Applies To:
Show Versions
F5OS-A
- 1.0.1
F5OS-A Release Information
Version: 1.0.1
Build: 14867
Note: This content is current as of the software release date
Updates to bug information occur periodically. For the most up-to-date bug data, see Bug Tracker.
| The blue background highlights fixes |
Cumulative fixes from F5OS-A v1.0.0 that are included in this release
Known Issues in F5OS-A v1.0.x
Functional Change Fixes
None
F5OS-A Fixes
| ID Number | Severity | Links to More Info | Description |
| 1065325 | 1-Blocking | Multiple attributes under show system health are not updated properly. | |
| 1063781-1 | 1-Blocking | Duplicate broadcast/multicast packets are sent out a front panel interface. | |
| 1063137 | 1-Blocking | The tenant management IP and console is intermittently not accessible.★ | |
| 1064701 | 2-Critical | Not able to ping/connect to the management IP of a running tenant | |
| 1054021-1 | 2-Critical | BT1054021 | Tcpdump on VELOS chassis blade or rSeries appliance cores when line-dma agent layer below it fails |
| 1080109 | 3-Major | BT1080109 | System reboot or link down/up transition causes packet loss. |
| 1069529 | 3-Major | "Appliance Mode" UI control intermittently will revert your selection back to its configured state when enabling or disabling. | |
| 1067177-1 | 3-Major | The 'show portgroups portgroup' command is slow when no optical transceivers are plugged into front panel ports. | |
| 1066365 | 3-Major | Message of the Day not working for admin user | |
| 1064525 | 3-Major | Interface counters are slow to update | |
| 1064125 | 3-Major | Sw_rbcast container exits and restarts on non-fatal errors | |
| 1061757-1 | 3-Major | BT1061757 | VLAN Listener for a VLAN shared between tenants may not upgrade properly.★ |
| 1052565-1 | 3-Major | OPT-0048 displays incorrect media type. | |
| 1042785 | 3-Major | BT1042785 | Configuring spanning tree (stp) while disabled may display incorrect state |
| 1041713 | 3-Major | Fan health details are not reported under show system health. |
Cumulative fixes from F5OS-A v1.0.0 that are included in this release
Vulnerability Fixes
| ID Number | CVE | Links to More Info | Description |
| 998305 | CVE-2021-23840 | K24624116 | CVE-2021-23840: OpenSSL vulnerability |
Functional Change Fixes
| ID Number | Severity | Links to More Info | Description |
| 1016629-1 | 3-Major | BT1016629 | System allows creation of VLAN names that are too long★ |
| 1016621-1 | 3-Major | K64400840, BT1016621 | VLAN name validation changes★ |
| 1016509-1 | 3-Major | BT1016509 | System allows creation of duplicate VLAN names★ |
| 1001865-1 | 3-Major | No platform trunk information passed to tenant |
F5OS-A Fixes
| ID Number | Severity | Links to More Info | Description |
| 1055189 | 2-Critical | BT1055189 | Optical transceiver tuning values for OPT-0048 updated to reduce errors |
| 1038877-1 | 2-Critical | Last-change value does not display date of password change. | |
| 1027929-1 | 2-Critical | BT1027929 | Adding a VLAN to a LAG that is already configured on a tenant may not configure the VLAN correctly. |
| 1008585-3 | 2-Critical | BT1008585 | L2 Table corruption results in a traffic loss. |
| 997821-1 | 3-Major | Bi-directional optics part is not recognized and interface remains in the down state. | |
| 984721-1 | 3-Major | CLI commands for DNS and NTP could be simplified | |
| 1062657 | 3-Major | BT1062657 | Modified RADIUS and TACACS attributes to use F5OS instead of VELOS |
| 1062021 | 3-Major | Lacpd process continuously restarts after creating a LAG interface with a space.★ | |
| 1060405-1 | 3-Major | BT1060405 | Management-address is incorrectly displayed in lldp neighbor information |
| 1057009 | 3-Major | Malformed LLDPDU exchanged between platform and switch leads Cisco to ignore LLDP neighbor info. | |
| 1032697-1 | 3-Major | BT1032697 | File delete operation throws an improper message. |
| 1028873-1 | 3-Major | Colon character is not allowed in the password. | |
| 1027837-1 | 3-Major | Media type of optics with part number OPT-0047 reports as unknown. | |
| 1015497-2 | 3-Major | BT1015497 | In rare cases, the blade software can disconnect from the system controller and never recover. |
| 1014009-2 | 3-Major | BT1014009 | Blade out of memory condition when using a large number of VLANs. |
| 1009685-3 | 3-Major | 1.2.1 platform software cannot be imported on Controller OS versions below 1.2.0 | |
| 1058757-1 | 4-Minor | BT1058757 | Optical transceiver OPT-0043 reports unknown as media type |
| 1052629 | 4-Minor | Port group media string updated |
Cumulative fix details for F5OS-A v1.0.1 that are included in this release
998305 : CVE-2021-23840: OpenSSL vulnerability
Links to More Info: K24624116
997821-1 : Bi-directional optics part is not recognized and interface remains in the down state.
Component: F5OS-A
Symptoms:
Interface remains in down state even with optics and fiber inserted, and the optics type is not identified
Conditions:
Bi-Directional optics is present in the system
Impact:
Interface will not be operational
Workaround:
None
Fix:
Bi-Directional optics type should be recognized and interface should be operational
984721-1 : CLI commands for DNS and NTP could be simplified
Component: F5OS-A
Symptoms:
The CLI commands to configure DNS and NTP require specifying addresses twice.
For example, specifying a DNS server:
config
system dns servers server 10.10.10.10 config address 10.10.10.10
commit
Conditions:
Configuring a DNS or NTP server using the CLI commands.
Impact:
There is no operational impact; however, it is preferable to enter the IP address only once.
Workaround:
None. You have to specify the IP address twice.
1080109 : System reboot or link down/up transition causes packet loss.
Links to More Info: BT1080109
Component: F5OS-A
Symptoms:
A reboot of the system or a link down/up transition can result in packet loss on the affected front-panel interface(s).
Conditions:
A link down->up transition on a front panel interface or interfaces. Either initiated from the peer side or a system reboot.
Impact:
LACP LAGs can fail to form. Ingress traffic is not received by the tenants.
Workaround:
Reboot the system.
Fix:
Change link down processing to not reset internal hardware state of front panel MACs.
1069529 : "Appliance Mode" UI control intermittently will revert your selection back to its configured state when enabling or disabling.
Component: F5OS-A
Symptoms:
On the SYSTEM SETTINGS/General screen for the rSeries appliance, the "Appliance Mode" Enable/Disable radio button choice will revert back to its configured state when you're attempting to change the configuration prior to saving it.
Conditions:
The Enable/Disable radio button for Appliance Mode will undo your preferred selection when the screen does a periodic poll in the background to refresh state information that is displayed on the SYSTEM SETTINGS/General screen.
Impact:
If you attempt to either enable or disable Appliance Mode and the screen does a periodic polling refresh at the moment you make your desired selection, your selection will be reverted back to the actual current configuration state for Appliance Mode.
Workaround:
The impact is intermittent and only occurs at the precise moment the screen is refreshing its state information --- typically a 10 second interval. Appliance Mode can still be enabled or disabled via the webUI as long as it is within the window the screen is not doing a periodic refresh. Additionally, Appliance Mode can be enabled or disabled from the command line interface (CLI).
Fix:
Periodic polling on the SYSTEM SETTINGS/General screen for rSeries appliances will be disabled or removed.
1067177-1 : The 'show portgroups portgroup' command is slow when no optical transceivers are plugged into front panel ports.
Component: F5OS-A
Symptoms:
The 'show portgroups portgroup' command is slow when no optical transceivers are plugged into front panel ports. This affects the CLI, GUI, and RESTCONF.
Conditions:
R5000 and r1000 platforms with sparsely populated or empty front panel ports.
Impact:
Slow response to portgroup information on unpopulated front panel ports. No functional impact - just slow reporting.
Workaround:
N/A
Fix:
N/A
1066365 : Message of the Day not working for admin user
Component: F5OS-A
Symptoms:
Message of the Day (MOTD) is not displayed when the admin user logs in.
Conditions:
Message of the day (MOTD) is configured on the BIG-IP system.
Impact:
Admin users do not see the MOTD banner when they log in.
Fix:
If message of the day is configured on system, it will be displayed at the time of admin user login.
1065325 : Multiple attributes under show system health are not updated properly.
Component: F5OS-A
Symptoms:
Some of the attributes are not being updated properly and are not reporting values.
Conditions:
A few attributes were not being monitored, so their values were not reported. A few of the optic attributes (sfp port groups) have redundant attributes.
Impact:
As the values are not reported properly, it causes inconsistencies in health status of the attributes.
Fix:
Updated the background monitoring profile to monitor the attributes. Removed the attributes of 2,3 & 4 lanes for sfp port-groups as they are redundant.
1064701 : Not able to ping/connect to the management IP of a running tenant
Component: F5OS-A
Symptoms:
You are unable to reach the management IP address of a running tenant
Conditions:
This can occur occasionally when there are multiple reboots.
Impact:
Administrators are unable to reach the management IP address of the tenant even though it is running.
Workaround:
Change the tenant state to provisioned and back to the deployed state.
1064525 : Interface counters are slow to update
Component: F5OS-A
Symptoms:
Interface counters do not immediately reflect traffic activity.
Conditions:
Normal user traffic
Impact:
Interface counters may not reflect the exact amount of traffic due to being slow to update.
Fix:
Increase counter polling frequency.
1064125 : Sw_rbcast container exits and restarts on non-fatal errors
Component: F5OS-A
Symptoms:
Logs indicate a disconnect and restart of the sw_rbcast container:
appliance-1 sw-rbcast[20]: priority="Notice" version=1.0 msgid=0x6903000000000003 msg="Software Rebroadcaster disconnected from Host DMA-Agent." error=3.
appliance-1 sw-rbcast[20]: priority="Info" version=1.0 msgid=0x6903000000000002 msg="Software Rebroadcaster connected to Host DMA-Agent".
Conditions:
High volume (> 200k packets/second) of broadcast traffic.
Impact:
None. The container restarts and continues to process traffic
Fix:
Change error handling code so container does not exit for non-fatal errors.
1063781-1 : Duplicate broadcast/multicast packets are sent out a front panel interface.
Component: F5OS-A
Symptoms:
Clients may report 'duplicate response' due to multiple copies of the same broadcast/multicast packet.
Conditions:
Tenant generated broadcast/multicast traffic destined to a front-panel interface.
Impact:
No functional impact. Clients may report 'duplicate response' messages.
Fix:
Correct hardware programming to only send one copy of broadcast/multicast out a front-panel interface.
1063137 : The tenant management IP and console is intermittently not accessible.★
Component: F5OS-A
Symptoms:
The tenant management IP and console is intermittently not accessible after live upgrades.
Conditions:
This occurs during live upgrade of an rSeries appliance.
Impact:
Intermittently tenant management IP and console is not accessible.
Workaround:
Change tenant state to provisioned and back to deployed state.
Fix:
Change tenant state to provisioned and back to deployed state.
1062657 : Modified RADIUS and TACACS attributes to use F5OS instead of VELOS
Links to More Info: BT1062657
Component: F5OS-A
Symptoms:
The external RADIUS server needed to define RADIUS attributes in the f5.dictionary
ATTRIBUTE F5-VELOS-UID 21 integer
ATTRIBUTE F5-VELOS-GID 22 integer
ATTRIBUTE F5-VELOS-HOMEDIR 23 string
ATTRIBUTE F5-VELOS-SHELL 24 string
ATTRIBUTE F5-VELOS-USERINFO 25 string
to have F5OS instead of VELOS:
ATTRIBUTE F5-F5OS-UID 21 integer
ATTRIBUTE F5-F5OS-GID 22 integer
ATTRIBUTE F5-F5OS-HOMEDIR 23 string
ATTRIBUTE F5-F5OS-SHELL 24 string
ATTRIBUTE F5-F5OS-USERINFO 25 string
Note that no change for this is actually necessary because the ATTRIBUTE value is what is used:
t
E.g., for F5-F5OS-GID, the item is referenced by 22.
For TACACS+ however, the F5OS syntax does change in the external TACACS+ server.
OLD version:
group = admin_f5 {
service = ppp
protocol = ip
{
default attribute=permit
F5-VELOS-UID=1002
F5-VELOS-GID=9000
F5-VELOS-HOMEDIR=/tmp
F5-VELOS-USERINFO=test_user
}
New version:
group = admin_f5 {
service = ppp
protocol = ip
{
default attribute=permit
F5-F5OS-UID=1002
F5-F5OS-GID=9000
F5-F5OS-HOMEDIR=/tmp
F5-F5OS-USERINFO=test_user
}
Conditions:
All external RADIUS and TACACS+ servers are affected.
Impact:
There is no real impact, VELOS still works as before (since it was left in for backwards compatibility).
Workaround:
No workaround is needed since using VELOS instead of F5OS is still supported. The use of VELOS should be deprecated eventually, and using F5OS instead of VELOS is the suggested practice.
Fix:
Modified RADIUS and TACACS attributes to use F5OS instead of VELOS.
1062021 : Lacpd process continuously restarts after creating a LAG interface with a space.★
Component: F5OS-A
Symptoms:
Lacpd service restarts when the LAG name contains space.
The tenant wont get the LAG name and it will show a null value.
[root@localhost:Active:Standalone] config # tmsh list net trunk
net trunk "" {
cfg-mbr-count 2
distribution-hash src-dst-mac
id 0
interfaces {
1.0
2.0
}
stp disabled
type ha-only
working-mbr-count 2
}
Conditions:
LAG name contains a space.
Example : "lacp lag"
appliance-1(config)# interfaces interface "lacp lag" config type ieee8023adLag
Impact:
1. Lacpd service restarts.
2. BIG-IP tenant does not get the trunk name.
Note: In case of live upgrade from EA to GA release, any LAG created with a space in name will not work and you will need to either delete these or do a bare metal install before performing a live upgrade.
Workaround:
Don't create a LAG name that has space in the name.
Fix:
N/A
1061757-1 : VLAN Listener for a VLAN shared between tenants may not upgrade properly.★
Links to More Info: BT1061757
Component: F5OS-A
Symptoms:
After upgrading from 1.1.4 to a 1.2 release when there are tenants configured that share VLANs, the VLAN listener is not properly upgraded.
Conditions:
Tenants sharing VLANs in a configuration that is upgraded from 1.1.4 to 1.2.x.
Impact:
Traffic will not pass correctly.
Workaround:
Remove the VLAN from the interface(s) and then add it back (no changes to the tenant are necessary).
This re-creates the vlan-listener with the correct VTC value.
1060405-1 : Management-address is incorrectly displayed in lldp neighbor information
Links to More Info: BT1060405
Component: F5OS-A
Symptoms:
The 'show lldp' command displays the management-address of the neighbor incorrectly.
Conditions:
-- lldp enabled
-- Run the 'show lldp' command
Impact:
Management-address of the neighbor is shown incorrectly. It is the display issue, there is no functional impact.
Workaround:
None
1058757-1 : Optical transceiver OPT-0043 reports unknown as media type
Links to More Info: BT1058757
Component: F5OS-A
Symptoms:
"show portgroups" reports unknown for the media type for an OPT-0043
Conditions:
OPT-0043 transceiver plugged into a system
Impact:
Cosmetic - this has no functional impact. The media field is not used by any software, it is reported as information for the user.
Workaround:
None
Fix:
OPT-0043 now reports media type as "40G BiDi"
1057009 : Malformed LLDPDU exchanged between platform and switch leads Cisco to ignore LLDP neighbor info.
Component: F5OS-A
Symptoms:
Cisco switch is not able to identify a neighbor, even though lldp is enabled.
-- Run the command "show lldp neighbor" so you can see the neighbor information on the switch.
-- The Arista switch is able to decode the malformed PDU's but tcpdump pcap shows a malformed packet.
Conditions:
-- Cisco switch is connected to hardware.
-- LLDPDU's are tracked on tcpdump on an Arista switch instead of just checking "show neighbor information."
Impact:
Cisco switch does not display the lldp neighbor information. This information is useful to see connected devices and the port information for the connection.
If captured using tcpdump, the malformed packet can be seen on the Arista switch.
Workaround:
Configure only mandatory threshold value limits(chassis-id, port-id and ttl) for lldp.
Config#lldp interfaces interface 1.0 config name 1.0 tlvmap chassis-id,port-id,ttl.
Fix:
N/A
1055189 : Optical transceiver tuning values for OPT-0048 updated to reduce errors
Links to More Info: BT1055189
Component: F5OS-A
Symptoms:
OPT-0048 may show intermittent errors
Conditions:
OPT-0048 optical transceiver inserted into r10000 or r5000 appliance
Impact:
intermittent optical transceiver errors
Workaround:
None
1054021-1 : Tcpdump on VELOS chassis blade or rSeries appliance cores when line-dma agent layer below it fails
Links to More Info: BT1054021
Component: F5OS-A
Symptoms:
Line-dma agent is the underlying layer of tcpdump in the VELOS/rSeries family of chassis and appliance products
When it is not running, or if it cores or is otherwise not available and a client wants a tcpdump capture, tcpdump may core.
Conditions:
-- line-dma-agent is not functional at start, or at some later point in time during the tcpdump capture
-- a client requests a tcpdump capture
Impact:
Packet capture will be affected and will not work
Fix:
Tcpdump does not core anymore, and will retry line-dma-agent connection when clients ask for capture
1052629 : Port group media string updated
Component: F5OS-A
Symptoms:
The media strings displayed by "show portgroup portgroup state media" do not all correspond to the SFF-8024 standard. Some media strings contain underscores (_) instead of dashes(-)
Conditions:
OPT-0053-01 or OPT-0054-01 optical transceivers inserted in the front panel interfaces.
Impact:
Cosmetic - media string contain dashes instead of underscores
Workaround:
None needed, this is display only information
Fix:
Media strings for port groups now correspond to SFF-8024 and no longer contain underscores.
1052565-1 : OPT-0048 displays incorrect media type.
Component: F5OS-A
Symptoms:
The OPT-0048 displays the wrong media type of "100G PAM4 BiDi" in "show portgroups portgroup state media."
Conditions:
OPT-0048 inserted in a VELOS chassis.
Impact:
This is a display only field, but it implies that the OPT-0048 can connect to a "100G PAM4 BiDi" optic, when it is not compatible.
Workaround:
N/A
Fix:
Correct media type "100G PAM4 SR1.2" is now displayed.
1042785 : Configuring spanning tree (stp) while disabled may display incorrect state
Links to More Info: BT1042785
Component: F5OS-A
Symptoms:
While stp is disabled, configuring a field such as MSTP max-hop causes the the enabled-protocol to display an incorrect value.
Conditions:
Delete enabled-protocol configuration field.
Delete another stp configuration field such as MSTP max-hop
Impact:
The stp enabled-protocol display is incorrect.
Workaround:
To mitigate, do not configure stp while not enabled.
Fix:
Configuring stp while disabled will not lead to incorrect display.
1041713 : Fan health details are not reported under show system health.
Component: F5OS-A
Symptoms:
the "fantray" component is not reported when the 'show system health; command is run.
Conditions:
Node is not reachable.
Impact:
"Fantray" stats are missing.
Workaround:
N/A
Fix:
Modified the appliance node field <Reachable: true> in health callpoint handler.
1038877-1 : Last-change value does not display date of password change.
Component: F5OS-A
Symptoms:
Last-change value is shown as days since 1970-01-01, which will reflect something like: 18970, it should be in date format, like: 2021-12-09,while running confd cmd: "show system aaa authentication users user".
Conditions:
When running confd cmd: "show system aaa authentication users user"
Impact:
Invalid value of last-change is displayed in "show system aaa authentication users
Workaround:
N/A
Fix:
N/A
1032697-1 : File delete operation throws an improper message.
Links to More Info: BT1032697
Component: F5OS-A
Symptoms:
A file delete operation has a confusing error message:
syscon-1-active# file delete file-name log/host/ansible.log
Only /mnt/var/confd/configs/ /var/shared/ configs/ diags/shared/ paths are allowed for Delete file operation on Controller
ConfD.
Conditions:
Attempting a file delete operation from a directory which does not have delete permission.
Impact:
The error message lists the actual paths along with the virtual paths on which delete is supported.
Workaround:
N/A
Fix:
On file delete operation now only lists virtual paths.
1028873-1 : Colon character is not allowed in the password.
Component: F5OS-A
Symptoms:
Password change fails when the password has colon character
Conditions:
Colon character in the password
Impact:
Password change fails.
Fix:
Handle colon in the password properly
1027929-1 : Adding a VLAN to a LAG that is already configured on a tenant may not configure the VLAN correctly.
Links to More Info: BT1027929
Component: F5OS-A
Symptoms:
Traffic egressing the VELOS system does not reach the external destination.
Conditions:
A VLAN is configured on a tenant and the VLAN is added to a LAG which does not have members from all blades in the partition.
Impact:
Traffic is disrupted.
Workaround:
Remove VLANs from the tenant, then add them to the lag, then re-add them to the tenant.
Fix:
When a VLAN is added to a LAG, program the host VLAN table
for blades that do not contain LAG members.
1027837-1 : Media type of optics with part number OPT-0047 reports as unknown.
Component: F5OS-A
Symptoms:
Optics media types is displayed as unknown
Conditions:
Optics with part number OPT-0047 is present in the system
Impact:
Media type will not be known
Workaround:
NA
Fix:
Media type should be reported as 100G PAM4 BiDi
1016629-1 : System allows creation of VLAN names that are too long★
Links to More Info: BT1016629
Component: F5OS-A
Symptoms:
The /vlans/vlan/config/name value is a free format string. Creating long VLAN names can violate common naming rules.
Conditions:
Creating VLANs whose names are longer than 56 characters (encountered at the /vlans/vlan/config/name endpoint).
Impact:
The F5OS software does not prevent you from creating VLAN names that are too long, however, the BIG-IP system cannot use them.
Note: When this issue is fixed, VLAN names in configurations and scripts will no longer behave as expected. Before upgrading, make sure to follow the instructions in Behavior Change to ensure your upgrade succeeds.
Workaround:
Create shorter VLAN names.
Fix:
VLAN names now have the following constraints:
- May start with an alphabetic character (Aa-Zz).
- Cannot exceed 56 characters in length.
- May contain alpha-numeric characters, periods (.), hyphens (-), and underscores (_).
- Must be unique among VLANs.
!Important! Before upgrading:
-- Ensure that all VLAN names meet these constraints.
-- Update any scripts that create VLANs whose names violate these constraints.
Behavior Change:
VLAN names now have the following constraints:
- May start with an alphabetic character (Aa-Zz).
- Cannot exceed 56 characters in length.
- May contain alpha-numeric characters, periods (.), hyphens (-), and underscores (_).
- Must be unique among VLANs.
Important upgrade information:
Before upgrading:
-- Ensure that all VLAN names meet these constraints.
-- Update any scripts that create VLANs whose names violate these constraints.
-- Configurations from previous versions containing /vlans/vlan/config/name strings that do not meet the new validation rules will fail to load after upgrade.
-- Configuration scripts with /vlans/vlan/config/name strings that do not meet the new validation rules will fail after upgrade.
1016621-1 : VLAN name validation changes★
Links to More Info: K64400840, BT1016621
Component: F5OS-A
Symptoms:
Previously, the /vlans/vlan/config/name was a free-format string.
Now, the name has the following constraints:
-- May start with just a letter
-- Cannot exceed 56 characters in length
-- May contain alpha characters, numbers from 0 through 9, period (.), hyphen (-), and underscore (_)
-- Must be unique among VLAN names
Conditions:
When you configure /vlans/vlan/config/name leaf, which is an optional leaf.
Impact:
Previous configuration with /vlans/vlan/config/name strings that do not meet the new validation rules will not load.
Previous configuration scripts with /vlans/vlan/config/name strings that do not meet the new validation rules will fail.
Workaround:
Before upgrading (ideally) or after upgrading and before saving the configuration or exercising scripts, adjust all /vlans/vlan/config/names so they meet the validation requirements.
Fix:
Additional validations were added to VLAN names. You must adjust existing configuration's /vlans/vlan/config/name strings and scripts to meet the new validation rules.
Behavior Change:
Previously, the /vlans/vlan/config/name was a free-format string.
Now, the name has the following constraints:
-- May start with just a letter
-- Cannot exceed 56 characters in length
-- May contain alpha characters, numbers from 0 through 9, period (.), hyphen (-), and underscore (_)
-- Must be unique among VLAN names
1016509-1 : System allows creation of duplicate VLAN names★
Links to More Info: BT1016509
Component: F5OS-A
Symptoms:
The /vlans/vlan/config/name value is a free format string and allows duplicate names to be created.
Conditions:
Creating a VLAN using a name that already exists (encountered at the /vlans/vlan/config/name endpoint).
Impact:
Duplicate VLANs are created without error. Which VLAN the system uses is not predictable.
Workaround:
Ensure VLAN names are unique.
Fix:
VLAN names now have the following constraints:
- May start with an alphabetic character (Aa-Zz).
- Cannot exceed 56 characters in length.
- May contain alpha-numeric characters, periods (.), hyphens (-), and underscores (_).
- Must be unique among VLANs.
!Important! Before upgrading:
-- Ensure that all VLAN names meet these constraints.
-- Update any scripts that create VLANs whose names violate these constraints.
Behavior Change:
VLAN names now have the following constraints:
- May start with an alphabetic character (Aa-Zz).
- Cannot exceed 56 characters in length.
- May contain alpha-numeric characters, periods (.), hyphens (-), and underscores (_).
- Must be unique among VLANs.
Important upgrade information:
Before upgrading:
-- Ensure that all VLAN names meet these constraints.
-- Update any scripts that create VLANs whose names violate these constraints.
-- Configurations from previous versions containing /vlans/vlan/config/name strings that do not meet the new validation rules will fail to load after upgrade.
-- Configuration scripts with /vlans/vlan/config/name strings that do not meet the new validation rules will fail after upgrade.
1015497-2 : In rare cases, the blade software can disconnect from the system controller and never recover.
Links to More Info: BT1015497
Component: F5OS-A
Symptoms:
In very rare scenarios, blade software components may be unable to communicate with the database on the system controller. LACP and STP daemons hang at startup, and it could cause other issues in a partition.
Conditions:
The issue can occur when both system controllers are rebooted at once.
Impact:
The LACP, LLDP, and STP daemons may be indefinitely unusable. It is suspected there could be other impacts depending on which blade software component is affected, though no other issue has been observed.
Workaround:
1. Reboot the affected blade.
2. Disable then re-enable the affected partition.
Fix:
The affected blade software component can now detect the connection issue and will re-establish the connection to the system controller's database.
1014009-2 : Blade out of memory condition when using a large number of VLANs.
Links to More Info: BT1014009
Component: F5OS-A
Symptoms:
If a tenant or tenants are assigned a large number of vlans, an out of memory condition can be triggered on the blade after several days.
Conditions:
A large number of vlans is assigned to a single tenant.
Impact:
Tenants may die and new tenants may fail to launch on the affected blade.
Workaround:
Reduce the number of vlans assigned to a single tenant.
1009685-3 : 1.2.1 platform software cannot be imported on Controller OS versions below 1.2.0
Component: F5OS-A
Symptoms:
It is not possible to import 1.2.1 platform software (Controller or Partition OS, services, or ISOs) on Controller OS versions lower than 1.2.0.
Conditions:
1. Running a version of Controller OS <1.2.0
2. Try to import 1.2.1 platform software.
Impact:
You are unable to import platform software version 1.2.1 if the Controller OS version is lower than version 1.2.0.
Fix:
It is now possible to import platform software version 1.2.1 while running version 1.1.4 of the Controller OS (but still not prior 1.1.X releases).
1008585-3 : L2 Table corruption results in a traffic loss.
Links to More Info: BT1008585
Component: F5OS-A
Symptoms:
The Layer 2 (L2) table on a blade can become corrupted under certain conditions. When this happens, traffic to the affected destination (either a tenant or a external interface) do not flow properly.
Conditions:
-- VELOS system with more than one blade installed.
-- A packet for a tenant associated with one blade arrives on a different blade that is encountering the L2 table corruption.
Impact:
Traffic loss to a tenant or the front-panel interfaces. This may include partial or full packet loss to the tenant.
Workaround:
None
Fix:
FPGA Manager now detects the corruption so incorrect entries are not written to the L2 table. This prevents traffic loss from occurring.
1001865-1 : No platform trunk information passed to tenant
Component: F5OS-A
Symptoms:
Trunk information is not being published to BIG-IP tenants for use in high availability (HA) group definitions.
Conditions:
When defining high availability (HA) groups.
Impact:
No trunk or trunk member information is reported. This reduces the usefulness of information used to compare the relative health of high availability (HA) peers and potentially initiating a tenant failover, depending on that output.
Workaround:
None
Fix:
Trunk information is now synchronized between the VELOS system and tenants, enhancing the tenant high availability (HA) health check.
Behavior Change:
Trunk information is now synchronized between the VELOS system and tenants, which increases the usefulness of information used to compare the relative health of high availability (HA) peers and potentially initiating a tenant failover, depending on that output.
Known Issues in F5OS-A v1.0.x
F5OS-A Issues
| ID Number | Severity | Links to More Info | Description |
| 1080421 | 2-Critical | LACP does not transmit PDU's when creating a LAG | |
| 1066869 | 3-Major | The r10000 and r5000 platforms may reuse the MAC address for both management and data plane. | |
| 1063649 | 3-Major | Changing the system date to be older than the installation date is not supported. | |
| 1059885 | 3-Major | When a VLAN list is entered in the CLI, the entire list is replaced. | |
| 1056453 | 3-Major | Tenant datapath will not work if the Tenant is named stpd. | |
| 1061281 | 4-Minor | Snd_hda_intel 0000:00:1f.3: no codecs found. |
Known Issue details for F5OS-A v1.0.x
1080421 : LACP does not transmit PDU's when creating a LAG
Component: F5OS-A
Symptoms:
The LAG interface creation will not be successful and tx packet count in 'show lacp' will be zero.
Conditions:
This issue occurs due to a race condition while creating a LAG interface and is not reproducible every time.
Impact:
Link aggregation of the front panel ports will not work as expected.
Workaround:
1) clear newly added lag configurations
a) remove lacp interface
no lacp interfaces interface <lag-name>
b) remove interfaces from lag
no interfaces interface <interface> ethernet config aggregate-id
c) remove lag interface
no interfaces interface <lag-interface>
2) create Lag interface and add interfaces to the lag
1066869 : The r10000 and r5000 platforms may reuse the MAC address for both management and data plane.
Component: F5OS-A
Symptoms:
The MAC address assigned to the macvlan interface mgmt0-system may also be assigned to a dataplane object: a lag or a tenant.
Conditions:
More than 233 lags or tenants are configured on a r10000 or r5000 platforms.
Impact:
If the management interface mgmt0-system and the lag or tenant are on the same broadcast domain, both devices will have communication problems. Duplicate MACs going to different switches will be fine.
Workaround:
The MAC address that will be duplicated is 0xfc offset from the basemac. If a tenant or lag has been assigned basemac+0xfc remove the tenant or lag, reduce the number of lags + tenants to less than 252, then re-create the tenant or lag - checking to make sure the assigned MAC does not use offset 0xfc from the base MAC.
1063649 : Changing the system date to be older than the installation date is not supported.
Component: F5OS-A
Symptoms:
All system self-signed certificates are generated using the installation system date. Changing the date to an older date than the installation date can cause instability.
Conditions:
Setting the system date to be older than the installation date on an rSeries appliance.
Impact:
System goes to unstable state.
Workaround:
N/A
1061281 : Snd_hda_intel 0000:00:1f.3: no codecs found.
Component: F5OS-A
Symptoms:
During a reboot, error messages related to snd_hda_intel are logged:
"snd_hda_intel 0000:00:1f.3: no codecs found!"
Conditions:
This occurs during a reboot of an rSeries appliance.
Impact:
No functional impact, the error can be safely ignored.
Workaround:
N/A
1059885 : When a VLAN list is entered in the CLI, the entire list is replaced.
Component: F5OS-A
Symptoms:
When entering a VLAN list using the confd CLI, the current configuration is replaced with the new list.
Conditions:
Using the confd CLI to assign interfaces to a list of VLANs. For example:
appliance-1(config)# interfaces interface 2.0 ethernet switched-vlan config trunk-vlans [ 200 300 400 500 600 ]
appliance-1(config-interface-2.0)# commit
Commit complete.
appliance-1(config-interface-2.0)# end
appliance-1# show vlans
VLAN
ID INTERFACE
-----------------
200 2.0
300 2.0
400 2.0
500 2.0
600 2.0
appliance-1(config)# interfaces interface 2.0 ethernet switched-vlan config trunk-vlans [ 900 1000 ]
appliance-1(config-interface-2.0)# commit
Commit complete.
appliance-1(config-interface-2.0)# end
appliance-1# show vlans
VLAN
ID INTERFACE
-----------------
200
300
400
500
600
900 2.0
1000 2.0
Impact:
Interfaces are assigned only to the list of VLANs specified, even if they were already assigned to existing VLANs.
Workaround:
The correct way to delete a single VLAN is to not use the list ("[]") syntax:
appliance-1# config
Entering configuration mode terminal
appliance-1(config)# interfaces interface 2.0 ethernet switched-vlan config trunk-vlans [ 200 300 400 500 600 ]
appliance-1(config-interface-2.0)# commit
Commit complete.
appliance-1(config-interface-2.0)# top
appliance-1(config)# no interfaces interface 2.0 ethernet switched-vlan config trunk-vlans
Possible completions:
200 300 400 500 600 [ <cr>
appliance-1(config)# no interfaces interface 2.0 ethernet switched-vlan config trunk-vlans 400
appliance-1(config)# commit
Commit complete.
appliance-1(config)# end
appliance-1# show vlans
VLAN
ID INTERFACE
-----------------
200 2.0
300 2.0
400
500 2.0
600 2.0
900
1000
1056453 : Tenant datapath will not work if the Tenant is named stpd.
Component: F5OS-A
Symptoms:
If a tenant is created with the name stpd, there will be a conflict with a system component. The datapath will not function correctly.
Conditions:
A tenant is created with the name "stpd"
Impact:
The datapath for the tenant will not function.
Workaround:
Change the name of the tenant.
★ This issue may cause the configuration to fail to load or may significantly impact system performance after upgrade
For additional support resources and technical documentation, see:
- The F5 Networks Technical Support web site: http://www.f5.com/support/
- The AskF5 web site: https://support.f5.com/csp/#/home
- The F5 DevCentral web site: http://devcentral.f5.com/
