Last Modified: Mar 07, 2025
Affected Product(s):
BIG-IP F5OS, F5OS-A, F5OS-C, Velos
Known Affected Versions:
17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.5.0
Opened: Dec 05, 2024 Severity: 2-Critical
In certain scenarios, such as restoring a UCS on an F5OS tenant, if the VLANs in F5OS are disabled, the TMM may egress broadcast traffic such as gratuitous ARPs onto the disabled VLANs.
This could cause IP address conflicts on the network or other issues related to unexpected broadcast traffic such as gratuitous ARPs on the network.
-- VLAN is currently assigned to any tenant. -- An F5OS tenant where VLANs were assigned and then removed. -- An F5OS tenant where TMM is not in forced-offline mode. -- An action occurs on the tenant (such as restoring a UCS or restarting TMM, or loading the config) that results in gratuitous ARPs.
- In F5OS, remove the affected VLANs from the LAG or interface. - In F5OS, ensure there is at least one VLAN still attached to the tenant. This could be a temporary VLAN. - On the tenant, use forced offline to prevent traffic egress. - If you are restoring a UCS from another BIG-IP such as for a platform migration, put the source BIG-IP into a forcedoffline state before taking the UCS. - Delete the tenant, and recreate without any VLANs assigned. - In F5OS, remove the VLAN from all tenants.
None