Bug ID 611440: AFM NAT does not support Proxy ARP for Source Translation Addresses

Last Modified: Apr 15, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Aug 17, 2016
Severity: 3-Major

Symptoms

AFM NAT does not support proxy ARP for source translation addresses that are in the same subnet as the egress interface.

Impact

Since AFM NAT does not respond to ARP requests for the translated IP Address in the directly connected topology, the return traffic does not reach the BIG-IP system.

Conditions

- AFM NAT source translation is being used. - The source translation IP address is in the same subnet as the egress interface (self IP address).

Workaround

You can use either of the following workarounds: -- Use static ARP configuration for the AFM NAT source translated addresses (in same subnet as egress interface) on the downstream device. -- Use the routing topology instead (so that NAT Address is not in the same subnet as the egress interface).

Fix Information

This is now fixed by allowing a configuration option per AFM NAT Source translation object that can be enabled to allow AFM NAT to respond to ARP requests for these addresses. By default, it is disabled.

Behavior Change