Last Modified: Jun 19, 2025
Affected Product(s):
F5OS F5OS, F5OS-A, F5OS-C, Velos
Known Affected Versions:
F5OS-A 1.5.2, F5OS-A 1.7.0, F5OS-A 1.8.0, F5OS-C 1.8.0
Fixed In:
F5OS-C 1.8.1, F5OS-A 1.5.3
Opened: Nov 12, 2024 Severity: 3-Major
In certain scenarios such as restoring a UCS on an F5OS tenant, if the VLANs in F5OS are disabled, tmm may egress broadcast traffic such as gratuitous ARPs onto the disabled VLANs.
This could cause IP address conflicts on the network or other issues related to unexpected broadcast traffic such as gratuitous ARPs on the network.
-- An F5OS tenant where VLANs were assigned and then removed. -- An F5OS tenant where tmm is not in forced-offline mode. -- An action occurs on the tenant (such as restoring a UCS or restarting tmm, or loading the config) that results in gratuitous ARPs.
- In F5OS, remove the affected VLANs from the LAG or interface. - On the tenant use forced offline to prevent traffic egress. - If you are restoring a UCS from another BIG-IP such as for a platform migration, put the source BIG-IP into forcedoffline state before taking the UCS. - delete the tenant, and recreate without any VLANs assigned.
A single tenant with a vlan that was configured and then removed via F5OS will no longer leak broadcast traffic onto the network on the removed vlan. This fix does not address the issue when multiple tenants are attached to the same vlan. F5 has created ID1758957 for that issue.