Release Notes : BIG-IP 11.5.4 VE Release Notes

Applies To:

Show Versions Show Versions


  • 11.5.4


  • 11.5.4


  • 11.5.4

BIG-IP Analytics

  • 11.5.4


  • 11.5.4


  • 11.5.4


  • 11.5.4


  • 11.5.4
Release Notes
Original Publication Date: 03/19/2018 Updated Date: 04/27/2022


BIG-IP Virtual Edition (VE) is a version of the BIG-IP system that runs as a virtual machine. Supported modules include Local Traffic Manager, Global Traffic Manager, Application Security Manager, Access Policy Manager, Application Acceleration Manager, Policy Enforcement Manager, Application Firewall Manager, and Analytics. BIG-IP VE includes all features of device-based BIG-IP modules running on standard BIG-IP TMOS, except as noted in release notes and product documentation.

Note: The BIG-IP VE product license determines the maximum allowed throughput rate. To view this rate limit, you can display the licensing page within the BIG-IP Configuration utility.


Supported platforms

This version of the software is supported in the following configurations. For a list of VE hypervisor support, see the Virtual Edition and Supported Hypervisors Matrix

Memory: 12 GB or more

All licensable module-combinations may be run on BIG-IP Virtual Edition (VE) guests provisioned with 12 GB or more of memory.

Memory: 8 GB

The following guidelines apply to VE guests configured with 8 GB of memory.

  • No more than three modules should be provisioned together.

Memory: Less than 8 GB and more than 4 GB

The following guidelines apply to VE guests provisioned with less than 8 GB and more than 4 GB of memory.

  • No more than three modules (not including AAM) should be provisioned together.
  • Application Acceleration Manager (AAM) cannot be provisioned with any other module; AAM can only be provisioned standalone.

Memory: 4 GB or less

The following guidelines apply to VE guests provisioned with 4 GB or less of memory.

  • No more than two modules may be configured together.
  • AAM should not be provisioned, except as Dedicated.

BIG-IQ – BIG-IP compatibility

SOL14592: Compatibility between BIG-IQ and BIG-IP releases provides a summary of version compatibility for specific features between the BIG-IQ system and BIG-IP releases.

User documentation for this release

New in 11.5.4

There are no new features specific to Virtual Edition.

New in 11.5.3

There are no new features specific to Virtual Edition.

New in 11.5.2

There are no new features specific to Virtual Edition.

New in 11.5.1

There are no new features specific to Virtual Edition.

New in 11.5.0

Reduced Disk Size Options

With this release, there are 3 new disk size options available.

Disk Size Modules Supported Features Supported
7 GB LTM only on a single slot You cannot install upgrades or hotfixes to this version.
31 GB LTM only on two slots This option can be extended and upgraded with new versions and hot fix updates. It does not allow installing any modules besides LTM, GTM, or LTM + GTM.
100 GB Supports all modules This option can be extended and upgraded with new versions and hot fix updates. It allows installing any combination of other modules supported by the current version of BIG-IQ VE software.

Extensible disk size

After you deploy the BIG-IP VE, if the hypervisor supports it, you can now expand the disk size to provide additional space for VE log, trace, config, and core files. Instruction for this task varies depends on your hypervisor type and is documented in the BIG-IP VE Setup Guide for your hypervisor.

High-Performance 10Gbps VE configuration for virtual appliance

This release provides high-performance 10Gbps VE configuration for virtual appliance deployments using VMware.

Increased Max SSL throughput

This release provides increased Max SSL throughput to 4Gbps for 10 GB BIG-IP LTM VE deployments.

25Mbps throughput license

25Mbps throughput license for high-density deployments with individual applications, a small number of applications, or a single tenant on all major hypervisors and AWS.

Updated hypervisors and Linux distributions

This release provides support for updated hypervisors and Linux distributions. For a list of VE hypervisor support, see the Virtual Edition and Supported Hypervisors Matrix.

Fixes in 11.5.4

ID Number Description
486758 Resolved installation error in a pre-release build of 11.2.1 HF14 that caused the system to fail to initialize the management port. The officially released 11.2.1 HF14 does not have this problem.
498992 Added more logging details for AWS failover failure to assist in detecting problems in failover.
519510 Change in L4 packet header offset, resulting from VLAN header insertion, is being accounted for to verify checksum.
530122 This release provides improvements for building hotfix images for hypervisors.
531986 The problem with default tmm route breaking Hourly licenses has been resolved with the fix. The default tmm route no longer affects the Hourly license.
535806 Increased the size of virtual disk so that there is enough free disk space for live install of BIG-IP 12.0.0 from 11.5.3 VE.
544980 BIG-IP Virtual Edition now ends up with sufficient disk space for the /var software partition when deploying from OVA for the Better or Best license bundle
547047 F5 Networks added the latest available version ( of EC2 tools in this release/hotfix.

Fixes in 11.5.3

ID Number Description
ID 471860 When you disable an interface, the state shows DISABLED. When you enable that interface, the indication for the interface now shows ENABLED.
ID 484733 The reassignment of IP addresses for forwarding virtual servers with SNATs defined in the configuration now occurs as expected in Amazon Web Services (AWS).

Fixes in 11.5.2

ID Number Description
ID 482434 Throughput and new connections per/sec are now comparable in AWS for SR-IOV enabled instances and in other instances.

Fixes in 11.5.1

ID Number Description
ID 448299 The emulated IDE storage driver has been replaced with PV (para-virtualized) SCSI storage driver. PV SCSI driver gracefully handles disk I/O timeouts and recovers from them.

Fixes in 11.5.0

ID Number Description
ID 367759 On BIG-IP VE, modifying an interface's VLAN configuration from tagged to untagged, or untagged to tagged, can result in unavailability of traffic on that interface. Restarting the tmm with "bigstart restart tmm" will correct this condition, as will deleting and recreating the VLAN with desired tagging attributes.
ID 427415 AWS instances with core counts (vCPUs) higher than 4 is able to license and operate in the expected way.
ID 428612 "In order to make Intel SR-IOV work out-of-box, Intel VF's MTU has been reduced to 1500 in BIG-IP VE. VF's MTU has to be changed to be equal to or greater than its VLAN's MTU to support jumbo frame. A new feature is provided to make it happen. Steps to increase Intel VF's MTU in BIG-IP VE: - Append the following line to /etc/modprobe.d/f5-platform-virtual-applicance.conf file options unic max_mtu=<max_mtu_size> - reboot BIG-IP VE - OR, run: bigstart stop tmm rmmod unic modprobe unic bigstart start tmm"
ID 430655 Improved debugging on TMM to include DB variable provision.

Behavior changes in 11.5.4

There are no Virtual Edition-specific behavior changes specified for this release.

Behavior changes in 11.5.3

There are no Virtual Edition-specific behavior changes specified for this release.

Behavior changes in 11.5.2

There are no Virtual Edition-specific behavior changes specified for this release.

Behavior changes in 11.5.1

There are no Virtual Edition-specific behavior changes specified for this release.

Behavior changes in 11.5.0

There are no known release-specific behavior changes.

Local Traffic Manager-Virtual Edition known issues

ID Number Description
224507 When Virtual Editing (VE) is deployed on VMware, the management port might not correctly reflect the uplink port speed of the vSwitch that it is connected to. VE deployed on VMware. This should have no adverse affects on actual management port traffic. Workaround: None.
351538 F5 Networks strongly recommends that the host system use CPUs with AMD-V or Intel-VT technology. This might require adjusting the systems BIOS or Unified Extensible Firmware Interface (UEFI) configuration. Host systems not using CPUs with AMD-V or Intel-VT technology. For specific hypervisors, hardware assisted virtualization technologies might be required in order to boot BIG-IP VE. For detailed system requirements, see the hypervisor's documentation. Workaround: None.
352856 Errors occur when migrating SCF files between different BIG-IP Virtual Edition (VE) hypervisor software. This occurs on BIG-IP VE. "The configuration does not load, and the system posts the following error: BIGpipe interface creation error: 01070318:3: 'The requested media for interface 1.1 is invalid.'" Workaround: To work around this, remove the entire line that contains 'media fixed' statements for each interface. When the media capabilities are removed from the SCF before load, no error occurs.
358355 When deployed as a Microsoft Hyper-V virtual machine, BIG-IP Virtual Edition (VE) must be configured with Static Memory Allocation. The use of Dynamic Memory Allocation is unsupported and might cause issues. Dynamic Memory Allocation. Dynamic Memory Allocation is unsupported and might cause issues. Workaround: None.
364704 Certain hypervisors support a snapshot of the virtual machine taken with the active state of the memory. On VMware, this temporarily freezes the virtual machine. This might produce undesired results. Taking a snapshot of the virtual machine's memory on VMware. Pauses the virtual machine, which might produce undesired results. Workaround: To avoid this problem on VMware hypervisors, do not include the virtual machine's memory when taking snapshots. On VMware, uncheck the option: Snapshot the virtual machine's memory.
366403 After modifying the BIG-IP system topology by adding or removing Network Interfaces, the interface numbering might appear out of order and NICs may appear that are no longer present. Adding or removing Network Interfaces. Usually the fifth NIC will be the first to induce the problem. Interface numbering might appear out of alignment with the previous boot of the VE. NICs may appear that are no longer present. This impact can be seen even after reconfiguring the VLAN interfaces on the BIG-IP VE to match the new topology and MAC layout. After a binary MCPD database has been created, the system may not correctly detect the change even after a subsequent reboot. Workaround: To ensure that the VE system properly detects the new or removed interfaces, run the command 'rm /var/db/mcpd*' at the BIG-IP VE command prompt, and then reboot the VE. After a new mcpdb file has been created, the VLAN interfaces may need to be reconfigured to map to the correct networks, either on the hypervisor, BIG-IP VE, or both. Interface mapping can be viewed by comparing the MAC addresses of the VE interfaces to the same MAC addresses displayed in the hypervisor configuration for the Virtual Machine definition that the VE resides in. The BIG-IP VE MAC addresses can be found in the BIG-IP Configuration utility on the Network :: Interface page, via tmsh, or other resources, such as iControl and iControl REST.
371458 On a XenServer Host, all interfaces are expected to show up as 100TX-FD within tmsh. XenServer Host. All application traffic handling interfaces will be shown with a media speed of 100 and an Active Duplex of half in the GUI for this release. This speed rating is simply cosmetic and not actually reflective of the speeds and duplex for BIG-IP VE on a XenServer host. The actual link is a high speed internal connection via a Virtual Network Interface within the hypervisor at speeds greater than 100 Mbps. Workaround: None.
371631 BIG-IP Virtual Edition (VE) may incorrectly report the interface media duplex settings as none. The General Properties may show an incorrect Active Duplex setting when you navigate to Network :: Interfaces, and then click the interface. The output from the tmsh show network interface all-properties command may show incorrect information in the Media column. Running the command 'show net interface all-properties'. You are unable to confirm the current duplex setting of an interface. Workaround: "To work around this issue, you can determine the interface media duplex setting for VE configurations not involving SR-IOV by running the following command: tmsh list net interface. Note: This workaround is valid only for VE configurations and only reports the VE's reported link state. A VM cannot determine any vSwitch's upstream link state via its own link state. VE knows about the link between it and the vSwitch, except in SR-IOV deployments, where there is no vSwitch and the link is direct."
372540 Migration of BIG-IP VE, whether live or powered off, commonly incurs an innocuous warning message similar to this on vSphere hypervisors: Virtual Ethernet card: 'Network adapter 1' is not supported. Migration of BIG-IP VE, whether live or powered off. This is not a limitation of the host in general, but of the virtual machine's configured guest OS on the selected host." This message is benign and can safely be ignored. Workaround: None.
394817 Virtual Edition (VE) now supports CMP (that is, multiple TMMs running on the same device). For rate-limited licenses, the throughput rate is divided by the number of TMMs, so each TMM is capped at a fraction of the total licensed limit. VE with CMP enabled and a rate-limited license. After enabling CMP on VE, maximum throughput for one TCP/UDP connection is decreased by the TMM count. For example, If a 200M license with one connection has a throughput of 180Mbits/s before enabling CMP, then for two TMMs the expected throughput would be 90 Mbits/s, and with four TMMs, the expected throughput would be 45 Mbit/s. This is expected functionality. Workaround: None.
409234 FastL4 Virtual Servers might experience very low throughput on Virtual Edition (VE) with TCP Segmentation Offload disabled. VE, with at least one FastL4 virtual server configured, and TCP Segmentation Offload (TSO) disabled in the TMM (sys db tm.tcpsegmentationoffload). Numerous Transmit Datagram Errors for the FastL4 profile (tmsh show ltm profile FastL4). FastL4 virtual servers affected might have very low throughput, which might occur if the hypervisor has Large Receive Offload (LRO) enabled. This is a hypervisor configuration issue. Low throughput might also occur when VE is passing traffic to other virtual machines running on the same physical hypervisor. Workaround: There are two workarounds: -- Enable TCP Segmentation Offload by modifying 'sys db tm.tcpsegmentationoffload'. -- Disable LRO on hypervisors running VE.
412817 The BIG-IP system is unreachable for IPv6 traffic via PCI pass-through interfaces, because current ixgbevf drivers do not support multicast receive. When configured to see IPv6 traffic on a PCI pass-through interface, the BIG-IP guest is not able to see this traffic. PCI pass-through interfaces are unable to see IPv6 traffic. Workaround: None.
470238 tmm continuous restart issue when number of cores specified in the in license differs from the number of CPUs on the system. The value of perf_VE_cores in /config/bigip.license is different from the number of CPUs on virtual machine. tmm continuously restarts, and no traffic can be handled. This is a rarely occurring issue. Workaround: Manually set the value of DB variable provision.tmmcount to the value of perf_VE_cores specified in the license. To do so, run the following command: tmsh modify sys db provision.tmmcount _value_.
488430 LTM Virtual Edition (VE) does not support the cloud features suspend/save/migration for Community Xen Hypervisor. Community Xen Hypervisor. Reduces migration functionality on Community Xen Hypervisor platform. Workaround: Save the standard configuration in a UCS file and migrate the UCS file to different instances as needed.
495523 MCPd goes into a restart loop after a change to the AWS Instance Type. This occurs in Virtual Edition (VE) after changing the underlying instance hardware in AWS, which is not supported behavior. The instance is not usable. There is no error message to indicate the failure. Workaround: Users can save the configuration on the BIG-IP system, instantiate a instance of the desired type, and apply the saved configuration.
517454 BIG-IP VE running on Azure cloud cannot report hostname back to Azure Fabric Controller. Hostname is missing in Azure VE's dashboard in Azure portal. If BIG-IP VE runs on Azure cloud. Although the hostname is missing, there is no impact on BIG-IP VE functionality. Workaround: None.
536751 On first login, the auto-generated password is aged and password change is enforced, but the new password is not synced to the BIG-IP configuration. As a result on a subsequent configuration load, the password is reset to an auto-generated one. Configuration load after password change without intervening configuration save. Configuration is implicitly reloaded in many cases, including BIG-IP reboot, mcpd restart, license installation, and many more. If the first login happened before mcpd fully loads, subsequent mcpd starts invoke password reset. Old password overwrites the new password after a reboot. Workaround: "Enforce password change and save configuration after mcpd start. To change password again, run the command: tmsh modify auth user password. To save the configuration after password change, run the command: tmsh save sys config. Note: mcpd restart must be complete before running these commands."
538012 VE 1NIC provisioning shares the same IP address as both the management IP and self IP address, so Virtual Edition (VE)with 1NIC enabled cannot pass any traffic through the data plane if a different self IP address from the DHCP management IP was assigned. #NAME? "The GUI loses its connection. Connectivity is lost until the self-IP address is deleted via ssh/tmsh, or create a virtual server on 443 that points to localhost. Note: This is because creation of a self IP appears to be the trigger that causes uNIC to redirect all 443 traffic to the TMM instead of Linux. However, there is no warning of what will happen, and it is extremely unintuitive." Workaround: Delete the newly created self-IP address to return access, or create a virtual server on 443 that points to localhost. As an alternative, use multi-NIC configurations.
554461 Serial-based VE consoles not displaying boot messages. VE grub and kernel configurations have been set to vga (tty0) (the default) and need to be set to serial and vga (ttyS0, tty0). Serial console is missing from grub options of VE on KVM, Xen. Configuration issues might result in an unrecoverable VE if serial console is the only method of access present. Workaround: Use the VGA console (virt-admin, over the Xen configuration utility, etc.), or wait for the login prompt to be present over the serial console (you may have to press a key for it to show up).

              1) To fix up the serial console, on the affected VE, login and run the following command: vi $( grub_open )
              2) To restore grub boot selections, add the following two lines after 'timeout=8':
              serial --unit=0 --speed=19200
              terminal --timeout=3 serial console
              3) To restore the kernel messages, edit each console=tty0 boot entry to read as follows:
              console=tty0 console=ttys0.
              4) To synchronizes the grub menu to storage for use on the next boot, run the following command: grub_close.

563116 Cannot install a hotfix or anything on the second volume if an empty HD1.2 exists before installing. --BIG-IP Virtual Edition. --HD1.2 is empty before installing. Failed installation occurs with Disk full (volume group). See SOL#10636 message. Workaround: After encountering the disk-full condition described in SOL10636, or to avoid it in the first place, remove HD1.2 before installing. Then install to a new boot location using the create-volume option (in tmsh), or specify a new volume name when installing (in the GUI-based configuration utility).

Global Traffic Manager-Virtual Edition known issues

There are no known issues specific to Global Traffic Manager/Link Controller-Virtual Edition.

Application Security Manager-Virtual Edition known issues

There are no known issues specific to Application Security Manager-Virtual Edition.

Access Policy Manager-Virtual Edition known issues

There are no known issues specific to Access Policy Manager-Virtual Edition.

Application Acceleration Manager-Virtual Edition known issues

There are no known issues specific to Application Acceleration Manager-Virtual Edition.

Policy Enforcement Manager-Virtual Edition known issues

There are no known issues specific to Policy Enforcement Manager-Virtual Edition.

Application Firewall Manager-Virtual Edition known issues

There are no known issues specific to Application Firewall Manager-Virtual Edition.

Analytics-Virtual Edition known issues

There are no known issues specific to Analytics-Virtual Edition.

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802

For additional information, please visit

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.


AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, complete the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email.) To subscribe, send a blank email to from the email address you are using to subscribe. Unsubscribe by sending a blank email to

Legal notices