Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP CGN
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Fixed In:
12.1.0, 12.0.0
Opened: Jun 04, 2015 Severity: 3-Major
CGNAT PBA invalid port blocks created and port blocks leak. The invalid port blocks can be seen using the command "tmsh run util lsndb list pba" command
Port blocks leak and will lead to connection failures eventually since port blocks cannot be allocated eventhough they are available
LSN pool is under provisioned, persistence is disabled, port block size is small and multiple connections are received from the same subscriber quickly one after another
Enable persistence on the LSN pool
CGNAT PBA invalid port blocks are not created when LSN pool is under provisioned and port block size is small