Symptoms

In high availability (HA) setup, after failover, the newly active BIG-IP device, will send ikev2_message_id_sync messages to the other device. If the BIG-IP device did not receive a response, it has to retransmit the packet. Some of the IKE tunnels are trying to retransmitting the packet, but its not going out of BIG-IP due to wrong state of relation between IKE tunnel and connection flow. After 5 retries, it marks the peer as down, and the IKE tunnel is deleted.

Impact

Traffic loss.

Conditions

-- High availability (HA) environment -- IKE tunnels configured -- A failover occurs

Workaround

None

Fix Information

None

Behavior Change