Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.0.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.5.1 HF1, 11.6.1 HF1, 11.5.1 HF2, 11.6.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.6.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1
Fixed In:
11.5.0, 11.4.1 HF4, 11.4.0 HF8, 11.3.0 HF9, 11.2.1 HF11
Opened: Oct 25, 2013 Severity: 2-Critical Related Article:
K14949
If a BIG-IP system is configured with several AAA Servers, each of which is using pool as a backend server, if mcpd or the BIG-IP system is restarted, and then another AAA Server is added, which is also configured to use a pool, that new server might use an existing pool, which results in accessing the wrong backend server.
The impact is that authentication requests may go to the wrong backend server. This issue occurs intermittently.
This occurs when some AAA Servers exist and are configured with pools, and mcpd restarts before add or modify operation for another AAA Server that uses a pool.
You can work around this issue using command: tmsh load sys config OR remove all related AAA Servers, pool, and nodes, and recreate them without restarting mcpd or the BIG-IP system. After restarting, do not add or modify AAA Servers with pools configured.
Layered virtual servers are now assigned the correct IP addresses, and no longer conflict or interfere with each other.