Bug ID 487233: vCMP guests are unable to access NTP or RSYNC via their management network.

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP vCMP(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4

Fixed In:
12.0.0, 11.6.0 HF5

Opened: Oct 28, 2014
Severity: 2-Critical
Related AskF5 Article:
K16747

Symptoms

Attempts to access an external NTP server or RSYNC server from within a vCMP guest over the management network fails to pass traffic.

Impact

vCMP guests are unable to configure an external NTP server reachable over the management network.

Conditions

This issue affects vCMP guests running any BIG-IP software version when running on a vCMP hypervisor running software version 11.6.0.

Workaround

An NTP server may be configured using a self-ip and the data plane network without issue. If access is required via the management port, execute the following steps: 1) Add the commands iptables -t nat -D PREROUTING -m physdev --physdev-in mgmt_vm_tap_+ -j ACCEPT iptables -t nat -I PREROUTING 1 -m physdev --physdev-in mgmt_vm_tap_+ -j ACCEPT to /config/startup on the vCMP hypervisor. This will ensure the workaround persists across reboots. 2) Run the following command at the vCMP hypervisor bash prompt: clsh iptables -t nat -I PREROUTING 1 -m physdev --physdev-in mgmt_vm_tap_+ -j ACCEPT Rebooting the hypervisor or affected guests is not required.

Fix Information

An issue has been corrected which affected NTP and RSYNC access via the management network in vCMP guests.

Behavior Change