Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP LTM
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.0.0
Opened: Sep 30, 2016
Severity: 3-Major
After BIG-IP upgrading in the multi-blade platform configured with Thales, the secondary platform fails to carry over Thales configuration. When running enquiry at primary slot, you will get response about Thales config. At secondary slot, you will not be able to run "enquiry".
Secondary slot doesn't have Thales HSM configured.
Thales installed on chassis.
Wait for csynced finish syncing /shared/nfast from primary slot to the secondary slot. Then run "clsh bigstart restart pkcs11d". While waiting, run this command to compare the folder size of /shared/nfast/. [root@localhost:/S1-green-P:Active:Standalone] config # clsh "du -sh /shared/nfast/" === slot 2 addr 127.3.0.2 color green === 220M /shared/nfast/ === slot 3 addr 127.3.0.3 color red === === slot 4 addr 127.3.0.4 color blue === === slot 1 addr 127.3.0.1 color green === 220M /shared/nfast/ Another workaround(maybe faster) is to reinstall Thales after upgrading. Csyncd could take 10+ minutes to finish sync'ing. A third workaround is to scp /shared/nfast/ from primary slot to secondary slot. After that, run "bigstart restart pkcs11d" e.g., [root@localhost:/S1-green-P:Active:Standalone]scp -r /shared/nfast/ slot2:/shared/
None
