09-May-2022 00:17
Hi team,
I need to upgrade my f5 LTM physical box. what are the essentials measures/pre-checks i should take up in order to upgrade this appliance.
09-May-2022 00:40
In the future with r-series you will be able to upgrade individual f5 modules but for now you need to upgrade the BIG-IP itself, so you can check my article:
09-May-2022 01:12
Is the appliance in HA? Does it carry mission-critical applications? You will need to answer those questions and that will help you plan appropriately. When that is done, the following steps will help you.
a. Check hardware/software compatibility - This would help you check the software version your appliance is compatible with.
https://support.f5.com/csp/article/K9476
b. Examine the upgrade paths from your current version and determine if you can upgrade directly.
https://support.f5.com/csp/article/K13845
c. Take a QKview of the device and upload it to iHealth.f5.com to determine if you need to make any changes to your configuration before the upgrade/update.
d. Read through the release notes of the software version you intend to upgrade/update to.
e. Download the upgrade iso file from downloads.f5.com
f. Take a UCS backup of the appliance and download it to your system. This is very helpful😃, it has helped me many times. It also helps if you take a snip of the current status of your virtual servers and pool members before the upgrade.
These are the steps I take before any upgrade/update, I hope you find them helpful.
09-May-2022 02:03 - edited 09-May-2022 02:05
Yup you are right as the same steps are specified in the article I provided that has a link to a great community article https://community.f5.com/t5/crowdsrc/7-steps-checklist-before-upgrading-your-f5-big-ip/ta-p/288234#U...
09-May-2022 02:12
Hi,
All the replies below are awesome as always, from me i'd just like to point out that the f5 upgrades by using boot partions to give clean segregation and a roll back.
So to complete a upgrade you MUST reboot the appliance, i still think the rseries will still need some sort of service restart for the new modules. So the key here is, have you got a secondary/standby you can move the traffic over to? or do you need to arrange a 15-20 min outage window as it reboots?
The f5 is great at doing this sort of stuff, the issue for really comes abount change control and its business impact.
Hope that helps. P
09-May-2022 16:42
Greetings,
We have a fairly comprehensive Update & Upgrade Operations Guide for BIG-IP that covers a lot of different situations here:
BIG-IP hardware and VE platforms
BIG-IP systems
BIG-IP VIPRION and vCMP systems
BIG-IP cloud platforms
Upgrade chapters 13 through 20 for BIG-IP Cloud platforms make use of third-party cloud provider template technologies. The cloud providers and the third-party automation tools provider may update or revise their template features, and specific steps in the articles may change without our knowledge. F5 Support does not provide support for deploying or troubleshooting the templates themselves. You should first consider using one of the upgrade methods described in chapters 5 through 8 of this guide. You may use the upgrade chapters 13 through 20 under the following conditions:
BIG-IP on AWS
BIG-IP on Microsoft Azure
BIG-IP on GCP
Automation
Network Access VPN clients
F5 SSL Orchestrator
11-May-2022 15:43
tmsh save sys config file BigIP_Backup.scf one-line no-passphrase
Make sure you copy these backup files to the /shared/ folder on the F5 and to a separate secure location that you can access if the F5 upgrade doesn't go as planned.
tmsh load sys config verify
(address any errors before upgrading)
tmsh show sys crypto master-key
f5mku -K