BIG-IP software version should be updated from 14.1.2.0 to 14.1.2.3

[vvt137]

Do you already have an issue opened with F5 support?

No

Description

The latest minor release 14.1.2.3 of BIG-IP software was published on download.f5.com in Dec 2019 and is currently available in the set of f5-network marketplace images (e.g. URN f5-networks:f5-big-ip-good:f5-bigip-virtual-edition-25m-good-hourly:14.1.203001). Yet all ARM templates refer to 14.1.2.0 only. A workaround based on creating a custom image (and referring to it from the template) is possible for BYOL and BIG-IQ licensing, but not for PAYG implementations.

Ironically, it is the short-lived PAYG implementations that are affected the most as it is not practical to perform "classical" software update for them (and they would have benefited the most from using 1-slot images). Furthermore, PAYG per-app implementations are forced to remain on the 14.1.2.0 software (even if software-update overhead can be tolerated) as they cannot have the second slot.

Ideally, there would be the "latest" option for both major versions of stable software available via the template. I understand that it may be hard to achieve and the second best option is to keep updating the template as minor versions of "N-1" major release become available.

Template

The issue affects all BIG-IP templates, for example: https://github.com/F5Networks/f5-azure-arm-templates/tree/master/supported/standalone/2nic/existing-stack/payg

Severity Level

4

[JeffGiroux]

Here's a workaround:

############ ############ Workaround 1: edit JSON template

1. search for available BIG-IP images in marketplace az vm image list -f big-ip --all
2. Find your desired throughput (25Mb, 200Mb, 1Gb, etc)
3. Find your desired consumption model (BYOL, PAYG)
4. Find your desired version (14.1.200000, 14.1.202000, 14.1.203001)
5. Update template and replace/add values for "bigIpVersion" with desired version

original...

    "bigIpVersion": {
        "allowedValues": [
            "15.0.100000",
            "14.1.200000",
            "latest"
        ],
        "defaultValue": "15.0.100000",
        "metadata": {
            "description": "F5 BIG-IP version you want to use."
        },
        "type": "string"
    },

after replacing value with 14.1.203001...

    "bigIpVersion": {
        "allowedValues": [
            "15.0.100000",
            "14.1.203001",
            "latest"
        ],
        "defaultValue": "15.0.100000",
        "metadata": {
            "description": "F5 BIG-IP version you want to use."
        },
        "type": "string"
    },

6. Also edit template and replace value in "isAcceleratedNetworkingSupported" with false to make sure accelerated networking is disabled.

original...

    "isAcceleratedNetworkingSupported": "[if(not(contains(parameters('bigIpVersion'),  '14.1.200000')), bool('true'), bool('false'))]",

after replacing with false (disables accelerated networking)...

    "isAcceleratedNetworkingSupported": false, 

7. Edit template one last time to replace a value in "bigIpVersionPortMap"

original...

    "bigIpVersionPortMap": {
        "15.0.100000": {
            "Port": 8443
        },
        "14.1.200000": {
            "Port": 8443
        },
        "443": {
            "Port": 443
        },
        "latest": {
            "Port": 8443
        }
    },

after replacing value with 14.1.203001 (mgmt port 443 or 8443 depending on single-nic or multi-nic)...

    "bigIpVersionPortMap": {
        "15.0.100000": {
            "Port": 8443
        },
        "14.1.203001": {
            "Port": 8443
        },
        "443": {
            "Port": 443
        },
        "latest": {
            "Port": 8443
        }
    },

8. Deploy template and now 14.1.2.3 is a selectable option.

############ ############ Workaround 2: upgrade PAYG images after deployment (some caveats)

In my testing the PAYG images were able to go through an upgrade. There is only 1 boot slot created when you look in the BIG-IP GUI. If you do a upgrade in the GUI and select HD1 volume, then no options exist as only 1 boot slot was created. However, you can simply type the number "2" (without quote) and the upgrade will create boot slot 2 and install the upgraded BIG-IP version to new slot. **Caveat: Not all PAYG images for BIG-IP VE allow upgrade. For example the per app VE does not have enough disk space to do workaround 2.

[vvt137]

If we make the changes suggested in Workaround #1, will the "locally modified" versions of the JSON file remain supported by F5? If the answer is "yes", can we create a fork of the "f5networks/f5-azure-arm-templates" repository in Github, make modifications to the forked copy and still retain the "supported template" status?

Workaround #2 would lead to significant operational overhead, especially for short-lived implementations (I referred to it as "classical software update" in the issue's description). Also per-app LTMs are always implemented as "ltm_1slot", which means 10GB disks that would not have any room for the pre-install .iso file. I tested this option for a per-app LTM VE and found that all usable folders have less than 1GB of available space and placing the iso file (temporarily) into, say, tmpfs makes the system unstable.

[shyawnkarim]

We are working on addressing this for our next template release. In our next release, ARM templates will be able support all versions of BIG-IP. Internal ID for this enhancement: ESECLDTPLT-1979.

[JeffGiroux]

Latest template release 8.0.0 now allow you to do this without having to make template edits! Just validated. You have a few parameter options to play with in new template.

1. bigIpVersion = 14.1.203001

or...

2. customImageUrn = f5-networks:f5-big-ip-best:f5-bigip-virtual-edition-25m-best-hourly:14.1.203001

There are other ways to find different versions. Review the updated README pages to see list of all image listings.

[vvt137]

Excellent news. I'll be testing v8.0.0 soon. Thank you!

[shyawnkarim]

Closing. This issue was resolved with release 8.0.0.0.