BIG IP DNS Upgrade questions

Question

We are planning an upgrade of our BIG IP DNS cluster to 16.1.4 with the latest hotfix, we have already upgraded our LTM's to this version. I am following the upgrade guide of https://my.f5.com/manage/s/article/K11661449#verify-config-load and it seems pretty straight forward. One of my questions is the step referring to

"Update the big3d processUpdate the big3d process on all BIG-IP devices on all BIG-IP devices"

I am confused as if the DNS devices are upgraded won't they be running the same version? I have found other posts that they have waited until the entire upgrade is completed then they "install" the updated version. Any insight or clarification on this step would be greatly appreciated.

Thanks,

Joe

whisperer · Answer

So, nothing matters here expect that all devices NOT EQUAL to DNS/GTM must have a version of big3d equal or newer. So, generally one would run big3d install script if a) you upgraded DNS/GTM first and now you need to run this on the LTM or b) want to protect against backward compatibility issues broken due to BIG-IP update. Please see the following: https://my.f5.com/manage/s/article/K25923322.If you have upgraded the LTMs first (correct order), and now you are upgrading the DNS/GTM (to the same BIG-IP version) then correct, the version of big3d should be the same. You can check this a few ways: a) via /usr/sbin/big3d -v in advanced shell or b) iqdump. You can check both client and server BIG3D versions in the iQuery communications. See the following:&nbsp;https://my.f5.com/manage/s/article/K13703.&nbsp;&nbsp;

f5_design_engineer · Answer

Hi Jomedusa,
BIG-IP DNS documentation asserts that the DNS device firmware version must be equal to or older than the big3d client version that is installed on the LTM "clients".&nbsp; &nbsp;(big3d clients are backwards compatible with older versions of firmware on a BIG-IP DNS installation.
But in my test environment i saw no issues when my DNS was on 15.x and my LTMs were still on to 12.x and i do not saw any issues to be very frank, but you should follow the F5 DNS documentation.
When upgrading a multi-module network environment where BIG-IP DNS (formerly GTM) and BIG-IP LTM (and other modules) are configured as big3d clients,&nbsp;there is a concern about the correct order to upgrade the devices.&nbsp; &nbsp;The quick answer, is that it depends on the timing.&nbsp; &nbsp;The big3d environment that underlies the communication between BIG-IP DNS and it's BIG-IP LTM Clients, is only backwards compatible.
With that being said, there are 2 preferred methods that are commonly used to upgrade environments with DNS and LTM.
If you are staggering your upgrades, where at any time the BIG-IP DNS will have a newer version of firmware than the LTM devices:
Upgrade DNS devices first, immediately followed by upgrading the big3d version on all 'client' devices.Upgrade BIG-IP DNS First&nbsp;Upgrade the big3d client on each LTM device&nbsp; to bring the big3d client version up to the DNS version.(see&nbsp;K13312: Overview of the BIG-IP DNS big3d_install, bigip_add, and gtm_add utilities (11.x - 16.x))At a future time,&nbsp;upgrade the BIG-IP LTM devices, to the same version the BIG-IP DNS device is on.
Otherwise:&nbsp;Upgrade LTM Devices first, Then upgrade the DNS devices.&nbsp;Upgrade all LTM devices -&nbsp; the .iso includes the matching big3d client for that firmware release.this ensures&nbsp;the big3d client is 'newer or equal to' the BIG-IP DNS device version.at a future time, as required, upgrade the BIG-IP DNS device to match the BIG-IP LTM version.big3d version management
To facilitate proper iQuery communication in your environment, you should be aware of the following&nbsp;big3d&nbsp;version management information:
F5 recommends that all devices communicating over iQuery run the same&nbsp;big3d&nbsp;versionWhen installing&nbsp;big3d&nbsp;on devices in the iQuery mesh, install the&nbsp;big3d&nbsp;agent from the BIG-IP DNS (formerly BIG-IP GTM) or Enterprise Management system that is running the latest software version, to the other devices in the iQuery mesh. For example, if the devices in the iQuery mesh are running different BIG-IP software versions, install the&nbsp;big3d&nbsp;agent from the device running the newest BIG-IP version to the other devices. This ensures that a device in the mesh does not run a&nbsp;big3d&nbsp;version that is older than its installed software version.Note:&nbsp;big3d&nbsp;is designed to be backward-compatible;&nbsp;therefore, you can upgrade&nbsp;big3d&nbsp;without having to upgrade the other monitored devices in the iQuery mesh TMOS version to match the TMOS version on BIG-IP GTM. You can check the&nbsp;big3d&nbsp;version by entering the&nbsp;big3d -v&nbsp;command. For additional information on updating&nbsp;big3d&nbsp;see&nbsp;K13312: Overview of the BIG-IP DNS big3d_install, bigip_add, and gtm_add utilities (11.x - 17.x)&nbsp;.
BIG-IP DNS synchronization group communicationSync group members must&nbsp;run the same&nbsp;big3d&nbsp;version to avoid unexpected behavior such as&nbsp;big3d&nbsp;timeouts.DNS/GTM/BIG-IP communicationMonitored BIG-IP systems must run the same or newer&nbsp;big3d&nbsp;version as the DNS / GTM devices that are monitoring them.Enterprise Manager/BIG-IP communicationManaged BIG-IP systems must run the same or newer&nbsp;big3d&nbsp;version as the Enterprise Manager devices that are collecting data from them.
Note: The&nbsp;big3d&nbsp;(iQuery) SSL cipher suite is currently hard-coded in the BIG-IP system and cannot be modified administratively.
You can run iquery comand on your GTM/DNS box to see the Local BIG3d version and on the LTM by Remote BIG3d version as follows also you can check the latest COMMIT ID
[root@Test-DNS02-external-mgt:Active:Standalone] config # tmsh show gtm iquery 192.168.32.101
&nbsp;
------------------------------------------------------------------------------------
Gtm::IQuery: 192.82.32.101
------------------------------------------------------------------------------------
Server&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Test-DNS01-external-mgt
Server Type&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; BIGIP-DNS
Data Center&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Test-DNS01-DC01
State&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;connected
Reconnects&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0
Backlogs&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0
Bits In&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;519.9K
Bits Out&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 61.1K
Bytes Dropped&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 42
Cert Expiration Date&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;08/19/28 15:49:12
Configuration Time&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 01/11/23 10:06:44
Configuration Commit ID&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 159
Configuration Commit Originator&nbsp; Test-DNS02-external-mg.TEST.com
Local TMOS version&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 12.1.3
Remote TMOS version&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 12.1.3
Local big3d version&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;15.1.6.0.0.8
Remote big3d version&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 12.1.3.6.0.0.3
&nbsp;
You&nbsp; can also try to run iqdump&nbsp; to check the big3d version
&nbsp;
[root@TEST-GTM-dns01:Active:In Sync (Sync Only)] config # iqdump 192.168.32.5&lt;!-- Local hostname: TEST-GTM-dns01.Test.com --&gt;&lt;!-- Connected to big3d at: ::ffff:192.168.32.5:4353 --&gt;&lt;!-- Subscribing to syncgroup: default --&gt;&lt;!-- Fri Nov 18 09:52:13 2022 --&gt;&lt;xml_connection&gt;&lt;version&gt;15.1.6&lt;/version&gt;&lt;big3d&gt;big3d Version 15.1.6.0.0.8&lt;/big3d&gt;&lt;connection_id&gt;341&lt;/connection_id&gt;&lt;kernel&gt;linux&lt;/kernel&gt;&lt;!-- Fri Nov 18 09:52:15 2022 --&gt;&lt;server&gt;&lt;pkts&gt;2291222&lt;/pkts&gt;&lt;pkts_in&gt;1916980&lt;/pkts_in&gt;&lt;pkts_out&gt;374242&lt;/pkts_out&gt;&lt;tot_bytes&gt;368996591&lt;/tot_bytes&gt;&lt;tot_bytes_in&gt;305357006&lt;/tot_bytes_in&gt;&lt;tot_bytes_out&gt;63639585&lt;/tot_bytes_out&gt;&lt;cpu&gt;1&lt;/cpu&gt;&lt;uptime&gt;1733836&lt;/uptime&gt;&lt;active&gt;0&lt;/active&gt;&lt;maintainance&gt;0&lt;/maintainance&gt;&lt;big3d_log_level&gt;notice&lt;/big3d_log_level&gt;&lt;monitor&gt;6&lt;/monitor&gt;&lt;snmp&gt;0&lt;/snmp&gt;&lt;path&gt;0&lt;/path&gt;&lt;trace&gt;0&lt;/trace&gt;&lt;monitor_active&gt;6&lt;/monitor_active&gt;&lt;snmp_active&gt;0&lt;/snmp_active&gt;&lt;path_active&gt;0&lt;/path_active&gt;&lt;trace_active&gt;0&lt;/trace_active&gt;&lt;/server&gt;&lt;!-- Fri Nov 18 09:52:25 2022 --&gt;&lt;server&gt;&lt;pkts&gt;2292244&lt;/pkts&gt;&lt;pkts_in&gt;1917632&lt;/pkts_in&gt;&lt;pkts_out&gt;374612&lt;/pkts_out&gt;&lt;tot_bytes&gt;369196048&lt;/tot_bytes&gt;&lt;tot_bytes_in&gt;305438910&lt;/tot_bytes_in&gt;&lt;tot_bytes_out&gt;63757138&lt;/tot_bytes_out&gt;&lt;cpu&gt;1&lt;/cpu&gt;&lt;uptime&gt;1733846&lt;/uptime&gt;&lt;active&gt;0&lt;/active&gt;&lt;maintainance&gt;0&lt;/maintainance&gt;&lt;big3d_log_level&gt;notice&lt;/big3d_log_level&gt;&lt;monitor&gt;3&lt;/monitor&gt;&lt;snmp&gt;0&lt;/snmp&gt;&lt;path&gt;0&lt;/path&gt;&lt;trace&gt;0&lt;/trace&gt;&lt;monitor_active&gt;3&lt;/monitor_active&gt;&lt;snmp_active&gt;0&lt;/snmp_active&gt;&lt;path_active&gt;0&lt;/path_active&gt;&lt;trace_active&gt;0&lt;/trace_active&gt;&lt;/server&gt;
&nbsp;
K13703: Overview of big3d version management
https://my.f5.com/manage/s/article/K13703
https://my.f5.com/manage/s/article/K25923322
https://my.f5.com/manage/s/article/K15844889
https://my.f5.com/manage/s/article/K13312
Hope this helps
🙏
&nbsp;
&nbsp;

Forum Discussion

BIG IP DNS Upgrade questions

"Update the big3d processUpdate the big3d process on all BIG-IP devices on all BIG-IP devices"

Recent Discussions

OWA File Upload URIs for WAF Bypass

F5 AWAF/ASM learning only from Trusted traffic?

irule execution error

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

Show or List F5 XC Routes in the Web

Related Content

7 Steps Checklist before upgrading your F5 BIG-IP

BIG-IP Upgrades Part 2 - Upgrade Behavior

Standalone BIG-IQ Upgrade Question

F5 Big-IP upgrade

BIG-IP Upgrade Procedure Using CLI (vCMP Guest & Host)