Bug ID 424248: Virtual servers bind failure on some tmm's

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF9

Opened: Jun 28, 2013
Severity: 3-Major
Related AskF5 Article:
K14747

Symptoms

Packets arriving on the BIG-IP system that should match a specific virtual server are dropped, or are matching a less-specific virtual server. In this case, the virtual servers have failed to bind on some tmm's and therefore not able to forward traffic. When a client uses passive FTP, and there are multiple control connections, the data connection of a client might end up going to one of the other duplicate listeners, resulting in the data connection eventually going to the wrong server/poolmember.

Impact

Dropped or misdirected traffic. Misdirected in the sense that the traffic does not match the more-specific virtual server and is matched to a less-specific one or dropped outright. The passive FTP data connections from a client may end up going to the wrong server.

Conditions

Two or more virtual servers that are listening on the same ip, port, and protocol but have different vlan assignments, typically with a vlan enable list on one, and a vlan disable list on the other, although this may not be strictly required. For the FTP case, the client must be using passive FTP. Also, there must be at least two FTP control connections from the client.

Workaround

At this time, we recommend using vlan enable lists for all virtual servers that are listening on the same ip, port, and protocol as a workaround if the customer runs into this issue. This workaround does not apply to the passive FTP issue.

Fix Information

Virtual servers with the same ip address and port but different vlan assignment now successfully bind to tmm and process traffic as expected.

Behavior Change