Last Modified: Apr 17, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2
Fixed In:
15.1.9
Opened: Sep 06, 2022 Severity: 3-Major
Basic authentication may fail for anything other than creating a token. This has most often been seen after a device had several large AS3 declarations sent to it. Most of the scenarios that caused this were fixed in ID877145 but this added on to that fix. One symptom is you my encounter lots of DNS Null requests: DNS OUT s1/tmm4 : Standard query 0xc33b A null DNS OUT s1/tmm4 : Standard query 0xe366 AAAA null DNS IN s1/tmm4 : Standard query response 0xe366 Server failure AAAA null DNS IN s1/tmm4 : Standard query response 0xc33b Server failure A null
Basic authentication will fail with a 401 code when it previously used to work. The admin account will also fail. Typically it takes 30 seconds to encounter the failure.
Large AS3 declarations suddenly encounters a failure (503). This issue seems to be the most frequent trigger but other scenarios may cause this. If you view the restjavad.audit log you may see a username of local/null logged and showing the 401 for the rest call that was attempted. Also if you capture port 53 during the rest call you may see DNS queries for domain "null".
Configure the device to resolve to localhost may work around this issue in some cases. If it does not then a fixed version is needed: To add localhost, run the following commands: tmsh mod sys global-settings remote-host add { null { hostname null addr 127.0.0.1 } } tmsh save sys config
Basic authentication now works reliably