Last Modified: Jul 10, 2025
Affected Product(s):
F5OS Velos
Fixed In:
F5OS-C 1.8.1
Opened: Aug 26, 2024 Severity: 2-Critical
When a vlan tag is removed from a LAG in a VELOS partition, existing FDB entries for that vlan that were learned on that LAG may not be flushed out on each blade. If that vlan is then added to a different interface or LAG, the old FDB entries may get updated via L2 learning. But if that fails to happen (e.g. due to ID1620077), the old entries may persist.
Since the old FDB entries are not flushed, if the system fails to update them via L2 learning also, egress traffic that matches these old entries is dropped. This depends on which blades have the old entries and where the tenants are assigned to run. Tenant instances running on those blades are impacted, for the MAC address and vlan matching the old entry.
Remove a vlan tag from a LAG on VELOS, and add the vlan to another. Old FDB entries may persist when moving a vlan tag from a LAG to another LAG. If moving a vlan tag from a LAG to an interface, L2 learning seems to correct the situation.
If old L2 entries persist, a reboot of the blade is required to clear them out.
None