Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP ASM, FPS
Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4
Fixed In:
14.1.0, 14.0.0.5, 13.1.1.4, 12.1.4
Opened: Aug 23, 2018 Severity: 2-Critical
When provisioning ASM for the first time on a device that is already linked in a high availability (HA) config-sync configuration, any other cluster device that is on the trust domain experiences mcpd restarting on all secondary blades due to a configuration error. The system logs messages similar to the following in /var/log/ltm: -- notice mcpd[12369]: 010718ed:5: DATASYNC: Done initializing datasync configuration for provisioned modules [ none ]. -- err mcpd[9791]: 01020036:3: The requested device group device (/Common/datasync-device-test1.lab.com-dg /Common/test1.lab.com) was not found. -- err mcpd[9791]: 01070734:3: Configuration error: Configuration from primary failed validation: 01020036:3: The requested device group device (/Common/datasync-device-test1.lab.com-dg /Common/test1.lab.com) was not found.... failed validation with error 16908342. -- notice mcpd[12369]: 0107092a:5: Secondary slot 2 disconnected.
Traffic on all secondary blades is interrupted while mcpd restarts. Then, traffic is resumed.
-- Cluster devices are joined in the trust for high availability (HA) or config-sync. -- Provisioning ASM or FPS on clusters which are already joined in a trust. -- ASM and FPS have not been provisioned on any of the devices: this is the first ASM/FPS provisioning in the trust.
Before provisioning ASM/FPS (but after setting up a trust configuration): 1. On the device on which ASM/FPS is about to be provisioned, create the datasync-global-dg device group and add all of the available devices. For example, if there are two devices in the Trust Domain: test1.lab.com and test2.lab.com, and you plan to provision ASM/FPS for the first time on test1.lab.com, first run the following command from test1.lab.com: tmsh create cm device-group datasync-global-dg devices add { test1.lab.com test2.lab.com } 2. Do not sync the device group. 3. Then on test1.lab.com, you can provision ASM/FPS.
Secondary blades no longer go offline when provisioning ASM/FPS on already established high availability (HA) or config-sync configurations.