Upgrade F5 BIG-IP from 11.5 to 11.6

This is probably too late for Muffe but for those perusing later, the proper way to upgrade a BIG-IP in AWS is:

Via GUI:

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ve-setup-amazon-ec2-11-6-0.pdf?sr=43766835 or whatever manual reflects your version.

Ex. Simply type "2" for new boot volume name (= will create "HD1.2")

Via CLI:

1) Upload images (hotfixes and required base isos/images) to /shared/images (via SCP) 2) Create New Boot Volume and Install ISOs onto it

ex. Before

root@(ip-10-0-0-5)(cfg-sync Disconnected)(Active)(/Common)(tmos) show sys software

Sys::Software Status

Volume Product Version Build Active Status

HD1.1 BIG-IP 11.5.1 3.0.131 yes complete

Install cmd: root@(ip-10-0-0-5)(cfg-sync Disconnected)(Active)(/Common)(tmos) install sys software image BIGIP-11.6.0.0.0.401.iso create-volume volume HD1.2 reboot

"reboot" optional if you want to reboot immediately after install (vs. staged for later). or if want to boot hotfix all in one command (lays down base image + hotfix simultaneously)

"install sys software hotfix Hotfix-BIGIP-11.6.0.3.0.412-HF3.iso create-volume volume HD1.2 reboot"

See Progress:

root@(ip-10-0-0-5)(cfg-sync Disconnected)(Active)(/Common)(tmos) show sys software

Sys::Software Status

Volume Product Version Build Active Status

HD1.1 BIG-IP 11.5.1 3.0.131 yes complete HD1.2 BIG-IP 11.6.0 0.0.401 no installing 6.000 pct

Will reboot immediately after this:

root@(ip-10-0-0-5)(cfg-sync Disconnected)(Active)(/Common)(tmos) show sys software

Sys::Software Status

Volume Product Version Build Active Status

HD1.1 BIG-IP 11.5.1 3.0.131 yes complete HD1.2 BIG-IP 11.6.0 0.0.401 no complete

After reboot:

[root@ip-10-0-0-5:Standby:Standalone] config tmsh show sys software

Sys::Software Status

Volume Product Version Build Active Status

HD1.1 BIG-IP 11.5.1 3.0.131 no complete HD1.2 BIG-IP 11.6.0 0.0.401 yes complete == Active Volume now

Note: default user changed from root to admin in 11.6.0 so make sure you updated your admin password from the default.

This should work for both BYOL and Subscription license versions.

If you created a new AMI, that gets trickier so would avoid if at all possible. The new subscription image will be licensed already. When you migrate the config (UCS) you have to use the "no-license" option to avoid overriding the existing working license.

root@(ip-10-0-0-5)(cfg-sync Changes Pending)(Active)(/Common)(tmos) load sys ucs config.ucs Options: no-license no-platform-check passphrase reset-trust

Besides all the usual procedures of changing the hostname (so UCS loads), probably changing the network settings (to match the new IPs AWS assigned, etc.). At that point, so much has changed or there's a lot of remapping on the AWS end, it might be worth the SCF (Single Config File) and trying to work with that (cutting out parts you need).

Obviously configs are more transient/dynamic in cloud world and we are working on more elegant ways to address this but long story short, would try to preserve the existing AMI if possible.