Bug ID 1325681: VLAN tscookies with fastl4 timestamp preserve and PVA acceleration cause connection problems.

Last Modified: Dec 18, 2024

Affected Product(s):
BIG-IP AFM, Install/Upgrade(all modules)

Known Affected Versions:
15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4

Fixed In:
17.1.2

Opened: Jul 27, 2023

Severity: 3-Major

Related Article: K000136894

Symptoms

Some connections might be reset by the client or server when VLAN timestamp cookies are configured. One symptom commonly reported is that the virtual server for the email service suddenly stops working after upgrading.

Impact

Unexpected flow RSTs from client/server due to incorrect timestamp echo received from BIG-IP.

Conditions

-- Flow accelerated in PVA. -- VLAN timestamp cookies configured for one side of the connection. -- Bigproto timestamp preserve option (default). -- Client and server sending timestamps.

Workaround

Either: - Set fastL4 profile option 'tcp-pva-whento-offload' to 'establish' OR - Disable VLAN timestamp cookies. OR: - Disable tscookie inside tcp-ack-ts DoS vector. OR - Change fastL4 timestamp option to rewrite (this disables PVA acceleration).

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips