Copy configuration from very old hardware/software to new hardware/software

If it's LTM and you configured some iRules there you might get the "issue" with some syntax change (datagroups, variable). If it's a simple configuration I would load it on the new box and troubleshoot it (load errors) manually. No smooth migration path I can see here (if you do not have another machine at disposal that supports both versions)

Thank you for your reply amolari!

I've made an attempt at changing the old configuration (1500 (C36), software version is 9.4.7 Build 320.1) to fit the new box (2000 (C112), software version is 11.5.2 HF2). As one would expect I ran into some problems when trying to restore the manually edited archive. So far I've been able to solve the issues pointed out in the logs, but this last messages has me somewhat stumped:

"/usr/bin/tmsh -n -g load sys config partitions all" - failed. -- 010717e3:3: Client SSL profile must have RSA certificate/key pair. Unexpected Error: Loading configuration process failed. **Profile _cgc_cgc_clientssl: clientssl profile has no key/cert pair**

There is no ssl profile of that name in bigip.conf. Has this got something to do with the default "clientssl"-profile? If so, where can I find the configuration for the default client ssl profile?

Anyone know what might be the issue here? Thanks!

/Viktor

The configuration file format changed in v11 and there were some major changes. Unfortunately v9 doesn't run on a VE so you need some hardware so do this with. Within F5 PS we would load the old config onto a lab box, perform the upgrade and then load the config back onto the target box ( after reviewing config, etc ) My best suggestion is that you take an SCF backup ( and copy the SSL certs located in /config/ssl )

Load the SSL certs onto the new box with the same names as previously, manually edit the SCF to make it look correct and try to load it, or copy/paste the config in using tmsh command "load sys config merge from-terminal"

If you want to try the upgrade, you could break your failover pair and do it on the standby box. If it works OK, take a backup and restore it onto the new box, then restore the v9 box. Note: Be sure to read up on the partitions/volumes changes in v10 to ensure you can rollback.

Thank you for your reply!

I got the configuration imported by removing anything related to certificates and then adding it again successively (to find out which part of the configuration caused the error).

Now I'm trying to do the same thing on a virtual device. Using an archive ucs-file from the virtual device I've created a new ucs-file containing the necessary configuration from the running devices and imported it on the virtual device. No errors. But after importing the configuration the virtual device started complaining about the license. So I re-licensed it. But that resulted in the big-ip reloading the configuration over and over… Anything you recognize?

Log says: "The allow_dynad policy boolean was changed to on by root Configuration reload request received, reloading configuration"

(over and over again approx. 2 times per minute)