Bug ID 449100: Extend iRule nexthop command to tunnel

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.2.0, 11.2.1, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5

Fixed In:
11.6.0, 11.5.1 HF6

Opened: Feb 14, 2014
Severity: 3-Major


The global iRule command "nexthop" is used to set the nexthop of a flow to specific VLANs, but it does not support setting the nexthop to tunnel interfaces.


Tunnel interfaces cannot be used in the same way as VLANs.


This occurs in all cases.



Fix Information

Tunnel interfaces can be used by iRule nexthop/lasthop commands to set a flow's nexthop/lasthop behaviors. 1. To send traffic to the tunnel, use "nexthop tun0 ..." on CLIENT_ACCEPTED iRule event, or "lasthop tun0 ..." on SERVER_CONNECTED iRule event. 2. A point-to-point tunnel can be supplied with an IP address, although it does not have an effect. 3. A wild-card tunnel can be supplied with the IP address of the remote-point to build the tunnel on the fly.

Behavior Change