Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP vCMP
Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0
Opened: May 05, 2015 Severity: 3-Major
When vCMP guests communicate via IPv6 management addresses, traffic may fail to pass. If there is a default gateway configured, tcpdumps of the management port (eth0) will show the guest attempting to deliver response traffic to the gateway. Also the Linux management route will be missing, this can be observed as follows: Management IP: 2001::1234:5678/64 Management Gateway: 2001::6:6 ip -6 route show table 245 2001::/64 dev eth0 src 2001::1234:5678 metric 1024 mtu 1500 advmss 1440 hoplimit 4294967295 default via 2001::6:6 dev eth0 metric 1024 mtu 1500 advmss 1440 hoplimit 4294967295 On an affected system, the non-default route entry in the ip command's output will be missing so it will appear like this: ip -6 route show table 245 default via 2001::6:6 dev eth0 metric 1024 mtu 1500 advmss 1440 hoplimit 4294967295
Passing traffic over the management port can be affected, including general system management via ssh or the web gui as well as HA or config-sync traffic.
This issue occurs in vCMP guests configured with IPv6 management IPs.
In /config/startup on the vCMP guest, add the following lines: sysctl -w net.ipv6.conf.eth0.accept_dad=0 sysctl -w net.ipv6.conf.eth0.dad_transmits=0 Then reboot all blades of the vCMP guest. A vCMP hypervisor reboot is not required to implement the workaround.
An issue affecting vCMP guests when using IPv6 management IPs has been resolved.