Bug ID 655767: MCPD does not prevent deleting an iRule that contains in-use procedures

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Apr 06, 2017

Severity: 3-Major

Symptoms

If an iRule that is attached to a virtual server makes a procedure call in a different iRule, it is possible to delete the different iRule with no error. MCPD contains validation that should prevent a user from deleting an iRule that is currently in use by a virtual server, e.g.: 01070265:3: The rule (/Common/rule_uses_procs) cannot be deleted because it is in use by a virtual server (/Common/vs_http). However, if an iRule attached to a virtual server makes a procedure call in a different iRule, it is possible to delete the different iRule with no error. This results in a configuration that will subsequently fail to load (during a config load, MCPD validation will catch this), or will fail if a full configuration sync is performed.

Impact

System gets into a state where traffic may fail unexpectedly, and subsequent reboots, configuration loads, upgrades, or configuration sync operations will fail.

Conditions

Must be using iRules that call into other iRules.

Workaround

None. Use caution when deleting iRules, especially iRules that call into other iRules.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5, Inc. All rights reserved. Policies | Privacy | Trademarks