Forum Discussion

Roy_Jee's avatar
Roy_Jee
Icon for Nimbostratus rankNimbostratus
Nov 09, 2021

How to find suiteable version for OS upgrade

Hi,

I want to confirm how to confirm which version is best and stable for an OS version upgrade .Lets say we are upgrading from 13.1.3.4 .Thanks .

application delivery
BIG-IP
TMOS

3 Replies

Sort By
  • Mayur_Sutare's avatar
    Mayur_Sutare
    Icon for MVP rankMVP
    Nov 10, 2021

    Well, I will say the upgrade strategy, plan and target version mostly depends upon the requirement, specific use cases and/or any major issues with current version.

     

    Let's say if any vulnerability is affecting the current version of F5 and it is applicable to your environment, you should look for mitigating the vulnerability. And In most cases the permanent fixes are upgrading F5s to stable version where affected vulnerabilities are fixed.

     

    The other example I can give is- Planning upgrade for specific use cases. Let's say I want to enable TLS1.3. In such case I would need to have my F5s on at least 14.1.x version for having production level support for TLS1.3. This is because in F5 14.0.0, the BIG-IP system adds limited support for TLS-1.3. Starting in BIG-IP 14.1.0.1 and later, this support was updated to provide production level support for TLS 1.3.

     

    Now If I am planning to upgrade to any of 14.x version for enabling the TLS-1.3 support, I will check the most stable version under 14.x.

     

    So basically whenever you are planning for the F5 upgrade for any reason, you should look for most stable version and for this, you should definitely check for release notes of the target versions. In addition to this, you can also check your current F5 version for known vulnerabilities. You can do this by uploading a QKView of your F5 on iHealth. The IHealth report gives you details on any known issues/vulnerabilities, config problems and F5 best practices articles. Also F5 recommend to do this periodically.

     

    Below are some article for your ref-

     

    https://www.f5.com/pdf/deployment-guides/bigip-update-upgrade-guide.pdf

    https://support.f5.com/csp/article/K84554955

     

    Hope it helps!

     

     

     

     

  • Roy_Jee's avatar
    Roy_Jee
    Icon for Nimbostratus rankNimbostratus
    Nov 10, 2021

    Thanks Buddy,

    can you please also let me know what is best way to decide on which series (14.x , 15.x , 16.x ) you should upgrade your OS for enabling TLS 1.3 from 13.1.3.4 for i2600 box .

  • Mayur_Sutare's avatar
    Mayur_Sutare
    Icon for MVP rankMVP
    Nov 11, 2021

    While deciding the upgrade, you can upgrade to the point release in target major version. Point release is the one that have most of the defects addressed, and security fixes. Also one more important point, when you decide your target version, it is always recommended to go through its release notes; specially verify the known issues/bugs and see if it applies to you. Kindly go through below F5 articles which may give you more clarify about this.

     

    https://support.f5.com/csp/article/K54845583

     

    https://support.f5.com/csp/article/K31596200

     

    https://support.f5.com/csp/knowledge-center/software/BIG-IP?module=BIG-IP%20LTM&version=14.1.4

     

    https://support.f5.com/csp/article/K33062581

     

    https://support.f5.com/csp/article/K8986

     

    Hope it helps!