Bug ID 542987: MAP-E tunnel does not correctly use ICMP ID in IPv6 address calculation

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0

Opened: Sep 02, 2015
Severity: 3-Major

Symptoms

BigIP provides MAP-E BR (border router) functionality. When ICMP traffic originates from the public Internet side, BigIP MAP-E uses the ICMP type and code, instead of the ICMP identifier field, as the port number in IPv6 address mapping calculation. However, this use case is rare due to NAT44 usually implemented at the MAP-E CE.

Impact

The affected ICMP traffic gets lost.

Conditions

BigIP provides BR functionality, and the ICMP traffic originates from public network side, and enters the MAP-E tunnel through the the BigIP.

Workaround

ICMP traffic coming from public network side to the private network behind the MAP-E CE devices is rare.

Fix Information

With the fix, ICMP traffic with identifier information is encapsulated in a MAP-E tunnel with correct MAP-E CE IPv6 address.

Behavior Change