Upgrading F5 Big-IP from version 9.3.x or 9.4.x to 10.x

Upgrading Big-IP from version 9.3.x or 9.4.x to 10.x
======================================================
This installation was performed on a Big-IP 3600. Hardware details are as follows:
PLATFORM INFORMATION --
| Marketing Name: BIG-IP 3600
| BIOS Rev: AMIBIOS(C)2006 American Megatrends, Inc. F5 Platform: MERCURY OBJ-0272-03 BIOS S10.0 Date:04/24/2009
| base MAC: 00:00:00:00:00:00
+-> SYSTEM INFO
| Type: C103
| Chassis serial: f5-yyyy-xxxx Level 200 part: 200-0293-11 REV A
| Memory: 3.437GB
+-> HARDWARE CARDS
| | Type: pic Model: F5 cpld
| | version: 0x13
| | Type: crypto Model: Cavium NITROX-PX
| | version: CNPx-MC-SSL-MAIN-MC1-0001
+-> CPU 0
| | Type: Intel(R) Core(TM)2 Duo CPU E6400 @ 2.13GHz Speed: 2133.469MHz
| | Temp: 37degC Fan speed: 10546rpm


1. Download the iso and md5 files from the F5 website.

2. SCP to your F5 Big-IP appliance.

3. Transfer files downloaded in step 1 to the directory “/shared/images”. Create this directory if it does not exist.

4. Login to the CLI of the device using the root account. Verify the integrity of the images. Apply the following commands:

md5sum /shared/images/BIGIP-10.0.1.283.0.iso
cat /shared/images/BIGIP-10.0.1.283.0.md5

Visually check that the hash values outputs are identical.

5. Login to the CLI of the device using the root account. Install the configuration utility “image2disk” – the iso image contains the image2disk utility. Apply the following command to install the utlity:

im /shared/images/BIGIP-10.0.1.283.0.iso

The process copies over the image2disk installation utility, and then presents a status message, which lets you know that the im command is no longer supported, and tells you how to proceed.

/tmp/rpmdisk.173hO1 /shared/images
info: media has tm_install version 2.6.2, release 40.0
info: adding bin/../isolinux/install/tm_install.rpm to system...
info: media has perl-RPM2 version 0.67, release 10.0.0.4598.0
info: adding bin/../isolinux/install/perl-RPM2.rpm to system...
The im utility is no longer used to upgrade software images.
Please use 'image2disk'. For help, use 'image2disk -h'.
You must always install to an image location that is not in use.
Here is your current image-location status:
HD1.1 active no default no title BIG-IP 9.1.2 Build 40.2
HD1.2 active yes default yes title BIG-IP 9.3.1 Build 37.1


6. Determine which HD slot to install the new in using the switchboot utility. You must install the image on an inactive slot. Apply the following command:

switchboot –l

Sample output:
[root@F5:Active] / # switchboot –l
Current boot image:
HD1.1 - BIG-IP 9.4.8 Build 355.0
Default boot image:
HD1.1 - BIG-IP 9.4.8 Build 355.0
Available boot image(s):
HD1.1 - BIG-IP 9.4.8 Build 355.0
HD1.2 - BIG-IP 9.4.8 Build 355.0
[root@F5:Active] / #

7. Install the new image. This step will reformat the disk to use Logical Volume Management. Apply the following command as the root using the CLI:
image2disk --instslot=HD1.2 --format=volumes /shared/images/BIGIP-10.0.1.283.0.iso
The upgrade process installs the software on the inactive installation location (--instslot) that you specify. This process usually takes between three minutes and seven minutes.

8. Reboot the into the volume where you installed the new image:
switchboot -b HD1.2
reboot

Installing Hotfixes 10.x
1. Download the Hot fix files from F5:
• Hotfix-BIGIP-10.0.1-402.7-HF4.iso
• Hotfix-BIGIP-10.0.1-402.7-HF4.md5

2. SCP to the device and copy the downloaded hot fix files to the directory “/shared/images”. Login to the CLI and verify the files are recognised by the device. Apply the following command:
bigpipe software list
Sample output:
[admin@F5:Active] images # bigpipe software list
software {
desired {
HD1.1 {}
HD1.2 {
product "BIG-IP"
version "10.0.1"
build "283.0"
active enable
}
HD1.3 {}
}
hotfixes "Hotfix-BIGIP-10.0.1-402.7-HF4.iso"
images "BIGIP-10.0.1.283.0.iso"
}
[admin@F5:Active] images #
3. Verify the integrity of the files. Apply the following commands:
md5sum /shared/images/Hotfix-BIGIP-10.0.1-402.7-HF4.iso
cat /shared/images/Hotfix-BIGIP-10.0.1-402.7-HF4.md5

Visually check the hash values are the same from the output.

4. Verify the disk formatting scheme used by the device. Apply the following command:

lvscan
Sample output:
[admin@F5:Active] images # lvscan
lvscan -- ACTIVE "/dev/vg-db-sda/dat.share.1" [30 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/dat.log.1" [7 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.1.root" [256 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.1._config" [512 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.1._var" [3.25 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.1._usr" [1 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.2.root" [256 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.2._config" [512 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.2._var" [3.25 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.2._usr" [1 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.3.root" [256 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.3._config" [512 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.3._var" [3.25 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.3._usr" [1 GB] contiguous
lvscan -- 14 logical volumes with 52 GB total in 2 volume groups
lvscan -- 14 active logical volumes

[admin@F5:Active] images #

5. The Big-IP image and hotfix file into a volume which is NOT active. Check which volume is active – apply the following command:
bigpipe software
Sample output:
[admin@F5:Active] images # bigpipe software
SOFTWARE
+-> SOFTWARE STATUS
| Key Slot Product Version Build Active Status
| HD1.1 0 none none none no complete
| HD1.2 0 BIG-IP 10.0.1 283.0 yes complete
| HD1.3 0 none none none no complete
[admin@F5:Active] images #

6. Install the Big-IP image and hotfix file into the inactive volume.

a) First install the Big-IP image. Apply the following command:
bigpipe software desired HD1.3 product BIG-IP version 10.0.1 build 283.0
Sample Output:
[admin@F5:Active] images # bigpipe software desired HD1.3 product BIG-IP version 10.0.1 build 283.0
[admin@F5:Active] images # bigpipe software
SOFTWARE
+-> SOFTWARE STATUS
| Key Slot Product Version Build Active Status
| HD1.1 0 none none none no complete
| HD1.2 0 BIG-IP 10.0.1 283.0 yes complete
| HD1.3 0 BIG-IP 10.0.1 283.0 no installing 0.000 pct
[admin@F5:Active] images # bigpipe software
SOFTWARE
+-> SOFTWARE STATUS
| Key Slot Product Version Build Active Status
| HD1.1 0 none none none no complete
| HD1.2 0 BIG-IP 10.0.1 283.0 yes complete
| HD1.3 0 BIG-IP 10.0.1 283.0 no installing 3.000 pct
[admin@F5:Active] images #
[admin@F5:Active] images # bigpipe software
SOFTWARE
+-> SOFTWARE STATUS
| Key Slot Product Version Build Active Status
| HD1.1 0 none none none no complete
| HD1.2 0 BIG-IP 10.0.1 283.0 yes complete
| HD1.3 0 BIG-IP 10.0.1 283.0 no complete

b) Apply the hotfix onto the Big-IP image. Apply the following commands:
bigpipe software desired HD1.3 product BIG-IP version 10.0.1 build 402.7
Sample Output:
[admin@F5:Active] images # bigpipe software desired HD1.3 product BIG-IP version 10.0.1 build 402.7
[admin@F5:Active] images # bigpipe software
SOFTWARE
+-> SOFTWARE STATUS
| Key Slot Product Version Build Active Status
| HD1.1 0 none none none no complete
| HD1.2 0 BIG-IP 10.0.1 283.0 yes complete
| HD1.3 0 BIG-IP 10.0.1 402.7 no installing hotfix
[admin@F5:Active] images #

c) Boot into the volume containing the hotfix. Apply the following command:

switchboot -b HD1.3
reboot

Sample Output:
[admin@F5:Active] images # switchboot -b HD1.3
[admin@F5:Active] images # reboot

Broadcast message from root (pts/0) (Tue Jan 25 12:00:58 2011):

The system is going down for reboot NOW!
[admin@F5:Active] images #

References
F5: Manual Chapter: Using the image2disk and diskinit Utilities
F5: SOL11496

Free up Junper SRX disk or storage space

1. Check the amount of disk usage:
show system storage
2. Perform an automated device storage/disk cleanup:
request system storage cleanup

Upgrade a standalone Cisco Catalyst 3750 (not in a Stack)

1. Download and save the required image from the Cisco website.
2. Ensure you have the minumum amount of storage space on your flash drive. For the IP Services image this is likely to be 16Mb.

Apply the command:

dir flash:

3. In this example I use TFTP32 to transfer files from my desktop to the switch.

Apply the command:
copy tftp:.bin flash:

4. Once the new IOS image has been transferred, configure the switch to boot with the new image the next time it reloads:

Apply the following commands:
config terminal
boot system flash:/.bin
exit
write memory
reload

Note: There is no need to change the config-register value as the it is fixed on the Catalyst 3750.

5. Type "yes" or press enter to confirm to reload.

6. Once reloaded check that you are using the new image:
show version

Route Distinguishers and Route Targets

A VRF represents an isolated instance on a device of a routing and forwarding table. A VRF belongs to a site and is assigned to a interface (logical or physical). This interface is used to peer to the CE to exchange routing updates and packets. These updates and packets are identified in the core (provider network) by a ROUTE DISTINGUISHER and thus making it unique where there is a overlap of addressing schemes from different VRFs.

A VPN is a service which provides security and isolation normally found in a private network over a shared provider infrastructure. The scope of a VPN is contained by what routing and forwarding is required by a organizations network. Therefore a VPN can entail multiple VRFs if it requires access to networks in different VRFs. The ROUTE TARGET is used to determine what routing information to import or export from a VRF and thus creating the scope of the VPN.

Reset the ProxySG back to default settings

To reset the ProxySG back to the "out-of-the-box" configuration or default settings take the following steps:
1. Connect to the ProxySG CLI through the serial interface or a terminal server.
2. Press enter 3 times.
3. Choose option 1: "Command Line Interface".
4. Enter enable mode by entering the command "en".
5. At the prompt enter "restore-defaults factory defaults".
6. The system message "Continue with system re-initialization?". Enter Y for the system to proceed with re-initialization.
7. Sit back and wait.
8. Re-initialization is now complete.

Internet Content Adaption Protocol (ICAP) Fundamentals

Core points on ICAP:

* The Blue Coat AV (virus checking) is an external service which the ProxySG can communicate with using ICAP.
* The policy definition is conducted on the ProxySG using the management console or Content Policy Language.
* There are two modes of operation: RESMOD and REQMOD. In REQMOD the ProxySG intercepts and forwards requests from the client to the origin server for parsing. In RESMOD the ProxySG (ICAP client) intercepts the response from the origin server and uses ICAP to communicate with the external service to process the response message.

Backup Static Routes in Cisco IOS

Problem: I have primary static default route which I want to replace with a secondary default route when the primary fails.

Solution:

track 10 interface FastEthernet0/0 ip routing
delay down 2 up 2
!
track 11 list boolean and
object 10 not
!
ip route 0.0.0.0 0.0.0.0 192.168.2.2 track 10
ip route 0.0.0.0 0.0.0.0 192.168.3.2 track 11
!

Verify:
R1#show ip route track
ip route 0.0.0.0 0.0.0.0 192.168.2.2 track 10 state is [up]
ip route 0.0.0.0 0.0.0.0 192.168.3.2 track 11 state is [down]
!

R1#show track 11
Track 11
List boolean and
Boolean AND is Down
1 change, last change 00:05:24
object 10 not Up
Tracked by:
STATIC-IP-ROUTING 0
R1#show track 10
Track 10
Interface FastEthernet0/0 ip routing
IP routing is Up
3 changes, last change 00:16:39
Delay up 2 secs, down 2 secs
Tracked by:
Track-list 11
STATIC-IP-ROUTING 0
!