Last Modified: May 29, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5
Fixed In:
17.0.0, 16.1.4, 15.1.10
Opened: Feb 18, 2021 Severity: 3-Major
After reloading the configuration from a file, management-dhcp supersede options whose values contained a double quote character (") no longer contain the character. For instance, after reloading the configuration, the following section: # tmsh list sys management-dhcp sys-mgmt-dhcp-config supersede-options sys management-dhcp sys-mgmt-dhcp-config { supersede-options { domain-name { value { "example.com" } } domain-name-servers { value { 8.8.8.8 } } domain-search { value { "example.com" } } } } Becomes: # tmsh list sys management-dhcp sys-mgmt-dhcp-config supersede-options sys management-dhcp sys-mgmt-dhcp-config { supersede-options { domain-name { value { example.com } } domain-name-servers { value { 8.8.8.8 } } domain-search { value { example.com } } } } This also affects the configuration file for the dhclient/dhclient6 daemons that the system automatically generates from the aforementioned config stanza.
The in-memory mcpd configuration relating to management-dhcp supersede options is incorrect. The /etc/dhclient.conf file that is automatically generated contains incorrect syntax. As a result of this, the dhclient/dhclient6 daemons fail to parse the file and run with an incomplete configuration. Ultimately, the system does not behave as configured in regard to its management-dhcp configuration.
This issue occurs when the following statements apply: --- The values of management-dhcp supersede options contain double quote characters. --- The configuration is reloaded from file. The BIG-IP system reloads the configuration from file in the following cases: -- When you issue the 'tmsh load sys config' command. -- After an upgrade, as the mcpd binary database does not exist yet. -- When troubleshooting requires removing the mcpd binary database and reloading the config from file. -- When the system is relicensed. -- When system provisioning changes. -- When a UCS/SCF archive is restored. -- When someone merges in config from file or terminal (but this is limited to the actual contents being merged in, not the entire configuration).
Reapply the desired management-dhcp supersede-options configuration using the tmsh utility. For example, to restore the intended in-memory configuration shown under Symptoms, you would run within tmsh: # modify sys management-dhcp sys-mgmt-dhcp-config supersede-options none # modify sys management-dhcp sys-mgmt-dhcp-config supersede-options add { domain-search { value add { \"example.com\" } } } # modify sys management-dhcp sys-mgmt-dhcp-config supersede-options add { domain-name { value add { \"example.com\" } } } # modify sys management-dhcp sys-mgmt-dhcp-config supersede-options add { domain-name-servers { value add { 8.8.8.8 } } } # save sys config On versions earlier than 15.0.0, you must also restart the dhclient/dhclient6 daemons by running: bigstart restart dhclient dhclient6 Note that the workaround is not permanent and will be invalidated the next time the config is loaded from file again.
The BIG-IP system user is no longer responsible for knowing which dhcp-options require quoting and which do not. This determination is now done internally by mcpd, which uses the correct syntax for each supersede-option when writing the /etc/dhclient.conf file. This means that, as the BIG-IP system user, you are not required to quote anything when manipulating management-dhcp supersede-options in tmsh. For instance, you can enter the following command: tmsh modify sys management-dhcp sys-mgmt-dhcp-config supersede-options add { domain-search { value add { one.example.com two.example.com } } } And the system inserts the following instruction in the /etc/dhclient.conf file: supersede domain-search "one.example.com", "two.example.com" ;