Symptoms

When active/standby clocks are not in sync this problem will manifest itself. On a failover, BIG-IP needs to determine the age of an entry so that it can update the TTL. This age determination depends on clocks on the active and standby which may not be in sync.

Impact

Entry may expire later or may expire early or may not get programmed if on failover we determine if it has already expired.

Conditions

This occurs in an HA deployment where NTP is not configured and the clocks are out of sync.

Workaround

Use NTP to sync clocks. This should reduce the error margin and make it as low as what NTP provides

Fix Information

Use NTP to sync active/standby pair for better accuracy of shun entry expiry.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips