For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Heath_35763's avatar
Heath_35763
Icon for Nimbostratus rankNimbostratus
Jul 01, 2014

New appliances - migrating config from 10.2.3 to 11.x

We just received a couple of new 4000 appliances to replace our old 6400 boxes. The old 6400s are running code 10.2.3. I assume the new 4000s will have an 11.x code base.

 

We don't do anything really complicated. Mostly basic load balancing and some SSL offloading using a wildcard cert. We do have a couple if iRules, but I think I got them from this site (or one of the F5 support sites).

 

Is there a guide available that would explain the migration procedure? I did some googling but couldn't find anything. What can I expect in the migration? Can I import the config from the old boxes to the new ones and will it convert it as needed?

 

application delivery
dell
deployment
devops
iRules
LTM

4 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jul 01, 2014

    Can I import the config from the old boxes to the new ones and will it convert it as needed?

    yes. you may use no-license and no-platform-check options when restoring ucs.

    root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) load sys ucs test.ucs ?
Options:
  include-chassis-level-config  Include chassis level configuration that is shared among boot volume sets.
  no-license                    This option mostly is for RMA use. It loads full configuration from a UCS file except license file.
  no-platform-check             Bypass platform check.
  passphrase                    Passphrase for (un)encrypting UCS.
  reset-trust                   Reset device and trust domain certificates and keys when loading a UCS.

    if configuration is missing after restoring, try /usr/libexec/bigpipe daol

    Config Transfer 10.1 to 11VE

    https://devcentral.f5.com/questions/config-transfer-101-to-11ve
  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus
    Jul 01, 2014

    You may also want to upload a qkview to iHealth, as it will flag features/syntax you may be using currently that are incompatible with v11. The check probably won't catch all possible issues, but it would provide a good starting point.

     

  • sasa_126463's avatar
    sasa_126463
    Icon for Nimbostratus rankNimbostratus
    Jul 01, 2014

    We just went through the upgrade. Here is what I'd recommend.

     

    1. Create an archive / ucs file.
    2. downwnload the recommended hot fix..we used Hotfix-BIGIP-11.4.1-637.0-HF3.iso
    3. upload the hotfix to the new F5 and install it, you can use the GUI for this.
    4. boot to 11.4.1 and use something like winscp and copy the ucs for to /var/local/ucs
    5. from the tmsh issue the following command, load sys ucs ucs_file_name.ucs no-license no-platform-check
    6. check the /var/log/ltm file for any install errors. If you have http class profiles check to make sure that local traffic policies have been created.
    7. if for some reason you can't log into the box with your configs installed check the managment port's ip, ifconfig, and then add the ip of your laptop. From TMSH, Modify /sys httpd allow add {ip address}
    8. If you need to reset the admin password just go to bash utility and issue the command passwd admin. This will prompt you for a new admin account.

    After all of that you should be able to log into the device as admin and check all the virtual servers and pools.

     

    • JG's avatar
      JG
      Icon for Cumulonimbus rankCumulonimbus
      Jul 01, 2014
      After loading the ucs file, did you do a save operation? Did that operation create the correct v11 directory structure in the /config?