Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1
Fixed In:
11.6.0, 11.5.2, 11.4.1 HF4
Opened: Jan 07, 2014 Severity: 3-Major Related Article:
K15264
The BIG-IP system does not forward unsolicited neighbor advertisement messages to all VLANs, even if messages are not destined for the BIG-IP system. This behavior may adversely affect mechanisms, such as duplicate address detection within IPv6. Neighbor advertisement messages are required from IPv6 nodes in response to neighbor solicitation messages. However, a node may elect to send unsolicited advertisement messages to propagate new information quickly. For more information, see RFC 2461 section 7.2.6: Sending Unsolicited Neighbor Advertisements, available here: http://tools.ietf.org/rfcmarkup?doc=2461#section-7.2.6.
Duplicate address detection does not work, so it is possible to have duplicate IPv6 address on two VLANs in a VLAN group without detection. This might adversely affect duplicate address detection, and can slow down detection of some changes when unsolicited message are not delivered to IPv6 clients.
This issue occurs when the following condition is met: VLAN groups are configured for VLANs that are also configured for IPv6.
Use DHCPv6 or stateless auto-configuration to avoid duplicate addresses.
Duplicate address detection and unsolicited neighbor advertisement now work as expected.