Bug ID 1673925: Missing masquerade MAC FDB entry causes excessive DLFs following tenant failover.

Last Modified: Jun 17, 2025

Affected Product(s):
F5OS F5OS-C(all modules)

Known Affected Versions:
F5OS-C 1.6.2

Fixed In:
F5OS-C 1.8.0

Opened: Sep 20, 2024

Severity: 2-Critical

Symptoms

The FDB entry for the tenants masquerade MAC is missing from a blades internal L2 table after a tenant failover. The output of [root@blade-1 ~]# docker exec -i partition_fpga tmctl -d blade -w 180 nse_l2 -s mac,l2_tag mac l2_tag --- ------ [root@blade-1 ~] where MAC and L2_tag match the masquerade MAC and VLAN from the output of 'show FDB'

Impact

All front-panel traffic towards the tenant will encounter a DLF, causing excessive DLF traffic to the tenant.

Conditions

During tenant failover, the system will delete the masquerade MAC from the old active and add it to the new active. In parallel, the system will detect a port-motion event when the tenant issues a GARP for the new MAC. This introduces a race condition between the static ADD from the system and the dynamic port-motion event from the H/W. If the port-motion event is processed last, the new static entry can be deleted erroneously.

Workaround

From the tenant, remove and then re-add the masquerade MAC to the traffic group.

Fix Information

For port-motion events, don't delete the existing entry if it's a static system entry.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips