Forum Discussion

HG's avatar
HG
Icon for Cirrus rankCirrus
Feb 25, 2016

datasync-global-dg makes the F5 to go offline

Hi all,

 

I have 2 F5 virtual edition devices version 12.0.0 Build 1.0.628 Hotfix HF1 in HA pair. First of all I had those devices with LTM,GTM,ASM and APM modules enabled in version 12.0.0 build 0.0.606. I had issues trying to add the hotfix to both of them having all these modules provisioned.It was needed for me to leave only LTM enabled in order to boot from the new partition with the hotfix. Anyway, the problem now comes with the datasync-global-dg group which is created automatically when you provision ASM.The standy by device keeps going offline at random times and the log messages I receive are:

 

1) HA proc_running datasyncd fails action is go offline and down links. 2) Removed subscription with subscriber id DATASYNCD_Subscriber 3) Leaving Standby for Offline for ha table offline_cond.

 

Both devices go to state "changes pending" with a reference to datasync-global-dg group. One more strange thing is that I cannot select this group when I go Options -> Application Security -> Synchronization -> Application Security Synchronization on the ASM module menu.

 

Something seems to go wrong with the ASM and this group. Does anyone have any idea why this problem occurs ??

 

Thanks.

 

1 Reply

  • The datasync-global-dg device group is a special device group. When you first provision ASM it is created. You may have noticed at this time that your CPU went to 100% and the device remained unresponsive for up to five minutes. When you first add another BigIP to your trust you should sync the datasync-global-dg from one unit to the other. It doesn't sync any of the normal things you would expect, but rather shares cryptographic information used by the ASM.

     

    From https://support.f5.com/kb/en-us/solutions/public/16000/500/sol16509

     

    Impact of procedure: During the synchronization, the devices receiving the sync may go offline for approximately 3 minutes. After the synchronization is complete, the receiving devices should return to an online state. F5 recommends that the synchronization be initiated from the device that is currently active to avoid potential traffic disruption.

     

    As such the behavior you are describing is expected (especially if you have turned on autosync for this device group). You will want to read SOL 16509 for a better understanding. This also explains why you cannot select this device group under: Options -> Application Security -> Synchronization -> Application Security Synchronization. It is not a sync group in the traditional sense.

     

    If you do not have autosync and are not syncing this device group manually you may wish to open a case with support and have them take a look.