Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0, 12.1.3
Opened: Apr 05, 2017 Severity: 2-Critical Related Article:
K06245820
ARP replies reach front panel port of B4450 blades but fail to reach TMMs. This occurs because the switch in the B4450 blade has an L2 learning issue in the switch fabric that requires the system to correct the new L2 FDB entries learned on Higig trunks. The L2 module runs in poll mode by default, which is exposed to a 3-second race window in software, during which learning events in the switch hardware for a given L2 FDB entry can be lost. That can lead to corrupted L2 FDB entries and cause traffic hitting the corrupted L2 FDB entries to fail.
The traffic hitting the corrupted L2 FDB entry will be dropped by the switch.
-- An L2 FDB entry is learned on Higig trunk. -- Multiple L2 learning events happen on the L2 FDB entry during the 3-second race window in software.
Delete the corrupted L2 FDB entries and cause the switch to re-learn them. To do so, identify the affected VLAN and flush L2 FDB entries on that VLAN using the following command: tmsh delete net fdb vlan {vlan_name}.
A db variable switchboard.l2.mitigation was introduced to configure this feature. -- A value of "enable" allows packets to be forwarded in the case of corrupted L2 FDB entries. Packets will be hashed on source and destination addresses. Enabling forwarding this way is only a temporary measure. -- A value of "monitor" does not forward packets but will count packets which were affected by corrupted L2 FDB entries. The stat table switch/l2_mitgation, updated every 11 seconds, reports packet counts. Differences in packet counts are logged to /var/log/ltm. -- A value of "disable" disables both forwarding and packet counting. Packet counts are reset.