Applies To:
Show VersionsBIG-IP AAM
- 11.6.0
Summary:
This release note documents the version 11.6.0 release of BIG-IP Application Acceleration Manager. You can apply the software upgrade to systems running software versions 10.1.0 (or later) or 11.x.
Contents:
- Supported platforms
- Configuration utility browser support
- User documentation for this release
- New in 11.6.0
- Installation overview
- Upgrading from earlier versions
- Fixes in 11.6.0
- Behavior changes in 11.6.0
- Known issues
- Contacting F5 Networks
- Legal notices
Supported platforms
This version of the software is supported on the following platforms:
Platform name | Platform ID |
---|---|
BIG-IP 1600 | C102 |
BIG-IP 3600 | C103 |
BIG-IP 3900 | C106 |
BIG-IP 6900 | D104 |
BIG-IP 8900 | D106 |
BIG-IP 8950 | D107 |
BIG-IP 11000 | E101 |
BIG-IP 11050 | E102 |
BIG-IP 2000s, BIG-IP 2200s | C112 |
BIG-IP 4000s, BIG-IP 4200v | C113 |
BIG-IP 5000s, 5050s, 5200v, 5250v | C109 |
BIG-IP 7000s, 7050s, 7200v, 7250v | D110 |
BIG-IP 12250v (requires 11.6.0 HF2) | D111 |
BIG-IP 10350N (requires 11.6.0 HF2) | D112 |
BIG-IP 10000s, 10050s, 10200v, 10250v | D113 |
VIPRION B2100 Blade | A109 |
VIPRION B2150 Blade | A113 |
VIPRION B2250 Blade | A112 |
VIPRION B4100, B4100N Blade | A100, A105 |
VIPRION B4200, B4200N Blade | A107, A111 |
VIPRION B4300, B4340N Blade | A108, A110 |
VIPRION C2200 Chassis | D114 |
VIPRION C2400 Chassis | F100 |
VIPRION C4400, C4400N Chassis | J100, J101 |
VIPRION C4480, C4480N Chassis | J102, J103 |
VIPRION C4800, C4800N Chassis | S100, S101 |
Virtual Edition (VE) | Z100 |
vCMP Guest | Z101 |
These platforms support various licensable combinations of product modules. This section provides general guidelines for module support.
Most of the support guidelines relate to memory on the platform or provisioned guest. For vCMP support, the following list applies for all memory levels:
- vCMP supported platforms
- VIPRION B2100, B2150, B2250, B4200, B4300, B4340N
- BIG-IP 5200v, 7200v, 10200v
Memory: 12 GB or more
All licensable module-combinations may be run on platforms with 12 GB or more of memory, and on VE and vCMP guests provisioned with 12 GB or more of memory. Note that this does not mean that all modules may be simultaneously provisioned on all platforms with 12 GB or more of memory. The BIG-IP license for the platform determines which combination of modules are available for provisioning.
Memory: 8 GB
The following guidelines apply to the BIG-IP 2000s, 2200s, 3900, 6900 platforms, to the VIPRION B4100 and B4100N platforms, and to VE guests configured with 8 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus does not fit in this category.)
- No more than three modules should be provisioned together.
- On the 2000s and 2200s, Application Acceleration Manager (AAM) can be provisioned with only one other module.
Memory: Less than 8 GB and more than 4 GB
The following guidelines apply to platforms, and to VE and vCMP guests provisioned with less than 8 GB and more than 4 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus fits in this category).
- No more than three modules (not including AAM) should be provisioned together.
- Application Acceleration Manager (AAM) cannot be provisioned with any other module; AAM can only be provisioned standalone.
- Analytics (AVR) counts towards the two module-combination limit (for platforms with less than 6.25 GB of memory).
Memory: 4 GB or less
The following guidelines apply to the BIG-IP 1600 and 3600 platforms, and to VE and vCMP guests provisioned with 4 GB or less of memory.
- No more than two modules may be configured together.
- AAM should not be provisioned, except as Dedicated.
VIPRION and vCMP caching and deduplication requirements
Application Acceleration Manager (AAM) supports the following functionality when configuring vCMP and VIPRION platforms.
- AAM does not support disk-based caching functionality on vCMP platforms. AAM requires memory-based caching when configuring it to run on vCMP platforms.
- AAM supports disk-based caching functionality on VIPRION chassis or blades.
- AAM does not support deduplication functionality on vCMP platforms, or VIPRION chassis or blades.
vCMP memory provisioning calculations
The amount of memory provisioned to a vCMP guest is calculated using the following formula: (platform_memory- 3 GB) x (cpus_assigned_to_guest/ total_cpus).
As an example, for the B2100 with two guests, provisioned memory calculates as: (16-3) x (2/4) ~= 6.5 GB.
Configuration utility browser support
The BIG-IP Configuration Utility supports these browsers and versions:
- Microsoft Internet Explorer 8.x, 11.x
- Mozilla Firefox 27.x
- Google Chrome 32.x
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IP AAM / VE 11.6.0 Documentation page.
New in 11.6.0
DNS Prefetching
DNS prefetching improves page load time on HTML5 compliant browsers by resolving domain names to an IP address prior to a browser requesting content from third parties. When DNS pre-fetching headers are inserted by the BIG-IP system, HTML5-compliant browsers can do DNS resolution of dynamic links in the background while other items are being downloaded.
Toggling Acceleration for Debugging
You can now toggle acceleration on or off for a single user from a web browser. With this feature, you can view results before and after acceleration changes, and use the information for tweaking your configuration and troubleshooting.
Acceleration Application ROI reports
ROI statistics provide you with acceleration data for an application that you can use to determine the benefits of using acceleration, or use to refine acceleration performance. You can email the resultant charts and statistics, either weekly or monthly, as necessary.
HTTP 2.0 Prototype and Support
Acceleration functionality now includes an HTTP/2 profile type that you can use to manage HTTP/2 traffic, improving the efficiency of network resources while reducing the perceived latency of requests and responses. The Acceleration HTTP/2 profile enables you to achieve these advantages by multiplexing streams or compressing headers with Transport Layer Security (TLS) or Secure Sockets Layer (SSL) security. Note that there is potential for incompatibility with subsequent revised draft versions of the protocol. The HTTP 2.0 specification is currently in a draft phase (draft 13).
SPDY 3.1
This release supports SPDY version 3.1 functionality.
JavaScript and CSS Concatenation
In this release, Acceleration concatenation functionality combines a specified list of JavaScript (JS) and Cascading Style Sheet (CSS) files into a single concatenated file, which reduces the number of requests and responses, and the time required to transfer serialized files.
JPEG-XR image optimization
Acceleration image optimization functionality now recognizes and converts images to JPEG-XR. JPEG-XR is an image format that offers both lossless and lossy compression with better quality per byte than JPEG. JPEG-XR is useful for compressing existing JPEG, GIF, PNG, or TIFF images. Compressed images can be significantly smaller in percentage compared to PNG or JPEG.
TCP Enhancements
This release includes several user-configurable TCP enhancements to optimize traffic, including early retransmission, tail loss probe, and two additional congestion control algorithms.
iSession load balancing to multiple clouds
You can now configure the BIG-IP system to allow health monitor traffic to traverse an iSession connection, based on the iSession advertised routes. This feature facilitates the load balancing of optimized traffic to multiple clouds.
Installation overview
This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Active-Standby Systems and BIG-IP Systems: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.
Installation checklist
Before you begin:
- Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x).
- Update/reactivate your system license, if needed, to ensure that you have a valid service check date.
- Ensure that your system is running version 10.1.0 or later and is using the volumes formatting scheme.
- Download the .iso file (if needed) from F5 Downloads to /shared/images on the source for the operation. (If you need to create this directory, use the exact name /shared/images.)
- Configure a management port.
- Set the console and system baud rate to 19200, if it is not already.
- Log on as an administrator using the management port of the system you want to upgrade.
- Boot into an installation location other than the target for the installation.
- Save the user configuration set (UCS) in the /var/local/ucs directory on the source installation location, and copy the UCS file to a safe place on another device.
- Log on to the standby unit, and only upgrade the active unit after the standby upgrade is satisfactory.
- Turn off mirroring.
- If you are running Application Acceleration Manager, set provisioning to Minimum.
- If you are running Policy Enforcement Manager, set provisioning to Nominal.
- If you are running Advanced Firewall Manager, set provisioning to Nominal.
Installing the software
Installation method | Command |
---|---|
Install to existing volume, migrate source configuration to destination | tmsh install sys software image [image name] volume [volume name] |
Install from the browser-based Configuration utility | Use the Software Management screens in a web browser. |
Sample installation command
The following command installs version 11.2.0 to volume 3 of the main hard drive.
tmsh install sys software image BIGIP-11.2.0.2446.0.iso volume HD1.3
Post-installation tasks
This document covers very basic steps for installing the software. You can find complete, step-by-step installation and upgrade instructions in BIG-IP Systems: Upgrading Active-Standby Systems and BIG-IP Systems: Upgrading Active-Active Systems, and we strongly recommend that you reference these documents to ensure successful completion of the installation process.
- Ensure the system rebooted to the new installation location.
- Use BIG-IP iHealth to verify your configuration file. For more information, see SOL12878: Generating BIG-IP diagnostic data using the qkview utility (10.x - 11.x).
- Log on to the browser-based Configuration utility.
- Run the Setup utility.
- Provision the modules.
- Convert any bigpipe scripts to tmsh. (Version 11.x does not support the bigpipe utility.)
Installation tips
- The upgrade process installs the software on the inactive installation location that you specify. This process usually takes between three minutes and seven minutes. During the upgrade process, you see messages posted on the screen. For example, you might see a prompt asking whether to upgrade the End User Diagnostics (EUD), depending on the version you have installed. To upgrade the EUD, type yes, otherwise, type no.
- You can check the status of an active installation operation by running the command watch tmsh show sys software, which runs the show sys software command every two seconds. Pressing Ctrl + C stops the watch feature.
- If installation fails, you can view the log file. The system stores the installation log file as /var/log/liveinstall.log.
Upgrading from earlier versions
Your upgrade process differs depending on the version of software you are currently running.
Upgrading from version 10.1.0 (or later) or 11.x
When you upgrade from version 10.1.0 (or later) or 11.x software, you use the Software Management screens in the Configuration utility to complete these steps. To open the Software Management screens, in the navigation pane of the Configuration utility, expand System, and click Software Management. For information about using the Software Management screens, see the online help.
Upgrading from versions earlier than 10.1.0
You cannot roll forward a configuration directly to this version from BIG-IP version 4.x, or from BIG-IP versions 9.0.x through 9.6.x. You must be running version 10.1.0 software. For details about upgrading to those versions, see the release notes for the associated release.
Automatic firmware upgrades
If this version includes new firmware for your specific hardware platform, after you install and activate this version, the system might reboot additional times to perform all necessary firmware upgrades.
Fixes in 11.6.0
ID Number | Description |
---|---|
ID 440562 | "APM network access tunnel aborts no longer cause TMM to core dump with an iSession ""valid event"" assertion failure." |
ID 440729 | Fix involves saving the content signature after the CSS parser is done parsing all the data and is not waiting for more data. |
ID 441270 | The fix involves using observed length as compared to annotated length, when we have static documents like image. |
ID 421791 | Guards were placed on the module interfaces to bypass the module when the necessary memory could not be allocated for a connection. |
ID 445764 | Application Acceleration Manager (AAM) does not support disk-based caching on vCMP platforms. AAM only supports memory-based caching when configuring it to run on vCMP platforms. |
ID 446682 | the fix for this issue requires the implementation of MCP object move support for WAM objects. This functionality is only partially implemented. |
ID 446827 | SDDv2 cache resynchronization regression has been fixed. |
ID 446839 | SDDv2 deduplication control connections are not initiated when deduplication is globally disabled. |
ID 447288 | Endpoint recovery now completes after a deduplication control connection is re-established. |
Behavior changes in 11.6.0
There are no Application Acceleration Manager-specific behavior changes specified for this release.
Known issues
ID Number | Description |
---|---|
ID 204432 | (CR109097) The system does not log a warning if local advertised routes conflict with advertised routes on remote endpoints. Having two systems with conflicting routes is most likely a configuration error. Workaround: |
ID 219763 | If a virtual server running both the Application Security Manager and the WebAccelerator system receives an HTTP request that contains a null character, the WebAccelerator system replaces the null character with a space. The null character is removed from the HTTP request header, so this request does not trigger the HTTP Protocol Compliance violation Null in request. This behavior has no other effect on how the request is processed. Workaround: |
ID 222545 | In the case of an abnormal TCP connection reset, the iSession connection is terminated and reset. While this action is transparent to the user, this action might appear in diagnostics. Workaround: |
ID 223434 | (CR129753) For active FTP, the system changes the data ports advertised by the server, so the client might see a different port than the one originally sent by the server. For passive FTP, the system changes the data ports advertised by the client, so the server might see a different port than the one originally sent by the client. In both cases, the data transfers are successful. Workaround: |
ID 223624 | An initial active FTP connection fails when dynamic discovery is enabled and allow routing is disabled on the remote peer. Active FTP connections are initiated from the FTP server to the FTP client. When the FTP server initiates this connection, the allow routing option of the remote endpoint is enabled. To avoid the initial failure, enable outbound connections before initiating FTP traffic. On the Remote Endpoints List screen (Acceleration > Symmetric optimization > Remote Endpoints), click the name of the remote endpoint. On the Properties screen that opens, select the Outbound Connections check box, and then click Update. Workaround: |
ID 223947 | When the BIG-IP system is under a heavy load, you may see occasional spikes on the Bandwidth Gain graphs on the WAN Optimization dashboard. A system delay in reporting the statistics to the dashboard causes the delay, which is usually about twice the average amount. Workaround: |
ID 293593 | (CR132785) If the datastor disk mode is disabled when you provision Application Acceleration Manager (AAM) along with any other module and then you enable the datastor disk, you must restart the system to show the correct datastor size. Workaround: |
ID 335216 | (CR128965) If you use the smbclient (version 3.2 or later) program to get a file, CIFS read optimization does not occur. Workaround: |
ID 335217 | (CR130507) If you map a network drive and create a new folder, it takes more than 10 seconds for the folder to appear in the directory and does not allow you to name the folder. To name the folder, right-click it and select rename. Workaround: |
ID 342251 | "If you are trying to remove the iSession connection between two peers, to prevent reconnection, you must delete the remote endpoint before you delete the local endpoint. If you are using the browser interface, the procedure is as follows: 1. On the Discovery screen (Acceleration > Remote Endpoints > Discovery), disable (clear) the settings Allow Remote Endpoints to Discover This Endpoint and Automatically save discovered Remote Endpoints. 2. On the Remote Endpoints screen, select the remote endpoint and click Delete. 3. On the Local Endpoint screen, click Delete." Workaround: |
ID 346875 | Even though the vg-reserved attribute is shown via "tmsh list sys disk" command. It is not supported on SSDs, and does not reserve the 1024 that is shown. Workaround: |
ID 348741 | If you are upgrading from 10.x to 11.x, and you are rolling over existing iSession configurations, the bzip2 compression option (enabled) is added to all existing iSession profiles. For best performance, after the upgrade, review all iSession profiles to ensure that the compression settings are correct. In some cases, you might want to disable the bzip2 compression option. Workaround: |
ID 348816 | When rolling forward a WebAccelerator 10.x configuration to version 11.0.0, access logging configuration on the acceleration policy is not rolled forward. Workaround: To enable access logging for BIG-IP WebAccelerator version 11.0.0, please see Using the Request Logging Profile (chapter 18) in the WebAccelerator Implementations guide. |
ID 354983 | Requests for expired cached items are not recorded as expired in WebAccelerator Performance Reports if the origin web server response is 304 (Not Modified). Instead, the response is recorded in the Performance Reports as a cache hit. However, if the response from the origin web server is 200 (OK), the response is recorded in the performance reports as expired, and all subsequent re-validations, where the origin web server responds with 304 (Not Modified), are recorded as expired. Workaround: |
ID 356245 | A COMPRESS::enable or COMPRESS:disable iRule does not take effect on cached items. Workaround: |
ID 356867 | Earlier versions of the BIG-IP WebAccelerator module allowed importing of identically named acceleration policies without selecting the Overwrite existing policy of the same name check box, resulting in a number appended to the imported acceleration policy name. In this version, you must select the Overwrite existing policy of the same name check box to import identically named acceleration policies. Or you can ensure the policy you are importing has a unique name. Workaround: |
ID 356875 | During configuration migrations, BIGIP version 11.0 does not issue a warning to report that it is converting a WebAccelerator system configuration that had the Unmapped Hosts (forward proxy) options enabled (the Unmapped Hosts elements of the configuration will be lost). Workaround: |
ID 357320 | For iRules associated with a virtual server that has an associated Web Acceleration profile, [CACHE::disable] can only be used if there is no WebAccelerator Application enabled in the Web Acceleration profile, and [WAM::disable] can only be used if there is a WebAccelerator Application enabled in the Web Acceleration profile. Workaround: Edit the iRules to use the correct command, either CACHE::disable or WAM::disable, for the virtual server's Web Acceleration profile. |
ID 357706 | In the BIG-IP Dashboard, in the Web Acceleration view, on the Performance pane, with the Errors tab in focus, Requests bypassed due to overload shows zero statistics because the WebAccelerator module does not bypass traffic due to resource constraints. Workaround: |
ID 357712 | The stat field proxied_per_iRule, in the stat table tmctl wam_application_stat, remains at zero. Workaround: |
ID 357720 | File copying might be significantly slower when IPsec encapsulation is used with CIFS optimization. Workaround: |
ID 357921 | The Configuration utility should provide a specific error message when an extension or MIME type for an object type is not unique, instead of a generic error message. Workaround: |
ID 358109 | Invalidation rules on a given node are only effective in invalidating one single extension. Workaround: |
ID 358530 | Various matching parameters in WebAccelerator Configuration utility that contain a regular expression with a pipe symbol (|) are incorrectly formatted for display. Workaround: |
ID 358785 | The WebAccelerator GUI displays dormant proxy rules on a node even when it is set to Always Proxy. Workaround: |
ID 359062 | This version does not include query parameters in a POST body for any rules: matching, variation, proxy, or invalidation. Workaround: |
ID 359075 | Deprovisioning AAM (for example, changing the provisioning level from Dedicated to None) may require a reboot, even though the reboot prompt may not be visible. Workaround: |
ID 359093 | "If you want to receive an HTTP POST request and decompress it before sending it to the origin web server, and the client software sends an Expect: 100-continue header and the HTTP request-chunking mode is set to preserve, the request will not be decompressed. Specifically, the following iRule will not decompress the request in the presence of the Expect header with request-chunking set to preserve: when HTTP_REQUEST { DECOMPRESS::enable } Instead, to receive an HTTP POST request and decompress it before sending it to the origin web server, do one of the following steps: - Ensure that the client doesn't send an Expect header. - Change the request-chunking to selective, instead of preserve." Workaround: |
ID 359498 | In tmsh, the WebAccelerator module can assemble hostnames that include IP addresses with MultiConnect prefixes, for example, wa1.10.0.0.1. In tmsh, specify zero (0) for the number of HTTP and HTTPS subdomains on any WebAccelerator hostnames that are IP addresses. Workaround: |
ID 359835 | Deprovisioning AAM (for example, changing the provisioning level from Dedicated to None) may require a reboot, even though the reboot prompt may not be visible. Workaround: |
ID 360211 | Invalidation rules that match on components not in the UCI will not invalidate content if it is first accessed without those components matching the rule before it is accessed with those components matching the rule. Workaround: |
ID 360229 | If you are upgrading from 10.x to 11.x, and you receive the warning DISK MGMT REQUIRED, try rebooting the BIG-IP system. Workaround: |
ID 360488 | Using the Configuration utility to make changes to the WebAccelerator configuration, such as deleting an Acceleration Policy or Object Type, might take up to 30 seconds to write to disk. This process can result in deleted objects reappearing in the configuration if it is reloaded immediately after making the change. Workaround: |
ID 361243 | Under certain conditions, Adaptive Compression does not perform as well as a static algorithm. If you experience this issue, in the iSession profile you are using, disable the option Adaptive, and manually select a compression codec. Workaround: |
ID 361490 | If a device between the BIG-IP iSession endpoints strips out unknown TCP options, the BIG-IP TCP acceleration optimizations might fail to negotiate, which can reduce overall performance. Workaround: |
ID 361618 | When an MCPD communication failure occurs, the WebAccelerator wamd process does not automatically restart. There is no workaround for this issue. Workaround: |
ID 361810 | If two invalidation rules match the same path but have different extensions, one will match and one will not. Workaround: |
ID 361852 | Invalidation rules that specify cached content by protocol invalidate content regardless of the protocol. Workaround: |
ID 361869 | An invalidation rule that specifies Client IP as a condition for invalidation never matches. The trigger can match an IP; however, the content to invalidate cannot match. Workaround: |
ID 361875 | An invalidation rule that specifies an empty or absent Query Parameter for Cached Content to Invalidate is not functional. This invalidation rule works, however, if you specify a non-empty Query Parameter value for Cached Content to Invalidate. Workaround: |
ID 361982 | Some combinations of spaces and tabs, before and after HTTP header values, are not properly ignored and defeat invalidation that is based on those headers. The workaround is to remove the leading/trailing whitespace from the values. Workaround: |
ID 362005 | A message needs to be logged when the Cache-Control header is truncated to a maximum length of 256 characters. Workaround: |
ID 362275 | "Setting the Web Acceleration Profile to optimized-acceleration for a virtual server without enabling a WebAccelerator Application will result in an error message similar to the following: cache memory assigned to Web Acceleration profiles (6144MB) exceeds the maximum amount (697MB) defined by Ramcache.MaxMemoryPercent (50) The optimized-acceleration profile is designed for use with the WebAccelerator module. If you are not using the WebAccelerator module with your virtual server and wish to use standard cache, you should use the optimized-caching profile, or create a customized webacceleration profile that uses either the optimized-caching profile or basic webacceleration profile as the parent." Workaround: |
ID 363059 | Renaming a top-level policy node may cause an unintended re-ordering of policy nodes, resulting in a different prioritization of matching criteria. Workaround: |
ID 363171 | "Validation of Web Acceleration profiles can fail during a config sync when the sum of the cache sizes exceeds the Datastor volume size on the receiving BIG-IP system. For all BIG-IP systems in the Device Group: 1) Run each BIG-IP system with identical provisioning. 2) Ensure that each BIG-IP system has the same volume size for Datastor: # tmsh show sys disk application-volume datastor 3) Configure the Web Acceleration profiles. 4) Sync each BIG-IP system to the Device Group." Workaround: |
ID 363402 | Specifying content to invalidate as the Referer header from the invalidation trigger (which specifies request-data-type referrer) is not functional. Workaround: |
ID 363413 | Specifying content to invalidate as the User-Agent header from the invalidation trigger (which specifies request-data-type user-agent) is not functional. Workaround: |
ID 363699 | "The WebAccelerator module Configuration utility incorrectly allows creation of nodes with reserved keyword names, which results in the configuration improperly loading the next time that the unit is rebooted or the configuration is loaded. This issue also causes config sync in a High Availability pair to fail. When creating WebAccelerator policy node names in the Configuration utility, avoid using the following reserved keywords. invalidations matching order proxy substitutions variation code description" Workaround: |
ID 363821 | On the server-facing BIG-IP system, if you configure the iSession receiving virtual server to target another virtual server, connection resets might occur. To avoid this problem, set the Zero Window Timeout setting value for the client-side TCP profile on the targeted virtual server to at least 300000. Workaround: |
ID 364338 | The WebAccelerator module allows the creation of Object Types that contain a space in the identifier name on the Object Types page in the Configuration utility and by using TMSH. Including a space prevents the ability to delete the object type from the Configuration utility. When you create an identifier name for an object type from the Configuration utility or in TMSH, do not include a space in the name. If you have an object whose name contains a space, you can delete it using TMSH. Workaround: |
ID 364603 | For this version, in the BIG-IP Dashboard, in the Web Acceleration view, on the Cache pane, with the Entries tab in focus, the graph displays an incorrect value. The graph displays the number of cache transactions per second, instead of displaying the number of entries in cache. Workaround: |
ID 365390 | If the BIG-IP platform you are using has hardware compression, and the intended use case is a single connection, you might see compression performance issues in some scenarios. Workaround: As a work around, F5 recommends that you disable hardware compression to achieve better single-connection performance on platforms that support hardware compression. To disable hardware compression, change the Deflate Level setting in the iSession profile to a number greater than or equal to 3, using the browser interface (click Local Traffic :: Virtual Servers :: Services :: iSession, and then click the iSession profile you are using) or the command-line interface (type tmsh modify wom profile isession isession deflate-compression-level 3). |
ID 365600 | In the BIG-IP Dashboard, in the Web Acceleration view, reporting of statistics show spikes at irregular intervals with a magnitude of 2 to 3 times the average traffic through the WebAccelerator module. This was observed for the 5-min interval window. Workaround: |
ID 366387 | In the WAM Dashboard, the Entries graph in the Cache window incorrectly calculates a moving average for the number of entries. This is misleading because this can lead to fractional values whereas the graph label suggests the values will be in whole numbers. Workaround: |
ID 368823 | A user account restricted to a certain partition, can invalidate the cache associated with any Application, regardless of in which partition the application resides. Workaround: |
ID 368982 | Disabling any virtual server stops traffic from passing through the BIG-IP WOM device, even though other virtual servers may be enabled. To avoid this issue, you can delete the virtual server rather than disabling it. Workaround: |
ID 369282 | On a BIG-IP provisioned LTM/WAM nominal, when WAM is de-provisioned back to none, the load average of the system spikes to 30+ making the box basically unresponsive for roughly 5 minutes. After this time, the system appears to return to normal and the prompt status returns to REBOOT REQUIRED. Workaround: |
ID 370139 | WebAccelerator performance reports record some non-error cache bypass conditions as errors. Workaround: |
ID 370311 | "If you create a virtual server with Type set to Reject, or change the Type setting to Reject for an existing virtual server and update the screen, when you open the screen to modify the virtual server, a second iSession Profile setting appears in the browser interface. The additional setting lacks a Context field, and has no effect on the configuration." Workaround: |
ID 375477 | Beginning with version 11.2.0, WAM parses and IBR/MC links inside a CSS file. Four new settings "IBR-to", "IBR-within", "MC-to", and "MC-within" are added to replace "IBR" and "MC" settings at WAM policy assembly page. For custom policies that have "IBR" and "MC" enabled, "IBR-to", "IBR-within", "MC-to", and "MC-within" will be enabled too after migration to this release. In other words, WAM will IBR/MC CSS files for these policies. If you prefer not to use this feature, you must disable the settings on corresponding policy nodes. Workaround: |
ID 381229 | When cached documents are served, the browser workarounds configuration option is ignored. Workaround: |
ID 381712 | In an active/standby configuration, modifying the WAN optimization codec from SDD v2 to SDD v3, or the reverse, requires that you issue a bigstart restart command on the standby BIG-IP system for the change to take affect. Workaround: |
ID 382629 | If you update or delete an iSession self IP, and then create a new self IP before deleting the associated local endpoint and iSession listener, the local endpoint becomes unmodifiable. Workaround: To avoid this issue, delete the local endpoint and associated iSession listener before creating another self IP on the same VLAN. |
ID 382725 | The TCP progressive stack used in WOM configurations performs autotuning of the send buffer and receive window in order to simplify deployments. In high latency environments, the TCP stack incorrectly increases the receive window, which can result in inappropriately large send buffer on the peer. This can cause overdriving of the network resulting in large packet drops in the internal switch and very poor performance. This problem can be more severe on some platforms, and when the WOM deployment is a bridge mode rather than a routed mode deployment. Workaround: "To work around this issue, disable the autotuning and use the WOM quickstart to set the buffers, or manually configure the buffers for the actual deployment scenario. The command to disable autotuning is: tmsh modify sys db tm.tcpprogressive.autobuffertuning value disable" |
ID 382744 | Exporting Excel or CSV performance monitor reports will generate a file with an unexpected extension in some browsers. In most instances the saved file will have a .do extension. The workaround is to rename the file with the correct extension. Workaround: |
ID 382976 | Erroneously enabling image optimization on policy nodes matching HTML or CSS content causes that content to become uncacheable with S10206. Workaround: |
ID 383398 | Cache entries that are being constantly refreshed due to traffic cannot be cleared with wa_clear_cache if the configured lifetime is less than 4 seconds. Workaround: |
ID 383444 | If the origin web server and BIG-IP clocks are significantly different or a long network delay exists, the actual MTag and cache lifetime values will not match. Workaround: |
ID 383945 | During automation tests with AVR enabled, memory leaks can occur, and the WebAccelerator system might crash. Workaround: |
ID 383985 | When you configure WAN optimization using the Quick Start screen, the BIG-IP system creates two virtual servers for HTTP traffic, http_optimize_client and http_optimize_client_v6, which specify a default network destination of 0.0.0.0 (all networks). If you change the destination to point to a specific subnet, and then attempt to change the IP Encapsulation Type on either the Quick Start or Local Endpoint screen, the user interface displays an error message, and the change does not take effect. Workaround: As a workaround, you can make the change using the command-line interface. For example, after you update the virtual servers to point to a specific subnet, modify the ip_encap_type attribute for the local-endpoint component by typing 'tmsh modify wom local-endpoint ip-encap-type ipsec ip-encap-profile replace-all-with {default-ipsec-policy}'. |
ID 384068 | When large files are served from cache, the optional X-WA-Info header may, on occasion, incorrectly contain S10205 when no invalidation/revalidation occurred. Workaround: |
ID 384759 | For best performance, F5 recommends using the SDD v2 symmetric deduplication codec for CIFS Layer 7 optimization. Workaround: |
ID 385740 | You cannot configure IP encapsulation on an iSession local endpoint that uses an IPv6 address. Workaround: |
ID 390863 | When a Path matching rule is longer than 940 bytes, it is ignored and is not matched, and a less specific leaf node is used instead. To work around this issue, F5 recommends that you limit the length of the Path matching rules to fewer than 900 bytes, and use multiple nodes if you want to exceed this limit. For more information, see SOL13746: Long BIG-IP WebAccelerator Path matching rules may cause matching failure (http://support.f5.com/kb/en-us/solutions/public/13000/700/sol13746.html). Workaround: |
ID 392479 | It has been observed, under rare conditions, that clicking save on the lifetime page without making any modifications causes inheritance settings to be overridden. Workaround: |
ID 392549 | The Performance Monitor Data Retention Period setting for WAM application is not being recognized properly. Performance Monitor data will be removed after 30 days regardless of the retention period setting. There is no workaround. Workaround: |
ID 393966 | The BIG-IP 4000 platform supports hardware accelerated compression. However, it does not decompress using hardware, as other BIG-IP platforms do. Workaround: |
ID 395368 | When specifying the Requested Host in a Web Accelerator Application, using a port number causes IBR to not be used. Workaround: |
ID 396155 | "After caching an uncompressed document, requesting a specific compressed range of the document results in either no compression and the specific range being asked for, or only the range of the original document compressed, depending on the length of the range being requested. The reason is that it only compresses the range being requested rather than the whole document, so if you only ask for 1000 bytes in the range, it falls under the compression profile's minimum. Also, upon content expiration from the cache, it seems that the uncompressed version of the document is evicted from the cache." Workaround: |
ID 396167 | If you cache a compressed document normally, and then switch to asking for a range beyond the end of the document, you get a 416 Requested Range Not Satisfiable response from WAM, but only while the cached content has a positive lifetime. As soon as the document expires and needs re-validation with the OWS, the response from WAM is a complete bypass, with no WAM related headers at all, resulting in partial content reflecting the full uncompressed content-range. Workaround: |
ID 397789 | Under certain low-memory situations, it is possible for WA to core for out-of-memory. Workaround: |
ID 398452 | With successive calls to wa_clear_cache and parking enabled, it is possible that a somewhat higher than usual amount of proxying occurs the content refreshes stop and server-side throughput returns to normal. Workaround: |
ID 399034 | When the secondary blades in the chassis are not fully booted up, an external ESI invalidation or iControl may cause daemons to restart on the secondary blades. Workaround: |
ID 401054 | The WAM perfmonitor content-type report could potentially display duplicate application-name/node-name values if an applications policy assignment is modified after passing traffic. The report does not identify the policy a node belongs to. If the newly assigned policy contains identical node names as its predecessor, the results will appear to be duplicates. Workaround: |
ID 401191 | Performance Monitor stats are no longer preserved during software version upgrades. Workaround: |
ID 401471 | Assembly parameter substitution option Query Parameter target does not recognize escaped XML entities. If the URL to be substituted has multiple query parameters, the parameters that follow the '&' may not work as expected. For example, if the URL to be substituted has a pattern of field1=x&field2=y, substitution works for both fields. However, if the URL is field1=x&field2=y, substitution works for the 'field1' parameter, but does not work for the 'field2' parameter. Workaround: To work around this, include the escape sequence as part of the Query Parameter Name. In the example, a Query Parameter of 'field1=x&&field2' yields the expected substitution. |
ID 401922 | In a second or third request for an object (JS, CSS, Image, etc.) expected to be cached, the Content-Length header will return a larger size, causing the client to hang waiting for more data than what BIG-IP sent. LTM virtual with Web Accelerator profile configured. The http profile (LTM) must have the setting response-chunking set to other than SELECTIVE. Failed requests for objects from multiple clients. Workaround: Change the response-chunking setting to SELECTIVE in the http profile for this virtual server. |
ID 402303 | WAM transaction-type perfmonitor reports will display empty text for application names or node names if an existing application or policy is deleted after passing traffic. The textual identifiers located in the policy or application no longer exist in the configuration after delete but the stats remain. Workaround: |
ID 403350 | "WAM uses OWS response headers if it proxies a request, and format its own response headers if it serves from cache. This could result in the inconsistent Date header value if there is clock skew between BIGIP and OWS. If this happens, we suggest OWS to use NTP server to sync their clock." Workaround: |
ID 406301 | Client can see intermittent failures, forcing client to try again. Under high concurrent request load, small object content that expires and happens to be updated can cause this behavior. Client can see intermittent failures, forcing client to try again. Workaround: Enabling request queuing avoids the resets. |
ID 410879 | When configured to inline content, WAM will not inline content which is not already cached or served from OWS with status 200 OK Workaround: |
ID 411917 | If the Remote WA is restarted ( or cache cleared by wa_clear_cache) without simultaneously clearing the Central WA cache, it can lead to Remote WA being unable to cache or serve content from cache ( though Central WA is still caching and serving from Cache ). If the Remote WA is restarted ( or cache cleared by wa_clear_cache) without simultaneously clearing the Central WA cache. Remote WA not being able to cache and serve content from cache. Workaround: Restart/Clear-cache on Central WA along with Remote WA. |
ID 415243 | When HTML is requested over https, images will not be inlined into CSS that are in-turn inlined into HTML. "* Images are configured to be inlined into CSS. * CSS is in-turn configured to be inlined into HTML. * Image URL resource specified as inlining candidate, has ""http"" in the scheme part of the URI. * HTML is requested over https." Inlining is not performed for the image and hence browser requires more roundtrips to render the page. Workaround: "* Configure another entry for the same image in the URL resources section, but with ""https"" as the scheme. * Add this as a candidate for inlining on the policy node." |
ID 415803 | Invalidation of .txt documents which are too small to cache compressed does not work. A cache minimum size is specified and the compressed text is smaller than the minimum. Workaround: none |
ID 419617 | "Configuration error like 01070734:3: Configuration error: Configuration from primary failed validation: 01070734:3: Configuration error: Policy ""/Common/IBM Tivoli Maximo Asset Management"" node ""segment"" must have ordinal greater then its base node ordinal. when editing several wam policy nodes in a single command on the command line on bladed Centaur or Puma II platforms." Bladed Centaur or Puma II platform. AAM licensed and provisioned. Attempt to edit wam policy nodes using tmsh. Workaround: On these platforms, do not create several policy nodes in a single command, or, if doing so, specify correct ordinals for each node in that command. |
ID 420368 | Any request (for example, WAM::disable) that occurs in an iRule event after WAM:SMART causes a RST if there is an Authorization header present. This occurs on Application Acceleration Manager (AAM) when any request in a TCP stream contains an Authorization header, and encounters an iRule containing an event after WAM:SMART. The system posts the message: Internal error ((WAM::SMART) tmi abort failed and resets the connection. Workaround: None. |
ID 420954 | If content is cached only uncompressed before it is invalidated and after invalidation is requested only compressed, the invalidation may be delayed by several requests. old content may be served several extra times Workaround: Repeatedly request the contents until the invalidation happens. |
ID 420957 | when static content is cached both compressed and uncompressed, they may not invalidate simultaneously. This may result in their cache ages being different. a mix of compressed and uncompressed requests for static content combined with triggered or ESI invalidations of that content extra revalidations after invalidations and unexpected cache lifetimes Workaround: |
ID 421791 | "TMM crashes due to a segmentation violation early in a WAM interface. Most likely, before the crash occurs the logs should show messages indicating that the sweeper was activated one or more times." Only happens when free memory is very low to non-existent. TMM crashes. Workaround: Reduce load on box if possible. |
ID 423151 | In WAM policy editor to modify the Path Segment Variation behavior, the checkbox for "Case Sensitivity" does not function as described. Deselect the "Case Sensitivity" check box. Even with the option disabled, i.e. customer does not want case sensitivity as the differentiating criteria, WAM will always treat path segments that differ only in case as different objects in the cache. Workaround: Customer can use iRule to change the case. |
ID 424657 | "When a TMM process restarts and deduplication is enabled, an out-of-order prune assertion failure might cause the TMM to restart again." Deduplication is enabled and a sufficient number of hits are generated to cause the deduplication cache to be pruned. TMM restarts while prune messages are pending. The assertion failure causes the TMM process to restart a second time, terminating active flows. Workaround: |
ID 426652 | Deduplication does not occur and wocd daemon control connections are frequently aborted. Workaround: |
ID 430268 | Javascript reordering and Intelligent Client Cache are enabled on the same node. Requested HTML page appears broken. AM licensed and provisioned. AM enabled VIP using AM policy with Javascript reordering and Intelligent Client Cache enabled on the same node. HTML page appears broken. Workaround: No workaround. |
ID 433087 | URLs that contain a question mark in the query component -- that is, more than one question mark -- may not be parsed correctly. Emitted URLs may be incorrect, disrupting IBR documents. In-document URL contains at least 2 question marks IBR'd documents include invalid URLs Workaround: "An iRule to correct the URL before emission follows: when HTTP_REQUEST_RELEASE { set ibrpoint [string first "";wa"" [HTTP::uri]] if {$ibrpoint != -1} then { set ibrend [expr {$ibrpoint + 18 } ] HTTP::uri [string replace [HTTP::uri] $ibrpoint $ibrend] } }" |
ID 435434 | When Intelligent Client cache is enabled, JS/CSS/Images are expected to be inlined. But CSS of size greater than 32k will not be inlined. "* Webacceleration is attached to the Virtual * Intelligent client cache is enabled on WAM policy * CSS size limit is set to greater than 32k * CSS optimizations are turned on - such as IBR, inlining images into CSS." Customer not getting the benefit of Intelligent client cache in this scenario. Workaround: * Turn off CSS optimizations (IBR, inlining images into CSS) |
ID 435947 | Upon WAM cache lifetime expiry, when revalidating content cached in tmm memory and receiving a 304 Not Modified response from OWS, WAM will sometimes serve a response with S code 10232 (as expected) but lacking an Etag, and indicate the response came from datastor when there is no indication that this should have happened. WAM is configured to cache compressed static content from OWS, and OWS does not send a Last-Modified date header in the response. Without an etag sending back to the client, WAM may get unnecessary load from clients that otherwise will be able to do conditional GET with the etag. Workaround: |
ID 436339 | The reference link in Intelligent Client Cache contains http when VIP is https. Request using the URL in the reference link will fail. HTML page rendering appears broken. VIP is https. Requests for the HTML are from HTML5 browser and Intelligent Client Cache is enabled. Local storage element for the ICC-ed content in the browser is then deleted and the HTML page is requested again. This time the page does not render. Request using the URL in the reference link will fail. HTML page rendering appears broken. Workaround: No workaround. Issue is not seen if the local storage element for ICC-ed content is not deleted. |
ID 440572 | In WAM symmetric deployment, the X-WA-Surrogate header is used to communicate OWS lifetime values from the central device to the remote. In some cases, an empty X-WA-Surrogate header may be sent. Occurs when central originates a 304 response when the original response from OWS did not contain cache-control headers Minimal. This only occurs when OWS sends no cache-control headers, so the remote will still compute correct lifetime. Workaround: |
ID 441529 | In version 10.x, lifetime heuristic runs on auto-pilot, that is, PVAC calculates the heuristic cache lifetime when 1) there is no OWS Cache-Control values or, 2) all honored OWS Cache-Control directives are absent. In v11.x, WebAccelerator (WA)/Application Acceleration Manager (AAM) use heuristic cache lifetime in these two cases, and there is no WebAccelerator Cache Settings Maximum Age configured. This is observable when using WA/AAM and comparing lifetime heuristic behavior in versions 10.x and 11.x. The behavior differs. Workaround: None. |
ID 442124 | "When an image is optimized, the caches in which the original and the optimized versions are stored can be different. In that case, it is possible for one TMM to have a differently encoded version of the same image than another TMM." This condition applies on images whose size, after optimization, crosses back or forth across the 4KB boundary that defines the size discriminator for choosing the cache. Minor, but some clients will receive the unoptimized image, while others will receive the optimized image. Workaround: None truly needed, though if necessary, image optimization can be disabled. |
ID 447619 | wamd core found in startup. If the mcp database is corrupted, mcpd will send incomplete information to wamd, which wamd is not designed to handle. This causes wamd to crash on start up. wamd is a core process for WAM, and so wamd not starting impacts the WAM functionality. Workaround: Delete the mcp persistent database. |
ID 456845 | WAM generated customized ETag sent to OWS. Client has content cached and sends a conditional GET. wa_clear_cache has been issued or content has been evicted from WAM cache. The ETag sent by the client in headers is sent to the OWS. Customized WA ETag makes it to the client. Assuming the server does not generated WA ETags, the behavior would be the same irrespective of whether the ETag makes it to the server or not. The expectation is to receive a 200 OK from the server so that the content can be cached by WAM. Workaround: No workaround required. |
ID 459851 | The connection is aborted when using If-Match header with a Always Proxy response policy node but No Proxy request policy node. "Virtual server with Web Accelerator. GET request with Header: If-Match with strong tag. WA Policy: Node matching the request: No-Proxy Node matching the response: Always Proxy" Connection reset when it should be return 412. Workaround: |
ID 467633 | "TMM coring, or exhibiting strange behavior. Checking the WAM stats reveals an underflow for bytes_minified in wam_css_stat, for example: active parses bytes_parsed bytes_queued partial_parses partial_parse_bytes ------ ------ ------------ ------------ -------------- ------------------- 0 4 612 0 4 586 annotations resets parser_errors bytes_minified images_inlined ----------- ------ ------------- -------------------- -------------- 5 0 0 18446744073709551564 0 images_bytes_inlined images_uninlined images_uninlined_expiry -------------------- ---------------- ----------------------- 0 0 0" The CSS data that is being minified must already be minified and contain no extraneous whitespace. TMM may core or behave unexpectedly. The wam_css_stat stat's bytes_minified will be incorrect. Workaround: Disable CSS minification. |
ID 474445 | TMM crash when processing unexpected HTTP response in WAM "WAM enabled VS WAM disabled during request phase WAM enabled during response phase" TMM crash Workaround: Do not disable WAM during request processing unless it will also be disabled during response processing. If WAM is disabled, close the connection after the response with HTTP::Close to ensure it cannot be used for future requests. |
Contacting F5 Networks
Phone: | (206) 272-6888 |
Fax: | (206) 272-6802 |
Web: | http://support.f5.com |
Email: | support@f5.com |
For additional information, please visit http://www.f5.com.
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
- The F5 Networks Technical Support web site: http://www.f5.com/support/
- The AskF5 web site: http://support.f5.com/kb/en-us.html
- The F5 DevCentral web site: http://devcentral.f5.com/
- AskF5 TechNews
F5 Networks Technical Support
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5
AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
F5 DevCentral
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
AskF5 TechNews
- Weekly HTML TechNews
- The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
- Periodic plain text TechNews
- F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you are using to subscribe. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.