Symptoms

When VLAN failsafe is configured, and the VLAN failsafe timeout is 3/4 expired, tmm wants to generate ICMP traffic to evoke a network response. When this occurs, the system might experience a crash.

Impact

TMM crashes, failover is triggered, as it would with a fully expired VLAN-failsafe-timeout condition (note that failover with a fully expired VLAN failsafe is correct behavior). Traffic on other VLANs might be disrupted while TMM restarts. (Traffic on the VLAN-failsafe-triggered VLAN is already disrupted, causing the timeout to expire.)

Conditions

- VLAN failsafe is configured on a VLAN, for example with the recommended VLAN failsafe timeout of 90 sec. - The VLAN does not observe ARP/ndp traffic for 3/4 of the timeout, 67.5 seconds. - ICMP traffic generated to provoke a network response can under certain circumstances cause a TMM crash.

Workaround

1. To allow for VLAN failsafe to be updated for any frame, run the following command with VLAN failsafe enabled, run the following command: tmsh modify failover.vlanfailsafe.resettimeronanyframe enable This configuration increases the confidence that in the case of a timeout expiry a real traffic disruption is detected. 2. Set the timeout of VLAN failsafe to 4/3 of the setting you want, for example, to have a timeout setting of 90, specify 120. With this setting, failover occurs at 90 seconds for a fully quiescent network. Note: Having a fully quiescent network is a rare occurrence and likely indicates that another issue is occurring anyway.

Fix Information

Generating ICMP traffic from TMM is no longer exposed to a potential crash in an invalid configuration or a completely quiet network, when generating ICMP traffic to provoke a network response on an expiring timer of VLAN failsafe, assuming the following configuration: - VLAN failsafe is configured. - VLAN failsafe expired 3/4 of the configured timeout (e.g., 67.5 seconds of 90 seconds ).

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips