Bug ID 448533: Poor source port selection in CGNAT deterministic mode

Last Modified: Feb 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9

Fixed In:
11.6.0, 11.5.2, 11.4.1 HF6

Opened: Feb 11, 2014
Severity: 3-Major
Related AskF5 Article:
K16017

Symptoms

When a LSN Pool is configured in deterministic mode, each subscriber gets a predetermined set of translation endpoints that are used for source address translation. When a translation request is processed for a new connection the first endpoints in the set are used very heavily and other endpoints are used rarely.

Impact

Poor utilization of available translation ports and very high levels of port reuse. In the case of TCP connections this port reuse can cause servers to reject connections because a previous connection is in the TIME_WAIT state.

Conditions

LSN pool in deterministic mode, Virtual Server using the fastL4 profile.

Workaround

None

Fix Information

The endpoint is chosen based on the client's source port. This leads to better port selection behavior.

Behavior Change