BIG-IP v9.4.8 HF2 Released

F5 Networks is excited to announce the release of BIG-IP v9.4.8 hotfix 2.  While there are no new features in this release, it does improve upon the BIG-IP v9.4.8 branch with increased stability. F5 strongly recommends upgrading from any version of v9.4.8 to v9.4.8 HF2. This release contains:

* Stabilization fixes for LTM, GTM, ASM, and WAM
* Vulnerability patch

Software: https://downloads.f5.com/esd/productlines.jsp

Documentation: https://support.f5.com/kb/en-us.html – Select your product from the dropdown box.

Software support policy: https://support.f5.com/kb/en-us/solutions/public/8000/600/sol8651.html

v9.4.8 HF1 Recall

RELEASED BY F5 TODAY!!!

V9.4.8 HF1 has been pulled from the download site, and HF2 will be available next week.

CR133528 will be included in HF2 to addresses a memory leak that is possible in v9.4.8 HF1.

To tell if your system is susceptible to the memory leak in v9.4.8 HF1, run this command periodically and see if the Alloc/Max data entries keep growing:

b memory | grep -i packet
(SUBSYSTEM                        Alloc     Max    Obj size)
packet                                65920   66048     128

If your system is susceptible to this memory leak, please run the HF1 uninstall, HotfixUninstall-BIGIP-9.4.8-379.3-HF1.im, which is still available on the download site.

BIG-IP v9.3.1 HF8 Released

F5 Networks has announced the release of BIG-IP v9.3.1 hotfix 8.

“While there are no new features in this release, it does improve upon the BIG-IP v9.3.1 branch with increased stability.”

F5 strongly recommends upgrading from any version of v9.3.1 to v9.3.1 HF8. This release contains:

• Stabilization fixes for LTM, and GTM
• Vulnerability patch

Software: https://downloads.f5.com/esd/productlines.jsp

Documentation: https://support.f5.com/kb/en-us.html – Select your product from the dropdown box.

Software support policy: https://support.f5.com/kb/en-us/solutions/public/8000/600/sol8651.html

Managing 9.x Hotfixes: https://support.f5.com/kb/en-us/solutions/public/6000/800/sol6845.html

BIG-IP v9.4.8 HF1 Released

In case you haven’t yet upgraded to 10.x, F5 Networks announced the release of BIG-IP v9.4.8 hotfix 1 today.

“While there are no new features in this release, it does improve upon the BIG-IP v9.4.8 branch with increased stability. “

F5 strongly recommends upgrading from v9.4.8 to v9.4.8 HF1. This release contains:

• Stabilization fixes for LTM, GTM, ASM, and WAM
• Vulnerability patch

Software: https://downloads.f5.com/esd/productlines.jsp

Documentation: https://support.f5.com/kb/en-us.html – Select your product from the dropdown box

Software support policy: https://support.f5.com/kb/en-us/solutions/public/8000/600/sol8651.html

Managing LVM 10.x Hotfixes: https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html

Managing Partitioned 10.x Hotfixes: https://support.f5.com/kb/en-us/solutions/public/9000/800/sol9819.html

Managing 9.x Hotfixes: https://support.f5.com/kb/en-us/solutions/public/6000/800/sol6845.html

 

BIG-IP v10.0.1 HF3 Released

In case you missed it Thursday…

F5 Networks is excited to announce the release of BIG-IP v10.0.1 hotfix 3.

While there are no new features in this release, it does improve upon the BIG-IP v10.0.1 branch with increased stability.

F5 strongly recommends upgrading from any version of 10.0.1 to v10.0.1 HF3.

This release contains: * Stabilization fixes for LTM, GTM, ASM, and WAM *

Vulnerability patch Software: https://downloads.f5.com/esd/productlines.jsp

Documentation: https://support.f5.com/kb/en-us.html – Select your product from the dropdown box.

Software support policy: https://support.f5.com/kb/en-us/solutions/public/8000/600/sol8651.html

Managing LVM 10.x Hotfixes: https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html

Managing Partitioned 10.x Hotfixes: https://support.f5.com/kb/en-us/solutions/public/9000/800/sol9819.html

Managing 9.x Hotfixes: https://support.f5.com/kb/en-us/solutions/public/6000/800/sol6845.html

what to do about hotfixes and updates

Today’s Issue:

How to prepare for, and install a Hotfix on the BIGIP LTM 6400 running 10.0.1 configured with Volumes

Where We Are:

As noted in the previous post, F5 released several hotfixes for the LTM recently (we’re now at HF2 for 10.0.1).  As you may or may not know, you don’t install updates or hotfixes to the active volume… you apply them to an inactive volume, then you reboot into the patched one.  That way, if something blows up, you boot back into the un-patched one and back to where you were.

How We Got Here:

So there are several things going on here…

1. Installing an inactive boot volume
2. Installing a hotfix
3. Image, Boot Volume, and Update/Hotfix Management

Everything that I’m going to present will be performed from the GUI, however it is my understanding that it can also all be done from the CLI.

As well, the scenarios below have been performed by connecting both to the Management Port and through the device’s external IP address, without any interruption to service (except obviously for the reboot part).

Continue reading ‘what to do about hotfixes and updates’

BIG-IP v10.0.1 HF1 Released

For those of you who haven’t seen…

BIG-IP v10.0.1 HF1 Released
F5 Networks is excited to announce the release of BIG-IP v10.0.1 hotfix 1.  While there are no new features in this release, it does improve upon the BIG-IP v10.0.1 branch with increased stability. F5 strongly recommends upgrading from any version of 10.0.1 to v10.0.1 HF1. This release contains:

* Stabilization fixes for LTM, GTM, ASM, and WAM
* A BIND vulnerability resolution

Software: https://downloads.f5.com/esd/productlines.jsp
Documentation: https://support.f5.com/kb/en-us.html – Select your product from the dropdown box.
Software support policy: https://support.f5.com/kb/en-us/solutions/public/8000/600/sol8651.html
Managing LVM 10.x Hotfixes: https://support.f5.com/kb/en-us/solutions/public/10000/000/sol10025.html
Managing Partitioned 10.x Hotfixes: https://support.f5.com/kb/en-us/solutions/public/9000/800/sol9819.html
Managing 9.x Hotfixes: https://support.f5.com/kb/en-us/solutions/public/6000/800/sol6845.html

Just a disclaimer, I haven’t gotten around to installing this yet, but hope to sometime in the next few days

SSLDump – Hey where’d it go?

Today’s Issue:

How to monitor & dump HTTP and HTTPS traffic for troubleshooting a Sharepoint 2007 website with F5 Support, on an LTM 6400 running 10.0.1, configured for SSL Offloading

Where We Are:

As we’ve talked about in the previous post, I can still reliably reproduce the problem of trying to modify a Sharepoint Web Part using the Rich Text Editor while in IE.  I’ve been working with F5 support to get to the bottom of this, but it sounds like they’re as stumped as me.  So now we’re doing some real-time monitoring and TCPDumps, which they’re trying to decipher… good choice of words, as this is all SSL traffic, so how do you read it?  Here’s how to get from point gobbledygook to point B.

How We Got Here:

Once again, in a nutshell:

• Sharepoint 2007 Application Template deployment on and LTM 6400 running 10.0.1
• SSL Offloading configured by using OpenSSL to break PFX into SSL Cert & Key, then imported onto LTM
• Browse to site as admin from outside (hitting F5 on port 443 first, then F5 passes you to web server over port 80 in the back), edit the web part, and you get errors
• Browse to site as admin from inside (hitting web server directly over port 443 from an internal subnet) edit the web part and life is good

Recommendation from F5 is to run HTTPWatch on the sessions while concurrently running a TCPDump locally on the F5, and send them the goods on both a working and non-working set of transactions.  Here’s what we did, and what I messed up (still wiating to hear back from today’s uploads) Continue reading ‘SSLDump – Hey where’d it go?’

sharepoint 2007 WebPartPages.asmx & 500 Errors

Today’s Issue:

Error while using IE to edit a Sharepoint 2007 page behind a BIGIP LTM 6400 v10.0.1 configured for SSL Offloading:

Cannot retrieve properties at this time

Where We Are:

After deploying a Virtual Server for the Sharepoint 2007 site using the Application Templates in version 10.0.1, site admins cannot create new pages, or edit existing content using the “Edit Content” hyperlink when using IE.  Workaround at this point is one of two options:

Leave the site behind F5, and edit content in another browser

• Pro:  Allows you to edit content
• Con:  Editor window is small, simple text box, no rich formatting

Move site out from behind F5, and edit content in IE

• Pro: Allows full editing capabilities
• Con:  Site is no longer load balanced

How We Got Here

As outlined in another post and over on DevCentral, we used the new Sharepoint 2007 Application Template to move an existing site from it’s single WFE setup, to being behind our LTM 6400.  The current setup only utilizes 1 WFE now, but we have plans to expand as time & funding permit.

As we’ve discussed, the move went fine, the template seems to have provided all of the necessary nuts & bolts to make everything function, but now that we’ve dug in some more, we’ve encountered a relatively significant problem. Continue reading ’sharepoint 2007 WebPartPages.asmx & 500 Errors’

Curiosities, gotchas

Today’s Issues:

• Licensing your upgrade BEFORE you actually upgrade
• Putting your Application Template to work

Where we are:

• Successful upgrade of a production F5 BIGIP LTM 6400 from 9.3.1 to version 10.0.1
• Successful Implementation of a version 10.0.1 Application template to move a production SharePoint 2007 website behind an F5 BIGIP LTM 6400, with SSL Offloading enabled

Although both of these are now working, some weirdness and curiosities before we got the green light.

How we got here:

There’s only so much testing you can do, at some point you’ve got to pull the trigger and make your changes in production. Maybe it’s just me, but I heard a quote somewhere, something about “the best laid plans…” and going awry.

Continue reading ‘Curiosities, gotchas’