11.4.0 Peer device "disconnected" but syncing

Hi!

 

Could it be that you have network failover configured and the physical failover cable connected? There is a known bug and it sounds like that's the case here.

 

Disconnecting the failover cable would solve the issue (which is "cosmetical").

 

Kind regards, Patrik

 

Hi Ana,

 

I suspect your config sync and failover is via production interface and device trust between the peers were made via management interface.

 

That is the reason you don't face any issue with config sync and failover, though the peer is showing disconnected.

 

It is most likely to be a issue with device trust or mgmt connectivity issue.

 

Possible cause-1: If there is connectivity issue between trusted peers on management port, it will show device disconnected.

 

It will be fixed once mgmt reach-ability is made.

 

Possible cause-2: Since recently you have upgraded the firmware, it is most likely to be a certificate issue. No connectivity issue between peers, but peer certificate got expired or need to be renewed.

 

In this case, i suggest you to renew the device certificate of both peers and re-add in device trust peer list and accordingly changes to be done at Device Group as well.

 

Please let me know if you have any queries and also update me the status.

 

Thanks and Regards

 

Narendren S

 

Thank you all

 

Narendren: I did renew the certificates and re-add to device trust list, no changes.

 

I think it is closer to what Patrick says, although I can't remember right now if the failover cable is connected or not. Patrick, do you know where that bug is documented?

 

Thanks again, and Best Regards, Ana

 

is time in sync?

 

sol10240: Verifying NTP peer server communications

 

http://support.f5.com/kb/en-us/solutions/public/10000/200/sol10240.html

 

Hi Ana

Run this command:

tmsh show  sys failover cable

If it shows as unset you don't have a cable, if it shows cable status you have one. As for the bug, sorry but I can't find the SOL article.

Had this bug myself after an upgrade a few months ago which is why I knew about it.

/Patrik

Thanks Patrick

 

The point is I don't have it upgraded anymore, as the customer requested to perform a rollback, so I need to figure this out before the next upgrade attempt.

 

So, to keep it in mind for the next upgrade, I'd need to make sure the nodes see each other through the management interface, and have the failover cable disconnected?

 

Thanks again, Ana

 

It depends on which interface you use for config sync and network failover. The setup you had after the last upgrade should work fine from your description. As long as you can synchronize and do a manual failover removing the cable should not pose a problem.

 

If you want to be absolutely sure though you can always force one of the devices offline before removing the cable and check the status under devices before releasing the offline status.

 

Did you confirm that there was a failover cable between the two nodes?

 

/Patrik

 

You can test for a serial cable in v10 by running

b failover cable

.

/Patrik

I'll try doing as you recommend, or try and find the SOL and let customer know it is only a cosmetic issue (maybe it is better to keep the failover cable, just in case?)

 

As for the results of the above command, it seems that the cable is connected:

 

Active node: cable state 0 peer cable state 1

 

Standby node: cable state 1 peer cable state 0

 

Regards, Ana

 

I'd keep the network failover and get rid of the cable, or ask F5 for a hotfix. Getting used to seeing downed devices is never a good thing in case it really happens one day. :)

 

/Patrik