Forum Discussion
Nimbostratusupgrade the F5 LTM
Hi team,
I need to upgrade my f5 LTM physical box. what are the essentials measures/pre-checks i should take up in order to upgrade this appliance.
6 Replies
- Nikoolayy1
MVP
In the future with r-series you will be able to upgrade individual f5 modules but for now you need to upgrade the BIG-IP itself, so you can check my article:
- Tofunmi
Is the appliance in HA? Does it carry mission-critical applications? You will need to answer those questions and that will help you plan appropriately. When that is done, the following steps will help you.
a. Check hardware/software compatibility - This would help you check the software version your appliance is compatible with.
https://support.f5.com/csp/article/K9476
b. Examine the upgrade paths from your current version and determine if you can upgrade directly.
https://support.f5.com/csp/article/K13845
c. Take a QKview of the device and upload it to iHealth.f5.com to determine if you need to make any changes to your configuration before the upgrade/update.
d. Read through the release notes of the software version you intend to upgrade/update to.
e. Download the upgrade iso file from downloads.f5.com
f. Take a UCS backup of the appliance and download it to your system. This is very helpful๐, it has helped me many times. It also helps if you take a snip of the current status of your virtual servers and pool members before the upgrade.
These are the steps I take before any upgrade/update, I hope you find them helpful.
- Nikoolayy1
Yup you are right as the same steps are specified in the article I provided that has a link to a great community article https://community.f5.com/t5/crowdsrc/7-steps-checklist-before-upgrading-your-f5-big-ip/ta-p/288234#U288234
PSFletchTheTekCumulonimbus
Hi,
All the replies below are awesome as always, from me i'd just like to point out that the f5 upgrades by using boot partions to give clean segregation and a roll back.
So to complete a upgrade you MUST reboot the appliance, i still think the rseries will still need some sort of service restart for the new modules. So the key here is, have you got a secondary/standby you can move the traffic over to? or do you need to arrange a 15-20 min outage window as it reboots?The f5 is great at doing this sort of stuff, the issue for really comes abount change control and its business impact.
Hope that helps. P
- nmb-AskF5
Employee
Greetings,
We have a fairly comprehensive Update & Upgrade Operations Guide for BIG-IP that covers a lot of different situations here:
Please give it a look, and if you have any questions or suggestions, please click the Leave Feedback link at the bottom of the page. We love user feedback, and want the guide to be as helpful as possible.Topics covered:
- Chapter 2: Introduction
How to use the chapters in this guide, upgrading vs. updating, and reasons to keep your BIG-IP software up to date. - Chapter 3: Choose a BIG-IP update or upgrade version
- Chapter 4: Prepare to update or upgrade any BIG-IP system
BIG-IP hardware and VE platforms
BIG-IP systems
- Chapter 5: Update or upgrade a standalone BIG-IP VE system using the Configuration utility
- Chapter 6: Update or upgrade a standalone BIG-IP VE system using the TMOS Shell
- Chapter 7: Update or upgrade BIG-IP HA systems the Configuration utility
- Chapter 8: Update or upgrade BIG-IP HA systems using the TMOS Shell
- Chapter 9: Update or upgrade BIG-IP systems using BIG-IQ:
How to update or upgrade your managed devices, when you use the BIG-IQ system to manage your BIG-IP systems.
BIG-IP VIPRION and vCMP systems
- Chapter 10: Update or upgrade BIG-IP VIPRION systems (non-vCMP)
- Chapter 11: Update or upgrade BIG-IP VIPRION systems (vCMP):
How to update or upgrade a pair of BIG-IP VIPRION Virtual Clustered Multiprocessing (vCMP) host systems and a vCMP guest HA device group that is running on the vCMP host. - Chapter 12: Update or upgrade BIG-IP appliance systems (vCMP):
How to update or upgrade BIG-IP vCMP host systems that are not VIPRION and a vCMP guest HA device group that is running on the vCMP host.
BIG-IP cloud platforms
Upgrade chapters 13 through 20 for BIG-IP Cloud platforms make use of third-party cloud provider template technologies. The cloud providers and the third-party automation tools provider may update or revise their template features, and specific steps in the articles may change without our knowledge. F5 Support does not provide support for deploying or troubleshooting the templates themselves. You should first consider using one of the upgrade methods described in chapters 5 through 8 of this guide. You may use the upgrade chapters 13 through 20 under the following conditions:
- Your BIG-IP VE instance has only a single boot location.
- You require a completely new BIG-IP VE instance. For example, you suspect a security compromise on your BIG-IP system. For more information, refer to K11438344: Considerations and guidance when you suspect a security compromise on a BIG-IP system
- Your BIG-IP VE instances are part of an AWS auto scaling group or Azure virtual machine scale set.
BIG-IP on AWS
BIG-IP on Microsoft Azure
BIG-IP on GCP
Automation
Network Access VPN clients
F5 SSL Orchestrator
- Chapter 2: Introduction
IoFAltostratus
- Sync the config between peer devices.
- Aside from UCS, I would also add an SCF backup with the "one-line" option.
tmsh save sys config file BigIP_Backup.scf one-line no-passphrase
Make sure you copy these backup files to the /shared/ folder on the F5 and to a separate secure location that you can access if the F5 upgrade doesn't go as planned.
- Also there are other things that are not stored in the F5 config that you may want to backup, for example if you have any custom crontab entries (use "crontab -l" to check) and other things like that.
- Before upgrading run the following command to check the config for errors:
tmsh load sys config verify
(address any errors before upgrading)
- Check to make sure you have enough disk space
- Verify that you have SSH/GUI/Console access using a local F5 account with root priviledges.
- (Optional) Backup any master keys to a secure location:
tmsh show sys crypto master-key
f5mku -K
- License/F5 Module Activation keys, make sure they are handy just in case. If it's been a while since your last upgrade I would recommend you re-activate the license before upgrading.
