Bug ID 756817: ZebOS addresses blocks do not reflect RFC5735 changes to reserved address blocks.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3

Fixed In:
15.1.0, 15.0.1.4, 14.1.4.1

Opened: Jan 28, 2019
Severity: 3-Major

Symptoms

Special IP address handling as per RFC6890 is done correctly in the routing protocols. There is a possibility of martian addresses getting announced or allowed addresses restricted (e.g., 128.0.0.0/16 and 191.255.0.0/16). This impacts all components using dynamic routing.

Impact

Martian addresses are allowed. Non-martian addresses are blocked.

Conditions

-- Network advertisements in BGP, etc., allow martian addresses and restrict allowed network-space as per RFC6890, for example, 128.0.0.0/16 and 191.255.0.0/16, 223.255.255.0/24 are blocked. -- In IPv6 loopback addressed are allowed, so ::/128 (unspec) and ::1/128 (loopback) addresses are allowed. -- Some DSlite address ranges are not handled correctly.

Workaround

None.

Fix Information

Ensure that martian addresses like IPv6 (::/128 - unspec, ::1/128 - loopback) are not used. Note: Although 128.0.0.0/16, 191.255.0.0/16, 223.255.255.0/24 are no longer martian addresses, they still cannot be used.

Behavior Change