Last Modified: May 29, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 17.0.0, 17.0.0.1, 17.0.0.2
Fixed In:
17.1.1, 16.1.4, 15.1.10
Opened: Jan 23, 2023 Severity: 3-Major
The ip-tos-to-client setting in a fastL4 profile is used to control the Type Of Service (TOS) field in the IP header for egress frames on a clientside flow. There are two special values - 'mimic' and 'pass-through'. The mimic setting causes tmm to set the egress TOS to the value seen on the last ingress packet for that connflow. In affected versions of BIG-IP, this is not set correctly, and behaves like pass-through (uses the TOS value seen arriving on the serverside flow)
The clientside egress TOS is not set to the expected value
FastL4 profile with ip-tos-to-client set to "mimic" (shown as the value 65534 in tmsh)
Use an irule to set IP::tos to the desired value. Note that processing every packet with an irule will incur a performance penalty.
None