For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

BJ_114988's avatar
BJ_114988
Icon for Nimbostratus rankNimbostratus
Jun 16, 2015

I am planning to upgrade My F5 from 10.2.4 to 11.6. what upgrade process i have to follow?

I am planning to upgrade My F5 from 10.2.4 to 11.6. what upgrade process i have to follow? are there any issues that anybody faced during upgrade , please let me know if any  
Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus
Jun 16, 2015

Hello,

Please find some of the known issues below.

  1. SSL Profiles "inherit-certchain" setting is screwed up - does not migrate correctly. You'll have to manually go over the config file to fix it. Relevant if you use parent SSL profiles that are something else than the default profile "clientssl"
  2. SSL default timeout is reduced from 60 seconds to 10 seconds. Not relevant in most cases, but very severe for some applications. If relevant for you, you'll have to manually modify it.
  3. In addition to SSL handshake timeout, hundreds of default values have changed, you'll find nothing about most of them in the release notes. I wish F5 just had a tickbox "Retain default values from current version - Yes/No", but unfortunately new values are pushed into TMOS whether you want them or not.
  4. HTTPClass objects are deprecated (if you have any, remove them before creating an image snapshot). You'll have to create new LTM policies (or iRules) to replace the functionality of your HTTPClass objects.
  5. Issues with iRules. For instance, some system-provided variables e.g 
    $static::tcl_platform(machine)
    have been removed. After the upgrade, you can expect to see some TCL errors such as "TCL error... variable not found" in /var/log/ltm.

So what can you do? Look into F5 SOL articles. Search for "upgrading F5 software", the articles explain the standard upgrade procedure quite well. To upgrade your F5, you should start by re-activating the license; follow up by installing the desired software on a new partition. When done, you reboot your system from the new partition and hope everything works. Hint: you will be disappointed 4 times out of 5. As you encounter errors which prevent the configuration from loading, you have two options: a) modify some settings of the conflicting object b) remove the conflicting object. You can try either of the options by working with the snapshot config files in 

/config/bigpipe
directory. Once done, issue the 
/usr/libexec/bigpipe daol
command which initiates another attempt to load your configuration. If you do not understand the error message, try to Google it or contact F5 support. During and after the upgrade, pay close attention to /var/log/ltm file to spot any problems.

Hope this helps!