For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

eey0re's avatar
eey0re
Icon for Cirrostratus rankCirrostratus
May 26, 2017
Solved

46.116.101.183 in BIG-IQ REST requests to BIG-IP

BIG-IQ CM 5.1 managing BIG-IP 11.6.1 makes several requests a minute to the BIG-IP REST API:

POST /mgmt/shared/inflate?em_server_ip=46.116.101.183&em_server_auth_token=[long token] HTTP/1.1

My questions are..

What is 

46.116.101.183
? It appears to belong to an ISP in Israel. It has nothing to do with our environment as far as I can tell.

Does everyone else's BIG-IQ CM do this too? You can check by running a capture like this on your BIG-IP for a few minutes, and loading it up in Wireshark:

tcpdump -i lo -s 0 -w /var/tmp/rest.pcap port 8100

And lastly, what is the 

/mgmt/shared/inflate
REST endpoint? I can't find it documented.

application delivery
BIG-IQ
iControlREST
  • Tim_K_92675's avatar
    Tim_K_92675
    Jun 19, 2017

    I opened a case about this and was told the following:

     

    Regarding the 'em_server_ip=46.116.101.183' question, this is just a method that BigIQ implements to hash device group names into ipv4 addresses. That IP address does not correspond to any real communication - it's just a numeric hash of a string. Nothing to worry about, per our Engineering.

     

2 Replies

  • Tim_K_92675's avatar
    Tim_K_92675
    Icon for Cirrostratus rankCirrostratus
    Jun 19, 2017

    I opened a case about this and was told the following:

     

    Regarding the 'em_server_ip=46.116.101.183' question, this is just a method that BigIQ implements to hash device group names into ipv4 addresses. That IP address does not correspond to any real communication - it's just a numeric hash of a string. Nothing to worry about, per our Engineering.