Last Modified: Jul 25, 2024
Affected Product(s):
BIG-IP All, F5OS, F5OS-A
Known Affected Versions:
15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, F5OS-A 1.3.1, F5OS-A 1.3.2, F5OS-A 1.5.0, F5OS-A 1.5.1, F5OS-A 1.5.2
Opened: Jan 30, 2023 Severity: 3-Major
When a VLAN configured in the tenant does not have the same name as the VLAN on in F5OS, or the VLAN in the tenant is created in a partition other than "Common", the VLAN may not pass traffic properly. If any such VLANs exist, newly-configured VLANs may also exhibit this issue, even if the VLAN is in Common and has a name that matches the name in F5OS. For tenants running on an r2000 or r4000-series appliance, the tenant needs to know the VLAN<>interface mapping, but the system is not able to populate this information when the VLAN is not in the Common partition. The system may have log messages similar to the following: Feb 15 15:39:49 r4000-1.example.com err mcpd[19522]: 01070094:3: Referenced vlan (/Common/external) is hidden, does not exist, or is already on another instance. Feb 15 15:39:49 r4000-1.example.com err chmand[19520]: 012a0003:3: hal_mcp_process_error: result_code=0x1070094 for result_operation=eom result_type=eom
Partitions other than the Common partition cannot have VLANs. VLANs created in other partitions will not be operational in the data path. If such VLANs exist in the tenant, newly added VLANs will also exhibit this issue.
- r2000 and r4000-series platforms - BIG-IP tenant - VLANs moved to partitions other than "Common", or renamed so that the name does not match between hypervisor and tenant.
Workaround is to create the VLAN-member for the default VLANs pushed from platform post moving a VLAN from common to another partition.
None