Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.1.0
Opened: Sep 02, 2015 Severity: 3-Major
BigIP provides MAP-E BR (border router) functionality. When ICMP traffic originates from the public Internet side, BigIP MAP-E uses the ICMP type and code, instead of the ICMP identifier field, as the port number in IPv6 address mapping calculation. However, this use case is rare due to NAT44 usually implemented at the MAP-E CE.
The affected ICMP traffic gets lost.
BigIP provides BR functionality, and the ICMP traffic originates from public network side, and enters the MAP-E tunnel through the the BigIP.
ICMP traffic coming from public network side to the private network behind the MAP-E CE devices is rare.
With the fix, ICMP traffic with identifier information is encapsulated in a MAP-E tunnel with correct MAP-E CE IPv6 address.