Forum Discussion

Altocumulus

May 13, 2024

Observing unexpected VLAN traffic on F5OS TMOS Tenant

I noticed running on TMOS (17.1.3) based tenant on an F5 OS (1.7) appliance (R4800) that I was receiving traffic from unattached VLAN. It was first observed while investigating something else and h...

application delivery

security

zamroni777

MVP

May 13, 2024

https://clouddocs.f5.com/training/community/rseries-training/html/rseries_performance_and_sizing.html

above doc mentions that r4000 series shares network adapter using sr-iov.

probably the host f5os doesnt disable promiscuous mode which causes traffic of other vlans is captured by that particular tenant.

MJ_1024
Altocumulus
May 15, 2024
I think you are correct.
This link also goes into some of the extra shared information in a r2000 and r4000 platform, and how more interface level visibility is seen due to the platform design.
https://clouddocs.f5.com/training/community/rseries-training/html/rseries_inside_the_tenant.html
What I don't see anywhere in the document is a warning/note for additional traffic isolation considerations on these platforms.
My next step is to actually test if traffic can be generated / processed incorrectly on a Tenant.
It's one thing to 'see' someone else's VLAN traffic, it is much worse if a tenant can be re-configured to communicate on a VLAN it should not be part of.