Bug ID 1297257: Pool member Forced Offline then Enabled is marked down on peer after Incremental sync

Last Modified: Dec 09, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4

Fixed In:
17.1.2, 16.1.5

Opened: May 09, 2023

Severity: 3-Major

Related Article: K000137795

Symptoms

When a Pool Member has been marked Forced Offline then later marked Enabled on one member of the Device Group, the Pool Member may be marked Down on Device Group members other than the member where the Pool Member was marked Enabled. On the BIG-IP system (Device Group member) where the Pool Member was marked Enabled, the Pool Member's status will be marked correctly according to its actual state, as determined by the Health Monitor configured for the affected Pool or Pool Member.

Impact

The affected pool member that may be markded Down does not receive traffic as expected as the other Device Group members. -- If the pool member is re-enabled on the Standby member, traffic on the Active member will not be sent to the pool member. -- If the pool member is re-enabled on the Active member, traffic on the Standby member will not be sent to the pool member if the Active member fails over to the Standby member.

Conditions

This issue occurs on BIG-IP versions where ID1095217 is fixed for the following conditions: -- Multiple BIG-IP systems are configured in a Sync-Failover Device Group -- The Device Group is configured for Incremental sync -- A pool member or the parent Node has been marked Forced Offline -- A Health Monitor is configured for the pool or pool member -- The same monitor assigned to the pool member is not set to the rule for LTM default-node-monitor -- The pool member or its parent Node is later marked as Enabled on one member of the Device Group -- This change is synced to the Device Group (either manually or automatically, through Incremental sync, not Full sync)

Workaround

Perform one of the following actions as a workaround: Option 1: -- Perform a Full sync to the Device Group from the Device Group member with the correct pool member status. Option 2: -- Set the pool member as Disabled -- Sync the change with the Device Group -- Set the pool member Enabled -- Sync the change with the Device Group Option 3: -- Remove the configured Health Monitor from the affected pool or pool member. Note: If the Health Monitor is removed from the pool, all pool members may become unavailable, halting new connections to pool members. -- Sync this change to the Device Group. -- Add the previously configured Health Monitor back to the pool or pool member. -- Sync the change to the Device Group. Option 4: Do not use WebUI for Force Offline or Enable. But, use the following TMSH command with the ‘replace-all-with’ option to set Force Offline/Enable. For example: tmsh modify ltm pool http_pool { members replace-all-with { 10.xx.xx.xx:yy { session user-disabled state user-down } } } tmsh modify ltm pool http_pool { members replace-all-with { 10.xx.xx.xx:yy { session user-disabled state user-up } } } Note: If the health monitor status remain Black circle after Option 2), perform Option 1) Note: Option 4 does not resolve the issue; it prevents the issue from occurring.

Fix Information

The pool member status is now correctly synced to other Device Group members after being Forced Offline and then Enabled on one Device Group member. This fix causes a return of ID1095217 on versions where ID1095217 had previously been Fixed.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips