Applies To:
Show Versions
F5OS-A
- 1.2.0
F5OS-A Release Information
Version: 1.2.0
Build: 10139
Note: This content is current as of the software release date
Updates to bug information occur periodically. For the most up-to-date bug data, see Bug Tracker.
| The blue background highlights fixes |
Known Issues in F5OS-A v1.2.x
Functional Change Fixes
None
F5OS-A Fixes
| ID Number | Severity | Links to More Info | Description |
| 1123685-2 | 1-Blocking | Occasionally Selinux modules are getting corrupted when the system reboots | |
| 1117277-1 | 1-Blocking | Occasional issue observed when tenant deployed on r2xxx/r4xxx series | |
| 1117237-1 | 1-Blocking | FPGA bit files are not updated to the latest version after a live upgrade | |
| 1112141 | 1-Blocking | 10G/25G/40G burst support in rSeries appliance | |
| 1099437 | 1-Blocking | Nic-manager core file | |
| 1121889-1 | 2-Critical | ConfD encryption key can lock up the TPM module | |
| 1117649 | 2-Critical | rSeries Appliance inoperable after powering down from Linux while configured for Appliance mode | |
| 1117621-1 | 2-Critical | After an appliance upgrade from 1.0.1 to 1.1.1, a tenant in Provisioned state may show inconsistent CLI status★ | |
| 1116185 | 2-Critical | Removing multiple images simultaneously from the webUI causes an error | |
| 1114485 | 2-Critical | K3s cluster goes to unhealthy state when system is rebooted after changing hostname. | |
| 1109021 | 2-Critical | BT1109021 | CLI commands are not logged in audit.log |
| 1105001-2 | 2-Critical | BT1105001 | Large tar/gz/iso file download via the restconf API fails. |
| 1101237 | 2-Critical | When configured for SNMP, the system does not properly report a sysObjectID for the F5OS system | |
| 1092257-1 | 2-Critical | BT1092257 | Downloading files larger 500 megabytes via File Utilities in the webUI can result in a corrupted file. |
| 1090753-1 | 2-Critical | NSO and ASW XBAR packet drops on 10G, 25G, and 40G interfaces. | |
| 1090521-2 | 2-Critical | BT1090521 | Tenant deployment may fail if the memory configured is an odd number. |
| 1090089-2 | 2-Critical | NTP service does not work on rSeries appliances | |
| 1072209-2 | 2-Critical | BT1072209 | Packets are dropped on VELOS when a masquerade MAC is on a shared VLAN |
| 1061149-1 | 2-Critical | Libvirt core is generated on system reboot | |
| 1117417 | 3-Major | Database config restore failed on rSeries appliance | |
| 1112533 | 3-Major | Status LED color always stays amber | |
| 1112229 | 3-Major | File download API changes to support file download from the webUI | |
| 1109525 | 3-Major | K3s cluster is unhealthy when the system date or time is changed | |
| 1109029 | 3-Major | Host Logs in F5OS-A not being rotated | |
| 1104569-1 | 3-Major | On upgrading, the correct webUI changes are not reflected | |
| 1103001-1 | 3-Major | Tenants fail to come up after a live upgrade from pre-1.1.0 version to 1.1.0 on the r4xxx appliances★ | |
| 1101365-1 | 3-Major | Delay in tenant deployment with tenant image corruption error | |
| 1100305-1 | 3-Major | Tcpdump capture of packets with interface-based filtering fails on r5000 and r10000 appliances | |
| 1097925-2 | 3-Major | Resolving CVEs on F5OS-A 1.1.0 | |
| 1097833-2 | 3-Major | BT1097833 | Debug messages logged in platform.log |
| 1091641-1 | 3-Major | BT1091641 | NTP (chrony) packet authentication is not fully implemented on VELOS |
| 1089721-1 | 3-Major | Prefix length support to allow multiple IP addresses | |
| 1083077-2 | 3-Major | LACP trunks are not configured automatically in BIG-IP tenant running on F5OS chassis/appliances | |
| 1075361 | 3-Major | Messages log has a very high number of "error" and "fail" entries | |
| 1066185-1 | 3-Major | MIB files cannot be download or exported using file utilities. |
Cumulative fix details for F5OS-A v1.2.0 that are included in this release
1123685-2 : Occasionally Selinux modules are getting corrupted when the system reboots
Component: F5OS-A
Symptoms:
In rSeries appliances, if Selinux modules are corrupted
-> Virt-handler pod crashes continuously.
-> Tenant will be in pending state.
-> Semodule file size is 0 in dir "/etc/selinux/targeted/active/modules/400/"
Conditions:
If interruption happens during Selinux modules building on system bootup, the interruption can be an abrupt power off.
Impact:
-> Virt-handler pod is crashing continuously.
-> Tenant functionality is impacted.
Workaround:
None.
Fix:
Identify and remove the corrupted Selinux files and rebuild them while the system is booting up.
1121889-1 : ConfD encryption key can lock up the TPM module
Component: F5OS-A
Symptoms:
Due to an error that happens rarely in the HAL layer, the encryption key mechanism can misinterpret such an error as a valid identifier for the system. This causes the TPM to lock up, using that identifier, but then the actual identifier no longer unlocks the TPM.
Conditions:
This happens rarely but when it does, the system-manager cannot read the encryption keys and will not start ConfD.
This will manifest itself as unable to start up the configuration by attempting to become admin.
Impact:
The system is unusable. Installing a new ISO does not help.
The TPM must be cleared to become unlocked. Once the TPM is cleared, a new key is generated so existing encryptions need to be re-encrypted. This is will require that the ConfD system database be reset to default.
Workaround:
The workaround is to do the following:
# docker exec system_platform-mgr tpm2_takeownership -c
# docker restart system_manager
# su admin
# config
# (config) system database reset-to-default proceed yes
# exit; exit
# docker restart system_api_svc_gateway
Fix:
The incorrect identifier is now ignored and the lockup is avoided.
Note that the fix does not unlock a locked system. The workaround will have to be applied first.
1117649 : rSeries Appliance inoperable after powering down from Linux while configured for Appliance mode
Component: F5OS-A
Symptoms:
If the rSeries device is powered down from Linux (for example, using 'halt -p', 'poweroff', or 'shutdown -h now') while in Appliance mode, the device becomes permanently disabled.
In this state, nothing external can be done to power on the Linux host, for example, cycling power, accessing the LCD Power on option, or pressing the Power button.
Trying to access the AOM menu from the serial console reports the following message:
AOM Command Menu - disabled for security purposes.
Conditions:
-- Appliance mode is enabled (this is the state the 'appliance-setup-wizard' sets when it runs to completion).
-- The host is powered down (for example, using 'halt -p', 'poweroff', or 'shutdown -h now')
Impact:
The AOM command menu is not available to power on the host. A power cycle of the appliance does not power on the host.
The disabled appliance must be replaced.
Workaround:
***Important!***
If the BIG-IP rSeries appliance is configured for Appliance mode, do not power off the device using commands such as 'halt -p', 'poweroff', or 'shutdown -h now'.
Instead, run 'halt' and then remove power from the system (for example, unplug, remove power brick, remove power from rack).
Note: If you have already encountered this issue, contact F5 Support :: https://www.f5.com/services/support to request an RMA. For more information, refer to K12882: Overview of the F5 RMA process :: https://support.f5.com/csp/article/K12882 .
Fix:
Appliance mode no longer disables the AOM menu, allowing access to power on the host command with console access to the appliance.
1117621-1 : After an appliance upgrade from 1.0.1 to 1.1.1, a tenant in Provisioned state may show inconsistent CLI status★
Component: F5OS-A
Symptoms:
After an appliance upgrade from 1.0.1 to 1.1.1, if the running-state of a tenant is configured in the Provisioned state, the operational status of the tenant may oscillate between "Ready to deploy" and "Allocating resources to the tenant is in progress" state in the partition CLI status.
Conditions:
A race condition exists after an appliance upgrade from 1.0.1 to 1.1.1, that may display an inaccurate tenant operational state when the tenant is configured as Provisioned.
Impact:
The tenant state constantly changes.
Workaround:
Configure the running-state of the tenant to Deployed.
1117417 : Database config restore failed on rSeries appliance
Component: F5OS-A
Symptoms:
System database config-restore will fail when there is mismatch in the system images between when the backup is taken and the current images present on the system.
Conditions:
The current system images that are present on the system (show system image) do not match the list of images that are stored in the backup file.
Impact:
Config restore fails.
Workaround:
Edit the configuration backup file and delete the <image> stanza, from:
<image xmlns="http://f5.com/yang/system/image">
to
</image>
Fix:
Configuration restore on rSeries appliances now works regardless of differences in the set of available system software images.
1117277-1 : Occasional issue observed when tenant deployed on r2xxx/r4xxx series
Component: F5OS-A
Symptoms:
The r2xxx/r4xxx appliance interface drivers are not created in time and lead to tenant deployment failure after the PXE boot, live upgrade, reboot, and port profile change.
Conditions:
Live upgrade from any version to v1.1.1 and PXE and on reboot and on port profile change.
Impact:
Occasionally tenant deployment fails to come up.
Workaround:
None
1117237-1 : FPGA bit files are not updated to the latest version after a live upgrade
Component: F5OS-A
Symptoms:
FPGA bit files are not updated to the latest version after a live upgrade.
Conditions:
Live upgrade to an ISO file.
Impact:
Unexpected behavior with tenant and traffic.
Workaround:
Run the following commands from the bash prompt:
1. /bin/systemctl stop appliance_orchestration_manager_container.service
2. /bin/systemctl stop platform-services-deployment.service
3. reboot
Once the system is rebooted, the correct bit files will be installed.
Fix:
Cleaned up the stale/old container volumes before bringing up the new containers.
1116185 : Removing multiple images simultaneously from the webUI causes an error
Component: F5OS-A
Symptoms:
The image removal action handler takes the input and processes it one item at a time. From the CLI/RESTCONF interface, the user can provide one image at a time. But the webUI allows the user to select multiple images and click Delete to remove them in a single click. This was creating a backend handler issue that caused the image agent to crash.
Conditions:
When multiple images are selected and processed for removal from the webUI.
Impact:
In this situation, all subsequent image removal requests cause an error: "Error: application communication failure".
Workaround:
The issue is fixed in F5OS-A 1.2.0. To avoid this situation in other releases of F5OS-A, the user must select one image at a time for deletion from the webUI.
Restarting the image agent service recovers the system from this state.
Fix:
The issue is fixed by improving the image removal process.
1114485 : K3s cluster goes to unhealthy state when system is rebooted after changing hostname.
Component: F5OS-A
Symptoms:
When the system hostname is changed and the system is rebooted, all or some of the following symptoms may be encountered:
-- System-related pods in K3s are stuck in a failure state.
-- The K3s cluster shows more than one node.
-- OMD continuously cores.
Conditions:
The system is rebooted after the hostname is configured in confd.
Impact:
-- K3s cluster goes into an unhealthy state.
-- Tenant functionality is impacted.
Workaround:
None
Fix:
Changing the hostname via confd does not change the system hostname.
Configured hostname is reflected only in the bash and confd prompts.
When no hostname is configured, the bash prompt uses a default PS1 prompt.
1112533 : Status LED color always stays amber
Component: F5OS-A
Symptoms:
The status LED is always amber.
Conditions:
This occurs during normal operation when the status LED should be green.
Impact:
Status LED may not change to green when system is operational.
Workaround:
None
Fix:
Added a diagnostic task that periodically monitors and sets status LED color to green.
1112229 : File download API changes to support file download from the webUI
Component: F5OS-A
Symptoms:
Header information is not effective to download files from the webUI.
Conditions:
X-Auth token is required to download from the webUI.
Impact:
Downloading files from the webUI fails.
Workaround:
None
1112141 : 10G/25G/40G burst support in rSeries appliance
Component: F5OS-A
Symptoms:
When a burst of traffic at 100Gb/s is sent to a 10G/25G/40G port, the burst size supported by the rSeries appliance depends on the buffer size. Once the buffer is full, packets are dropped.
Conditions:
-- Use of 10G/25G/40G ports.
-- A 100Gb/s burst of traffic occurs.
Impact:
This results in loss of egress packets.
Workaround:
None
Fix:
Improved the burst capability on rSeries appliances when 10G/25G/40G ports are used.
1109525 : K3s cluster is unhealthy when the system date or time is changed
Component: F5OS-A
Symptoms:
When the system date is changed, some of the k3s cluster certificates becomes invalid, and pods enter into an unknown/non-operational state.
Once the system date and time are made current, most pods will be recovered.
Some of the virt-controller/virt-operator/virt-api kubevirt pods are in a failed state but tenant functionality is not affected.
Conditions:
System date and time is changed back and forth.
Impact:
Some of the k3s pods go into a failed/non-operational state.
Workaround:
Re-spinning the certificates will restore the pods.
Delete the pods to trigger a re-spin of certificates that are in a terminating or crashed state.
The orchestration manager will start the pod with a new certificate.
Command to delete the pod:
#kubectl delete pod <pod-name> -n <name-space>
Fix:
Only change the system date and time when necessary.
1109029 : Host Logs in F5OS-A not being rotated
Component: F5OS-A
Symptoms:
Log files under /var/log in host-os were able to grow in GBs.
Conditions:
Log files under /var/log not added in logrotate.
Impact:
Size of log files will grow in GBs, which will consume a significant amount of hard disk space.
Workaround:
N/A
Fix:
Host Logs in F5OS-A are now being rotated as expected.
1109021 : CLI commands are not logged in audit.log
Links to More Info: BT1109021
Component: F5OS-A
Symptoms:
CLI commands from ConfD are not getting logged in audit.log.
Conditions:
Execute commands using the ConfD CLI.
Impact:
CLI commands which are required for security compliance audit will not get logged in audiit.log file.
Workaround:
None
1105001-2 : Large tar/gz/iso file download via the restconf API fails.
Links to More Info: BT1105001
Component: F5OS-A
Symptoms:
Downloading large tar/gz/iso files using the restconf API results in a corrupted file.
Conditions:
Large tar/gz/iso file download via the restconf API.
Impact:
Download fails, the downloaded file is corrupted.
Workaround:
None
Fix:
Fixed the code to download large tar/gz/iso files.
1104569-1 : On upgrading, the correct webUI changes are not reflected
Component: F5OS-A
Symptoms:
On upgrading from one F5OS-A version to another, the appropriate webUI changes are not reflected, and the older changes still persist.
Conditions:
Upgrading from one F5OS-A version to another.
Impact:
Appropriate changes with respect to the version are not reflected on the webUI.
Workaround:
Refreshing the containers is a known workaround using /usr/libexec/platform-deployment stop and /usr/libexec/platform-deployment start.
Fix:
The fix is to clean up stale volumes so that new volumes are mounted after system reboot. A --remove-orphans flag was added to docker-compose down to remove volumes which were created in the previous run of docker-compose. Also, appliance_orchestration_manager was called to stop separately, as it was using a volume called config_vlogsev, which was also being used by other containers, because it is not a part of the platform.yml file. Also docker-compose down has been added before starting service in the beginning of the platform-deployment service to handle the scenario of upgrading from broken ISO to fix ISO.
1103001-1 : Tenants fail to come up after a live upgrade from pre-1.1.0 version to 1.1.0 on the r4xxx appliances★
Component: F5OS-A
Symptoms:
When a live upgrade is attempted from a pre-1.1.0 release to a 1.1.0 release on the r4xxx series of appliances, the tenants will not come up after the live upgrade.
The symptoms that will be seen are:
ICE driver may not load ( "lsmod | grep -i ice" will not show a line with 'ice' ), no VFs will be created, tenant deployment will fail.
Conditions:
-- An F5OS upgrade is performed on an r4xxx series appliance to version 1.1.0
-- The appliance was running pre-1.1.0 software
-- A license is installed
-- Tenants are attempted to be deployed
Impact:
Tenant deployment fails after live upgrade as the ICE driver is not loaded.
Workaround:
After the live upgrade, check that the tenant is failing to deploy.
Check that "lsmod | grep -i ice" does not show a line with 'ice'
reboot the system
Now rerun lsmod again. This should show the ice module line.
Fix:
Fixed in all versions after 1.1.0.
1101365-1 : Delay in tenant deployment with tenant image corruption error
Component: F5OS-A
Symptoms:
The system posts an intermediate error message:
Tenant image corrupted - Update the tenant config with proper image.
This error auto-recovers within 20 seconds.
Conditions:
Observed intermittently while bringing up the tenant.
Impact:
There is a delay in tenant deployment with an intermediate error on the CLI console.
Workaround:
None
1101237 : When configured for SNMP, the system does not properly report a sysObjectID for the F5OS system
Component: F5OS-A
Symptoms:
F5OS systems may not be detected by SolarWinds or other management systems due to the wrong sysObjectID configuration in SNMP.
Conditions:
SNMP
Impact:
F5OS systems may not be detected by SolarWinds or other management systems due to the wrong sysObjectID configuration in SNMP.
Fix:
The sysObjectIDs are correct now.
1100305-1 : Tcpdump capture of packets with interface-based filtering fails on r5000 and r10000 appliances
Component: F5OS-A
Symptoms:
On r5000 and r10000, running a tcpdump as follows:
appliance-1# system diagnostics tcpdump -nni 1.0
to filter packets traversing interface 1.0 only, will fail.
The error seen will be "errbuf ERROR:Interface configuration failed. Please retry tcpdump: pcap_loop: Interface configuration failed. Please retry."
and the client will terminate.
Retrying the client will not help, contrary to the message.
Conditions:
Tcpdump capture is started on an r5000 and r10000 device and the option to filter packets based on an interface ("-i" option) is chosen.
Impact:
Tcpdump cannot work in the interface filtering mode.
It will operate in the other modes; only the interface filtering option causes it to be unable to start.
Workaround:
1) Start a tcpdump capture with no interface filter
"system diagnostics tcpdump" or
"system diagnostics tcpdump -nni 0.0"
Packets will be captured from all interfaces, and further (non-interface) filters can be used to narrow down capture
For example:
"system diagnostics tcpdump host 1.1.1.1 and port 80" or
"system diagnostics tcpdump vlan 200"
2) Restart the tcpdump container. This would make the -i option available again.
1099437 : Nic-manager core file
Component: F5OS-A
Symptoms:
During a power down sequence the l2-agent may generate a core file. The system comes back up without any issue.
Conditions:
System power loss.
Impact:
Core file is generated.
Workaround:
None
Fix:
A fix has been added to detect and prevent creating an l2-agent core file during a power down.
1097925-2 : Resolving CVEs on F5OS-A 1.1.0
Component: F5OS-A
Symptoms:
F5OS-A 1.1.0 is vulnerable to the CVEs mentioned in the bug.
CVE-2021-27219
CVE-2021-43527
CVE-2022-23852
CVE-2020-10531
CVE-2022-24407
CVE-2018-1000805
CVE-2021-44142
CVE-2020-12321
CVE-2020-24489
CVE-2021-42574
CVE-2020-8625
Impact:
F5OS-A 1.1.0 is vulnerable to the CVEs mentioned in the bug.
1097833-2 : Debug messages logged in platform.log
Links to More Info: BT1097833
Component: F5OS-A
Symptoms:
When performing an ISO install on the hardware, some services log debug messages to platform.log until ConfD comes up.
Conditions:
This occurs during an ISO install.
Impact:
Unnecessary debug logs are logged to platform.log.
Workaround:
None
1092257-1 : Downloading files larger 500 megabytes via File Utilities in the webUI can result in a corrupted file.
Links to More Info: BT1092257
Component: F5OS-A
Symptoms:
When using the File Utilities feature in the webUI, if you select a file that is larger than 500MB and attempt to download it locally the file could become corrupted.
Conditions:
Selecting and attempting to download a file 500MB or greater when using File Utilities in the webUI.
Impact:
The downloaded file is corrupted.
Workaround:
Files 500 megabytes or larger in size can be selected and exported from the device using the "Export" option available in File Utilities that will export the file over HTTPS. Additionally, files can be exported from the device using the Secure Copy Protocol (SCP).
Fix:
Downloading files that are 500 megabytes or larger in size has been temporarily disabled in the webUI. You will receive a warning popup when you select a file that is 500MB or larger and click the Download button. The warning popup advises you to use another supported option to export the file.
1091641-1 : NTP (chrony) packet authentication is not fully implemented on VELOS
Links to More Info: BT1091641
Component: F5OS-A
Symptoms:
It is not possible to enable NTP packet authentication.
Conditions:
Running a version of F5OS-C earlier than 1.5.0.
Impact:
NTP packet authentication is not available.
Workaround:
None
Fix:
Added support for NTP packet authentication.
1090753-1 : NSO and ASW XBAR packet drops on 10G, 25G, and 40G interfaces.
Component: F5OS-A
Symptoms:
Unexpected egress packet drops can be seen in XBAR for 10G, 25G, and 40G ports.
This is a packet burst congestion issue that overflows XBAR egress buffers. The issue is seen mainly on 10G ports.
Conditions:
This issue can happen when customers are using the 10G, 25G, or 40G front panel interfaces.
Impact:
The impact is egress packets dropped at 10G, 25G, and 40G front panel interfaces.
Workaround:
The workaround for this issue is to upgrade to NSO bitfile version nso_1ST210EU2F50E2VG_v70.2.10.11_d22.06.23.00.bit and ASW bitfile version asw_1ST280EU2F50E2VG_v71.2.12.11_d22.06.15.00.bit. These bitfiles and newer include added packet buffer memory in the XBAR.
The added packet buffer memory greatly improves the packet drop issue, but does not resolve it completely. In testing, packet drops were still seen as system throughput approached 190Gb.
Fix:
The initial fix for this issue is to add memory to the 10G, 25G, and 40G output buffers. Memory was increased from 4Mb to 8Mb.
The added packet buffer memory greatly improves the packet drop issue, but does not resolve it completely. In testing, packet drops were still seen as system throughput approached 190Gb.
1090521-2 : Tenant deployment may fail if the memory configured is an odd number.
Links to More Info: BT1090521
Component: F5OS-A
Symptoms:
1. Tenant deployment fails.
2. System may go into bad state.
Conditions:
When memory configured for a tenant is set to an odd number.
Impact:
Tenant deployment fails.
Workaround:
This issue has been fixed in F5OS-A 1.2.0.
1090089-2 : NTP service does not work on rSeries appliances
Component: F5OS-A
Symptoms:
The NTP service does not work on rSeries appliances that run F5OS-A.
Running chronyc ntpdata returns "501 Not authorized"
Conditions:
-- rSeries appliance running F5OS-A
-- NTP configured
Impact:
NTP functionality does not work.
Workaround:
Change directory ownership to chrony using below command:
chown chrony:chrony /var/run/chrony
Fix:
Update ownership for "/var/run/chrony" directory and removed unwanted configuration from "chrony.conf".
1089721-1 : Prefix length support to allow multiple IP addresses
Component: F5OS-A
Symptoms:
Prefix length was not supported previously, and users had to configure one IP per command in order to support multiple source IPs.
Conditions:
Always
Impact:
Multiple source IP addresses cannot be allowed using a single command.
Workaround:
NA
Fix:
This improvement supports the configuration of prefix length to allow multiple IP addresses using a single command.
Prefix length is an additional parameter in the existing configuration command.
1083077-2 : LACP trunks are not configured automatically in BIG-IP tenant running on F5OS chassis/appliances
Component: F5OS-A
Symptoms:
When an LACP trunk is configured on an F5OS chassis/appliance and only the native VLAN is attached, the LACP trunk will not be automatically configured on the BIG-IP tenant.
Conditions:
This behavior is observed only when the LACP trunk is attached to a native VLAN.
Impact:
LACP trunk configuration will not be applied to the BIG-IP tenant automatically when only a native VLAN is attached to it on the platform.
Workaround:
Configure the LACP trunk in the BIG-IP tenant manually.
Fix:
LACP trunks are now configured automatically in BIG-IP tenant running on F5OS chassis/appliances, as expected.
1075361 : Messages log has a very high number of "error" and "fail" entries
Component: F5OS-A
Symptoms:
During system bring up/reboot, various fail and error logs are seen from multiple software components.
Conditions:
During system boot up or if we perform multiple reboots we may see various errors/failures in log messages.
Impact:
User will see error/fail messages, while System bring up/reboot.
Workaround:
N/A
Fix:
Fixed the error/fail logs for few components.
1072209-2 : Packets are dropped on VELOS when a masquerade MAC is on a shared VLAN
Links to More Info: BT1072209
Component: F5OS-A
Symptoms:
On the VELOS platform, any packets destined to a masquerade MAC address are dropped when the masquerade MAC is located on a shared VLAN (a VLAN shared between multiple F5OS tenants).
On rSeries hardware platforms, all traffic for this MAC is first handled by the software-rebroadcaster and is replicated to all tenants sharing that VLAN.
Conditions:
-- A masquerade MAC is configured on a shared VLAN.
-- Traffic to the MAC address is initiated, that is, ping a floating self-IP.
-- The packets are dropped on ingress.
Impact:
Connectivity issues.
Workaround:
Configure a static FDB entry at the partition level.
Fix:
Packets are no longer dropped when a masquerade MAC is on a shared VLAN.
1066185-1 : MIB files cannot be download or exported using file utilities.
Component: F5OS-A
Symptoms:
MIB directory is not available for download or export file utilities
Conditions:
-- VELOS chassis or rSeries appliance
-- You would like to download the MIB file(s) via the file utilities API
Impact:
You are unable to download the MIBs or export them.
Workaround:
None
1061149-1 : Libvirt core is generated on system reboot
Component: F5OS-A
Symptoms:
A flawed core file is generated on system reboot intermittently. But the tenant is actually healthy and functional after reboot.
Conditions:
Intermittently on system reboots.
Impact:
A libvirt core file is generated, but the tenant is actually healthy and functional.
Workaround:
None
Fix:
No impact on functionality. No user action is expected.
Known Issues in F5OS-A v1.2.x
F5OS-A Issues
| ID Number | Severity | Links to More Info | Description |
| 1083061 | 1-Blocking | Loading saved config to BIG-IP fails if host modifications are made after "tmsh save sys config" | |
| 1076949 | 1-Blocking | Live upgrade from F5OS-1.0.0 or F5OS-1.0.1 to F5OS-1.1.0 or later requires existing tenant state change to provisioned. | |
| 1184917-2 | 2-Critical | On rSeries, the MAC masquerade feature is only supported on BIG-IP tenants 15.1.6 and later | |
| 1124865 | 2-Critical | Removal of LAG member from an active LACP trunk on r2k and r4k systems requires tmm restart | |
| 1124877 | 3-Major | Tenant status is changed to Configured when there is a change in tenant configuration | |
| 1124853 | 3-Major | Backup and restore fails when port-profile is mismatched | |
| 1121209 | 3-Major | MTU value update on VLAN in tenant launched on r2k and r4k systems needs tmm restart | |
| 1120945-2 | 3-Major | Downgrade to 1.0.1 failed with tenant configuration | |
| 1106881-2 | 3-Major | BT1106881 | F5OS with an AFM license provisioned may provide incorrect AFM stats to a BIG-IP tenant |
| 1086749-2 | 3-Major | Interface speeds are not reported correctly when linked at a slower speed | |
| 1040461-1 | 3-Major | BT1040461 | Permissions of some QKView control files do not follow standards |
| 1122941-2 | 4-Minor | Port-profile changes when tenants are in the deployed state |
Known Issue details for F5OS-A v1.2.x
1184917-2 : On rSeries, the MAC masquerade feature is only supported on BIG-IP tenants 15.1.6 and later
Component: F5OS-A
Symptoms:
The MAC masquerade feature is only supported on BIG-IP tenant versions 15.1.6 and later. Using the feature in an HA pair can cause traffic to fail over incorrectly between the pair.
Conditions:
MAC masquerade is used on rSeries with BIG-IP tenant versions other than 15.1.6 and later.
Impact:
Traffic may be degraded on a failover between an HA pair.
Workaround:
Upgrade BIG-IP tenant version to 15.1.6 or later.
1124877 : Tenant status is changed to Configured when there is a change in tenant configuration
Component: F5OS-A
Symptoms:
There is a momentary time-lapse (average of 2 sec) in resuming the tenant status to "Deployed" after updating the configuration for a tenant. This leads to the GUI displaying a tenant status of Configured.
Conditions:
This issue is observed only when you try to access the tenant details during this time window.
Impact:
The GUI displays a different tenant Status when accessing tenant details from the platform in this time window when the tenant Status is transitioning from Configured to Deployed.
Workaround:
Refresh the page so that it will fetch the correct tenant configuration
1124865 : Removal of LAG member from an active LACP trunk on r2k and r4k systems requires tmm restart
Component: F5OS-A
Symptoms:
Removal of LAG member from an active LACP trunk stops the traffic flow to the tenant launched on R2x00/R4x00 based appliances.
Conditions:
Removal of LAG member from an active LACP trunk on R2x00 and R4x00 appliances.
Impact:
Traffic flow gets impacted and the system misses the packets routed onto the LACP trunk from where the LAG member was removed.
Workaround:
- Remove the LAG member using the confd CLI
- Restart tmm on all tenants that are associated with the trunk
1124853 : Backup and restore fails when port-profile is mismatched
Component: F5OS-A
Symptoms:
Because there will be some configuration changes between two different port-profiles, database backup and restore between two appliances with different port-profiles will fail.
Conditions:
Make sure both source and target appliances have the same port-profile configurations before performing a database
restore.
Impact:
A database restore will fail when port-profile configuration is mismatched.
Workaround:
The target appliance where the restore is being performed should have the same port-profile as the backup database.
1122941-2 : Port-profile changes when tenants are in the deployed state
Component: F5OS-A
Symptoms:
Port-profile changes are not being blocked when tenants are in the deployed state.
Conditions:
Changing port-profile on a system with a tenant in the running-state is deployed.
Impact:
Tenants may not come up after the system reboots.
Workaround:
For each tenant in the deployed state, move the tenant running state to provisioned and back to deployed.
Then the tenant will then come up and function properly.
1121209 : MTU value update on VLAN in tenant launched on r2k and r4k systems needs tmm restart
Component: F5OS-A
Symptoms:
Updating the MTU on a VLAN in a BIG-IP tenant requires a tmm restart.
Conditions:
Tenants launched on R2x00 or R4x00 appliances and configured to use Jumbo Frames.
Impact:
Jumbo frames feature support impacted.
Workaround:
- Update the MTU value on the VLAN via the tenant's CLI (tmsh) or UI.
- Restart tmm.
1120945-2 : Downgrade to 1.0.1 failed with tenant configuration
Component: F5OS-A
Symptoms:
When an appliance system has tenants configured already, attempting to downgrade to version 1.0.1 fails, and the appliance will not become operational.
Conditions:
During the downgrade process, the system goes for a reboot and attempts to come up in 1.0.1 release. During this bring-up process, the tenant configuration validation fails, which causes the system to fail to become operational.
Impact:
Downgrade to 1.0.1 is not possible if tenants are already configured.
Workaround:
Remove all tenants and then perform the downgrade to 1.0.1.
1106881-2 : F5OS with an AFM license provisioned may provide incorrect AFM stats to a BIG-IP tenant
Links to More Info: BT1106881
Component: F5OS-A
Symptoms:
This is an intermittent problem where the affected BIG-IP tenant may receive incorrect statistics from the F5OS platform. This can cause the BIG-IP tenant to drop DNS traffic that should not be dropped.
Typically, the BIG-IP tenant will have periods of time where it receives the correct stats, and periods where it receives incorrect stats.
Conditions:
All of the below must be true:
-- Two or more BIG-IP tenants are deployed either on the same node in a partition or on the same appliance.
-- An AFM license is installed on the F5OS platform.
-- At least one tenant is receiving malformed DNS traffic.
Impact:
Clients that send DNS traffic to the affected BIG-IP tenant will not receive DNS responses when they should.
Workaround:
When AFM is provisioned for the system, deploying tenants on different nodes on a chassis based system or one tenant per appliance avoids the issue.
1086749-2 : Interface speeds are not reported correctly when linked at a slower speed
Component: F5OS-A
Symptoms:
RSeries 2xxx/4xxx interfaces support linking at certain speeds slower than the portgroup speed, but the interface speed is reported as higher.
For example:
-- A portgroup in 25G mode accepts a 10G SFP and link at 10G. The interface speed is reported as 25G.
-- A portgroup in 25G mode can link at 1G. The interface speed is reported as 25G.
-- A portgroup in 10G mode can link at 1G. The interface speed is reported as 10G.
Conditions:
This occurs when using an SFP that only supports a slower speed, or when connecting a 10G copper port to a 1G capable device.
Impact:
The interface speed reported in the webUI/CLI is higher than the actual link speed.
Workaround:
You can determine the actual link speed using ethtool, for example:
-- For port 1.0, use ethtool x557_1.
-- For port 5.0, use ethtool sfp_5.
1083061 : Loading saved config to BIG-IP fails if host modifications are made after "tmsh save sys config"
Component: F5OS-A
Symptoms:
The configuration load fails with an error similar to the following:
01070257:3: Requested VLAN member (1.5) is currently a trunk member
Unexpected Error: Loading configuration process failed.
Conditions:
-- rSeries 4x00 or R2x00 platform
-- Configuration is backed up using tmsh
-- A change is made to one or more VLANs, interfaces, trunks, or type of VLANs on the host
-- The BIG-IP system loads the configuration
Impact:
Configuration load fails.
Workaround:
On a failure while loading sys config, open the affected configuration file, fix the object that was changed manually, and retry loading the sys config.
For example, if the load sys config at mcpd complains about "vlan member 1.x" is not found on vlan-xyz then open /config/bigip_xxx.conf file and update the vlan-xyz with vlan-member 1.x and retry the config load.
1076949 : Live upgrade from F5OS-1.0.0 or F5OS-1.0.1 to F5OS-1.1.0 or later requires existing tenant state change to provisioned.
Component: F5OS-A
Symptoms:
Existing tenant will go to inoperative state.
Conditions:
Performing live upgrade from F5OS-1.0.x to F5OS-1.1.0 (or any later version) without moving existing tenants to the provisioned state.
Impact:
Tenant goes to Inoperative state.
Workaround:
Move the tenant state to provisioned before (or after) the live upgrade, and then back to a deployed state once the F5OS upgrade is done.
1040461-1 : Permissions of some QKView control files do not follow standards
Links to More Info: BT1040461
Component: F5OS-A
Symptoms:
Permissions of some QKView control files do not follow standards.
Conditions:
Viewing permissions of QKView files.
Impact:
Some do not follow standards.
Workaround:
None
★ This issue may cause the configuration to fail to load or may significantly impact system performance after upgrade
For additional support resources and technical documentation, see:
- The F5 Networks Technical Support web site: http://www.f5.com/support/
- The AskF5 web site: https://support.f5.com/csp/#/home
- The F5 DevCentral web site: http://devcentral.f5.com/
