Bug ID 629830: Remote-logging where destination matches virtual will be sourced from loopback network

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Nov 22, 2016
Severity: 3-Major
Related AskF5 Article:
K36048158

Symptoms

Remote-logging traffic sent from the loopback network (e.g., 127.1.1.1).

Impact

Remote-logging may be dropped due to sourced from non-routeable network.

Conditions

Destination of remote-logging traffic matches virtual server.

Workaround

Enable snat automap on the remote-logging virtual or create transparent host virtual (arp disable) which matches the remote-logging destination with snat automap enabled. Alternatively, an iRule could be associated with the virtual which snats traffic from the loopback network. Care must be taken to take route domains into consideration while writing the iRule. Example iRule for virtual in route-domain 38: when CLIENT_ACCEPTED { # Work-around for ID629830. if { [IP::addr [getfield [IP::client_addr] "%" 38] equals 127.0.0.0/8] } { snat automap } }

Fix Information

Remote-logging traffic is no longer sent from the loopback network (e.g., 127.1.1.1). This is correct behavior.

Behavior Change