BigIP TMOS upgrades through BigIQ

Question

I had a few questions about BigIP TMOS upgrades through BigIQ i.e. upgrading the TMOS ver of the managed devices from BigIQ CM

How does BigIQ handle OS upgrade for Active-Standby device pair. We see the below screen while we select the devices , either we can select the Devices or we can select Group/Cluster wherein there is no option to select DSC cluster (which as we understand are Sync pair), we get option to select only DNS sync pair

We ended up using the Device option, wherein we add the individual devices. All our deployment are Active- Standby, is BigIQ able to identify a failover pair if I add them as individual devices as I do not have an option to add them as DSC cluster.

Presently our OS upgrades are done manually and with zero downtime, we would want to achieve the same with BigIQ with zero touch. Need your feedback

Will BigIQ undertake the OS upgrade for the Standby device , failover then upgrade the other device. This is not documented properly

we are referring to this article

https://techdocs.f5.com/en-us/bigiq-8-0-0/managing-big-ip-devices-from-big-iq/big-ip-software-upgrades.html#GUID-D2C1FCE8-BB1A-4B23-A981-1F03BE47F291

mike757 · Answer

Like Nikoolayy1 said, testing is always the best way to proceed of you can.

But indeed, I don't remember there beeing an option to perform a "full DSC group upgrade" in BIG-IQ, and even if there was I would be very weary about using it. Do you *really* want to upgrade all devices without testing traffic in the new version? Having an asymmetric cluster allows you to rollback in a very short time in case you find any issues after the upgrade of the first device.

My upgrade process in a 2-device cluster is always like this:

1. Upload images and prepare boot volumes, take backups.
2. Single traffic group? Go to step 4.
3. Multiple traffic groups and active/active config? Force active TGs to standby so that one of the devices is fully on standby.
4. Take the standby device and force it offline.
5. Upgrade the standby device.
6. Get the newly upgraded device online, force TGs to standby on the other one.
7. Test traffic - and this is up to your requirements... I'm used to ISPs asking for about 24 hours on this step.
8. Get the other device offline, upgrade it, get it online.
9. In case of multiple TGs, distribute active/standby as required.

So, you see... BIG-IQ is not exactly a good choice for my method. I prefer having more control over the whole process than letting some external platform do all the steps. My method also allows you to do the time-consuming step of preparing boot volumes beforehand.

/Mike/

acurry583 · Answer

Hi,I always create two rollout from Big-IQ. I run a script that tells which are standby. Roll out upgrades to that group. Once done, failover to active, monitor, then run all formerly active (now standby) devices. Big-IQ will reboot all of your devices at one time if you put them in one group. Trust me, it is quick, nerve-wracking, but not efficient as you will take down time unless you manually divide and conquer. It is more work than originally hoped for but less than performing manual upgrades. Hope this helps!

nikoolayy1 · Answer

Why not test in a lab with to two F5 lab VMs in HA and add them to the BIG-IQ and upgade them? As I do not renember to confirm if it is you say but this can easily be tested.

nikoolayy1 · Answer

If you managed to get the needed answers, please flag the question as answered.

deepsri · Answer

Thanks for the response. We did try this upgrade in one of our device pair and certails not a ideal solution for OS upgraes.&nbsp;

Forum Discussion

BigIP TMOS upgrades through BigIQ

6 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

BIGIP UPGRADE

Re: BigIP Report

Upgrade BigIP using Ansible

Software Upgrade

Upgrade to 15.1.10