BIG-IP Upgrades Part 1 - Preparation
Note: Most information contained in this article series has also been published on AskF5.com : K84554955: Overview of BIG-IP system software upgrades - https://support.f5.com/csp/article/K84554955 The information is this series is meant to help a Big-IP administrator complete a software upgrade. I have assisted with hundreds of Big-IP upgrades and hope to help you complete the task as smoothly as possible. For more information related to a specific Big-IP release, there are additional details in the release notes for each version. For more information, refer to the Release Notes page. The information in this series applies to: F5 platforms which support Big-IP version 10.x - 13.x Big-IP Virtual Edition vCMP Big-IP Host platforms vCMP Big-IP Guest instances For information regarding upgrading from Big-IP 9.x to 10.x, refer to the following guide: Manual Chapter: Upgrading from Versions 93x and 94x. Procedures Note: If you are familiar with Big-IP upgrade behavior and only need to review the actual steps, use the Performing the Software Installation section. To review Big-IP upgrade behavior in more detail, please review the other Parts. BIG-IP Upgrades Part 1 - Preparation BIG-IP Upgrades Part 2 - Upgrade Behavior BIG-IP Upgrades Part 3 - Versions, Misconceptions and a Back-Out Plan BIG-IP Upgrades Part 4 - Performing the Software Installation Prerequisites License reactivation is required prior to installing a newer Big-IP version. For more information, refer to K7727: License activation may be required prior to a software upgrade for the BIG-IP or Enterprise Manager system. Generate a qkview diagnostics file and review iHealth for any triggered upgrade-related heuristics in the Diagnostics and Upgrade Advisor tabs. Each Big-IP product has its own set of requirements pertaining to software upgrades and iHealth is the best utility to find up to date heuristics governing successful Big-IP product migrations. For more information, refer to: K12878: Generating BIG-IP diagnostic data using the qkview utility BIG-IP iHealth User Guide iHealth Website Create a UCS archive of the Big-IP's configuration and save it remotely in case it is needed for recovery purposes. For more information, refer to K4423: Overview of UCS archives. Verify your Big-IP system is running version 10.x, 11.x, 12.x or 13.x and is using the volumes formatting scheme (the command lvscan should not be blank). The command output should appear similar to the following example (the sizes may differ): ACTIVE '/dev/vg-db-sda/dat.share.1' [30.00 GB] normal ACTIVE '/dev/vg-db-sda/dat.log.1' [7.00 GB] normal ACTIVE '/dev/vg-db-sda/set.1.root' [256.00 MB] normal ACTIVE '/dev/vg-db-sda/set.1._usr' [1.34 GB] normal Check running configuration integrity by running one of the following commands. No errors should be returned (warnings may not hinder a software upgrade but should be corrected if possible). In Big-IP version 10.x bigpipe verify load In Big-IP version 11.x and 12.x tmsh load sys config verify Navigate to https://downloads.f5.com and download the desired software: Big-IP Base image ISO file (I.E. BIGIP-11.5.4.0.0.256.iso) Latest Hotfix ISO file (if available) (I.E. BIGIP-11.5.4.4.0.313-HF4.iso) For more information, refer to K167: Downloading software and firmware from F5. Verify base and hotfix software image file integrity. For more information, refer to K8337: Verifying the MD5 checksum for the downloaded F5 software file. Verify the device certificates of your Big-IP is not expired. For more information, refer to K7754: Renewing self-signed device certificates. Verify all Big-IP systems in the device group are in sync. For more information, refer to K13920: Performing a ConfigSync using the Configuration utility. Recommendations Prior to Installation From the F5 BIG-IP TMOS: Operations Guide; before you upgrade the BIG-IP software, review the release notes on AskF5 (support.f5.com) in the Documentation section for your product and version. Pay close attention to the following items: Review the Known issues list. Review the Behavior change section(s). Review the Upgrading from earlier versions section. Review the Upgrading from earlier configurations section. Review the installation checklist. Verify a connection to the serial console port is working. This not required but will allow monitoring of installation progress and provides additional recovery options. For more information, refer to K7683: Connecting a serial terminal to a BIG-IP system. When you have a date for the upgrade, we recommend starting a proactive Service Request with your plan in case there are complications during your change window. For more information, refer to K16022: Opening a proactive service request with F5 Technical Support. Testing the upgrade procedure on a lab environment using Big-IP Virtual Edition can be helpful to find potential issues before they are encountered in a production environment. BIG-IP 10Mbps Virtual Edition Lab License (11.4.1 - 13.X) Features: - Inexpensive compared to higher throughput Big-IP VE licenses. - LTM, GTM, DNS, AFM, ASM, AAM, CGN, APM Lite (10 users). - In Big-IP v11.4.1 - 11.6.x, you can import Big-IP 10.x - 11.x UCS archives. In Big-IP v12.x, you can import Big-IP 11.x - 12.x UCS archives. Copy the UCS file to /var/tmp and use the following command: tmsh load sys ucs /var/tmp/ .ucs no-license no-platform-check Limitations: - May not be available in all countries - Total system throughput limited to 10Mbps K15643: BIG-IP VE license offerings F5 Product Trials Retain a UCS archive from every Big-IP in your network on a remote filestore to aid disaster recovery. Even if the archive has aged and does not contain all configuration objects, it will provide faster recovery time than completely reconfiguring the Big-IP. For more information, refer to: K2880: Configuring a replacement BIG-IP device after a Return Materials Authorization K13551: Configuring a replacement BIG-IP device after an RMA when no UCS archive is available For full planning and assistance during an upgrade, F5 Professional Services is a good resource. Support will answer specific questions regarding the upgrade but can't be used start to finish to perform upgrades. For more information, refer to: Professional Services Scope of SupportBIGdiff - A Little Help For Software Upgrades
Published on behalf of DevCentral MVP Leonardo Souza If you have been to F5 Agility in Boston and went to my presentation, you should have already an idea of what I will talk about in this article, but you will learn more things, so continue reading. If you haven’t heard of BIGdiff yet, have you been living in Mars? Don’t worry I will explain what that is and how it can help you with software upgrades, and whatever you find useful. It is not an AI that will do the upgrade for you but will help you with the upgrade. Challenges These are the challenges BIGdiff addresses: You are upgrading a F5 device with 1,000 virtual servers and 1,000 wide IPs. How do you know if you have the same number of virtual servers and wide IPs after the upgrade? How do you know if you have the same number of available virtual servers and wide IPs after the upgrade? If the number of available virtual servers or wide IPs changed after upgrade, how can you find what changed? Existing Solutions First Challenge: There are multiple solutions already for this challenge. Both for LTM and GTM, you can take a print screen of the statistics before the upgrade and compare after the upgrade. For LTM, Statistics > Module Statistics > Local Traffic For GTM, Statistics > Module Statistics > DNS > GSLB This in 13.1.0.1, but I think this exist since v9, and will be in similar place in all versions. Qkview and iHealth combination. iHealth will show you configuration totals but is mainly LTM and does not show you GTM objects. Network Map is another option. However, network map is only for LTM. Also, that is a map that start from a virtual server, so if you have a pool that is not linked to a virtual server that will not count in the totals. Second Challenge: The statistics also tell you the status of the objects, so that solution works for both challenges. Third Challenge: There is no automated way to get this. You could run multiple tmsh commands to get the status before the upgrade, or just generate a qkview that will run those commands for you. However, you will still need to compare the objects one by one. If the only slot you got for the software upgrade was 3am in a Sunday, I am sure you will miss some objects or fall asleep. Solution I hope you are thinking about the same, computers don’t need to sleep, and they are better/faster than humans to compare 2 strings or numbers (that is basically 0 or 1, so they are not that smart). So, the conclusion is simple, let the computer do the work comparing objects while you drink another coffee to keep you awake to complete the software upgrade. The idea is simple, get the list of objects, and their respective status, before and after the software upgrade, then compare them and report the result. In this context, object is any entity that has a status in a BIG-IP device that may be affected by the software upgrade. Looking BIG-IP modules, that translate to LTM and GTM objects, for example, virtual servers and wide IPs. That is where BIGdiff script comes to help you and automate that process. You run BIGdiff before the upgrade, upgrade the device, and run again after the upgrade. The script will then generate a HTML file with the results. Technical Bits BIGdiff is a bash script and uses dialog program to generate the graphical menus. Dialog is a common program for CLI menus and is what F5 uses for the config command for example. The script uses snmpwalk to query locally the device for the object status, because so far has been the faster option I tested. That basically generates the same text file before and after the upgrade. Those text files that are used after to compare the objects. The script will generate the results in a HTML format, with tables. If something already exists and do the job well, there is no reason why not to use, so the script uses the TableFilter JavaScript library, that provide filter functionalities for HTML tables. You just need to have the JavaScript library file in the same folder that you have the HTML file, and the magic will happen. If you don’t need the filter functionality, you don’t need to have the JavaScript library, and static tables will be presented. The script is optimized to use mainly bash functionality, to be as faster as possible. I tested the script to compare 13 thousand objects, and it complete the task in a couple minutes. 13K objects is a really big configuration, so even if the device you plan to run the script has a large configuration, that will be just a couple minutes in your change window to run the script. Support The script only supports BIG-IP software, no support for EM or BIG-IQ. The reason is simple, there is no use case for those software. Versions 11.x.x/12.x.x/13.x.x/14.x.x were tested and are supported. As new versions are released, I will be testing to see if any change is needed to support that version. LTM objects are supported and will be listed even if LTM is not provisioned, as majority of the other modules do use LTM internally. GTM objects and partitions are also supported. Using BIGdiff Go to the code share link: BIGdiff Download the tablefilter.js file, if you want to use the table filter functionality as described above. Download the bigdiff.sh that is the script file. In the F5 device, create a folder in /shared/tmp, as /shared is shared between all volumes. Upload the file bigdiff.sh to the F5 device. Change the file permission to run: chmod +x bigdiff.sh Run the script: ./bigdiff.sh Run the script before the upgrade. Upgrade the F5 device. Run the script after the upgrade. Download the file ending in .html from the F5 device. Open the HTML file with your favourite browser. Make sure you have the tablefilter.js in the same folder as the HTML file, if you want the filter functionalities. Other Use Cases The reason I wrote the script was to help with the software upgrades, but you are not limited to software upgrades. You can use the script to compare the objects after you have done something, that can be an upgrade or something else. You can use the software for consolidations, for example 2 devices that will be replaced by a single device. You run the script in the old devices, merge the txt files that are created with the list of objects. Import the configuration in the new device, upload the script and merged txt file you created. Run the script in the new device, and the script will report to you if the objects have the same status as in the old devices. Another use case is for major changes. You can run the script, do the changes, and run the script again. The script will then tell you if you broke something. Silent Mode Silent mode is mainly to be used to integrate with other tools. The image above explains how to use. Conclusion Read the information in the code share page about know issues. I hope you find the script useful.
iHealth Upgrade Advisor: Making upgrades a little easier
Whether it is upgrading the firmware on a switch, the OS on a server, an important business application or the software on a BIG-IP, performing upgrades is something that makes almost all IT Admins and Network Engineers nervous. We’ve learned from (sometimes painful) experience that things don’t always go as planned. Good preparation greatly increases the likelihood that an upgrade will be successful, which is why F5 has created the iHealth Upgrade Advisor. Its goal is to provide an additional service from F5 that will complement your existing upgrade preparations, increasing the predictability of the upgrade while reducing your upgrade time. The iHealth Upgrade Advisor service provides a way for users to gain insight into potential issues with a BIG-IP upgrade before they attempt the upgrade. It provides guidance that is specific to a BIG-IP based on its configuration, the version of software it is currently running and the version you are planning to upgrade to. When an issue can be avoided by making a configuration change prior to upgrading, the Upgrade Advisor will tell you exactly what to change. For some issues, it will list the corrective actions to take after the upgrade. Demo Video This short video demonstrating the Upgrade Advisor shows you how to use it and some examples of the guidance it provides. Accessing the Upgrade Advisor The next time you are preparing to upgrade a BIG-IP, login to ihealth.f5.com, upload a .qkview file from that BIG-IP and then view the qkview after iHealth has analyzed it. The Upgrade Advisor can be accessed by clicking on its tab in the left-hand menu. Simply select the version of BIG-IP you are planning to upgrade to in the advisor and review the results. Here is a screenshot of the Upgrade Advisor: Give it a Try Try out the F5 upgrade Advisor today and let us know what you think using the feedback option (circled in red on the right side of the screenshot above).
