Last Modified: Sep 14, 2023
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6
Fixed In:
15.0.0
Opened: Sep 06, 2018 Severity: 3-Major
After changing the network failover port in the GUI, the configuration contains different values for 'effective-port' and 'port'. This may result in failover heartbeats from peer devices being sent to a different port than the one where the local system is actually listening to receive the traffic. Both sets of IP and port can be examined via tmsh: tmsh list cm device <name of local device> cm device /Common/bigip1 { unicast-address { { effective-ip management-ip effective-port 1026 <--- the port to which peers send traffic ip management-ip port 4094 <--- the local system listens on this port }
HA heartbeat traffic may be disrupted, which could result in multiple devices becoming active simultaneously.
-- Changing the network failover address via the BIG-IP GUI to a different value (i.e., changing it away from the default, 1026).
Use tmsh or iControl REST to modify the unicast network failover addresses for the local system.
Changing the unicast network failover port via the BIG-IP GUI now updates both the 'effective-port' and 'port'.