Manual Chapter :
System behavior for master-key sync
Applies To:
Show Versions
BIG-IP LTM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
BIG-IP DNS
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0
System behavior for master-key sync
When your BIG-IP devices are configured in a Device Service Clustering (DSC) device group, all devices in the device group must have the same master key. To ensure this, DSC behaves in these ways:
- When a new device joins a device group, the device that syncs its configuration to the new device also syncs a copy of its master key to the new device.
- Whenever you modify the master key on a device group member, the BIG-IP system syncs the updated key to all other members of the device group. The updated key overwrites the master key that's currently on each device. To verify that the master key synced properly (either automatically or manually) to each device in the device group, you can open a console window on each device and at the system prompt, use the commandf5mku -Kto view the encrypted master key and compare it to the master key on the other devices.
- Encrypted passwords and passphrases for BIG-IP configuration objects specified in the file/config/bigip.confmight appear differently when comparing the configuration files from different devices in the device group. This is because each device's instance of the mcpd process uses a different salt, or random data, to encrypt and decrypt passwords and passphrases. This does not affect configuration synchronization (config sync) in any way.