Bug ID 566071: network-HSM may not be operational on secondary slots of a standby chassis.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2

Fixed In:
13.0.0, 12.1.3, 11.6.2

Opened: Jan 06, 2016

Severity: 2-Critical

Related Article: K95430458

Symptoms

pkcs11d may not be running on secondary slots of a chassis.

Impact

If SSL profiles are configured with keys of security-type 'nethsm' when the specified conditions are true, traffic for such profiles will fail when the affected slots process traffic.

Conditions

This might occur when the following conditions are true: 1. Network-HSM installed on BIG-IP chassis. 2. Chassis is in standby state OR Secondary slots do not have management IP configured.

Workaround

Manually install netHSM on each secondary slot.

Fix Information

netHSM install no longer depends on management IP of secondary slots and also successfully installs on slots of a standby chassis.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips