Forum Discussion

jomedusa's avatar
jomedusa
Icon for Altostratus rankAltostratus
Dec 13, 2023

BIG IP DNS Upgrade questions

We are planning an upgrade of our BIG IP DNS cluster to 16.1.4 with the latest hotfix, we have already upgraded our LTM's to this version.  I am following the upgrade guide of https://my.f5.com/manage/s/article/K11661449#verify-config-load and it seems pretty straight forward.  One of my questions is the step referring to

"Update the big3d processUpdate the big3d process on all BIG-IP devices on all BIG-IP devices"

I am confused as if the DNS devices are upgraded won't they be running the same version?  I have found other posts that they have waited until the entire upgrade is completed then they "install" the updated version.  Any insight or clarification on this step would be greatly appreciated.

Thanks,

Joe

application delivery

2 Replies

Sort By
  • whisperer's avatar
    whisperer
    Icon for MVP rankMVP
    Dec 14, 2023

    So, nothing matters here expect that all devices NOT EQUAL to DNS/GTM must have a version of big3d equal or newer. So, generally one would run big3d install script if a) you upgraded DNS/GTM first and now you need to run this on the LTM or b) want to protect against backward compatibility issues broken due to BIG-IP update. Please see the following: https://my.f5.com/manage/s/article/K25923322.

    If you have upgraded the LTMs first (correct order), and now you are upgrading the DNS/GTM (to the same BIG-IP version) then correct, the version of big3d should be the same. You can check this a few ways: a) via /usr/sbin/big3d -v in advanced shell or b) iqdump. You can check both client and server BIG3D versions in the iQuery communications. See the following: https://my.f5.com/manage/s/article/K13703.

     

     

  • F5_Design_Engineer's avatar
    F5_Design_Engineer
    Icon for MVP rankMVP
    Dec 14, 2023

    Hi Jomedusa,

    BIG-IP DNS documentation asserts that the DNS device firmware version must be equal to or older than the big3d client version that is installed on the LTM "clients".   (big3d clients are backwards compatible with older versions of firmware on a BIG-IP DNS installation.

    But in my test environment i saw no issues when my DNS was on 15.x and my LTMs were still on to 12.x and i do not saw any issues to be very frank, but you should follow the F5 DNS documentation.

    When upgrading a multi-module network environment where BIG-IP DNS (formerly GTM) and BIG-IP LTM (and other modules) are configured as big3d clients, there is a concern about the correct order to upgrade the devices.   The quick answer, is that it depends on the timing.   The big3d environment that underlies the communication between BIG-IP DNS and it's BIG-IP LTM Clients, is only backwards compatible.

    With that being said, there are 2 preferred methods that are commonly used to upgrade environments with DNS and LTM.

    If you are staggering your upgrades, where at any time the BIG-IP DNS will have a newer version of firmware than the LTM devices:

    Upgrade DNS devices first, immediately followed by upgrading the big3d version on all 'client' devices.
    Upgrade BIG-IP DNS First 
    Upgrade the big3d client on each LTM device  to bring the big3d client version up to the DNS version.
    (see K13312: Overview of the BIG-IP DNS big3d_install, bigip_add, and gtm_add utilities (11.x - 16.x))
    At a future time, upgrade the BIG-IP LTM devices, to the same version the BIG-IP DNS device is on.

    Otherwise: Upgrade LTM Devices first, Then upgrade the DNS devices. 
    Upgrade all LTM devices -  the .iso includes the matching big3d client for that firmware release.
    this ensures the big3d client is 'newer or equal to' the BIG-IP DNS device version.
    at a future time, as required, upgrade the BIG-IP DNS device to match the BIG-IP LTM version.
    big3d version management

    To facilitate proper iQuery communication in your environment, you should be aware of the following big3d version management information:

    F5 recommends that all devices communicating over iQuery run the same big3d version
    When installing big3d on devices in the iQuery mesh, install the big3d agent from the BIG-IP DNS (formerly BIG-IP GTM) or Enterprise Management system that is running the latest software version, to the other devices in the iQuery mesh. For example, if the devices in the iQuery mesh are running different BIG-IP software versions, install the big3d agent from the device running the newest BIG-IP version to the other devices. This ensures that a device in the mesh does not run a big3d version that is older than its installed software version.
    Note: big3d is designed to be backward-compatible; therefore, you can upgrade big3d without having to upgrade the other monitored devices in the iQuery mesh TMOS version to match the TMOS version on BIG-IP GTM. You can check the big3d version by entering the big3d -v command. For additional information on updating big3d see K13312: Overview of the BIG-IP DNS big3d_install, bigip_add, and gtm_add utilities (11.x - 17.x) .

    BIG-IP DNS synchronization group communication
    Sync group members must run the same big3d version to avoid unexpected behavior such as big3d timeouts.
    DNS/GTM/BIG-IP communication
    Monitored BIG-IP systems must run the same or newer big3d version as the DNS / GTM devices that are monitoring them.
    Enterprise Manager/BIG-IP communication
    Managed BIG-IP systems must run the same or newer big3d version as the Enterprise Manager devices that are collecting data from them.

    Note: The big3d (iQuery) SSL cipher suite is currently hard-coded in the BIG-IP system and cannot be modified administratively.

    You can run iquery comand on your GTM/DNS box to see the Local BIG3d version and on the LTM by Remote BIG3d version as follows also you can check the latest COMMIT ID

    [root@Test-DNS02-external-mgt:Active:Standalone] config # tmsh show gtm iquery 192.168.32.101

     

    ------------------------------------------------------------------------------------

    Gtm::IQuery: 192.82.32.101

    ------------------------------------------------------------------------------------

    Server                                                                Test-DNS01-external-mgt

    Server Type                                                                BIGIP-DNS

    Data Center                                                                Test-DNS01-DC01

    State                                                                      connected

    Reconnects                                                                         0

    Backlogs                                                                           0

    Bits In                                                                       519.9K

    Bits Out                                                                       61.1K

    Bytes Dropped                                                                     42

    Cert Expiration Date                                               08/19/28 15:49:12

    Configuration Time                                                 01/11/23 10:06:44

    Configuration Commit ID                                                          159

    Configuration Commit Originator  Test-DNS02-external-mg.TEST.com

    Local TMOS version                                                            12.1.3

    Remote TMOS version                                                           12.1.3

    Local big3d version                                                     15.1.6.0.0.8

    Remote big3d version                                                  12.1.3.6.0.0.3

     

    You  can also try to run iqdump  to check the big3d version

     

    [root@TEST-GTM-dns01:Active:In Sync (Sync Only)] config # iqdump 192.168.32.5
    <!-- Local hostname: TEST-GTM-dns01.Test.com -->
    <!-- Connected to big3d at: ::ffff:192.168.32.5:4353 -->
    <!-- Subscribing to syncgroup: default -->
    <!-- Fri Nov 18 09:52:13 2022 -->
    <xml_connection>
    <version>15.1.6</version>
    <big3d>big3d Version 15.1.6.0.0.8</big3d>
    <connection_id>341</connection_id>
    <kernel>linux</kernel>
    <!-- Fri Nov 18 09:52:15 2022 -->
    <server>
    <pkts>2291222</pkts>
    <pkts_in>1916980</pkts_in>
    <pkts_out>374242</pkts_out>
    <tot_bytes>368996591</tot_bytes>
    <tot_bytes_in>305357006</tot_bytes_in>
    <tot_bytes_out>63639585</tot_bytes_out>
    <cpu>1</cpu>
    <uptime>1733836</uptime>
    <active>0</active>
    <maintainance>0</maintainance>
    <big3d_log_level>notice</big3d_log_level>
    <monitor>6</monitor>
    <snmp>0</snmp>
    <path>0</path>
    <trace>0</trace>
    <monitor_active>6</monitor_active>
    <snmp_active>0</snmp_active>
    <path_active>0</path_active>
    <trace_active>0</trace_active>
    </server>
    <!-- Fri Nov 18 09:52:25 2022 -->
    <server>
    <pkts>2292244</pkts>
    <pkts_in>1917632</pkts_in>
    <pkts_out>374612</pkts_out>
    <tot_bytes>369196048</tot_bytes>
    <tot_bytes_in>305438910</tot_bytes_in>
    <tot_bytes_out>63757138</tot_bytes_out>
    <cpu>1</cpu>
    <uptime>1733846</uptime>
    <active>0</active>
    <maintainance>0</maintainance>
    <big3d_log_level>notice</big3d_log_level>
    <monitor>3</monitor>
    <snmp>0</snmp>
    <path>0</path>
    <trace>0</trace>
    <monitor_active>3</monitor_active>
    <snmp_active>0</snmp_active>
    <path_active>0</path_active>
    <trace_active>0</trace_active>
    </server>

     

    K13703: Overview of big3d version management

    https://my.f5.com/manage/s/article/K13703

    https://my.f5.com/manage/s/article/K25923322

    https://my.f5.com/manage/s/article/K15844889

    https://my.f5.com/manage/s/article/K13312

    Hope this helps

    🙏