Bug ID 756595: Traffic redirection to an internal virtual server may fail.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP AFM, CGN, LTM, PEM(all modules)

Known Affected Versions:
12.1.5.3, 12.1.6, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5

Fixed In:
15.0.0, 14.1.4.6, 13.1.5

Opened: Jan 25, 2019

Severity: 3-Major

Symptoms

Traffic sent by a first virtual server to a second internal virtual server may fail. Traffic is silently dropped.

Impact

The traffic sent to the internal virtual server is silently dropped.

Conditions

One of the following configurations: - A virtual server configured with a pem policy rule that targets an internal radius virtual server that sends traffic statistics to a radius server. - A virtual server configured with an iRule that opens a sideband connection to a second internal virtual server using the iRule command "connect". - A virtual server configured with an iRule that forwards traffic to a second internal virtual server using the iRule command "virtual", where the second virtual server performs source address translation with an LSN pool or with AFM NAT.

Workaround

Avoid using a PEM policy rule that targets an internal radius virtual server. Avoid traffic forwarding to an internal virtual server with the iRule commands "connect" or "virtual".

Fix Information

The traffic is now successfully sent or redirected to the internal virtual server without any drops.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips