Forum Discussion

jeffrey1984's avatar
Mar 11, 2020

Hotfix Upgrade on LTM HA pair

We received a vulnerability report about a possible ssl attack with our current LTM software . Currently we are running 12.1.2.1.0.271 base image while the hotfix image is on 12.1.2.1.0.271 HF1 . F5...
  • Mayur_Sutare's avatar
    Mar 11, 2020

    Hi,

     

    F5've changed how they manage hot-fixes. First, they are not called "hot-fixes" anymore. Instead, F5 refer to it as "point releases", which are reflected as the forth number in the period delimited version number. So you no longer need to install a primary ISO and a separate Hot-Fix ISO.

     

    In the new Point Release system, a point release (formerly known as a hotfix rollup) now includes the full software to allow the point release image to install to a partition without needing a base image.

     

    1. The base image the hotfix is updating must reside on the BIG-IP system.

    The base image must be stored in the default image location, /shared/images so the BIG-IP system can automatically install the image if needed when you perform a hotfix installation. For example if you install HF1 for 11.5.4 on BIG-IP 11.0.0, the system automatically installs the base BIG-IP 11.5.4 image before applying the hotfix; therefore, the base image must be available to the BIG-IP system. The same occurs when you install the hotfix to a new volume.

     

    2. The hotfix installation copies the running configuration and license from the current boot location to the target install location. When you install a hotfix to a target boot location, the system automatically installs the configuration and license from the current boot location to the target installation location.

     

    3. When installing a hotfix, you must run the hotfix installation from an active boot location and specify an inactive boot location as the target install location. This behavior allows you to prepare an inactive boot location, in advance, by installing the hotfix on an existing volume or new volume, and then boot to the new location when you are ready to run the configuration.

     

    4. For example in your case, BIG-IP system is running BIG-IP 12.1.2 on the active boot location (for example, HD1.1), and you want to install HF2, prepare an inactive boot location for the installation (for example, HD1.2). During the maintenance window, you can then designate HD1.2 as the active boot location and boot the system to it. If you need to revert to the previous hotfix version, you can boot to the former-active boot location that contains the hotfix (HD1.1 in this example).

     

    Hope it helps you!

     

    Mayur