Bug ID 436674: The msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime values contained in SNMPv3 trap message may be incorrect after the SNMP agent reboot.

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9

Opened: Nov 05, 2013
Severity: 2-Critical
Related AskF5 Article:
K17271

Symptoms

After the reboot of the SNMP agent (snmpd), the SNMPv3 trap messages generated from the BIG-IP may contain the incorrect msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime values. After that, msgAuthoritativeEngineBoots value will also be out of sync with the engineBoots value in /config/net-snmp/snmpd.conf.

Impact

Some SNMP monitoring servers (e.g., SpectroSERVER) can lose the ability to poll the BIG-IP system. When the BIG-IP system sends out the incorrect values, the monitoring server thinks the information has been spoofed and it loses the ability to poll the BIG-IP until manual intervention.

Conditions

Configure SNMPv3 trap destination on the BIG-IP system and observe the msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime values in the generated trap messages. Reboot the SNMP agent (e.g., 'tmsh restart sys service snmpd') and observe these values again in the subsequent SNMPv3 trap messages.

Workaround

This issue has no workaround at this time.

Fix Information

None

Behavior Change