Reply

Filtering F5 change notifications.

Authority
Posts: 15
2255     0

I have run into a weird issue with F5 Big-IP systems generating excessive change notices. It seems that when SNMPv3 is configured with Authentication and Encryption, the Big-IP system re-hashes the SNMPv3 account password and key on a regular basis. The re-hashing of the passwords is picked up by NetMRI as a configuration change, causing the config to be uploaded and a notification of the change sent to subscribers. This is generating a lot of excess notifications. I have contacted F5 support, but have been told that this is expected behavior.

Does anyone know if a way to filter what NetMRI recognizes as a change to the system? I need to have it ignore these "password" changes but still recognize other modifications to the system.

I don;t really have anything

Guru
Posts: 61
2256     0

I don;t really have anything to help you, but I have more information about it.  

The passwords are rehashed every time you view the config (not periodically).

Additionally, the F5 software considers changing the terminal paging size to be a system change requiring a save ( and sync, if you run failover pairs).  If you run failover pairs, the configs will show up as out of sync.  It is basically triggering a change every time it grabs the config, creating an endless cycle of new archived configs.

F5 recently released new code to resolve the paging issue, but the password hashing is still a problem.  if the code works correctly, the paging issue should no longer trigger a change, so MRI should not pick up the change via snmp and it won't fetch a new copy of the config.

I have not been able to test the new F5 code, so this is all speculation based on release notes and my understanding of F5 and MRI.

We had a similar hashing

Expert
Posts: 185
2256     0

We had a similar hashing issue with our BlueCoat (WAN Opt) appliances.  Infoblox needed to change their code to mask out the password/hash when importing the config. I'd suggest opening a case to get it resolved.

-Lon.

Thank you for the feedback.

Authority
Posts: 15
2256     0

Thanks for the feedback everyone. I have a case open with Infoblox support on the issue. I'll report back when there is a solution.

Showing results for 
Search instead for 
Do you mean 

Recommended for You