Symptoms

A DNAT configuration may be written to the LTM log (and used for reverse mapping an address) that reverse maps to two different source addresses, depending on which DNAT configuration text is used to reverse map.

Impact

Non-unique reverse mappings.

Conditions

If you configure lsn-pools, assigns to virtuals, and passes traffic through those virtuals that have lsn-pools with overlapping translation ranges. An example would be 4.0.0.0/24 and 4.0.0.0/23, with source ranges of 10.10.0.0/16 and 10.20.0.0/16. Or the translation ranges may be identical. The result is that two different source ranges use the same translation space. The config for each will be logged in the ltm log. This is not a problem if the same lsn-pool is assigned to multiple virtual servers, even if those virtual servers have different source ranges. (That is a correct configuration.)

Workaround

Do not use overlapping translation ranges in two different lsn-pools in deterministic mode. (The same lsn-pool may safely be assigned to multiple virtuals with different source ranges or ports.)

Fix Information

Validation will now prevent LSN pools with overlapping prefixes from being configured.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips