Bug ID 500452: PB4300 blade doesn't disaggregate ESP traffic based on IP addresses in hardware

Last Modified: Jun 06, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2

Fixed In:
13.0.0, 12.1.2 HF1, 12.0.0, 11.5.4 HF3

Opened: Jan 10, 2015
Severity: 4-Minor
Related AskF5 Article:
K28520025

Symptoms

PB4300 blade tries to disaggregate the ESP traffic based on the IPsec ESP Security Parameter Index (SPI) value in hardware. But the blade used doesn't have that capability, which causes ESP traffic being sent to one HSB and results in throughput degradation.

Impact

Throughput degradation.

Conditions

When PB4300 receives ESP traffic.

Workaround

None.

Fix Information

The PB4300 blade now uses IP addresses to disaggregate ESP traffic in hardware, so throughput is no longer impacted.

Behavior Change