Bug ID 1623921: IPencap monitor probes from bigd are prone to connection re-use.

Last Modified: Dec 05, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2

Opened: Aug 06, 2024

Severity: 3-Major

Symptoms

When using a DNS monitor with IP encapsulation, TMM handles probe encapsulation. Bigd reuses source ports after closing sockets quickly, but TMM applies a 30-second timeout, leading to connection re-use. This can result in probes being incorrectly encapsulated to the wrong pool member, causing inaccurate health monitoring

Impact

Probes may be encapsulated to the wrong destination, leading to inaccurate health monitoring of pool members.

Conditions

1. DNS monitor configured with 'transparent' destination and IP encapsulation enabled. 2. Large number of pool members (e.g., 60).

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips