How to upgrade F5 BIG-IP

Initial Steps

  1. Determine the version you are upgrading from and too. Here is an excellent guide for determining if you will experience a smooth upgrade: Upgrade Path
  2. Download the iso File of the version you are upgrading from
  3. Learn of any new bugs that could cause issues with current configuration before updating.

Image updates are located here on the BIG-IP: System > Software Management > Image > Import

Hotfix updates are located here on the BIG-IP: System > Software Management > Hotfix List > Import > Browse > Locate > Image File


  1. Create archives on both active and standby devices.
  2. Download both archives to your local machine as a precaution.
  3. Re-activate license before upgrading. Note: do not re-activate license while the unit is active — it will restart processes and disrupt traffic processing. Wait to re-activate the license on the second unit until it has been failed over.
  4. Upload software images to both devices. If your change process allows for it, feel free to upload and install the image. It won’t affect traffic processing on the F5 and will reduce your time to completion during the actual change window.
  5. Force standby device offline to ensure no failover occurs.
  6. Install upgrade on standby device.
  7. If you have access to the management console (such as on a virtual edition F5) or if you have a serial console server in the data center plugged into the F5, you can run the command, watch the shutdown and reboot processes. Once the login prompt appears, enter your local root credentials and use the following commands to monitor logs: tail -f /var/log/ltm. You’ll gain extra visibility and it’s comforting to see at what step in the upgrade process you are, rather than, staring at a circle spinning on the GUI.
  8. Once you are able to access the GUI; give the F5 a few more minutes to finish up the boot processes.
  9. Look at the system statistics. Check for CPU usage and Memory. It is normal for these to spike at initial boot. Watch for 3-5 minutes, compare the graphs with that over the past 24 hours, remember that your standby unit will show low utilization over the past 24 hours and you will see this increase as you fail over once you’re ready to proceed with the second unit. See if you notice any drastic changes that are not going away after about 5 minutes before moving on.
  10. Take the unit we just upgraded out of Force Offline status. Verify that your Local Traffic configuration items (nodes, pool members, pools, VIPs) pass their health checks and maybe connect to a couple of high-priority VIPs via the F5’s CLI before failing over the active unit. Take note of the currently active unit’s connection counts in the F5 statistics, fail over and check the newly active unit’s connection statistics to make sure traffic is being processed no the newly active device. You can also check your floating traffic group in the device management section.
  11. Cover your bases by having the load balanced applications checked out and validated independently by the app owner or business stakeholders. Ask them to sign off that the applications are still functioning correctly before moving on to the next device.
  12. Repeat this same process with secondary device.


Looking into deploying F5 vCMP? First, take a look at my blog post on starting out with F5 vCMP concepts and then go through my step by step guide on F5 vCMP. You probably understand virtualization technology. F5’s version isn’t any different. The device is basically running a custom version of Linux KVM, with a bunch of custom drivers to enable things like hardware SSL acceleration for the vCMP guests.

Second, take a look at the configuration and implementation guide for F5 vCMP on their support page here. There’s a lot more detail in their guides and are obviously the best place to get F5’s recommendation.

Third, take time to plan your F5 vCMP environment. Prepare how much CPU and Memory resources each F5 vCMP guest will need. I’ve found that people tend to underestimate the resources F5 vCMP requires. They under allocate their guests, and then need to beef them up down the road. If you have the extra resources on the host, it won’t be a big deal, just a reboot of the guest. If you don’t have the resources, you’ll need to migrate the guest to another host, or buy another host. Also, it’s an expensive waste of resources to have one or two vCPU’s not used on the host, so plan appropriately and plan early!

The minimum size guest is going to have a single vCPU. Remember though, a vCPU is a hyperthread, which is only half of a CPU core. An F5 needs a lot of processing power, and unless you’re doing just about nothing on your guest, a single hyperthread is not going to be enough. Also, it means that you’re sharing your management plane activities with your traffic plane on that single hyperthread. Expect to have a very slow GUI when you have any decent amount of traffic going through the device.

Fourth, leave a comment, or contact us if you’d like to get some help specific to your environment!

Installing an F5 BIG-IP Hotfix

Need help installing an F5 BIG-IP Hotfix? Looking for resources for the F5 hotfix process? You’ve found the right place. From time to time, F5 changes their software versioning, and as of 2018, there is no longer hotfixes. Each new version has a full ISO to install. I’d expect this to change somewhat in the future as they tend to go back and forth often with various things.

In any case, for when they return, I’ll keep this page up.

First, take a look at my blog post on the F5 install hotfix process.

Second, when downloading the hotfix file, make sure to take a look at the release notes for the hotfix you’re installing at F5 Downloads

Third, consider opening a case with F5 and create a qkview to speed up any issues you have during the process.

Fourth, leave a comment or contact us if you’d like some help with installing an F5 BIG-IP hotfix or new version in your environment.