Bug ID 1067669: TCP/UDP virtual servers drop all incoming traffic

Last Modified: Jan 14, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP GTM, LTM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1

Opened: Dec 13, 2021
Severity: 2-Critical

Symptoms

-- Incoming TCP/UDP traffic is not processed by virtual servers on the BIG-IP system. Instead, legitimate traffic appears to be dropped by the BIG-IP system. -- A tcpdump taken on the BIG-IP system shows the traffic arriving on VLAN 0 instead of the actual VLAN. -- Inspection of the dns_rapid_response_global tmstat table shows many entries in the failed_ifc column.

Impact

All TCP/UDP virtual servers fail to process incoming traffic.

Conditions

-- Using a BIG-IP 2000, 4000, or VE device. -- Using a trunk with an untagged VLAN. -- Using a virtual server with a dns profile configured for rapid-response.

Workaround

You can work around this issue by performing any one of the following actions: -- Avoid using an untagged VLAN with your trunks. -- Avoid using a trunk if you cannot avoid using untagged VLANs. -- Disable rapid-response in all dns profiles (this option is disabled by default).

Fix Information

None

Behavior Change