Need to upgrade my VE from version 10.2.4 to version 11.5.2.0

Firstly, I would recommend that you choose 11.5.3 rather than 11.5.2. 11.5.x follows the new release cycle described here:

https://support.f5.com/kb/en-us/solutions/public/8000/900/sol8986.html

Specifically, it is the "long-term stability release" for 11.x (note that no other 11.x minor releases follow this new model). As such, 11.5.2 is now past end-of-software development. Any security fixes, stability improvements and new hardware support will be in following maintenance releases of 11.5.x. See this solution article for details:

https://support.f5.com/kb/en-us/solutions/public/5000/900/sol5903.html

You may find it instructive to discuss this new version model with your F5 Account team, since it is significantly different than the legacy release model.

Having said all of that, the jump from 10.2.4 to 11.5.2 can be done, but there are indeed a few things of which you'll want to be mindful:

1. HTTP Classes are no longer supported. If you are using HTTP Classes, you will need to remove them then re-add them (as iRules or Local Traffic Policies) after the upgrade;
2. external monitors and certificates have moved. They should port, but it is prudent to double-check them if the update succeeds to ensure that they are working as expected;
3. some GTM items -- particularly BIND records -- can have some issues on upgrade, but if you don't have GTM provisioned, or do not use ZoneRunner directly to manage zones or records (allowing GTM to create and remove them) you will likely be fine;
4. there are some things that were inadvertently allowed for GTM object names under 10.x that will simply fail on an upgrade attempt. Specifically, spaces were allowed for servers and pool names. If you have spaces, you must remove them before upgrading;
5. the GTM configuration files have been collapsed into a single file. This generally won't matter to you unless you are used to looking in

   /config/gtm

   for config items. It is now

   /config/bigip_gtm.conf

   ;
6. the Admin Partition configuration has been moved out of the general config files (e.g.,

   bigip.conf

   ) and moved to separate files under

   /config/partitions

   . Again, this likely won't matter to you unless you are used to seeing partition cross-references in the primary config files.

You may be able to glean additional insights by either opening a Support case and asking this same question, or by reaching out to your F5 Account Team, and asking your account FSE to do so on your behalf. If the upgrade fails, you may consider engaging F5 Professional Services for assistance. They are a for-pay consulting division of F5.

THANKS FOR YOUR REPLY!

 

yeah F5 support has gotten me absolutely no where with this.

 

I am trying to do this my self without having to consult F5 Professional Services.

 

Are all those things you mentioned, lines of code that I need to remove from the .ucs file?

 

I have extracted the UCS file and opened the bigip_base.conf file and I have the entire configuration there.

 

Manipulating the contents of the UCS archive is one way to accomplish any necessary changes, and I suspect it is the most common.

 

The bigip_base.conf file contains configuration for the base system. You can think of it as the elements that are not specific to a module. It includes things such as VLAN configurations, non-floating self-IPs, link-aggregation trunks, and so forth. On 10.x, the LTM configuration elements are in bigip.conf and the GTM configuration elements are spread across files in /config/gtm.

 

I'd recommend trying to simply install the UCS, without changes, on an 11.5.3 system. If you are using an appliance and can only perform the upgrade during a maintenance window, you can reach out to your F5 Account team and ask for a VE eval license. Because a VE generally only has three tmos interfaces (1.1, 1.2 and 1.3), you may need to modify bigip_base.conf and change references to any other interfaces (I generally just set them all to 1.1). If the UCS fails to load, /var/log/ltm should have information about why the load failed and potentially, remediation pointers. If you do successfully load it on a VE, you can take a UCS snapshot of the successful load. If you later need to move it back to an appliance, you can "fix up" the interface references after it has loaded on the appliance (this is why changing all interface references to 1.1 can be helpful. All VEs and appliances have a 1.1 interface).

 

what I did was just add the extra interfaces that were present on the Physical appliance to the VE.

 

so for example, I just added 2 extra NICs on VMware. So are you saying I should not change/add interfaces to the VE?

 

Our Physical Appliance is not using any SFP ports 2.1 and 2.2. But it is using ports 1.3 and 1.4 remember we have a 1500 ltm model. So I just added the 2 extra ports to the VE and I figured I would just configure them after the UCS load.

 

Just so you know I ended up deploying a ver 11.5.2 VE and I am having soooo much trouble with the UCS load. I have spent hours removing stuff from the bagpipe_base.conf file and bigpip_sys.conf and Bigipe.conf. i have to extract and re-pack and try uploading again. i am making sure i specify tmsh load sys ucs no-license no-platform-check

 

every time

 

Your approach to the interfaces is fine and sensible.

 

I did fail to mention that encrypted passphrases used for off-box authentication will often not port. I usually remove items relating to LDAP, RADIUS or TACACS before deploying, and re-add them after the upgrade. I also failed to mention that HA changed considerably between 10.x and 11. That usually ports, but if not, I remove all HA config and rebuild it after a successful install.

 

I'm sorry to hear that you are experiencing so many challenges. For what it's worth, your approach seems quite sensible.

 

Your approach to the interfaces is fine and sensible.

 

I did fail to mention that encrypted passphrases used for off-box authentication will often not port. I usually remove items relating to LDAP, RADIUS or TACACS before deploying, and re-add them after the upgrade. I also failed to mention that HA changed considerably between 10.x and 11. That usually ports, but if not, I remove all HA config and rebuild it after a successful install.

 

I'm sorry to hear that you are experiencing so many challenges. For what it's worth, your approach seems quite sensible.