Bug ID 487233: vCMP guests are unable to access NTP or RSYNC via their management network.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP vCMP(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.6.0 HF5

Opened: Oct 28, 2014

Severity: 2-Critical

Related Article: K16747


Attempts to access an external NTP server or RSYNC server from within a vCMP guest over the management network fails to pass traffic.


vCMP guests are unable to configure an external NTP server reachable over the management network.


This issue affects vCMP guests running any BIG-IP software version when running on a vCMP hypervisor running software version 11.6.0.


An NTP server may be configured using a self-ip and the data plane network without issue. If access is required via the management port, execute the following steps: 1) Add the commands iptables -t nat -D PREROUTING -m physdev --physdev-in mgmt_vm_tap_+ -j ACCEPT iptables -t nat -I PREROUTING 1 -m physdev --physdev-in mgmt_vm_tap_+ -j ACCEPT to /config/startup on the vCMP hypervisor. This will ensure the workaround persists across reboots. 2) Run the following command at the vCMP hypervisor bash prompt: clsh iptables -t nat -I PREROUTING 1 -m physdev --physdev-in mgmt_vm_tap_+ -j ACCEPT Rebooting the hypervisor or affected guests is not required.

Fix Information

An issue has been corrected which affected NTP and RSYNC access via the management network in vCMP guests.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips