Bug ID 530795: In FastL4 TCP virtual servers, ICMP might send wrong SEQ number/ACK number.

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2

Fixed In:
12.1.0, 12.0.0 HF3, 11.6.1 HF1, 11.5.3 HF2

Opened: Jun 30, 2015
Severity: 3-Major
Related Article:
K90505290

Symptoms

The BIG-IP system may send ICMP messages that contain an incorrect tcp seq ack number in the embedded msg body.

Impact

The TCP connflow might be aborted if an ICMP message (such as More fragment) is received.

Conditions

FastL4 TCP virtual servers. Syncookie mode.

Workaround

None.

Fix Information

The BIG-IP system sends correct SEQ and ACK number in ICMP messages.

Behavior Change