device-group does not sync config completely after creating objects via REST API

Question

Hi guys,&nbsp;
I'm currently experiencing a strange phenomenon. We'll need to create lots of "Contexts" on vCMP guests. A cntext consists of an admin partition, route domain, traffic-group and objects within those). I wrote a script which does the following:&nbsp;
read some variables stored in a json-structured file (contains vCMP guest names, VLANS, IP adresses and so on)create a new partition, traffic-group and route domain on active BigIP cluster membermove VLANs from /Common to newly created partition (done on both members)link all of those togethercreate self IPs within VLANs (floating and non-floating; non-floating on both members)create upstream router pool and outbound forwarding virtualcreate inbound forwarding virtuals
All of those tasks are accomplished via REST API calls. Unless otherwise noted above, all of them are run against the active node and should be synchronized to the other (config auto sync is activated). Now here's the strange thing about it: The script completes without errors, and on the active node, everything looks fine, all objects present and correctly created in the right rd, traffic-group and so on.
Both nodes say "in Sync" on the GUI, but there are some objects missing on the second node, namely floating IPs, router pool and forwarding virtuals. Doing a "normal" sync manually (without checking the overwrite config checkbox) won't change anything, I suspect there isn't even any attempt since both members think, they already are in sync. 
When changing something within the ltm objects (e.g. on a virtual) via GUI, the sync status immediately changes to "sync failed", apparently because the changed object does not exist on the second node. The device group overview then says "Does not have the last synced configuration" for the second node. The problem can only be solved by running a manual full sync with "overwrite config" from the first to the second node. 
I suppose this to be a bug. Did anybody run into the same issue? How would you suggest to solve it?&nbsp;
Any hints appreciated!&nbsp;
Best regards&nbsp;
Martin&nbsp;

dragonflymr · Answer

Hi,&nbsp;
This is related to fact that your floating objects on Active are referencing objects local to Active (selfIPs, RDs, VLANs etc.) because of that sync can be performed - those are not present on Standby.&nbsp;
Do so small experiment, create manually VLAN (or RD) on Active - you will notice that status will be still in Sync. That is OK as far as you will not create any other floating object using this VLAN (like floating IP), then your sync will fail (as far as I remember from my tests).&nbsp;
So only solution is to create all the local objects on both Active and Standby and then create all floating on Active. That way sync will not fail.&nbsp;
Piotr&nbsp;

Forum Discussion

device-group does not sync config completely after creating objects via REST API

1 Reply

Recent Discussions

Geo Fence in ASM through irule for URI

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Related Content

A complete Multi-Cloud Networking walkthrough with F5 Distributed Cloud

Trust your CDN, but not completely

Create a DevCentral account

Re: Automate Data Group updates on many Big-IP devices using Big-IQ or Ansible

Create F5 BIG-IP Next Instance on Proxmox Virtual Environment