Forum Discussion

InquisitiveMai's avatar
InquisitiveMai
Icon for Cirrostratus rankCirrostratus
Jan 23, 2026

Questions on Migrating configs from iSeries to RSeries F5s

When we migrate between different platforms ,  I plan on following the below procedure but have few questions  From the iSeries platform (iF5-A(Active) and iF5-B(Standby)), need to take backups and...
application delivery
Panchanka's avatar
Panchanka
Icon for Nimbostratus rankNimbostratus
Feb 21, 2026

 

Hiya,

I’m working on the same thing and made good progress on migration from iseries appliance mode (no vguests) to F5OS tenant LTM only. Here are my comments.

For your item 1

looks like you want to make a bunch of config changes at the same time you are migrating. This was not my approach. I kept things as similar as possible for the migration and made optimizations after the migration. The more that changes, the more that can go wrong. I even kept the same mgmt IP. Here is a brief overview of my appraach:

  1. Deploy F5OS tenant with a temp mgmt ip, vlans and trunks. 
  2. Reset admin and root passwords
  3. modify sys crypto master-key prompt-for-password and save sys config
  4.  On iseries standby run sys failover offline 
  5. Ensure old mgmt ip is offline by shutting down the mgmt port on the switch
  6. Change the tenant’s mgmt IP to the iSeries IP and change F5OS tenant to deployed state
  7.  load sys ucs <filename> no-license platform-migrate check for errors and validate loaded config
  8. Check the /var/local/ucs/platform_migrate_ignored_objects, you should see mgmt-routes and references to “vmname” objects that include vlans
  9. Put back mgmt routes
  10. Force offline to avoid split brain run sys failover offline
  11. Move fibers from iSeries device to new rSeries
  12. Recreate device trust
  13. Failover to new rSeries and repeat steps above for remaining iSeries device.

 

For modifying the bigip_base.conf file, I recommend not deleting anything, instead comment out (with a '#') all physical elements, namely: Interfaces and Trunks.

net stp /Common/cist {

# trunks {

# lab-n7k_trunk {

# external-path-cost 20000

# internal-path-cost 20000

# }

# }

vlans {

/Common/ha-lab_vlan

/Common/ha2-lab_vlan

/Common/lab-voice_vlan

net stp-globals {

config-name 00-23-E9-7B-E0-80

}

#net trunk lab-n7k_trunk {

# interfaces {

# 1.0

# 2.0

# }

# lacp enabled

#}

net vlan /Common/ha2-lab_vlan {

dag-adjustment none

# interfaces {

# lab-n7k_trunk {

# tagged

# }

# }

tag 27

}

Also, if you hate editing in vi, vim or nano as much as I do, you can use 7-Zip and Notepad++ to edit and save within the archive. 7-Zip will prompt you to save and re-bundle it.

You mentioned iApps, but do you have iApps that reference physical elements? 

 

For your item 2, I answered most of it above. You also asked, Does it copy the VIPs, nodes, pool members without Vlans? I recommend pre-setup of the F5OS tenants with all the required vlans and interfaces and LACP trunks.

 

For your item 3, the master key is used to encrypt things on box i.e. password, private keys. If you don’t do this, the config load correctly, but the secrets won’t be decryptable which will make quite the mess. If you don’t already know what it is, set it on the old iSeries before you start, then set it on the tenant. If you already have it documented, just set it on the new tenant. You know if you’ve done it right if the hashes match between iSeries and rSeries. But we aware of this bug as it bit me.

Bug ID 2150489: Most DB keys encrypted by SecureVault master key are not persisted to BigDB.dat when the system master key is changed. https://cdn.f5.com/product/bugtracker/ID2150489.html

I recommend you upgrade to 17.1.5.4 on the iSeries before you migrate. Obvioiusly, your tenant will need the same version.

 

Hope that was helpful. This is a fun project for me so let me know if you have any other questions.