Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1
Opened: Oct 21, 2016 Severity: 3-Major
Under some stress conditions, the N3FIPS device in the 10350F platform may stop responding to requests and cause the following error logs to appear in /var/log/ltm.log: Oct 3 11:44:53 n3fips-1 crit tmm1[20259]: 01010025:2: Device error: crypto codec fips-crypto0-1 queue is stuck. Oct 3 11:44:53 n3fips-1 crit tmm9[20259]: 01010025:2: Device error: crypto codec fips-crypto0-9 queue is stuck. From this point on, the command "tmsh show sys crypto fips" will always return an error. As a result, the following SNMP trap will be generated: V2Trap(140) .1.3.6.1.2.1.1.3.0=12682 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.4.1.3375.2.4.0.156 .1.3.6.1.4.1.3375.2.4.1.1="Vendor init error: -36 FIPS device fault" .1.3.6.1.6.3.1.1.4.3.0=.1.3.6.1.4.1.3375.2.4
The unit can no longer process any FIPS related traffic and all FIPS operations will fail. Rebooting the unit will cause the FIPS device to disappear from the system and it will not find any supported FIPS devices.
This is seen randomly under some stress conditions.
Power cycling the unit will recover full FIPS functionality. This can be done by selecting "P --- Power on/off host subsystem" in the AOM Command Menu and then toggling the power state.
None