Bug ID 519102: On failover, TTL may not be preserved

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Fixed In:
12.0.0

Opened: Apr 20, 2015
Severity: 2-Critical

Symptoms

When active/standby clocks are not in sync this problem will manifest itself. On a failover, BIG-IP needs to determine the age of an entry so that it can update the TTL. This age determination depends on clocks on the active and standby which may not be in sync.

Impact

Entry may expire later or may expire early or may not get programmed if on failover we determine if it has already expired.

Conditions

This occurs in an HA deployment where NTP is not configured and the clocks are out of sync.

Workaround

Use NTP to sync clocks. This should reduce the error margin and make it as low as what NTP provides

Fix Information

Use NTP to sync active/standby pair for better accuracy of shun entry expiry.

Behavior Change