Bug ID 629830: Remote-logging where destination matches virtual will be sourced from loopback network

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Nov 22, 2016

Severity: 3-Major

Related Article: K36048158

Symptoms

Remote-logging traffic sent from the loopback network (e.g., 127.1.1.1).

Impact

Remote-logging may be dropped due to sourced from non-routeable network.

Conditions

Destination of remote-logging traffic matches virtual server.

Workaround

Enable snat automap on the remote-logging virtual or create transparent host virtual (arp disable) which matches the remote-logging destination with snat automap enabled. Alternatively, an iRule could be associated with the virtual which snats traffic from the loopback network. Care must be taken to take route domains into consideration while writing the iRule. Example iRule for virtual in route-domain 38: when CLIENT_ACCEPTED { # Work-around for ID629830. if { [IP::addr [getfield [IP::client_addr] "%" 38] equals 127.0.0.0/8] } { snat automap } }

Fix Information

Remote-logging traffic is no longer sent from the loopback network (e.g., 127.1.1.1). This is correct behavior.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips