Bug ID 751589: In BIG-IP VE, some IP rules may not be created during the first boot up.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6

Fixed In:
15.0.0, 14.1.2.7

Opened: Nov 30, 2018

Severity: 2-Critical

Symptoms

The BIG-IP Virtual Edition (VE) system might not be able to install some IP rules in the host during the first boot up. As a result, some types of traffic (e.g., ssh) destined for the BIG-IP system via the data path (not via the management interface) might not be able to respond back to a sender. This issue exists only during the first boot into a new BIG-IP partition after installation.

Impact

Some types of traffic (e.g., ssh) destined for the BIG-IP system via the data path (not via the management interface) might not be able to respond back to a sender.

Conditions

This issue exists if the following conditions are met: -- The BIG-IP system is VE. -- Before installing a new BIG-IP image, the sys db variables 'liveinstall.saveconfig' and 'liveinstall.moveconfig' are both set to 'disable'. By default, both variables are set to 'enable'. -- First boot into a new BIG-IP partition after installation.

Workaround

You can use either of the following workarounds: -- Restart mcpd using the following command: bigstart restart mcpd -- After the first boot into a new BIG-IP partition, you can simply reboot the BIG-IP system again, and then the necessary IP rules are created correctly.

Fix Information

The necessary IP rules are created correctly in the first boot into a new BIG-IP partition after installation.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips