Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1
Fixed In:
14.0.0, 13.1.3.2
Opened: Aug 04, 2017 Severity: 3-Major
IPv6 traffic generated from the host, either from a host daemon, monitors, or from the command line, may use an MAC and IPv6 source address from a different VLAN.
Traffic to the destination may fail due to using incorrect source IPv6/MAC address, which might cause monitor traffic to fail. There is no way to enable SNAT of host traffic, so no way to control this behavior.
- Multiple VLANs with IPv6 configured addresses. - Multiple routes to the same destination, either the same or more specific, default routes, etc., that cover the traffic destination. - Changes in routes that cause the traffic to the destination to shift from one VLAN and gateway to another. This can be typically observed with dynamic routing updates.
Continuous traffic to the IPv6 link-local nexthops can avoid this issue. This may be achieved by a script or an external monitor pinging the nexthop link-local address using the specific VLAN.
There is now a db variable to control this behavior, snat.hosttraffic sys db, which enables SNAT of host traffic. When snat.hosttraffic is enabled, TMM picks the correct src-ip, and uses its own rt_entry, which can be different from the host's.
