Bug ID 517988: TMM may crash if access profile is updated while connections are active

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.4.1, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.0 HF6, 11.5.3 HF2, 11.4.1 HF10

Opened: Apr 14, 2015

Severity: 2-Critical

Symptoms

The BIG-IP system has a virtual server with an access profile. There is live traffic using that virtual. If the access profile is updated, enforcement of certain behaviors on the live traffic may end up accessing stale profile data, and result in a crash.

Impact

Traffic disrupted while tmm restarts.

Conditions

If an access profile is attached to a virtual server, and the profile is updated while the virtual has active connections.

Workaround

(These are untested...) Without HA, (1) disable virtuals using access profile, (2) delete any active connections on the virtuals, (3) update access profile, and, (4) enable virtuals. With HA, (1) update access profile on standby, (2) failover to the standby, and (3) sync the configuration.

Fix Information

Upon access profile update, cleanup of the previous profile data is deferred until there are no active connections referencing it.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips