Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP vCMP
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0, 11.6.0 HF5
Opened: Oct 28, 2014 Severity: 2-Critical Related Article:
K16747
Attempts to access an external NTP server or RSYNC server from within a vCMP guest over the management network fails to pass traffic.
vCMP guests are unable to configure an external NTP server reachable over the management network.
This issue affects vCMP guests running any BIG-IP software version when running on a vCMP hypervisor running software version 11.6.0.
An NTP server may be configured using a self-ip and the data plane network without issue. If access is required via the management port, execute the following steps: 1) Add the commands iptables -t nat -D PREROUTING -m physdev --physdev-in mgmt_vm_tap_+ -j ACCEPT iptables -t nat -I PREROUTING 1 -m physdev --physdev-in mgmt_vm_tap_+ -j ACCEPT to /config/startup on the vCMP hypervisor. This will ensure the workaround persists across reboots. 2) Run the following command at the vCMP hypervisor bash prompt: clsh iptables -t nat -I PREROUTING 1 -m physdev --physdev-in mgmt_vm_tap_+ -j ACCEPT Rebooting the hypervisor or affected guests is not required.
An issue has been corrected which affected NTP and RSYNC access via the management network in vCMP guests.