Last Modified: Sep 14, 2023
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4
Opened: May 14, 2018 Severity: 3-Major Related Article:
K43503050
There are multiple symptoms that a BIG-IP system shows when affected by this issue: -- License fails on bootup with the following error : halGetDossier returned error (7): Dossier generation failed. -- Failover between BIG-IP instances fails abruptly with the following error: Unable to retrieve domain name from ec2 metadata.
- License inoperable after bootup. - Failover between BIG-IP systems does not complete successfully.
-- Both the licensing and Failover/HA in AWS depends on access to the instance metadata provided by the EC2 cloud via the http endpoint at 169.254.169.254. -- The default gateway provided by AWS through DHCP ensures access to this metadata endpoint without any additional configuration. However, when using a custom default gateway, the access to the instance metadata endpoint might not work.
Configure a route for 169.254.169.254/32 to get to the AWS subnet default gateway. And then run a startup script after mcpd is up to reload the license. The workaround has two parts. WORKAROUND: ---------- Before upgrade: Part 1: ------- On the BIG-IP system, create a management-route for the link-local destination 169.254.169.254. 1) Set db key to allow route for link-local address: tmsh modify sys db config.allow.rfc3927 value enable 2) Create management-route for 169.254.169.254/32 that points to the AWS-provided subnet default gateway: tmsh create sys management-route meta-endpoint network 169.254.169.254/32 gateway <AWS subnet GW IP> 3) Save the config: tmsh save sys config 4) Create a qkview: qkview -f /var/tmp/before_upgrade PART 2 ------- Workaround: ---------- Reload the license by running a script once the system is up. (This process is fully documented in K11948: Configuring the BIG-IP system to run commands or scripts upon system startup :: https://support.f5.com/csp/article/K11948.)
None