Last Modified: Aug 05, 2025
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
17.5.1
Opened: Jun 26, 2025 Severity: 3-Major
With 'auto-failback-enabled true', after a change to the ha-order which promotes a new device to the preferred, multiple devices can appear as active.
For the most part this is largely cosmetic. The previous active will stay standby but peers will see it as active. However, in device-groups of 3 or more, if this is performed multiple times it can lead to a condition where all devices stay standby.
A change to the ha-order is made from a device that is not the current active, and the change is not sync'd before the auto-failback-time expires (5s in this case) i.e. ha-order { /Common/bigip1 <--- current active /Common/bigip2 /Common/bigip3 } From bigip2 a change is made to promote bigip2: ha-order { /Common/bigip2 <--- new active /Common/bigip1 /Common/bigip3 } Change is not sync'd until 10s later. bigip2 goes active due to config CRC no longer matching, but bigip1 while staying standby will continue to assert that it wants to be active. tmsh show cm traffic-group ----------------------------------------------------------------------------------------- CentMgmt::Traffic-Group Name Device Status Next Previous Active Active Active Reason ----------------------------------------------------------------------------------------- traffic-group-1 bigip1 active true true - << asserting active (incorrect) traffic-group-1 bigip2 active false false auto-failback << is active traffic-group-1 bigip3 standby false false - traffic-group-local-only - - - - -
Restarting sod will clear the condition: bigstart restart sod Issue can be avoided by making sure the change to ha-order is made from the current active and/or sync changes before the auto-failback-timer expires.
None