Bug ID 554899: MCPD core with access policy macro during config sync in HA configuration

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 12.0.0, 12.0.0 HF1, 12.0.0 HF2

Fixed In:
12.1.0, 12.0.0 HF3, 11.6.1

Opened: Oct 28, 2015

Severity: 3-Major

Related Article: K57540380

Symptoms

In high availability config sync, the destination mcpd might crash if the user does the following steps: 1. Manually edit bigip.conf file at source to remove an access policy item (my-ap-1_mac_mymac1) that calls a macro, from the original access policy (my-ap-1) to another access policy (my-ap-2); 2. Load the modified config into running config; 3. Delete the original access policy (my-ap-1) before manually starting the config sync. The modified source configuration is sent to the destination during the manual incremental config sync, resulting in destination mcpd logging an error message: err mcpd[5441]: 01020036:3: The requested access_policy_name (/Common/my-ap-1) was not found. Immediately following the error message, the destination mcpd will crash and generate a core file.

Impact

During config sync, the destination BIG-IP system's mcpd crashes and restarts.

Conditions

Config sync is manual incremental, and the user manually edits /config/bigip.conf to modify the source configuration such that an access policy item with a macrocall is removed from the original access policy to another access policy, and then the original access policy is deleted, all before the manual config sync is started.

Workaround

After removing the access policy item with a macrocall from the original access policy to another access policy and loading into the source running the configuration, do not delete the original access policy. Instead, start the config sync right away. After this first config sync is successful, delete the original access policy at the source, and then start the second config sync to finish the operation.

Fix Information

MCPD no longer cores with access policy macro during config sync in high availability configuration.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips