Bug ID 473755: It's possible to exhaust monpd's Thrift server connections by simply not closing the connection on the client side

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AVR(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Fixed In:
13.1.0

Opened: Jul 31, 2014
Severity: 3-Major

Symptoms

It's possible to open a connection to monpd's Thrift server and if the client does not actively close it, the connection will persist indefinitely (even if it's idle). As a result of this issue, you might experience the following symptoms: -- Cannot access event logs or reports. -- Cannot run tmsh analytics commands.

Impact

If the number of allowed connections to monpd's Thrift server is reached, monpd will not receive new connections. Since the idle connections can persist indefinitely this will deny service from monpd.

Conditions

Client system opens a connection to monpd's Thrift server (port 9090 or 9091), and does not close it.

Workaround

No workaround (except for manually killing open idle connections).

Fix Information

Idle connections are closed after one minute.

Behavior Change