA to core for out-of-memory. Workaround:
ID 398452 With successive calls to wa_clear_cache and parking enabled, it is possible that a somewhat higher than usual amount of proxying occurs the content refreshes stop and server-side throughput returns to normal. Workaround:
ID 399034 When the secondary blades in the chassis are not fully booted up, an external ESI invalidation or iControl may cause daemons to restart on the secondary blades. Workaround:
ID 401054 The WAM perfmonitor content-type report could potentially display duplicate application-name/node-name values if an applications policy assignment is modified after passing traffic. The report does not identify the policy a node belongs to. If the newly assigned policy contains identical node names as its predecessor, the results will appear to be duplicates. Workaround:
ID 401191 Performance Monitor stats are no longer preserved during software version upgrades. Workaround:
ID 401471 Assembly parameter substitution option Query Parameter target does not recognize escaped XML entities. If the URL to be substituted has multiple query parameters, the parameters that follow the '&' may not work as expected. For example, if the URL to be substituted has a pattern of field1=x&field2=y, substitution works for both fields. However, if the URL is field1=x"&"field2=y, substitution works for the 'field1' parameter, but does not work for the 'field2' parameter. Workaround: To work around this, include the escape sequence as part of the Query Parameter Name. In the example, a Query Parameter of 'field1=x&"&"field2' yields the expected substitution.
ID 402303 WAM transaction-type perfmonitor reports will display empty text for application names or node names if an existing application or policy is deleted after passing traffic. The textual identifiers located in the policy or application no longer exist in the configuration after delete but the stats remain. Workaround:
ID 406301 Client can see intermittent failures, forcing client to try again. Client can see intermittent failures, forcing client to try again. Workaround: Enabling request queuing avoids the resets.
ID 410697 Multiple conditional requests to server for content that was invalidated once. Multiple S10205 responses to client Workaround: Use Trigger based invalidations
ID 410879 When configured to inline content, WAM will not inline content which is not already cached or served from OWS with status 200 OK Workaround:
ID 411917 If the Remote WA is restarted ( or cache cleared by wa_clear_cache) without simultaneously clearing the Central WA cache, it can lead to Remote WA being unable to cache or serve content from cache ( though Central WA is still caching and serving from Cache ). Remote WA not being able to cache and serve content from cache. Workaround: Restart/Clear-cache on Central WA along with Remote WA.
ID 415243 When HTML is requested over https, images will not be inlined into CSS that are in-turn inlined into HTML. Inlining is not performed for the image and hence browser requires more roundtrips to render the page. Workaround: "* Configure another entry for the same image in the URL resources section, but with ""https"" as the scheme. * Add this as a candidate for inlining on the policy node."
ID 415803 Invalidation of .txt documents which are cached compressed does not work. Workaround: none
ID 416532 If "Assembly On Proxies" is disabled, and a large number of concurrent requests is made, we might see excessive proxying behaviour (which can be observed from the WA S-code 10413). Excessive proxying meaning increased load on OWS. Workaround: Enable "Assembly On Proxies".
ID 416733 In WebAccelerator's Symmetric Deployment mode, when configuration changes made on one device are synced to other devices in the deployment, the changes are not automatically saved to bigip.conf. Workaround: "Save the configuration manually by running tmsh save sys config on all devices in the symmetric deployment after configuration changes are made."
ID 419617 "Configuration error like 01070734:3: Configuration error: Configuration from primary failed validation: 01070734:3: Configuration error: Policy ""/Common/IBM Tivoli Maximo Asset Management"" node ""segment"" must have ordinal greater then its base node ordinal. when editing several wam policy nodes in a single command on the command line on bladed Centaur or Puma II platforms." Workaround: On these platforms, do not create several policy nodes in a single command, or, if doing so, specify correct ordinals for each node in that command.
ID 420229 While using Web Accelerator on low-volume sites, clients intermittently time out or are aborted without retrieving all content. Traffic intermittently hangs. Some requests continue as normal; other requests hang. This may evince itself as inability to render the main page, or style misapplication, or missing JavaScript, or missing supporting resources such as images. Workaround: Switch datastor to memory-only mode.
ID 420480 Hung flows (visible from 'tmsh show sys conn | grep -v 127'), a large number of backplane connections in WA (visible from 'tmsh show sys conn'), and a large number of outstanding transactions in WA. Growing memory usage and decreased capacity. May eventually failover for memory-related issues. Workaround: Restart tmm. The memory will not be recovered without a restart. If request queuing is disabled, no subsequent losses will occur.
ID 420954 If content is cached only uncompressed before it is invalidated and after invalidation is requested only compressed, the invalidation may be delayed by several requests. old content may be served several extra times Workaround: Repeatedly request the contents until the invalidation happens.
ID 420957 when static content is cached both compressed and uncompressed, they may not invalidate simultaneously. This may result in their cache ages being different. extra revalidations after invalidations and unexpected cache lifetimes Workaround:
ID 423204 The C-codes in the debug WA-Info codes indicate continued serving from the wrong cache. If tmm is running low on memory and the small object size limit has been increased, this is a candidate for consuming tmm memory. Reducing or increasing the small object limit in order to free up memory or move currently cached content to datastor doesn't have the desired effect. Workaround: "To move content into datastor, temporarily reduce the number of cached objects. This will cause all small objects to be evicted; datastor content will still be available. Then increase the limit once again (it can be done immediately) and the content will be cached in datastor. There is no workaround to move currently cached content from datastor into the small object cache. Restarting datastor will flush all content including content that should remain in datastor."

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802

For additional information, please visit

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.


AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to from the email address you are using to subscribe. Unsubscribe by sending a blank email to

Legal notices