For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

newf5learner's avatar
newf5learner
Icon for Nimbostratus rankNimbostratus
Aug 25, 2016

F5 LTM pair software upgrade - 11.4.1 to 11.6.1

Hi,

 

I have a quick question on F5 software upgrade on devices in Active-Standby pair. Currents we are running on version 11.4.1, planning to go with 11.6.1

 

Device A (Active), Device B (Standby) with interface 1.8 used for HA clustering.

 

Plan: Upgrade the standby unit - Force device offline, Reactive the license, install software on volume B, boot from volume B.

 

Question 1. Will the device-B remains in offline state after the upgrade? release the device from offline, will it becomes stand by?

 

back to scenario: Now Device-B upgraded to 11.6.1, Device-A on 11.4.1 and still active for traffic group.

 

Question 2. Can I now force the traffic group from Device-A to standby and so that Device-B will take it over? Will this work as devices are are on different versions?

 

Please let me know the above procedure works or do I have to use the other regular method - disable the interfaces on standby unit, upgrade the unit, disable the interfaces on Active unit and enable interfaces on upgraded unit.

 

I have this planned activity in another 24 hours.

 

thanks.

 

application delivery
LTM
TMOS

3 Replies

  • IainThomson85_1's avatar
    IainThomson85_1
    Icon for Cumulonimbus rankCumulonimbus
    Aug 26, 2016

    Question 1: Yes

     

    Question 2: Yes (assuming you then go and upgrade Device 1,)

     

    You've suggested a wholly sensible approach to upgrading. Couple of tips. When you've re licensed the device, go to cli (Bash) and issue a reloadlic , then a tmsh save sys config. If you've never done it, test traffic on Device 2 before the upgrade. Schedule this upgrade in an agreed maintenance window. DISABLE VLAN FAILSAFE/Other Failsafes that are applicable. Have connectivity to an AOM interface, or via a Terminal Server/Phsyical Laptop connection. The "Moving" of the traffic assumes that the switches you're connecting to respond to gratuitous ARP requests, should be if they're enterprise level.

     

  • benmgood36's avatar
    benmgood36
    Icon for Nimbostratus rankNimbostratus
    Aug 30, 2016

    Check your monitors after you upgrade. I had an issue going from 11.4.1 to 11.6.0 where all the \r\n in HTTP send strings was mangled to something like \\\\r\\\\n.

     

  • mikey_webb's avatar
    mikey_webb
    Icon for Cirrus rankCirrus
    Sep 09, 2016

    hi guys thanks for the info. i'm too doing same upgrade so newf5learner can you confirm you encountered no issues and followed your upgrade notes u posted?

     

    Apart from SSLv3 being dropped from DEFAULT and the monitors issued anyone else have issues?

     

    Also can someone advise how long wait is for it to reboot and install 11.6.1 - would like guidlines before i panic

     

    thanks all