cancel
Showing results for 
Search instead for 
Did you mean: 

How to find suiteable version for OS upgrade

Roy_Jee
Nimbostratus
Nimbostratus

Hi,

I want to confirm how to confirm which version is best and stable for an OS version upgrade .Lets say we are upgrading from 13.1.3.4 .Thanks .

3 REPLIES 3

Well, I will say the upgrade strategy, plan and target version mostly depends upon the requirement, specific use cases and/or any major issues with current version.

 

Let's say if any vulnerability is affecting the current version of F5 and it is applicable to your environment, you should look for mitigating the vulnerability. And In most cases the permanent fixes are upgrading F5s to stable version where affected vulnerabilities are fixed.

 

The other example I can give is- Planning upgrade for specific use cases. Let's say I want to enable TLS1.3. In such case I would need to have my F5s on at least 14.1.x version for having production level support for TLS1.3. This is because in F5 14.0.0, the BIG-IP system adds limited support for TLS-1.3. Starting in BIG-IP 14.1.0.1 and later, this support was updated to provide production level support for TLS 1.3.

 

Now If I am planning to upgrade to any of 14.x version for enabling the TLS-1.3 support, I will check the most stable version under 14.x.

 

So basically whenever you are planning for the F5 upgrade for any reason, you should look for most stable version and for this, you should definitely check for release notes of the target versions. In addition to this, you can also check your current F5 version for known vulnerabilities. You can do this by uploading a QKView of your F5 on iHealth. The IHealth report gives you details on any known issues/vulnerabilities, config problems and F5 best practices articles. Also F5 recommend to do this periodically.

 

Below are some article for your ref-

 

https://www.f5.com/pdf/deployment-guides/bigip-update-upgrade-guide.pdf

https://support.f5.com/csp/article/K84554955

 

Hope it helps!

 

 

 

 

Roy_Jee
Nimbostratus
Nimbostratus

Thanks Buddy,

can you please also let me know what is best way to decide on which series (14.x , 15.x , 16.x ) you should upgrade your OS for enabling TLS 1.3 from 13.1.3.4 for i2600 box .

While deciding the upgrade, you can upgrade to the point release in target major version. Point release is the one that have most of the defects addressed, and security fixes. Also one more important point, when you decide your target version, it is always recommended to go through its release notes; specially verify the known issues/bugs and see if it applies to you. Kindly go through below F5 articles which may give you more clarify about this.

 

https://support.f5.com/csp/article/K54845583

 

https://support.f5.com/csp/article/K31596200

 

https://support.f5.com/csp/knowledge-center/software/BIG-IP?module=BIG-IP%20LTM&version=14.1.4

 

https://support.f5.com/csp/article/K33062581

 

https://support.f5.com/csp/article/K8986

 

Hope it helps!