Bug ID 956109: Modifying a traffic-matching-criteria with a port-list during a full sync may result in an incorrect configuration on the sync target

Last Modified: Jan 01, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
17.0.0, 16.1.1, 16.1.0, 16.1.0, 16.0.1, 16.0.1, 16.0.0, 16.0.0, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.2, 15.1.1, 15.1.1, 15.1.0, 15.1.0, 15.0.1.4, 15.0.1.3, 15.0.1, 15.0.0, 14.1.4, 14.1.3, 14.1.3, 14.1.2.8, 14.1.2.7, 14.1.2.6, 14.1.2.5, 14.1.2.4, 14.1.2.3, 14.1.2, 14.1.0

Fixed In:
17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6

Opened: Oct 15, 2020
Severity: 2-Critical

Symptoms

In a device service cluster, changing a traffic-matching-criteria object's port configuration and then performing a full-sync will cause the sync target's traffic-matching-criteria ports to be modified incorrectly. Once systems are in this state, further ConfigSyncs may result in these error messages: err mcpd[6489]: 01070710:3: Database error (13), Cannot update_indexes/checkpoint DB object, class:traffic_matching_criteria_port_update status:13 - EdbCfgObj.cpp, line 127. err mcpd[6489]: 01071488:3: Remote transaction for device group /Common/Failover to commit id 250 6869100131892804718 /Common/tmc-sync-2-bigip1.test 0 failed with error 01070710:3: Database error (13), Cannot update_indexes/checkpoint DB object, class:traffic_matching_criteria_port_update status:13 - EdbCfgObj.cpp, line 127..

Impact

BIG-IP configurations are out of sync (even though they show "In Sync"). Affected virtual servers will process more traffic than configured.

Conditions

-- Two or more BIG-IPs in a DSC. -- Using traffic-matching-criteria, and making changes.

Workaround

On an affected system, perform one of the two procedures to correct MCPD's in-memory configuration: 1. Remove the traffic-matching criteria from all virtual servers (or only affected virtual servers, if known), and then re-add the traffic-matching criteria. 2. Save the configuration and then follow the procedure in K13030: Forcing the mcpd process to reload the BIG-IP configuration. tmsh save sys config clsh touch /service/mcpd/forceload clsh reboot

Fix Information

None

Behavior Change