Manual Chapter : BIG-IQ considerations

Applies To:

Show Versions Show Versions

BIG-IP LTM

  • 15.1.0, 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0

BIG-IP DNS

  • 15.1.0, 15.0.1, 15.0.0, 14.1.2, 14.1.0, 14.0.1, 14.0.0, 13.1.3, 13.1.1, 13.1.0
Manual Chapter

BIG-IQ considerations

Format of encrypted object strings

Like the BIG-IP system, the BIG-IQ system uses the Secure Vault feature to encrypt configuration object passwords and passphrases. However, the encrypted object strings do not start with
$M$
as they do on the BIG-IP system. Instead, the BIG-IQ system has its own starting string,
$6$
, as shown in these examples:
encrypted-password $6$NHVhF9wT$OWbQE5S.nfY/MTR4Agwru/qwl8IAcKWomeB4G6otahGu37KuTDGILDnKX7r9DTiL/Y7sdneuPT0LZI0G9Ccyg0 encrypted-password $6$V2Fq.kAw$CsMe0DCi1Q0q2.gO/QKIkG4Ye9SyB9ZDu9BRpbPIY9CQqUHrsfB7jY3eYmQdSqyC.cej8mgTpb.QvuKhJFIIM.

About device discovery

During the initial setup of your BIG-IQ system, you chose a specific master key passphrase. You must use this same passphrase during the initial setup later of other BIG-IQ or data collection device (DCD) systems that need to discover one another.
If the master key passphrases do not match, a BIG-IQ device cannot discover a remote DCD system, and the system generates an error message similar to this:
Discovery of BIG-IQ Data Collection Device 192.168.10.100 failed with state POST_FAILED and due to error Master Keys differ between this BIG-IQ and the one you are attempting to discover. Please configure both machines to have the same Master Key.
Before initiating any discovery process, make sure that the master keys on the two systems match. To view the master key for each system, simply open a console window on each system, log in, and at the system prompt, type the command
f5mku -K
.

Resolving discovery issues

If the master key passphrase on a data collection device (DCD) doesn't match the master key passphrase on a BIG-IQ system, any attempt for the two devices to discover each other will fail.
The steps you take to solve this issue differ depending on whether you know the passphrase for the BIG-IQ master key.

Solution 1: Specify the BIG-IQ passphrase on the DCD

Use this procedure when a BIG-IQ system and a data collection device (DCD) fail to discover one another, but you know the passphrase for the BIG-IP system's master key. A discovery operation fails if the master keys of the BIG-IQ system and the DCD system don't match.
To resolve the discovery failure, you can restore the DCD system configuration to the factory default and begin a new first-time setup procedure. During DCD setup, you specify the same master key passphrase that's on the BIG-IQ system. Once the procedure is completed, you can attempt the discovery operation again.
  1. Using a program such as PuTTY, open a console window on the BIG-IQ system.
  2. Log in to the system.
  3. At the system prompt, reset the DCD system configuration to the default by typing this command:
    clear-rest-storage -d -l
  4. If you see the message
    Member of an HA pair. Use
    ha_reset
    before trying to clear storage
    , type this command:
    ha_reset
    local discovery address
    You can ignore the message
    Error: error doing query...
  5. Repeat step 3.
  6. Obtain the BIG-IQ system master key passphrase for the next step.
  7. Log in to the DCD system user interface and follow the first-time setup procedure.
    During the master key step of the first-time setup procedure, ensure that you type the BIG-IQ system master key passphrase.
  8. Log in to the BIG-IQ system user interface and rediscover the DCD system.

Solution 2: Specify a new BIG-IQ master key passphrase

Perform this task when a BIG-IQ system and a data collection device (DCD) fail to discover one another, and you do not know the passphrase for the BIG-IP system's master key. A discovery operation fails if the master keys of the BIG-IQ system and the DCD system don't match.
When you don't know the BIG-IQ system's master key passphrase, you can perform the following task to restore both the BIG-IQ and DCD system configurations to their factory defaults and begin a new first-time setup procedure on each system. Once these setup procedures are completed, you can attempt the discovery operation again.
  1. Using a program such as PuTTY, open a console window on the BIG-IQ system.
  2. Log in to the system.
  3. At the system prompt, reset the BIG-IQ system configuration to the default by typing this command:
    clear-rest-storage -d -l
  4. If you see the message
    Member of an HA pair. Use
    ha_reset
    before trying to clear storage
    , type this command:
    ha_reset
    local discovery address
    You can ignore the message
    Error: error doing query...
  5. Log in to the BIG-IQ system user interface and follow the first-time setup procedure.
    During the master key step of the procedure, choose a new master-key passphrase, and store the passphrase in a safe place.
  6. Using a program such as PuTTY, open a console window on the DCD system.
  7. Log in to the system.
  8. At the system prompt, reset the DCD system configuration to the default by typing this command:
    clear-rest-storage -d -l
  9. Log in to the DCD system user interface and follow the first-time setup procedure.
    During the master key step of the first-time setup procedure, ensure that you type the BIG-IQ system master key passphrase.
  10. From the user interface of the BIG-IQ system, rediscover the DCD system.