Bug ID 708830: Inbound or hairpin connections may get stuck consuming memory.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1

Fixed In:
14.0.0, 13.1.1.2, 12.1.4.1

Opened: Mar 05, 2018

Severity: 3-Major

Symptoms

When inbound or hairpin connections require a remote Session DB lookup, and the lookup request or response messages get lost, the connections can get stuck in an embryonic state. They remain stuck in this state until they time out and expire. In this state, UDP connections queue inbound packets. If the client application continues to send packets, the connection may never expire. The queued packets accumulate, consuming memory. If the memory consumption becomes excessive, connections may be killed and 'TCP: Memory pressure activated' and 'Aggressive mode activated' messages appear in the logs.

Impact

Excessive memory consumption that leads to dropped connections.

Conditions

-- An LSN pool with inbound and/or hairpin connections enabled. -- Lost Session DB messages due to heavy load or hardware failure. -- Remote lookups are more likely when using PBA mode or NAPT mode with default DAG.

Workaround

There is no workaround at this time.

Fix Information

When Session DB messages are lost, the connection is killed and any queued packets are discarded. If the client application resends packets, they are treated as new connections.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips