Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1
Fixed In:
12.0.0, 11.6.1 HF2, 11.5.3
Opened: Mar 06, 2014 Severity: 3-Major Related Article:
K16233
Combining HA group with other types of failover mechanism such as VLAN Failsafe or Gateway Failsafe results in traffic going to failed device.
Because the HA Group score might favor the failed device, there could be no active traffic group on any device.
HA-group should not be combined with other types of failover mechanism such as VLAN Failsafe or Gateway Failsafe. If these mechanisms are combined, the failsafe causes all traffic groups to go to standby on the failed device.
Replace the failover VLAN or Gateway with an HA group. Note: HA group should not be combined with other types of failover mechanism such as VLAN Failsafe or Gateway Failsafe. If these mechanisms are combined, the failsafe causes all traffic groups to go to standby on the failed device.
If a device goes to standby due to a failsafe operation, the HA Group Scores on that device are forced to zero, so that the traffic groups can become active on an active device. This is the correct behavior.
In the previous code, if a user configured both HA Group Score and an HA Failsafe, when the failsafe triggered, all traffic groups on the failed device would transition to Standby. However, the group score for that device would remain at the prior value so that the traffic group would not become active on another device. The result was a traffic group that was not active on any device. With this change, the traffic group score on the failed device is forced to 0, since the failsafe condition indicates that the device is not acceptable to host any traffic group. The HA Group scoring algorithm then activates the traffic group on the best remaining non-failed device.