Bug ID 448533: Poor source port selection in CGNAT deterministic mode

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9

Fixed In:
11.6.0, 11.5.2, 11.4.1 HF6

Opened: Feb 11, 2014
Severity: 3-Major
Related AskF5 Article:


When a LSN Pool is configured in deterministic mode, each subscriber gets a predetermined set of translation endpoints that are used for source address translation. When a translation request is processed for a new connection the first endpoints in the set are used very heavily and other endpoints are used rarely.


Poor utilization of available translation ports and very high levels of port reuse. In the case of TCP connections this port reuse can cause servers to reject connections because a previous connection is in the TIME_WAIT state.


LSN pool in deterministic mode, Virtual Server using the fastL4 profile.



Fix Information

The endpoint is chosen based on the client's source port. This leads to better port selection behavior.

Behavior Change