Bug ID 566071: network-HSM may not be operational on secondary slots of a standby chassis.

Last Modified: Mar 12, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
13.0.0, 12.1.3, 11.6.2

Opened: Jan 06, 2016
Severity: 2-Critical
Related AskF5 Article:
K95430458

Symptoms

pkcs11d may not be running on secondary slots of a chassis.

Impact

If SSL profiles are configured with keys of security-type 'nethsm' when the specified conditions are true, traffic for such profiles will fail when the affected slots process traffic.

Conditions

This might occur when the following conditions are true: 1. Network-HSM installed on BIG-IP chassis. 2. Chassis is in standby state OR Secondary slots do not have management IP configured.

Workaround

Manually install netHSM on each secondary slot.

Fix Information

netHSM install no longer depends on management IP of secondary slots and also successfully installs on slots of a standby chassis.

Behavior Change