Bug ID 701289: Static BFD with BIG-IP floating IP address

Last Modified: May 18, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5

Fixed In:
14.1.0

Opened: Jan 10, 2018
Severity: 3-Major

Symptoms

In a HA configuration BFD session on both Active and Standby nodes can be configured with the same floating Self IP as a source IP address. This ends up with both Active and Standby nodes to actively send BFD Control packets to BFD neighbor. Responses from BFD neighbor are delivered to the Active node only. In effect not only the state of the session mismatches on Active and Standby node, also BFD Control packets send different information that disturbs the session.

Impact

BFD session gets disturbed both on HA Active node and BFD neighbor that might end up with invalidation of the route to the BIG-IP.

Conditions

- BFD sessions on HA Active and Standby have the same floating Self IP as a source IP address.

Workaround

Workaround can be to manually disable BFD session on Standby node, however on failover the session would need to be manually restored. Other workaround can be to use non-floating Self IP as a source IP address of BFD Control packets, this however might require some additional logic on the BFD neighbor side.

Fix Information

BFD session that uses a floating Self IP as a source IP address are now suspended on the Standby node in HA configuration. On failover the session is restored. In effect the BFD Control packets are sent only from one HA node - the Active one. On failover short flap might occur, as session states are not synchronized across HA pair.

Behavior Change