Last Modified: Nov 22, 2021
Affected Product:
See more info
BIG-IP LTM
Known Affected Versions:
10.0.0, 10.0.1, 10.1.0, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1
Fixed In:
11.5.0, 11.4.1 HF9
Opened: Jun 28, 2013
Severity: 3-Major
Related Article:
K14747
Packets arriving on the BIG-IP system that should match a specific virtual server are dropped, or are matching a less-specific virtual server. In this case, the virtual servers have failed to bind on some tmm's and therefore not able to forward traffic. When a client uses passive FTP, and there are multiple control connections, the data connection of a client might end up going to one of the other duplicate listeners, resulting in the data connection eventually going to the wrong server/poolmember.
Dropped or misdirected traffic. Misdirected in the sense that the traffic does not match the more-specific virtual server and is matched to a less-specific one or dropped outright. The passive FTP data connections from a client may end up going to the wrong server.
Two or more virtual servers that are listening on the same ip, port, and protocol but have different vlan assignments, typically with a vlan enable list on one, and a vlan disable list on the other, although this may not be strictly required. For the FTP case, the client must be using passive FTP. Also, there must be at least two FTP control connections from the client.
At this time, we recommend using vlan enable lists for all virtual servers that are listening on the same ip, port, and protocol as a workaround if the customer runs into this issue. This workaround does not apply to the passive FTP issue.
Virtual servers with the same ip address and port but different vlan assignment now successfully bind to tmm and process traffic as expected.
