Knowledge sharing: F5 Software Upgrade/RMA process
Here is quick summary about things should be checked before an F5 upgrade.
This is the general F5 support article with clips and there is nice info for VIPRION and VCMP systems:
- https://support.f5.com/csp/article/K41125752
- https://support.f5.com/csp/article/K84554955
- https://support.f5.com/csp/article/K84205182
This a great community article
- 7 Steps Checklist before upgrading your F5 BIG-IP
- https://support.f5.com/csp/article/K11661449
- https://support.f5.com/csp/article/K13081744
Extra addition to the DNS upgrade is that it is better upgrade first the LTM devices that the DNS devices monitor and after the upgrade of 1 or 2 DNS systems till the other DNS systems are also upgraded better upgrade the big3d process on the older DNS systems in the DNS sunc group:
- https://support.f5.com/csp/article/K15844889
- https://support.f5.com/csp/article/K45907236
- https://support.f5.com/csp/article/K13734
- https://support.f5.com/csp/article/K13312
For BIG-IQ upgrade or for BIG-IQ to upgrade f5 devices:
- https://support.f5.com/csp/article/K51342220
- https://techdocs.f5.com/en-us/bigiq-8-0-0/managing-big-ip-devices-from-big-iq/big-ip-software-upgrades.html
For F5 devices with the F5 APM module after upgrade check if the installed F5 Edge Client software needs to be upgraded as it may not work with the new F5 APM TMOS version.
An issue I have seen is to install the new version in a volume and transferring the configuration from the old volume to the new but without activating it and then to activate it after a week and there would an old configuration during that week many changes were done on the old volume config, so better before an upgrade so save UCS just in case from the old volume/partition:
Some workarounds:
F5 RMA process general articles:
F5 general articles for RMA with or withour UCS as without UCS the system and network settings may need to be configured manually and the configuration to be synchronized from the active device to the rma device.
For F5 DNS/GTM there are special steps:
F5 RMA of VIPRION chassis or a blade as for example when the new blade is installed but the active software version on other blades and vcmp quests is missing then the blade will get stuck in quorum for the chassis or vcmp quest as the primary blade will not be able to update it. If there is single blade in the chassis better hope that there is saved UCS expecially if there are vCMP quests as then for every vcmp quest the system and network need to be manually configured and the other config can be synchronized from the other chassis and vcmp quests that are in HA cluster.
- https://support.f5.com/csp/article/K14302
- https://support.f5.com/csp/article/K16992
- https://support.f5.com/csp/article/K23795307?utm_source=f5support&utm_medium=RSS
- https://support.f5.com/csp/article/K40222952
When loading UCS on the RMA device that has containing encrypted passwords or passphrases, you can check(I have never used the second article but it is nice to have if issues are seen on a vCMP system when a chassis is replaced):
- https://support.f5.com/csp/article/K9420
- Working with MasterKeys
- https://support.f5.com/csp/article/K13408
Extra addition to the DNS upgrade is that better upgrade first the LTM devices that the DNS devices monitor and after the upgrade of 1 or 2 DNS systems till the other DNS systems are also upgraded better upgrade the big3d process on the older DNS systems in the DNS sunc group:
- https://support.f5.com/csp/article/K15844889
- https://support.f5.com/csp/article/K45907236
- https://support.f5.com/csp/article/K13734
- https://support.f5.com/csp/article/K13312
The new F5 Joutneys tool can be used for migrating to configuration to the new F5 VELOS and rSeries platforms and maybe in the future the F5 NEXT Operational System.
For the F5 imish/zebos routing module it is good to renember that that the config is not synchronized in a HA pair and before an RMA/upgrade to run the "write" command in the module as this is like the F5 command "save sys config" for CLI made changes as because of the reboot of the devices this changes can be lost.
Before the license reactivation I suggest using the tool https://secure.f5.com/validate/validate.jsp to check that you have legitimate license and support contract.
- JRahmAdmin
great references, Nikoolayy1