For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Mohanish_169493's avatar
Mohanish_169493
Icon for Nimbostratus rankNimbostratus
Dec 09, 2015

Need help with GTM upgradation

Hi,

 

I have two GTM's one at DC and the other one at DR location. They are a part of syncgroup. They both are currently running 10.2.4 HF11. We are planning to upgrade them to 11.5.3 HF1. Can someone guide if we can upgrade DR first and switch traffic to DR GTM and then upgrade DC. Basically we are trying to avoid downtime. Is it possible?

 

or we need to upgrade both boxes at one go.

 

application delivery
BIG-IP
BIG-IP DNS
big-ip gtm
gtm

3 Replies

  • Jinshu's avatar
    Jinshu
    Icon for Cirrus rankCirrus
    Dec 09, 2015

    The answer is already there in devcentral... πŸ™‚

    Once the GTMs in a sync group have been upgraded, there might be issues with the Sync Groups. You can circumvent by naming the SYNC group name to something else and renaming back to the original sync group name after the upgrades.

    Say you have two GTMs (GTM1 and GTM2) in your sync group with syncgroup name as GTMSYNC.

    Backup GTM configs
GTM1 - Rename SYNC Group name to GTMSYNC-Other1
GTM1 - Install V11 on a new volume and reboot to new V11 volume. Test DNS functionality by testing against GTM1.
GTM2 - Rename SYNC Group name to GTMSYNC-Other2
GTM2 - Install V11 on a new volume and reboot to new V11 volume. Test DNS functionality by testing against GTM2.
GTM1 and GTM2 - Rename SYNC Group name back to GTMSYNC
Perform iqdump from each GTM to the other GTM to verify iQuery. Also perform iqdump from GTM to all the LTMs that they are talking to, to verify iQuery is still working.
if iQuery is failing against the LTMs, perform bigip_add against the LTMs to re-establish iQuery connectivity.
On another note keep away from versions such as V11.3.0 HF7 and V11.4.0 HF3, etc because of a BIND vulnerability that it introduces. The downloads page has the warning in there, so avoid such releases.

    "Customers that rely on BIND Zone syncing to replicate their DNS database between GTMs should not upgrade to this HF due to a problem with Zone syncing. This issue is being tracked as ID429127."

    -Jinshu

  • Jinshu's avatar
    Jinshu
    Icon for Cirrus rankCirrus
    Dec 09, 2015

    I am using 11.5.3 HF2 and it's very much stable. I am not facing any issues with this version.

     

    Hope this helps.

     

    -Jinshu

     

  • Jinshu's avatar
    Jinshu
    Icon for Cirrus rankCirrus
    Dec 10, 2015

    The way to go is just upload the new image and hotfix (you can go to 11.5.3 directly) and install it in an empty slot. Then restart in that volume and you will be running 11.5.3. you don't need to work with separate SCF or UCS file, the upgrade process will do that for you.

     

    Still there is a good chance it won't be going without issue. Read all release notes and be prepared to rollback after collecting data to have another try later on. also if you have a partner you could ask them to assist you.

     

    My suggestion is to contact F5 support or your Account rep and have their SE take a look at your configuration and do a "BUG Scrub" to make sure there is no compability issues with your configuration.