Bug ID 943577: Full sync failure for traffic-matching-criteria with port list under certain conditions

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1

Fixed In:
17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6

Opened: Sep 09, 2020

Severity: 3-Major

Symptoms

Performing a full configuration sync with traffic-matching-criteria (TMC) under specific conditions fails with errors similar to: err mcpd[6489]: 01070710:3: Database error (13), Cannot update_indexes/checkpoint DB object, class:traffic_matching_criteria_port_update status:13 - EdbCfgObj.cpp, line 127. err mcpd[6489]: 01071488:3: Remote transaction for device group /Common/Failover to commit id 245 6869100131892804717 /Common/tmc-sync-2-bigip1.test 0 failed with error 01070710:3: Database error (13), Cannot update_indexes/checkpoint DB object, class:traffic_matching_criteria_port_update status:13 - EdbCfgObj.cpp, line 127..

Impact

Unable to sync configurations.

Conditions

This may occur on a full-load config sync (not an incremental sync) On the device receiving the ConfigSync: - a traffic-matching-criteria is attached to a virtual server - the traffic-matching-criteria is using a port-list On the device sourcing the ConfigSync: - the same traffic-matching-criteria is attached to the same virtual server - the original port-list is modified (e.g. a description is changed) - the TMC is changed to reference a _different_ port-list

Workaround

Copy the "net port-list" and "ltm traffic-matching-criteria" objects from the source to target system, merge them with "tmsh load sys config merge", and then perform a force-full-load-push sync from source to target. If the BIG-IP systems are using device groups with auto-sync enabled, disable auto-sync temporarily while performing this workaround. 1. On the source system (the system whose configuration you want to sync to peer), save the configuration and extract the ltm traffic-matching-criteria and port-lists: tmsh save sys config (shopt -s nullglob; echo "#"; echo "# $HOSTNAME"; echo "# generated $(date +"%F %T %z")" cat /config{/partitions/*,}/bigip{_base,}.conf | awk ' BEGIN { p=0 } /^(ltm traffic-matching-criteria|net port-list) / { p=1 } /^}/ { if (p) { p=0; print } } { if (p) print; } ' ) > /var/tmp/portlists-and-tmcs.txt 2. Copy /var/tmp/portlists-and-tmcs.txt to the target system 3. On the target system, load that file: tmsh load sys config replace file /var/tmp/portlists-and-tmcs.txt 3a. If loading the config file on the target system fails with the same error message seen during a ConfigSync, follow the procedure in K13030: Forcing the mcpd process to reload the BIG-IP configuration :: https://support.f5.com/csp/article/K13030. tmsh save sys config clsh touch /service/mcpd/forceload clsh reboot 4. On the source system, force a full-load sync to the device-group: tmsh run cm config-sync force-full-load-push to-group <name of sync-group>

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips