Bug ID 667707: LTM policy associations with virtual servers are not ConfigSynced correctly

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0, 12.1.3.6

Opened: Jun 02, 2017
Severity: 3-Major

Symptoms

The association of Local Traffic Policies to virtual servers do not synchronize properly. This can result in configuration sync failures with error messages including: -- 01070635:3: The policy (/Common/asm_auto_l7_policy__vs_27) is referenced by one or more virtuals. -- Configuration error: The bot-defense-asm profile /Common/asm_policy_1 was added to virtual server /Common/vs1 but it does not match the asm-controlling policy. The bot-defense-asm profile is added to the virtual server automatically. -- 010716fd:3: Virtual Server '/Common/vs' cannot contain policies with conflicting controls. In other circumstances, BIG-IP systems report themselves as 'in sync' despite a virtual server having different local traffic policies associated. Under certain circumstances, configuration sync fails after an LTM policy is removed from a virtual server and deleted.

Impact

Configuration fails to sync, or devices report 'In Sync' but have different LTM policies associated with virtual servers.

Conditions

This occurs under the following conditions: -- Full sync operations (e.g., 'full-load-on-sync' or 'force-full-load-push'). And either of the following: -- Configuration changes made where local traffic policies are removed or added from a virtual server. -- Configuration changes made where a local traffic policy is removed from a virtual server, and then the virtual server is deleted.

Workaround

There is no workaround at this time.

Fix Information

Configuration sync is successful.

Behavior Change