Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
11.5.3, 11.5.3 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5
Fixed In:
12.0.0, 11.6.0 HF6, 11.5.3 HF2
Opened: Mar 01, 2015 Severity: 3-Major
SelfIP traffic is always handled on the primary blade on a cluster and if it's disaggregated to non-primary blade, it gets internally forwarded to the primary blade. Due to this, AFM was double classifying this traffic (only on cluster) causing incorrect AFM ACL/IPI counts.
Incorrect AFM ACL/IPI rule counters due to internal forwarding of SelfIP traffic on a cluster from non-primary to primary blade causing AFM to match/classify these packets twice.
SelfIP traffic is disaggregated to non-primary blade on a cluster and AFM is enabled
None
With the fix, self IP traffic on a cluster is counted correctly for AFM ACL/IPI matches.