cancel
Showing results for 
Search instead for 
Did you mean: 

upgrade the F5 LTM

hamzazubairi
Nimbostratus
Nimbostratus

Hi team,

I need to upgrade my f5 LTM physical box. what are the essentials measures/pre-checks i should take up in order to upgrade this appliance.

6 REPLIES 6

In the future with r-series you will be able to upgrade individual f5 modules but for now you need to upgrade the BIG-IP itself, so you can check my article:

 

https://community.f5.com/t5/technical-forum/knowledge-sharing-f5-software-upgrade-rma-process/m-p/29...

Tofunmi
Cirrostratus
Cirrostratus

Is the appliance in HA? Does it carry mission-critical applications? You will need to answer those questions and that will help you plan appropriately. When that is done, the following steps will help you.

a. Check hardware/software compatibility - This would help you check the software version your appliance is compatible with.

https://support.f5.com/csp/article/K9476

b. Examine the upgrade paths from your current version and determine if you can upgrade directly.

https://support.f5.com/csp/article/K13845

c. Take a QKview of the device and upload it to iHealth.f5.com to determine if you need to make any changes to your configuration before the upgrade/update.

d. Read through the release notes of the software version you intend to upgrade/update to.

e. Download the upgrade iso file from downloads.f5.com

f. Take a UCS backup of the appliance and download it to your system. This is very helpful😃, it has helped me many times. It also helps if you take a snip of the current status of your virtual servers and pool members before the upgrade.

These are the steps I take before any upgrade/update, I hope you find them helpful.

 

 

Yup you are right as the same steps are specified in the article I provided that has a link to a great community article  https://community.f5.com/t5/crowdsrc/7-steps-checklist-before-upgrading-your-f5-big-ip/ta-p/288234#U...

PSFletchTheTek
Cirrocumulus
Cirrocumulus

Hi,
All the replies below are awesome as always, from me i'd just like to point out that the f5 upgrades by using boot partions to give clean segregation and a roll back.
So to complete a upgrade you MUST reboot the appliance, i still think the rseries will still need some sort of service restart for the new modules. So the key here is, have you got a secondary/standby you can move the traffic over to? or do you need to arrange a 15-20 min outage window as it reboots?

The f5 is great at doing this sort of stuff, the issue for really comes abount change control and its business impact.

Hope that helps. P

 

nmb-AskF5
F5 Employee
F5 Employee

Greetings,

We have a fairly comprehensive Update & Upgrade Operations Guide for BIG-IP that covers a lot of different situations here: 

Please give it a look, and if you have any questions or suggestions, please click the Leave Feedback link at the bottom of the page. We love user feedback, and want the guide to be as helpful as possible. 
 
Topics covered: 

BIG-IP hardware and VE platforms

BIG-IP systems

BIG-IP VIPRION and vCMP systems

BIG-IP cloud platforms

Upgrade chapters 13 through 20 for BIG-IP Cloud platforms make use of third-party cloud provider template technologies. The cloud providers and the third-party automation tools provider may update or revise their template features, and specific steps in the articles may change without our knowledge. F5 Support does not provide support for deploying or troubleshooting the templates themselves. You should first consider using one of the upgrade methods described in chapters 5 through 8 of this guide. You may use the upgrade chapters 13 through 20 under the following conditions:

BIG-IP on AWS

BIG-IP on Microsoft Azure

BIG-IP on GCP

Automation

Network Access VPN clients

F5 SSL Orchestrator



IoF
Altostratus
Altostratus
  • Sync the config between peer devices.
  • Aside from UCS, I would also add an SCF backup with the "one-line" option.

tmsh save sys config file BigIP_Backup.scf one-line no-passphrase

Make sure you copy these backup files to the /shared/ folder on the F5 and to a separate secure location that you can access if the F5 upgrade doesn't go as planned.

  • Also there are other things that are not stored in the F5 config that you may want to backup, for example if you have any custom crontab entries (use "crontab -l" to check) and other things like that.
  • Before upgrading run the following command to check the config for errors:

tmsh load sys config verify

(address any errors before upgrading)

  • Check to make sure you have enough disk space
  • Verify that you have SSH/GUI/Console access using a local F5 account with root priviledges.
  • (Optional) Backup any master keys to a secure location:

tmsh show sys crypto master-key

f5mku -K

  • License/F5 Module Activation keys, make sure they are handy just in case. If it's been a while since your last upgrade I would recommend you re-activate the license before upgrading.