Bug ID 709952: Disallow DHCP relay traffic to traverse between route domains

Last Modified: May 07, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4

Fixed In:
13.1.1.5

Opened: Mar 13, 2018
Severity: 3-Major

Symptoms

DHCP traffic can traverse between route domains, e.g., when working with a route domain with a parent. Under certain circumstances, this is not desired.

Impact

The DHCP server side flow might get established to the parent route domain, and will persist even after the route in its own route domain becomes available again.

Conditions

DHCP relay in use on a route domain with a parent relationship or strict isolation disabled.

Workaround

There is no workaround at this time.

Fix Information

A db key has been introduced, tmm.dhcp.routedomain.strictisolate, which allows enforcement of route domain traversal if desired/configured.

Behavior Change