Bug ID 676990: No way to enable SNAT of host traffic

Last Modified: Oct 31, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1

Fixed In:
14.0.0

Opened: Aug 04, 2017
Severity: 3-Major

Symptoms

IPv6 traffic generated from the host, either from a host daemon, monitors, or from the command line, may use an MAC and IPv6 source address from a different VLAN.

Impact

Traffic to the destination may fail due to using incorrect source IPv6/MAC address, which might cause monitor traffic to fail. There is no way to enable SNAT of host traffic, so no way to control this behavior.

Conditions

- Multiple VLANs with IPv6 configured addresses. - Multiple routes to the same destination, either the same or more specific, default routes, etc., that cover the traffic destination. - Changes in routes that cause the traffic to the destination to shift from one VLAN and gateway to another. This can be typically observed with dynamic routing updates.

Workaround

Continuous traffic to the IPv6 link-local nexthops can avoid this issue. This may be achieved by a script or an external monitor pinging the nexthop link-local address using the specific VLAN.

Fix Information

There is now a db variable to control this behavior, snat.hosttraffic sys db, which enables SNAT of host traffic. When snat.hosttraffic is enabled, TMM picks the correct src-ip, and uses its own rt_entry, which can be different from the host's.

Behavior Change