Bug ID 1069861: ASM Configuration may fail to import into BIG-IQ if sufficiently large

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IQ Config Mgmt Infrastructure(all modules)

Known Affected Versions:
8.1.0, 8.1.0.1, 8.1.0.2

Fixed In:
8.2.0

Opened: Dec 22, 2021

Severity: 3-Major

Symptoms

Importing a ASM/WAF service from a BIG-IP system into BIG-IQ will fail if the ASM configuration file size on the BIG-IP system exceeds 15MB. When the import fails, /var/log/restjavad on BIG-IQ contains errors similar to the following: [WARN][16 Dec 2021 12:06:33 CLT][Splitter] Item cm:asm:current-config:policies:policystate of kind null with 21337 nested items exceeds system size limit and cannot be split [nominal cost 16003500, budget 15728640] restjavad.0.log:[WARN][11 Nov 2021 11:00:00 CLT][Splitter] Item cm:asm:current-config:policies:policystate of kind null with 21377 nested items exceeds system size limit and cannot be split [nominal cost 16033500, budget 15728640] [ERROR][11 Nov 2021 11:00:00 CLT][/cm/asm/tasks/difference-config/0afb7fb5-b307-42d7-b372-ed62eb5d2b57/worker AsmDifferenceTaskWorker] ERROR: caught java.lang.IllegalStateEx ception: Item cm:asm:current-config:policies:policystate of kind null with 21377 nested items exceeds system size limit and cannot be split [ERROR][11 Nov 2021 11:00:00 CLT][/cm/asm/tasks/difference-config/0afb7fb5-b307-42d7-b372-ed62eb5d2b57/worker AsmDifferenceTaskWorker] Failed to post difference subcollectio n results: Item cm:asm:current-config:policies:policystate of kind null with 21377 nested items exceeds system size limit and cannot be split The budget value of "15728640" is that 15MB limit.

Impact

Import into BIG-IQ database will fail due to ASM configuration file size.

Conditions

-- BIG-IP ASM configuration exceeds 15MB in file size -- Attempt to Import ASM/WAF service into BIG-IQ

Workaround

None.

Fix Information

The maximum file size for this type of import into BIG-IQ has been increased to 128MB (which is larger than the biggest ASM configuration supported). Additionally, this limit has been changed into a configurable setting, with a default of 128MB.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips