BIG-IP Upgrades Part 1 - Preparation
Note: Most information contained in this article series has also been published on AskF5.com:
K84554955: Overview of BIG-IP system software upgrades - https://support.f5.com/csp/article/K84554955
The information is this series is meant to help a Big-IP administrator complete a software upgrade. I have assisted with hundreds of Big-IP upgrades and hope to help you complete the task as smoothly as possible.
For more information related to a specific Big-IP release, there are additional details in the release notes for each version. For more information, refer to the Release Notes page.
The information in this series applies to:
- F5 platforms which support Big-IP version 10.x - 13.x
- Big-IP Virtual Edition
- vCMP Big-IP Host platforms
- vCMP Big-IP Guest instances
For information regarding upgrading from Big-IP 9.x to 10.x, refer to the following guide:
Manual Chapter: Upgrading from Versions 93x and 94x.
Procedures
Note: If you are familiar with Big-IP upgrade behavior and only need to review the actual steps, use the Performing the Software Installation section. To review Big-IP upgrade behavior in more detail, please review the other Parts.
- BIG-IP Upgrades Part 1 - Preparation
- BIG-IP Upgrades Part 2 - Upgrade Behavior
- BIG-IP Upgrades Part 3 - Versions, Misconceptions and a Back-Out Plan
- BIG-IP Upgrades Part 4 - Performing the Software Installation
Prerequisites
- License reactivation is required prior to installing a newer Big-IP version. For more information, refer to K7727: License activation may be required prior to a software upgrade for the BIG-IP or Enterprise Manager system.
- Generate a qkview diagnostics file and review iHealth for any triggered upgrade-related heuristics in the Diagnostics and Upgrade Advisor tabs. Each Big-IP product has its own set of requirements pertaining to software upgrades and iHealth is the best utility to find up to date heuristics governing successful Big-IP product migrations.
- For more information, refer to:
- Create a UCS archive of the Big-IP's configuration and save it remotely in case it is needed for recovery purposes. For more information, refer to K4423: Overview of UCS archives.
- Verify your Big-IP system is running version 10.x, 11.x, 12.x or 13.x and is using the volumes formatting scheme (the command lvscan should not be blank).
ACTIVE '/dev/vg-db-sda/dat.share.1' [30.00 GB] normal ACTIVE '/dev/vg-db-sda/dat.log.1' [7.00 GB] normal ACTIVE '/dev/vg-db-sda/set.1.root' [256.00 MB] normal ACTIVE '/dev/vg-db-sda/set.1._usr' [1.34 GB] normal
- Check running configuration integrity by running one of the following commands. No errors should be returned (warnings may not hinder a software upgrade but should be corrected if possible).
- In Big-IP version 10.x
bigpipe verify load
- In Big-IP version 11.x and 12.x
tmsh load sys config verify
- In Big-IP version 10.x
- Navigate to https://downloads.f5.com and download the desired software:
- Big-IP Base image ISO file (I.E. BIGIP-11.5.4.0.0.256.iso)
- Latest Hotfix ISO file (if available) (I.E. BIGIP-11.5.4.4.0.313-HF4.iso)
- For more information, refer to K167: Downloading software and firmware from F5.
- Verify base and hotfix software image file integrity. For more information, refer to K8337: Verifying the MD5 checksum for the downloaded F5 software file.
- Verify the device certificates of your Big-IP is not expired. For more information, refer to K7754: Renewing self-signed device certificates.
- Verify all Big-IP systems in the device group are in sync. For more information, refer to K13920: Performing a ConfigSync using the Configuration utility.
Recommendations Prior to Installation
- From the F5 BIG-IP TMOS: Operations Guide; before you upgrade the BIG-IP software, review the release notes on AskF5 (support.f5.com) in the Documentation section for your product and version. Pay close attention to the following items:
- Review the Known issues list.
- Review the Behavior change section(s).
- Review the Upgrading from earlier versions section.
- Review the Upgrading from earlier configurations section.
- Review the installation checklist.
- Verify a connection to the serial console port is working. This not required but will allow monitoring of installation progress and provides additional recovery options. For more information, refer to K7683: Connecting a serial terminal to a BIG-IP system.
- When you have a date for the upgrade, we recommend starting a proactive Service Request with your plan in case there are complications during your change window. For more information, refer to K16022: Opening a proactive service request with F5 Technical Support.
- Testing the upgrade procedure on a lab environment using Big-IP Virtual Edition can be helpful to find potential issues before they are encountered in a production environment.
- BIG-IP 10Mbps Virtual Edition Lab License (11.4.1 - 13.X)
Features:
- Inexpensive compared to higher throughput Big-IP VE licenses.
- LTM, GTM, DNS, AFM, ASM, AAM, CGN, APM Lite (10 users).
- In Big-IP v11.4.1 - 11.6.x, you can import Big-IP 10.x - 11.x UCS archives. In Big-IP v12.x, you can import Big-IP 11.x - 12.x UCS archives. Copy the UCS file to /var/tmp and use the following command:
tmsh load sys ucs /var/tmp/
.ucs no-license no-platform-check
Limitations:
- May not be available in all countries
- Total system throughput limited to 10Mbps - K15643: BIG-IP VE license offerings
- F5 Product Trials
- BIG-IP 10Mbps Virtual Edition Lab License (11.4.1 - 13.X)
- Retain a UCS archive from every Big-IP in your network on a remote filestore to aid disaster recovery. Even if the archive has aged and does not contain all configuration objects, it will provide faster recovery time than completely reconfiguring the Big-IP. For more information, refer to:
- For full planning and assistance during an upgrade, F5 Professional Services is a good resource. Support will answer specific questions regarding the upgrade but can't be used start to finish to perform upgrades. For more information, refer to:
- Harry1Nimbostratus
Nice Article , Nate. please let me know how can we check before upgradation that there is no issue in iRULE or related to any configuration data. or only lab preparation is the way out , means install the tmos(like 13.x) and import the backup from existing version(like 11.6.x)
- Nate_ƒlaggEmployee
Precisely right, Harry. The best way I know to test an upgrade is to use a Development or Lab Big-IP (like the low-cost VE Lab License mentioned above) to import the old configuration. This way, the entirety of the Big-IP configuration can be tested with actual client traffic for a better representation.
- nbaum_306129Nimbostratus
Great Read! I appreciate the help considering I'm getting ready to upgrade all of our F5's!
- BB16Nimbostratus
Thanks for sharing a great article....