Applies To:
Show Versions
BIG-IP PEM
- 11.4.1
Summary:
This release note documents the version 11.4.1 release of BIG-IP Policy Enforcement Manager (PEM).
Contents:
- Supported platforms
- Configuration utility browser support
- User documentation for this release
- New in 11.4.1
- Fixes in 11.4.1
- Fixes in 11.4.0
- Behavior changes in 11.4.1
- Known issues
- Contacting F5 Networks
- Legal notices
Supported platforms
This version of the software is supported on the following platforms:
| Platform name | Platform ID |
|---|---|
| BIG-IP 800 (LTM only) | C114 |
| BIG-IP 1600 | C102 |
| BIG-IP 3600 | C103 |
| BIG-IP 3900 | C106 |
| BIG-IP 6900 | D104 |
| BIG-IP 8900 | D106 |
| BIG-IP 8950 | D107 |
| BIG-IP 11000 | E101 |
| BIG-IP 11050 | E102 |
| BIG-IP 2000s, BIG-IP 2200s | C112 |
| BIG-IP 4000s, BIG-IP 4200v | C113 |
| BIG-IP 5000s, BIG-IP 5200v BIG-IP 5x50 (requires 11.4.1 HF3) |
C109 |
| BIG-IP 7000s, BIG-IP 7200v BIG-IP 7x50 (requires 11.4.1 HF3) |
D110 |
| BIG-IP 10x50 (requires 11.4.1 HF3) | D112 |
| BIG-IP 10000s, BIG-IP 10200v | D113 |
| VIPRION B2100 Blade | A109 |
| VIPRION B2150 Blade | A113 |
| VIPRION B2250 Blade (requires 11.4.1 HF1) | A112 |
| VIPRION C2400 Chassis | F100 |
| VIPRION B4100, B4100N Blade | A100, A105 |
| VIPRION B4200, B4200N Blade | A107, A111 |
| VIPRION B4300, B4340N Blade | A108, A110 |
| VIPRION C4400, C4400N Chassis | J100, J101 |
| VIPRION C4480, C4480N Chassis | J102, J103 |
| VIPRION C4800, C4800N Chassis | S100, S101 |
| Virtual Edition (VE) | Z100 |
| vCMP Guest | Z101 |
These platforms support various licensable combinations of product modules. This section provides general guidelines for module support.
Most of the support guidelines relate to memory on the platform or provisioned guest. For vCMP support and for Policy Enforcement Module (PEM), Carrier-Grade NAT (CGNAT), and the BIG-IP 800 platform, the following list applies for all memory levels:
- vCMP supported platforms
- VIPRION B2100, B2150, B2250, B4200, B4300, B4340N
- BIG-IP 5200v, 7200v, 10200v
- PEM and CGNAT supported platforms
- VIPRION B2150, B2250, B4300, B4340N
- BIG-IP 5200v, 7200v, 10200v
- BIG-IP Virtual Edition (VE) (Not including Amazon Web Service Virtual Edition)
- PEM and CGNAT may be provisioned on the VIPRION B4200, but it is not recommended for production, only for evaluation. PEM may be provisioned on the VIPRION B2100, but it is not recommended for production, only for evaluation. Use the B4300 or B4340N instead.
- BIG-IP 800 platform support
- The BIG-IP 800 platform supports Local Traffic Manager (LTM) only, and no other modules.
Memory: 12 GB or more
All licensable module-combinations may be run on platforms with 12 GB or more of memory, and on VE and vCMP guests provisioned with 12 GB or more of memory.
Memory: 8 GB
The following guidelines apply to the BIG-IP 2000s, 2200s, 3900, 6900 platforms, to the VIPRION B4100 and B4100N platforms, and to VE guests configured with 8 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus does not fit in this category.)
- No more than three modules should be provisioned together.
- On the 2000s and 2200s, Application Acceleration Manager (AAM) can be provisioned with only one other module.
- Note that Global Traffic Manager (GTM) and Link Controller (LC) do not count toward the module-combination limit.
Memory: Less than 8 GB and more than 4 GB
The following guidelines apply to platforms, and to VE and vCMP guests provisioned with less than 8 GB and more than 4 GB of memory. (A vCMP guest provisioned with 8 GB of memory has less than 8 GB of memory actually available and thus fits in this category).
- No more than three modules (not including AAM) should be provisioned together.
- Application Acceleration Manager (AAM) cannot be provisioned with any other module; AAM can only be provisioned standalone.
- Note that GTM and LC do not count toward the module-combination limit.
- Analytics (AVR) counts towards the two module-combination limit (for platforms with less than 6.25 GB of memory).
Memory: 4 GB or less
The following guidelines apply to the BIG-IP 1600 and 3600 platforms, and to VE and vCMP guests provisioned with 4 GB or less of memory.
- No more than two modules may be configured together.
- AAM should not be provisioned, except as Dedicated.
VIPRION and vCMP caching and deduplication requirements
Application Acceleration Manager (AAM) supports the following functionality when configuring vCMP and VIPRION platforms.
- AAM does not support disk-based caching functionality on vCMP platforms. AAM requires memory-based caching when configuring it to run on vCMP platforms.
- AAM supports disk-based caching functionality on VIPRION chassis or blades.
- AAM does not support deduplication functionality on vCMP platforms, or VIPRION chassis or blades.
vCMP memory provisioning calculations
The amount of memory provisioned to a vCMP guest is calculated using the following formula: (platform_memory - 3 GB) x (cpus_assigned_to_guest / total_cpus).
As an example, for the B2100 with two guests, provisioned memory calculates as: (16-3) x (2/4) ~= 6.5 GB.
Configuration utility browser support
The BIG-IP Configuration Utility supports these browsers and versions:
- Microsoft Internet Explorer 8.x and 9.x
- Mozilla Firefox 15.0.x
- Google Chrome 21.x
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the BIG-IP PEM / VE11.4.1 Documentation page.
New in 11.4.1
Custom Policy Action
The iRules Action feature allows TCL iRule script to be specified and associates one or more custom action with each rule. This custom action in PEM enables use of ICAP server for video optimization, URL consistent hash persistence, and use of any Local Traffic Manager (LTM), carrier-grade NAT (CGNAT), or other feature that has iRule controls.
Lower level of bandwidth control
This release provides support for lower levels of bandwidth control limitation. The minimal bandwidth control earlier was 1 megabit, and is now 5 Kbits per second.
Maximized Enterprise Application Delivery Value
To make it easier and more affordable to get the Software Defined Application Services capabilities all organizations need, F5 introduces three software bundle offerings: Good, Better, and Best.- Good
- Provides intelligent local traffic management for increased operational efficiency and peak network performance of applications.
- Better
- Good plus enhanced network security, global server load balancing, and advanced application delivery optimization.
- Best
- Better plus advanced access management and total application security. Delivers the ultimate in security, performance, and availability for your applications and network.
Fixes in 11.4.1
| ID number | Description |
|---|---|
| 408153 | Now, diameter messages (CCR and RAA messages) generated by the BIG-IP system, have the P bit (proxy-able) set. |
| 419729 | The auto-sync works for syncing the custom created SPM (PEM) profiles with PEM policies. |
| 422993 | PEM is now listed as a module and can be provisioned. |
| 425821 | No crash occurs when invalid classification ID is skipped. |
Fixes in 11.4.0
| ID number | Description |
|---|---|
| 397157 | Added Service Chain options configuration to screen in PEM. |
| 398666 | Added lsn-pool property to Forwarding Endpoint screen in PEM. |
| 400065 | New Classification Protocol Bundle provided with this version correctly classifies the active FTP over IPv6 data channel. |
| 400799 | The DIAMETER::state command is now implemented for the diameter-endpoint profile and any profiles derived from it (such as the gx-endpoint profile). |
| 402868 | Now the PEM susbscriber import feature properly imports files which include white space in the file's name. |
| 400385 | IPv6 RADIUS virtual servers no longer become unavailable when modified to use an IPv4 address. |
| 404107 | Now without restarting tmm when the Gx server IP is changed, the changes take effect and BIG-IP connects to the new PCRF. |
Behavior changes in 11.4.1
| ID umber | Description |
|---|---|
| ID 424209 | The default bandwidth control policy is not created automatically when the first bandwidth control policy is created, and is not deleted by default when the last bwc policy is deleted. The default-bwc-policy is treated similarly to other bandwidth control policies. You can create a bandwidth control policy by this name and use it as required. |
Known issues
| ID number | Description |
|---|---|
| 397397 | When multiple static subscriber information is loaded from a .csv file, the subscriber information is lost if enter or CRLF is not entered at the end of each record line. To workaround this issue, press the Enter key or insert the CRLF character at the end of each row in the .csv file. |
| 398416 | If Gx reporting is selected for a rule, the BIG-IP system does not process the thresholds specified. It is expected that PCRF over Gx interface specifies the thresholds for each subscriber. Even though the option exists to specify the threshold for Gx reporting, it will be ignored. |
| 398922 | Only a single instance of the diameter-endpoint profile is supported in this release: the system-supplied default gx-endpoint profile. As a result, diameter-endpoint profiles cannot be created or deleted in the GUI or in tmsh. |
| 399119 | If a policy matched with flow filters drop or redirect the traffic, that traffic will not match other policy rules that use classification filters. |
| 400372 | The protocol msn_video is used by MSN Messenger for video conversations and is supported for MSN Messenger 8 and earlier. |
| 400893 | The .csv file for uploading static subscribers has multiple lines with Mac end of line. To work around this issue, convert the file into WIN file format and upload from the GUI or tmsh. This resolves the issue. |
| 401739 | Creation of a large number (>10000) of custom categories or applications could lead to memory exhaustion and possibly crash the BIG-IP system. |
| 403154 | When updating Qosmos signatures,/classification_base.conf needs to be manually updated from the tmsh. |
| 403374 | On rare occasions, when a policy is installed with 15 rules and reporting is configured on them, only 14 of the reports are generated when multiple flows (traffic) are sent matching all of them. Maximum usage reports per subscriber is supported. |
| 404047 | The BIG-IP system comes with a publisher called local-db-publisher. This publisher cannot be used as hsl endpoint, as reporting will not work. |
| 404594 | All the intermediate flows of the w-steering action will have the same BWC action when non-referential BWC policy is applied. To workaround this issue, modify the db var tmm.pem.srdb.entry.step to 240 (max). |
| 406311 | If gate status disabled action is enforced while using profile FastL4, the client will see unwanted connection resets. To workaround this issue, set the srDB using the db var tmm.pem.srdb.entry.step to 240. |
| 406349 | If the dynamic_spm_bwc_policy is not created, dynamic PCC rules are not applied. To workaround this issue, ensure that the dynamic_spm_bwc_policy is configured with proper parameters prior to getting dynamic PCC rules from the PCRF. |
| 409201 | If you change the SPM (PEM) profile of a virtual during a certain flow, the flow will not get policy reevaluation. Instead, only new flows will be using the new policies that are attached to the profile. |
| 410763 | If the monitoring key is longer than 1053 characters, an error message is issued. To workaround this issue, use monitoring keys lesser than 1053 characters. |
| 420504 | The Configuration Utility becomes unresponsive when the search function on the subscriber list page in the GUI is used, due to a large number of static subscribers in the BIG-IP system. In addition, attempts to navigate from the PEM policy list page to the subscribers list page using the subscriber count hyperlink has the same consequence, since the navigation applies a search. To work around this issue, restart the Configuration Utility and this can be done by performing a bigstart restart tomcat on the tmsh. |
Contacting F5 Networks
| Phone: | (206) 272-6888 |
| Fax: | (206) 272-6802 |
| Web: | http://support.f5.com |
| Email: | support@f5.com |
For additional information, please visit http://www.f5.com.
Additional resources
You can find additional support resources and technical documentation through a variety of sources.
- The F5 Networks Technical Support web site: http://www.f5.com/support/
- The AskF5 web site: http://support.f5.com/kb/en-us.html
- The F5 DevCentral web site: http://devcentral.f5.com/
- AskF5 TechNews
F5 Networks Technical Support
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5
AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
F5 DevCentral
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.
AskF5 TechNews
- Weekly HTML TechNews
- The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
- Periodic plain text TechNews
- F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you are using to subscribe. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.
