Issue with TS Listener and BIG-IP release 16.1.3.2 build 0.0.4

[gregcoward]

Environment

• Telemetry Streaming Version: f5-telemetry-1.32.0-2
• BIG-IP Version: 16.1.3.2 build 0.0.4

Summary

The appears to be an issue with the TS listener and the BIG-IP. After upgrading to the above noted version, telemetry events are no longer being generated for events, (AVR, LTM, ASM, AFM). System poller event collection is functioning correctly. This issue has been noted in three separate environments utilizing a combination of Splunk and generic consumers.

This has been reproduced using the following versions utilizing the same device and identical configurations:

•	16.1.0 build 0.0.19 -  Successful
•	16.1.1 build 0.0.16 - Successful
•	16.1.2.1 build 0.0.10 - Successful
•	16.1.3.2 build 0.0.4 - **Failed**

Steps To Reproduce

Steps to reproduce the behavior:

1. Submit the following AS3 declaration to configure all TS related resources:

{
	"class": "ADC",
	"schemaVersion": "3.10.0",
	"remark": "Example depicting creation of BIG-IP module log profiles",
	"Common": {
		"class": "Tenant",
		"Shared": {
			"class": "Application",
			"template": "shared",
			"telemetry_local_rule": {
				"remark": "Only required when TS is a local listener",
				"class": "iRule",
				"iRule": "when CLIENT_ACCEPTED {\n  node 127.0.0.1 6514\n}"
			},
			"telemetry_local": {
				"remark": "Only required when TS is a local listener",
				"class": "Service_TCP",
				"virtualAddresses": [
					"255.255.255.254"
				],
				"virtualPort": 6514,
				"iRules": [
					"telemetry_local_rule"
				]
			},
			"telemetry": {
				"class": "Pool",
				"members": [{
					"enable": true,
					"serverAddresses": [
						"255.255.255.254"
					],
					"servicePort": 6514
				}],
				"monitors": [{
					"bigip": "/Common/tcp"
				}]
			},
			"telemetry_hsl": {
				"class": "Log_Destination",
				"type": "remote-high-speed-log",
				"protocol": "tcp",
				"pool": {
					"use": "telemetry"
				}
			},
			"telemetry_formatted": {
				"class": "Log_Destination",
				"type": "splunk",
				"forwardTo": {
					"use": "telemetry_hsl"
				}
			},
			"telemetry_publisher": {
				"class": "Log_Publisher",
				"destinations": [{
					"use": "telemetry_formatted"
				}]
			},
			"telemetry_traffic_log_profile": {
				"class": "Traffic_Log_Profile",
				"requestSettings": {
					"requestEnabled": true,
					"requestProtocol": "mds-tcp",
					"requestPool": {
						"use": "telemetry"
					},
					"requestTemplate": "event_source=\"request_logging\",hostname=\"$BIGIP_HOSTNAME\",client_ip=\"$CLIENT_IP\",server_ip=\"$SERVER_IP\",http_method=\"$HTTP_METHOD\",http_uri=\"$HTTP_URI\",virtual_name=\"$VIRTUAL_NAME\",event_timestamp=\"$DATE_HTTP\""
				},
                "responseSettings": {
                    "responseEnabled": true,
                    "responseProtocol": "mds-tcp",
                    "responsePool": {
                        "use": "telemetry"
                    },
                    "responseTemplate": "event_source=\"response_logging\",hostname=\"$BIGIP_HOSTNAME\",client_ip=\"$CLIENT_IP\",server_ip=\"$SERVER_IP\",http_method=\"$HTTP_METHOD\",http_uri=\"$HTTP_URI\",virtual_name=\"$VIRTUAL_NAME\",event_timestamp=\"$DATE_HTTP\",http_statcode=\"$HTTP_STATCODE\",http_status=\"$HTTP_STATUS\",response_ms=\"$RESPONSE_MSECS\""
                }
			},
			"telemetry_http_analytics_profile": {
				"class": "Analytics_Profile",
				"collectGeo": true,
				"collectMaxTpsAndThroughput": true,
				"collectOsAndBrowser": true,
				"collectIp": true,
				"collectMethod": true,
				"collectPageLoadTime": true,
				"collectResponseCode": true,
				"collectSubnet": true,
				"collectUrl": true,
				"collectUserAgent": true,
				"collectUserSession": true,
				"publishIruleStatistics": true
			},
			"telemetry_tcp_analytics_profile": {
				"class": "Analytics_TCP_Profile",
				"collectCity": true,
				"collectContinent": true,
				"collectCountry": true,
				"collectNexthop": true,
				"collectPostCode": true,
				"collectRegion": true,
				"collectRemoteHostIp": true,
				"collectRemoteHostSubnet": true,
				"collectedByServerSide": true
			},
			"telemetry_asm_security_log_profile": {
				"class": "Security_Log_Profile",
				"application": {
					"localStorage": false,
					"remoteStorage": "splunk",
					"servers": [{
						"address": "255.255.255.254",
						"port": "6514"
					}],
					"storageFilter": {
						"requestType": "all"
					}
				}
			},            
            "telemetry_afm_security_log_profile": {
                "class": "Security_Log_Profile",
                "application": {
                    "localStorage": false,
                    "remoteStorage": "splunk",
                    "protocol": "tcp",
                    "servers": [
                        {
                            "address": "255.255.255.254",
                            "port": "6514"
                        }
                    ],
                    "storageFilter": {
                        "requestType": "illegal-including-staged-signatures"
                    }
                },
                "network": {
                    "publisher": {
                        "use": "telemetry_publisher"
                    },
                    "logRuleMatchAccepts": false,
                    "logRuleMatchRejects": true,
                    "logRuleMatchDrops": true,
                    "logIpErrors": true,
                    "logTcpErrors": true,
                    "logTcpEvents": true
                }
            }
		}
	}
}

3. Applied the following TS declaration:

	"class": "Telemetry",
    "controls": {
        "class": "Controls",
        "logLevel": "debug",
        "debug": true
     },
	"My_System": {
		"class": "Telemetry_System",
		"systemPoller": {
			"interval": 60
		}
	},
	"My_Listener": {
		"class": "Telemetry_Listener",
		"port": 6514
	},
    "My_Consumer": {
        "class": "Telemetry_Consumer",
        "type": "Splunk",
        "host": "************",
        "protocol": "https",
        "port": 8088,
        "allowSelfSignedCert": true,
        "passphrase": {
            "cipherText":"*************"
        }
    }
}

### Expected Behavior
Telemetry events generated from the system poller as well as events from various logging profiles directed to the telemetry listener endpoint should be generated and pushed to the identified consumer. 

### Actual Behavior
Only telemetry events generated from the system poller are being generated and pushed to the identified consumer.  

**Note:**  This issue has been noted in three separate environments utilizing a combination of Splunk and generic consumers.

[steina1989]

I have the same problem after recent upgrade to Big IP 16.1.3.2.

[steina1989]

I've been in contact with F5 support.
In my case, the issue was caused by a new db key which by default prohibits loopback addresses in irules.

If you have configured a local listener, with an irule such as
"when CLIENT_ACCEPTED {\n node 127.0.0.1 6514\n}"

then you need to run the following tmsh command.
modify sys db tmm.tcl.rule.node.allow_loopback_addresses value true

[G-gonzalezjimenez]

Hi, F5 BIG-IP Telemetry Streaming is entering a phase of ongoing maintenance and support. A product in maintenance mode continues to receive support and ensures its stability with regular critical fixes and security updates. This maintenance approach helps maintain the longevity and reliability of the product for the long term. Enhancement requests for this product will be evaluated on an individual basis, taking into consideration their overall impact and alignment with our business objectives. Only those with a strong case for improvement will be considered for implementation. There is no plan to deprecate this product. If you have a business case for this, please let me know and I will let you know how to contact us. Thank you