Symptoms

Packets arriving on the BIG-IP system that should match a specific virtual server are dropped, or are matching a less-specific virtual server. In this case, the virtual servers have failed to bind on some tmm's and therefore not able to forward traffic. When a client uses passive FTP, and there are multiple control connections, the data connection of a client might end up going to one of the other duplicate listeners, resulting in the data connection eventually going to the wrong server/poolmember.

Impact

Dropped or misdirected traffic. Misdirected in the sense that the traffic does not match the more-specific virtual server and is matched to a less-specific one or dropped outright. The passive FTP data connections from a client may end up going to the wrong server.

Conditions

Two or more virtual servers that are listening on the same ip, port, and protocol but have different vlan assignments, typically with a vlan enable list on one, and a vlan disable list on the other, although this may not be strictly required. For the FTP case, the client must be using passive FTP. Also, there must be at least two FTP control connections from the client.

Workaround

At this time, we recommend using vlan enable lists for all virtual servers that are listening on the same ip, port, and protocol as a workaround if the customer runs into this issue. This workaround does not apply to the passive FTP issue.

Fix Information

Virtual servers with the same ip address and port but different vlan assignment now successfully bind to tmm and process traffic as expected.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips