October 14, 2014 by Andrew Carter
I have conducted many F5 upgrades in my time, but this is the first time I have had the privilege of upgrading a box from 10.0.1 to 11.5.1.
As you can imagine this is a large step up in terms of functionality and performance. With the 10.0.1 code being released almost 5 years ago.
Such with all major upgrades, this was staged in our demo environment to check that all the iRules were working as expected, and the upgrade would happen without any issues. The boxes that were being upgraded were setup in an Active/Standby configuration. According to F5 best practice the standby box was upgraded first.
http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-upgrade-active-standby-11-3-0/1.html
This was upgraded in accordance with the major versions that F5 have released. The upgrade path went from 10.0.1 to 10.2.4 to 11.1.0 to 11.3 to 11.5.1 . This may seem like a long winded upgrade path but based on experience, I have found that less problems arise if you take the time and upgrade in stages.
The Standby box was upgraded successfully and when processing traffic only a few issues arose. Both related to health monitors. At this point the old active box was then upgraded in the same way. The upgrade once again worked as expected but when it came to syncing the boxes we had an issue. The 2 boxes would not sync. This was weird, as no network changes had been made and the address for sync, mirroring and failover were the same.
After spending some time looking at the configuration and trying to get the trust to unsuccessfully work. I then found the issue; the machine certificate was not valid as it had expired 4 years ago. Once I created a new machine certificate on both boxes, I was then able to create a trust and sync the boxes.
This is the first time I have seen this issue, but if you are upgrading between versions that are released a long time, it way be worth being aware of this.
