Last Modified: Dec 18, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6
Opened: Feb 14, 2020 Severity: 3-Major
Some received packets are retransmitted back on the incoming VLAN interface.
Broadcast packets are forwarded back to the incoming VLAN interface might result in loops if there are multiple gateways on the network.
The symptom is found with the following conditions: 1. A forwarding virtual server is configured. 2. A packet is received whose destination MAC address is its unicast VLAN MAC address and the destination IP address is the broadcast address of that subnet.
Apply an iRule to network-forwarding virtual servers that drops packets destined to the broadcast IP address of local vlans. For example: ltm data-group internal /Common/local_broadcast_ips { records { 10.1.1.255/32 { } 10.1.2.255/32 { } } type ip } ltm rule do_not_fwd_to_bcast_addrs { priority 5 when CLIENT_ACCEPTED { if { [class match [IP::local_addr] equals local_broadcast_ips ] } { drop } } }
None