Release Notes : BIG-IP 11.4.1 VE Release Notes

Applies To:

Show Versions Show Versions


  • 11.4.1


  • 11.4.1


  • 11.4.1

BIG-IP Analytics

  • 11.4.1


  • 11.4.1


  • 11.4.1


  • 11.4.1


  • 11.4.1


  • 11.4.1
Release Notes
Original Publication Date: 03/18/2018 Updated Date: 04/18/2019


BIG-IP Virtual Edition (VE) is a version of the BIG-IP system that runs as a virtual machine. Supported modules include Local Traffic Manager, Global Traffic Manager, Application Security Manager, Access Policy Manager, Application Acceleration Manager, Policy Enforcement Manager, Application Firewall Manager, Analytics, and Protocol Security Manager. BIG-IP VE includes all features of device-based BIG-IP modules running on standard BIG-IP TMOS, except as noted in release notes and product documentation.

Note: The BIG-IP VE product license determines the maximum allowed throughput rate. To view this rate limit, you can display the licensing page within the BIG-IP Configuration utility.


Supported platforms

This version of the software is supported in the following configurations. For a list of VE hypervisor support, see the Virtual Edition and Supported Hypervisors Matrix

Memory: 12 GB or more

All licensable module-combinations may be run on BIG-IP Virtual Edition (VE) guests provisioned with 12 GB or more of memory.

Memory: 8 GB

The following guidelines apply to VE guests configured with 8 GB of memory.

  • No more than three modules should be provisioned together.

Memory: Less than 8 GB and more than 4 GB

The following guidelines apply to VE guests provisioned with less than 8 GB and more than 4 GB of memory.

  • No more than three modules (not including AAM) should be provisioned together.
  • Application Acceleration Manager (AAM) cannot be provisioned with any other module; AAM can only be provisioned standalone.

Memory: 4 GB or less

The following guidelines apply to VE guests provisioned with 4 GB or less of memory.

  • No more than two modules may be configured together.
  • AAM should not be provisioned, except as Dedicated.

User documentation for this release

New in 11.4.1

There are no new items specific to Virtual Edition.

New in 11.4.0

Production Xen Community (RHEL 5.3) Hypervisor Support

In this release, BIG-IP® Virtual Edition (VE) provides support for Community Xen hypervisors.

Support LRO, TSO, and Jumbo Frames

In this release, BIG-IP® Virtual VE provides support for Large Receive Offload (LRO), TCP Segmentation Offload (TSO), and Jumbo Frames. This feature provides enhanced performance resulting from the ability to handle larger packet sizes (up to 64 kB).

Support HA in Amazon

In this release, BIG-IP® VE provides support for high availability on Amazon EC2 so that if a failover event occurs, traffic is transferred to a failover peer.

Support SR-IOV for improved performance

In this release, BIG-IP® VE provides support for Single root I/O virtualization (SR-IOV). This feature provides enhance performance resulting from the ability to offload processing to an SR-IOV-capable network card.

Advanced Encryption Standard New Instruction

In this release, BIG-IP VE provides support for Advanced Encryption Standard New Instruction (AES-NI). SSL encryption processing on your VE will be faster if your host CPU supports AES-NI. Contact your CPU or cloud vendor for details on which CPUs or instance types provide AES-NI support.

Fixes in 11.4.1

ID Number Description
ID 431361 With the AWS marketplace release of the BIG-IP 11.4.1 AMI on 1/21/14 (contains all fixes included in BIG-IP 11.4.1 HF3) and the BIG-IQ 4.2.0 AMI on 1/24/14, the AWS BIG-IP/BIG-IQ instances now start up properly.

Fixes in 11.4.0

There are no Virtual Edition-specific fixes specified for this release.

Behavior changes in 11.4.1

There are no known release-specific behavior changes.

Behavior changes in 11.4.0

ID Description
ID 420932 HA Group fail over capability added for Amazon EC2 instances.

Local Traffic Manager-Virtual Edition known issues

ID Description
ID 224507 When VE is deployed on VMware, the management port might not correctly reflect the uplink port speed of the vSwitch that it is connected to. This should have no adverse affects on actual management port traffic.
ID 346083 "When you remove an interface from all VLANs, and then add the same interface, the interface status remains UNINITIALIZED, and you can only access the system from the console. To recover, manually edit bigip_base.conf, deleting the entries and running the command: 'load sys config'. An entry appears similar to the following: net interface 1.3 { media-fixed 10000T-FD }"
ID 351199 When importing an OVA into XenServer, CPU priority is not set. It is recommended that a higher priority be set on the VM. Using XenCenter, click on the General tab of the VM. Then click Properties. On the CPU and Memory tab, the VCPU priority should be configured at the highest value.
ID 351538 "F5 Networks strongly recommends that the host system use CPUs with AMD-V or Intel-VT technology. This might require adjusting the systems BIOS or Unified Extensible Firmware Interface (UEFI) configuration. For specific hypervisors, hardware assisted virtualization technologies might be required in order to boot BIG-IP VE. For detailed system requirements, see the hypervisor's documentation."
ID 352456 Host-based time synchronization can last a few minutes in order to align the clocks.
ID 352856 "If an SCF is migrated between BIG-IP VE running on non-similar hypervisor software, a validation error may prevent configuration loading. Loading the configuration ... BIGpipe interface creation error: 01070318:3: ""The requested media for interface 1.1 is invalid."" When this condition is encountered on BIG-IP Virtual Edition, configuration may be fixed for import by removing the entire line that contains ""media fixed"" statements for each interface."
ID 358355 When deployed as a Microsoft Hyper-V virtual machine, BIG-IP VE must be configured with Static Memory Allocation. The use of Dynamic Memory Allocation is unsupported and might cause issues.
ID 364704 Taking a snapshot of the virtual machine's memory often pauses the virtual machine and may produce undesired results. To correct this problem on VMware hypervisors, do not include the virtual machine's memory when snapshots are taken.
ID 365560 "TCP and SSL profiles do not have the Advanced menu that is part of standard (not VE) LTM v10.2.2. Therefore the profile settings are not available in BIG-IP VE 10.2.2."
ID 366403 After modifying the BIG-IP system configuration by adding or removing Network Interfaces, the interface numbering might appear out of order and NICs may appear that are no longer present. If the virtual interfaces on the BIG-IP VE system are changed after a binary MCPD database has been created, the system may not detect the change even after a subsequent reboot. To ensure that the system properly detects the new or removed interfaces, type the command "rm /var/db/mcpd*" at the BIG-IP VE command prompt, and reboot the system. TMM-to-vSwitch interface mapping can be viewed by comparing the MAC addresses of the interfaces displayed in the BIG-IP Configuration utility to those displayed in the hypervisors configuration. The interfaces may need a simple adjustment to map to the correct networks.
ID 367759 Modifying an interface's VLAN configuration from tagged to untagged, or untagged to tagged, can result in unavailability of traffic on that interface. Restarting the tmm with "bigstart restart tmm" will correct this condition.
ID 367862 Network Interface Port Mirroring is not supported by BIG-IP VE with this release.
ID 370367 On BIG-IP VE only, changing the interface used by a VLAN from one to another might show degraded performance in the event that both interfaces are configured to participate on the same broadcast network. Restarting the TMM with "bigstart restart tmm" will restore performance and resolve the issue.
ID 371458 On a XenServer Host, all interfaces are expected to show up as 100TX-FD within tmsh. All application traffic handling interfaces will be shown with a media speed of 100 and an Active Duplex of half in the GUI for this release. This speed rating is simply cosmetic and not actually reflective of the speeds and duplex for BIG-IP VE on a XenServer host. The actual link is a high speed internal connection via a Virtual Network Interface within the hypervisor at speeds greater than 100Mbps.
ID 371631 BIG-IP Virtual Edition (VE) may incorrectly report the interface media duplex settings as none. The General Properties may show an incorrect Active Duplex setting when you navigate to Network :: Interfaces, and then click the interface. The output from the tmsh show network interface all-properties command may show incorrect information in the Media column. Running the command 'show net interface all-properties'. You are unable to confirm the current duplex setting of an interface. Workaround: To work around this issue, you can determine the interface media duplex setting for VE configurations not involving SR-IOV by running the following command: tmsh list net interface. Note: This workaround is valid only for VE configurations and only reports the VE's reported link state. A VM cannot determine any vSwitch's upstream link state via its own link state. VE knows about the link between it and the vSwitch, except in SR-IOV deployments, where there is no vSwitch and the link is direct.
ID 372540 Migration of BIG-IP VE, whether live or powered off, will commonly incur an innocuous warning message similar to this on vSphere hypervisors: Virtual Ethernet card 'Network adapter 1' is not supported. This is not a limitation of the host in general, but of the virtual machine's configured guest OS on the selected host." This message is benign and can safely be ignored.
ID 374064 Import verification of the .ova may fail when using the XenCenter 5.6. OVA import wizard. It is suggested that XenCenter 5.6 users verify the .ova file signature as described on AskF5.
ID 399035 "The following message may be logged on each boot with this release of BIG-IP Virtual Edition: ""SRAT: PXMs only cover 61231MB of your 61999MB e820 RAM. Not used. SRAT: SRAT not used."" This message is benign and can safely be ignored."
ID 399046 "On boot of BIG-IP Virtual Edition on Xen Hypervisors, a message similar to ""err kernel: piix4_smbus 0000:00:01.3: SMBus base address uninitialized - upgrade BIOS or use force_addr=0xaddr"" may be displayed. This is considered innocuous and may be ignored."
ID 404628 BIG-IP Virtual Edition hosted on XenServer cannot have more than six network interfaces configured in the virtual machine definition for this release of software.
ID 409234 "FastL4 Virtual Servers can experience very low throughput on Virtual Edition with TCP Segmentation Offload disabled. The customer will notice a large amount of Transmit Datagram Errors for the fastl4 profile (tmsh show ltm profile fastl4)" "The customer must be running Big-IP version 11.4 Virtual Edition with at least one fastL4 virtual server configured. The customer must additionally have TCP Segmentation Offload (TSO) disabled in the TMM (sys db tm.tcpsegmentationoffload). The customer may see low throughput numbers in this configuration if their hypervisor has Large Receive Offload (LRO) enabled. This is a hypervisor configuration and is beyond our control. The customer may also see these low throughput numbers when their Virtual Edition is passing traffic to other virtual machines running on the same physical hypervisor." FastL4 virtual servers affected will have very low throughput. "The customer should enable TCP Segmentation Offload by modifying 'sys db tm.tcpsegmentationoffload'. The customer may also resolve this issue by disabling large Receive Offload (LRO) on any hypervisor they plan on running Virtual Edition."
ID 414251 In AWS, Connection mirroring doesn't work if an instance with different number of cores is present in traffic group. Bigip instances in AWS used for connection mirroring as part of HA functionality should be of same instance type and size thus ensuring same number of cores.
ID 416201 Community Xen: Only 2 PCI pass-through interfaces can be seen on the guest. This is an issue in the CentOS domain 0, and not the BIG-IP guest.
ID 416231 Virtual Edition instances running on Xen 3.0 based hypervisors may report less memory than provisioned. For example a VE instance with 4 GB of memory provisioned may report 3.5 GB of memory available. Virtual Edition running on a Xen 3.0 based hypervisor, such as CentOS 5.9 Xen. The number of TMMs provisioned depends on the total memory available. If the Virtual Edition instance reports less memory than provisioned it may run less TMM's than expected. Deploy the Virtual Edition instance with more memory.

Global Traffic Manager-Virtual Edition known issues

There are no known issues specific to Global Traffic Manager-Virtual Edition.

Application Security Manager-Virtual Edition known issues

There are no known issues specific to Application Security Manager-Virtual Edition.

Access Policy Manager-Virtual Edition known issues

There are no known issues specific to Access Policy Manager-Virtual Edition.

Application Acceleration Manager-Virtual Edition known issues

There are no known issues specific to Application Acceleration Manager-Virtual Edition.

Policy Enforcement Manager-Virtual Edition known issues

There are no known issues specific to Policy Enforcement Manager-Virtual Edition.

Application Firewall Manager-Virtual Edition known issues

There are no known issues specific to Application Firewall Manager-Virtual Edition.

Analytics-Virtual Edition known issues

There are no known issues specific to Analytics-Virtual Edition.

Protocol Security Manager-Virtual Edition known issues

There are no known issues specific to Protocol Security Manager-Virtual Edition.

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802

For additional information, please visit

How to Contact F5 Support or the SOC

You can contact a Network Support Center as follows:

You can manage cases online at F5 WebSupport (registration required). To register email with your F5 hardware serial numbers and contact information.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.


AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to from the email address you are using to subscribe. Unsubscribe by sending a blank email to

Legal notices