Last Modified: Jul 12, 2025
Affected Product(s):
F5OS Install/Upgrade, Velos
Fixed In:
F5OS-C 1.8.1
Opened: Dec 23, 2024 Severity: 3-Major
Multiple containers can get the same bridge IP during a rolling upgrade or docker restart [root@controller-2 ~]# docker inspect controller-services-registry-2502 | grep IPAddress "SecondaryIPAddresses": null, "IPAddress": "100.64.0.2", "IPAddress": "100.64.0.2", [root@controller-2 ~]# docker inspect partition-services-registry-2202 | grep IPAddress "SecondaryIPAddresses": null, "IPAddress": "100.64.0.2", "IPAddress": "100.64.0.2",
This causes one of the two containers to answer requests depending on which container last refreshed the arp cache. The other container does not work properly.
When multiple containers start at the same time.
Reboot the system.
Docker address allocator uses bit map to manage IP address pool but it's not thread safe. Now, set/unset bitmap operations are protected by a lock.