cancel
Showing results for 
Search instead for 
Did you mean: 

Switching boot image

tux143
Altocumulus
Altocumulus

I have LTM 10350v with two images installed 13.1.0.8 and 12.1.2 (currently 13.x is running)

 

I am seeing some issue with 13.1.0.8 so thinking to switch it to 12.1.2 for testing, so question is do it create any issue when we go back to older image, like it will break existing configuration or HA configuration etc? (do i need reconfigure everything again?)

 

Do i need to re-activate license also?

 

0691T000008cmXbQAI.png

12 REPLIES 12

 ,

 

  1. Normally downgrading F5 is sort of performing a fresh installation and reverting software back to an older version. And Unless you have a UCS archive file that was generated on the version to which you are downgrading, you must manually rebuild the F5 configuration after you perform a downgrade. 
  2. But in your case, your F5 were already running on older version and it is already present on other boot location. So this will allow you to revert back to older software version and the configuration by rebooting F5 from the partition containing the older version. So you just need to reboot F5 from HD1.1 boot location and you should be good. Still have configuration backup/UCS of current version in place.
  3. As per below article, you may require to reactivate license reactivation. And the version that you're running on are having some changes in licensing behavior. So its better to reactivate license. Otherwise the F5 will not be active/operational until you reactivate license.

 

https://support.f5.com/csp/article/K13765410

 

Hope it helps!

 

Mayur

 

Reason i asked Activation question because this box is in lab and nobody has any idea about licensing, Let's assume we don't have active support in that case am i going to be in trouble to switch boot image? I don't care about configuration because its in LAB.

Joern
Altostratus
Altostratus

  just for information - did you checked release notes of newer versions of 13 regarding your issue?

https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/related/relnote-supplement-bigip-1...

 

Currently available ist

 

13.1.3.3 Release

I am seeing very odd behavior, I am doing load-testing on F5 and found SNAT pool sending warning "inet port exhaustion", i am just keep adding IPs in SNAT pool and still getting error, i have added 15 IPs in pool and i have almost 500k Users so based on math i have enough port capacity. I did dump connection table and found each SNAT only hitting 20k around ports so its not anywhere close.

 

So trying to troubleshoot that issue and i check release and i didn't see any indication of bug or issue.

Joern
Altostratus
Altostratus

something like that?

 

20569-1 : BIG-IP Source IP cmp-hash setting is distributing traffic unequally

Component: TMOS

Symptoms:

After a period of time, Inet port exhaustion error messages begin to be reported, and traffic starts to fail:

crit tmm1[17985]: 01010201:2: Inet port exhaustion on <ip_address> to <ip_address>.

Conditions:

1. BIG-IP system uses sock or virtIO drivers; cmp-hash is src-ip.

2. Both VLANs are set to Source Address CMP Hash configuration.

3. Pool members are distributed to different TMM cores based on the VLAN configuration.

4. Traffic is load balanced to the pool member mapped to the other core.

Impact:

The system reports Inet port exhaustion error messages, and traffic starts to fail.

 

 

 

This is interesting, In SNAT statistics i am seeing its equally spreading traffic across all SNAT pool members.

 

https://cdn.f5.com/product/bugtracker/ID720569.html

 

In above article they are saying "The cmp-hash src-ip setting has been improved to avoid unequal distribution." so how do i configure cmp-hash src-ip setting ?

 

My current model F5 model is 10350 running 13.1.0.8 version of software and this guys having issue related SNAT.

 

If i am running same load-test on F5 model 10200 running 12.0.0.0 and i not seeing any issue. do you think it issue of 13.x.x.x ? That is why i want to revert my image to verify.

 

tux143
Altocumulus
Altocumulus

Do you think if i change following will fix my issue?

 

modify net vlan <src_vlan_name> cmp-hash src-ip

Very interesting my error went away as soon as i did.

 

modify net vlan <src_vlan_name> cmp-hash src-ip

 

Joern
Altostratus
Altostratus

ok, so the issue resolved? 😊

It stopped logging in /var/log/ltm but now when i running my load-test with 500k TCP connection with 800/s rate then some of my tcp connection not getting through and client saying failed to connect.

 

I have tried bunch of new TCP profile, buffer adjustment and all short of thing but no improvement but then i decided to add more SNAT ip in pool and that works i didn't get error of connection failure so i thought let me load more tcp connection so i start my load-testing with 600k tcp connection with 800/s rate and that test failed again with connection failure, so trying to understand why SNAT source port starving? I have check connection table and its not using all 64k ports but still something somewhere not right. Do you have any clue to trace this kind of issue? I may enable TCP reset cause logs and see..

what kind of test is this? sometimes it can be problem with the application that it has fixed source port area e.g. 3CX Voip Client

We have 4 mongooseIM server behind F5 and bunch of xmpp clients sending xmpp traffic like text messages etc.. to simulate production workload. my goal is to run 1 million clients (tcp connection) with 1000/s rate.

 

(i have run same workload without F5 and its successful like all client sending traffic directly to mongooseIM nodes using scripted way to load-balance connection but my goal is to run them behind F5 for many reason.

 

We have all TCP application no more UDP or SIP style traffic which need special care of source port preservation.