Symptoms ... When incoming NTP packets from the configured NTP server arrive for a non-local IP on a BIG-IP system that is either a Virtual Edition (VE) guest, an appliance, or a vCMP guest on an appliance host, an iptables rule is triggered that results in further outgoing packets to the NTP server to have their destination IP addresses changed to 127.3.0.0, which is not routable and thus causes NTP time syncs to stop. ... Impact ... Conditions ... An NTP server is configured on a BIG-IP system that is either a VE, an appliance, or a vCMP guest on an appliance host, and packets arrive from the configured NTP server destined for an IP address belonging to another machine on the network. ... This can happen for several reasons: 1) The customer has a device on the same management network doing very low-to-zero volume of traffic over its management port. ... NTP syncs time less often than the L2 FDB expiration time. ... 2) The customer is using a L2 topology that uses redundant switche...