Bug ID 918905: PCCD restart loop when using more than 256 FQDN entries in Firewall Rules

Last Modified: Dec 13, 2023

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2

Fixed In:
16.1.0, 15.1.10

Opened: Jun 18, 2020

Severity: 3-Major

Symptoms

PCCD enters a restart loop, until the configuration is changed such that 256 or fewer FQDN entries are in use. Errors are reported to the terminal screen: pccd[23494]: 015d0000:0: pccd encountered a fatal error and will be restarted shortly...

Impact

PCCD goes into a restart loop. PCCD is not functional until there are 256 or fewer entries.

Conditions

Greater than 256 FQDN entries are in use in Firewall Rules.

Workaround

Use 256 or fewer FQDN entries in Firewall Rules. To aid in the removal of extra rules when using tmsh, you can prevent PCCD restart messages from flooding the console: 1. Stop PCCD to halt the restart messages: bigstart stop pccd 2. Modify the configuration. 3. Bring PCCD back up: bigstart start pccd

Fix Information

PCCD restart loop no longer occurs when using more than 256 FQDN entries in Firewall Rules.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips