Forum Discussion

Cepras007's avatar
Cepras007
Icon for Nimbostratus rankNimbostratus
Jan 10, 2024

HA sync problem after upgrade from v17.11 to v17.1.1.1

Hi

I have problem with HA configsync after upgrade from v17.1.1 to v17.1.1.1 tenants on VELOS.

After upgrade the device 1 connnects to the device 2 (port 4353) but the device 2 is not able connects to the device 1. When I try ping or open SSH connection from the device 2 to the device 1 evriting is OK. But telnet on the port 4353 faild. (I don't see any packet in tcpdump on devices). No network changes have made. In LTM log on the device 2 are these records:

 

grep -i cmi /var/log/ltm

... notice mcpd[5324]: 0107143c:5: Connection to CMI peer 192.168.1.1 has been removed
... err mcpd[5324]: 0107142f:3: Can't connect to CMI peer 192.168.1.1, port:6699, Transport endpoint is not connected
... err mcpd[5324]: 0107142f:3: Can't connect to CMI peer 192.168.1.1, TMM outbound listener not yet created
... notice mcpd[5324]: 01071451:5: Received CMI hello from /Common/xxx.yyy.zzz

 I¨ve reset an estabilish device tust again, but the problem persist.
When I rollback to the previous version on both devices, evriting is OK.

Does anyone have any idea what this could be?

  • Take a look at the following resources:

    https://my.f5.com/manage/s/article/K75975904

    https://my.f5.com/manage/s/article/K13946

    Remember.... make sure both dedicated TMM IP addresses for HA have connectivity. Port lockdown should be set to default here. Make sure you have device trust in place, and both devices were able to share their SSL device certs (make sure they are valid and not expired). For Configsync, make sure you use TMM IP address, for Network Failover be sure to use BOTH TMM IP address and management IP address, and selectively configure mirroring if you like. Make sure all of these settings are checked on BOTH units. Make sure the device group has both devices in it. Make sure time is synced to at least 3 time sources (check via ntpq -p via CLI).

    • Cepras007's avatar
      Cepras007
      Icon for Nimbostratus rankNimbostratus

      Thank you Whisper
      I¨ve checked all the settings which you have suggested and I went through both articles.
      Everything is OK.
      It looks like something is blocking outbound traffic on port 4353 at the TMM level. Because, if I try telnet on port 4353 from the device 2 to the device 1, I can't capture any packets anywhere. (not even on the device 2) But from the device 1 in oposite direction the telnet comunication is OK