Bug ID 675539: Inter-system communications targeted at a Management IP address might not work in some cases.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0, 12.1.3.6

Opened: Jul 25, 2017

Severity: 3-Major

Symptoms

Inter-system communications fail to connect to a BIG-IP system using the Management IP address.

Impact

Device sync operations do not work.

Conditions

This occurs if the device connection is configured between a Self IP address on one BIG-IP system and the Management IP address on another. This occurs because the big3d daemon acts as a proxy, listening on the Management IP address and will send proper SSL connections (using SNI) to TMM (since TMM does not listen on the Management IP address). This is not an issue if either of the following is true: -- If the source of the connection is coming from the Management IP, the connection is clear text. (Not SSL encrypted and thus does not use SNI) -- The destination of the connection is a Self IP address, because TMM (via an iRule) will handle the connection.

Workaround

Do not use the Management IP address for between-device communications.

Fix Information

The big3d proxy properly handles SSL SNI connections on the Management IP address.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips