Bug ID 423368: BIG-IP is unstable after reboot when SNMP community is created in a non-common partition.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9

Fixed In:
11.5.0

Opened: Jun 17, 2013
Severity: 3-Major
Related Article:
K15421

Symptoms

If an SNMP community is created from a different partition, the community is created under that partition, instead of under the Common partition. SNMP configuration is global, and hence the communities should be under Common. However, the web interface does it correctly.

Impact

Upon reboot, standby blades can go active and refuse to go to standby. Also, it is possible that when a secondary blade goes active, it will experience a config load failure. These impacts may be experienced individually or together.

Conditions

If such a configuration exists, the normal flow of mark and sweep during config load will occasionally not go well, especially in CMP environments.

Workaround

Change the community created under another partition to be under common. This should be done in bigip_base.conf and config reloaded. if the bad config (in bigip_base.conf) was - sys snmp { ... communities { /PARTITION_OTHER/my_community { community-name my_community } ... } ... } change the entry to - sys snmp { ... communities { /Common/my_community { community-name my_community } ... } ... }

Fix Information

In 11.5.0, if an invalid SNMP community is detected upon upgrade, it will be removed. If an SNMP community configuration item is created in another partition or sub-folder, it is effectively non-functional and removing the object should have zero impact. These objects are also not visible through TMSH or TMUI, so visibility is also not impacted. Also in 11.5.0, if creation of an invalid SNMP community is no longer allowed via TMSH or TMUI.

Behavior Change