Bug ID 442391: Unsolicited neighbor advertisement cannot pass through VLAN group

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9

Fixed In:
11.6.0, 11.5.2, 11.4.1 HF4

Opened: Jan 07, 2014
Severity: 3-Major
Related AskF5 Article:
K15264

Symptoms

The BIG-IP system does not forward unsolicited neighbor advertisement messages to all VLANs, even if messages are not destined for the BIG-IP system. This behavior may adversely affect mechanisms, such as duplicate address detection within IPv6. Neighbor advertisement messages are required from IPv6 nodes in response to neighbor solicitation messages. However, a node may elect to send unsolicited advertisement messages to propagate new information quickly. For more information, see RFC 2461 section 7.2.6: Sending Unsolicited Neighbor Advertisements, available here: http://tools.ietf.org/rfcmarkup?doc=2461#section-7.2.6.

Impact

Duplicate address detection does not work, so it is possible to have duplicate IPv6 address on two VLANs in a VLAN group without detection. This might adversely affect duplicate address detection, and can slow down detection of some changes when unsolicited message are not delivered to IPv6 clients.

Conditions

This issue occurs when the following condition is met: VLAN groups are configured for VLANs that are also configured for IPv6.

Workaround

Use DHCPv6 or stateless auto-configuration to avoid duplicate addresses.

Fix Information

Duplicate address detection and unsolicited neighbor advertisement now work as expected.

Behavior Change