Last Modified: Jan 30, 2024
Affected Product(s):
F5OS Velos
Fixed In:
F5OS-C 1.5.0, F5OS-A 1.3.0, F5OS-A 1.2.0
Opened: Jan 10, 2022 Severity: 2-Critical
On the VELOS platform, any packets destined to a masquerade MAC address are dropped when the masquerade MAC is located on a shared VLAN (a VLAN shared between multiple F5OS tenants). On rSeries hardware platforms, all traffic for this MAC is first handled by the software-rebroadcaster and is replicated to all tenants sharing that VLAN.
Connectivity issues.
-- A masquerade MAC is configured on a shared VLAN. -- Traffic to the MAC address is initiated, that is, ping a floating self-IP. -- The packets are dropped on ingress.
Configure a static FDB entry at the partition level.
Packets are no longer dropped when a masquerade MAC is on a shared VLAN.