Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 12.0.0, 12.0.0 HF1, 12.0.0 HF2
Fixed In:
12.1.0, 12.0.0 HF3, 11.6.1
Opened: Oct 28, 2015 Severity: 3-Major Related Article:
K57540380
In high availability config sync, the destination mcpd might crash if the user does the following steps: 1. Manually edit bigip.conf file at source to remove an access policy item (my-ap-1_mac_mymac1) that calls a macro, from the original access policy (my-ap-1) to another access policy (my-ap-2); 2. Load the modified config into running config; 3. Delete the original access policy (my-ap-1) before manually starting the config sync. The modified source configuration is sent to the destination during the manual incremental config sync, resulting in destination mcpd logging an error message: err mcpd[5441]: 01020036:3: The requested access_policy_name (/Common/my-ap-1) was not found. Immediately following the error message, the destination mcpd will crash and generate a core file.
During config sync, the destination BIG-IP system's mcpd crashes and restarts.
Config sync is manual incremental, and the user manually edits /config/bigip.conf to modify the source configuration such that an access policy item with a macrocall is removed from the original access policy to another access policy, and then the original access policy is deleted, all before the manual config sync is started.
After removing the access policy item with a macrocall from the original access policy to another access policy and loading into the source running the configuration, do not delete the original access policy. Instead, start the config sync right away. After this first config sync is successful, delete the original access policy at the source, and then start the second config sync to finish the operation.
MCPD no longer cores with access policy macro during config sync in high availability configuration.