Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 13.0.0
Fixed In:
13.1.0, 13.0.0 HF1, 12.1.3.7, 11.6.3.3, 11.5.6
Opened: Feb 05, 2016 Severity: 3-Major
When using a pool route, it is possible for TCP connections to emit packets onto the network that have a source MAC address of 00:98:76:54:32:10. This is the MAC address of Linux's tmm0 or tmm interface.
The traffic is sourced from invalid ethernet MAC 00:98:76:54:32:10. The iQuery connection cannot continue.
The traffic destination is the BIG-IP Linux host, e.g. big3d iQuery server. The traffic is proxied via fastL4, e.g. ConfigSync "Local Address" is set to None. The return route is a pool route. The traffic is interrupted, e.g. a router between the iQuery server and the client is switched off for several seconds.
Increase the lasthop module's TCP idle timeout. echo 121 > /proc/sys/net/lasthop/idle_timeout/tcp
TCP connections no longer emit packets that have a source MAC address of 00:98:76:54:32:10.