Forum Discussion

jamesdris's avatar
jamesdris
Icon for Nimbostratus rankNimbostratus
Mar 05, 2019

bigip DNS and LTM big3d version mismatch

My F5 DNS is running on bigip verison 12.1 - big3d version 12.1.3.7.0.0.2 LTM is running 11.6 - big3d version 11.6.2.0.0.495 To setup communication between them I need to upgrade big3d on LTM to 12.1.3. Can I do it without upgrading bigip software on the LTM and also, will it cause any impact to the existing function of VIPs on the LTM?

 

4 Replies

  • You do not need to update the BIG-IP software.

     

    You can update big3d on the LTM by running it from the GTM (DNS) HERE is some more info on that topic.

     

    Basically if you run it from the DNS to the LTM, if the DNS has a newer version, it will update the LTM to that version.

     

    It shouldn't cause any issues with VIPs etc.

     

    Hope that helps! If it does, please up-vote and select this answer, it would be greatly appreciated!

     

    -Dylan

     

    • jamesdris's avatar
      jamesdris
      Icon for Nimbostratus rankNimbostratus

      I tried it, but after big3d_install I ran bigip_add which succeeded. But when I do iqdump I see the following error :

       

      SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

       

      I noticed that on the remote LTM /shared/bin/big3d version is higher than /usr/sbin/big3d , could this the reason iqdump is failing ?

       

    • Dylan_375544's avatar
      Dylan_375544
      Icon for Cirrocumulus rankCirrocumulus

      Yes, big3d versions need to be the same on all devices. That error seems to indicate that bigip_add didn't work properly.

       

  • Simple rule which I follow,

    LTM should have the same or higher big3d version than the GTM.

    • /shared/bin/big3d is the actual executable file which matters and should be the highest.
    • /usr/sbin/big3d is the default one which comes with the box.

    Can you run the below and share us too,

    /shared/bin/big3d -v

    /usr/sbin/big3d -v

    Also as you said big3d in shared/bin is latest, did you restart the big3d service components post your change.

    And in parallel,

    On the remote LTM - /config/big3d/client.crt - here the trusted device certificates would be stored, you should see the certificate of the gtm/dns.

    On the GTM/DNS - /config/gtm/server.crt - the trusted server certificates would be stored, all your iquery setup ltm's cert's could be seen here.

    Try running bigip_add again to get the certificate to establish iquery.