Forum Discussion

Shuvo_166796's avatar
Shuvo_166796
Icon for Nimbostratus rankNimbostratus
Aug 19, 2014

Recommended LTM Version

We have been using F5 LTM v11.2.1 HF10 on production and planning to upgrade. Which version should I be upgraded to? 11.5.1 is supported by the LTM appliance we are using. We are using BIG-IP 2000s (C112). I was hoping to go for 11.5.1 but then I saw a lot's of known issues and got confused.

 

4 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    Shuvo,

     

    If we can assume that there are no feature reasons for choosing between any of the later releases for you then I would also assume that stability is the next reason for choosing an LTM version.

     

    Whilst 11.5.1 has only been out 3/4 months it's now got 4 HFs so I would certainly recommend this as an option. 11.4.1 has been a out a lot longer and is, hence, more "baked" so is also a valid choice. It also has 4 HFs too.

     

    If you're able to update HFs as and when they come along then I'd go for 11.5.1. If you can't, due to change windows, then I might suggest 11.4.1 in that case.

     

    Hope this helps, I'm sure other DCers will have their view too on this.

     

    N

     

  • Thanks for your prompt response Nathan. Stability is our main concern. But again security is our another concern. We do have 2 LTM located at 2 different site. So updating HF shouldn't be a big issue. But from security perspective what version would you recommend?

     

    I was asked about this, this & this vulnerabilities but unfortunately I couldn't find anything at AskF5.

     

    Regards,

     

    Shuvo

     

  • We were told recently (by F5) that they would recommend 11.4.1 (with latest HF)

     

  • funny, i once was told F5 never recommends specific version.

     

    personally i would also go with 11.4.1 if there is nothing that is really needed in 11.5.1. if the security issue is big enough F5 will release a HF anyway and 11.2.1 is still in support for that.

     

    those issue you point to are openssl related, up to now the bigip hasn't been really hit but those except on the management interface and if you use COMPAT ciphers on 11.5.x :) which by now has been fixed with HFs.