Last Modified: Mar 12, 2019
See more info
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9
Opened: Jun 18, 2015
When guest-to-host communication is enabled by setting the "vcmp.mgmt.allow_host_guest_communication" to "true", a guest VM is unable to ping any management IP residing on the local host BIG-IP system. Note that SSH to such an IP works. On clustered systems, a guest VM is unable to ping the cluster floating management IP of the local host cluster, if the local host blade is the primary blade of the host cluster. However, the guest VM is able to ping the cluster member management IP of non-local host blades and the cluster floating management IP, if a non-local host blade is the primary blade of the host cluster.
The user may mistakenly believe that, since they are unable to ping a management IP residing on the local host BIG-IP system, that they are also unable to SSH to that IP.
A guest VM attempts to ping a management IP that resides on the local host BIG-IP system.
Note that a guest VM is still able to SSH to a management IP residing on the local host BIG-IP system, even if pinging that IP does not work. If pinging of such an IP is desirable from a guest VM whose host BIG-IP system does not include the fix for this issue, then the following commands can be run on the host BIG-IP system as the 'root' user to make pinging the IP work: # iptables -I vcmp_mgmt 2 -p icmp -j ACCEPT # iptables-save > /etc/sysconfig/iptables Note: On clustered host BIG-IP systems, these commands should be run on every blade. Note: These commands will result in pings working across reboots, but an upgrade will reset the saved iptables rules and thus result in pings not working once more, unless the host BIG-IP system is being upgraded to a version that includes the fix for this issue.
Guest VMs are now able to ping any management IP residing on the local host BIG-IP system.