Last Modified: Nov 21, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 16.1.4, 16.1.4.1, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1
Opened: May 09, 2023 Severity: 3-Major
When a Pool Member in an high availability (HA) pair (Sync-Failover Device Group) has been marked Forced Offline, then later is marked Enabled on one member of the Device Groups, the Pool Member may be marked down on Device Group members other than the member where the Pool Member was marked Enabled. On the BIG-IP system (Device Group member) where the Pool Member was marked Enabled, the Pool Member's status will be marked correctly according to its actual state, as determined by the Health Monitor configured for the affected Pool or Pool Member.
The affected Pool Member will not receive traffic as expected on the other Device Group members. -- If the Pool Member was re-enabled on the Standby member, traffic on the Active member will not be sent to the Pool Member. -- If the Pool Member was re-Enabled on the Active member, traffic on the Standby member will not be sent to the Pool Member if the Active member fails over to the Standby member.
This issue occurs on BIG-IP versions with ID 1095217 is fixed, under the following conditions: -- Multiple BIG-IP systems configured in a Sync-Failover Device Group -- The Device Group is configured for Incremental sync -- A Pool Member has been marked Forced Offline -- A Health Monitor is configured for the Pool or Pool Member -- The Pool Member is later marked Enabled on one member of the Device Group -- This change is synced to the Device Group (either manually or automatically, via Incremental sync, not Full sync)
Perform one of the following actions as a workaround: Option 1: -- Perform a Full sync to the Device Group from the DG member with the correct pool member status Option 2: -- Mark the pool member Disabled -- Sync this change to the Device Group -- Mark the pool member Enabled -- Sync this change to the Device Group Option 3: -- Remove the configured Health Monitor from the affected Pool or Pool Member (Note: If removing the Health Monitor from the Pool, all members of the Pool may become unavailable, halting new connections to the pool members.) -- Sync this change to the Device Group -- Add the previously-configured Health Monitor back to the Pool or Pool Member -- Sync this change to the Device Group
None