Upgrading LTM from 10.x to 11.x

There shouldn't be any problem with your plan of action.

Your true outage window should be very small. My team and I just performed several upgrade in the last month, and as long as the upgrade goes smooth, the only outage you should see is during the failover to Active. For us that was a matter of seconds. Just make sure that you validate that items in your config will transfer properly. e.g. iRule syntax

I would review the Manual: BIG-IP Systems: ​Upgrading Active-Standby Systems for the version you are upgrading from. That link is for 11.6.0

My real world experience - we upgraded from 10.2.4 to 11.2.1 - and it was very rough. The transition from the HA approach for 10.2 to the traffic-group based approach in 11.x didn't go well, and we ended up booting back to 10.2, planning an extended outage window, and then upgrading each as a standalone device, then establishing HA after each device was in standalone mode. We had customer service involved, but were on a closed network, and couldn't have them remote in ... that didn't help. But even with all the diagnostic information we could provide, it was never clear what caused the failure.

It really made me wish we had a 3rd device that we could temporarily co-opt to handle the load, even though that would have been significant work.

That's just one datapoint, of course ... and I haven't done a 10.x to 11.4.x+ (there was a major architectural change in HA at 11.4).

Hi,

Only complementing the information presented above:

If you will Install New Software Images or Hotfixes

Determine version to install
Ensure license service check date is up-to-date
Download software image files and release notes
Read release notes and follow specific upgrade directions!
Import software image files to BIG-IP (iso, md5) Note: Upgrade standby device first
Verify integrity of software image (md5sum -- check)
Install software image to inactive boot location
Activate boot location
Test!

If you will Implement Configuration Changes During a Maintenance Window

Create "before" UCS archive
Run staged tmsh script with configuration changes
Test!
If successful, create "after" UCS archive
If unsuccessful, restore from "before" UCS archive

Note: The install/upgrade time (typical: 30 to 120 minutes per cluster) depends on several factors including the platform used, provisioning, connectivity to download and upload the images, testing time, troubleshoot, etc... If you got the chance to deploy Enterprise Manager VE or BIG-IQ Device, definitely you will improve the all process. The outage would be minimal (typical: less than 30 seconds) because you switch/failover between devices throughout the process.

Well said Pedro!

I didn't think about it earlier, but it is always a good idea to create a backup and store it off the device just in case. Another note to add just because this one threw me off the first time; once you restart the first (Standby) device they will both read as standalone, but your active will still say active, and your standby will still say standby, if you see active/active or standby/standby that is a pretty good indicator that something may have gone wrong.

I would highly recommend purchasing a lab license in order to test/practice/validate your documented upgrade process.

Personally, I export an SCF file from all my devices and import them into an isolated lab VM instance. I have to massage a few properties, of course, like commenting out interface configs and what-not in the conf files in order to get them to load. And although I can't run actual traffic through it, I can at least determine what, if anything, will break the upgrade process and document/remediate those things before the real upgrade is performed. This scheme has proved invaluable and saved me a lot of headaches and sleepless nights.

1. please reactivate the license if 10.x (Service check date) is older than license check date of 11.x.
2. then take archive and proceed with patching
3. make sure config like HTTPS_CLASS are removed or converted, especially if 11.x is after 11.4.1 (sol14409: The HTTP Class profile is no longer available in BIG-IP 11.4.0 and later)
4. it will almost take 10-15 minutes approx. for LB to be reachable/pingable., it might be possible that after boot activation and reboot you might be not able to login with ur creds., then login with root to check if config loaded properly (you may take help of doal command)