I just want to follow up on my upgrade/migration experience in case anyone else is in the same scenario. After working through some of the options, here is what we did:
1. Configure basic configuration on the new 4200v pair. This includes hostname, management IP and the various device group stuff for HA. Make sure device group sync is working.
2. Upgrade our production standby unit in our 6900 pair to version 11.3.
3. Copy the bigip.conf from the upgraded 6900 over to the 4200v primary unit.
4. Copy various network settings from bigip_base.conf from the upgraded 6900 over to the bigip_base.conf on the 4200v primary unit. This step required a good amount of manual tweaks due to hardware differences. There are also several sections you don't want to overwrite such as the device trust sections, management IP, etc. We also had to change the self IPs so they reflected the "primary" IPs.
5. Copy certificates and keys from the upgraded 6900 over to the primary 4200v. In version 11, the certificate path changed.
6. Run tmsh sys config load on the primary 4200v so it loads the updated bigip.conf and bipip_base.conf files. I disabled the switch ports for the external and internal interfaces in order to avoid IP conflicts with our 6900 production unit.
7. Copy bigip_base.conf settings over to the secondary 4200v.
8. Run tmsh sys config load on the secondary unit so it loads the updated bipip_base.conf files. Again, the switch ports for the external and internal interfaces were disabled in order to avoid IP conflicts.
9. Sync the primary 4200v to the device group so the secondary 4200v will get the update config as well as the certificates.
10. Check for any errors.
11. Shut down switch port interfaces on the 6900 units and bring up switch port interfaces on the 4200v units.
12. Clear arp cache on upstream routers.