Bug ID 544325: BIG-IP UDP virtual server may not send ICMP Destination Unreachable message Code 3 (port unreachable).

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0, 11.6.1 HF1, 11.5.4 HF2

Opened: Sep 07, 2015
Severity: 3-Major
Related Article:
K83161025

Symptoms

A BIG-IP UDP virtual server may not send an ICMP Destination Unreachable message Code 3 (port unreachable). As a result of this issue, you may encounter the following symptoms: -- Client applications may not respond or appear to hang. -- When attempting to troubleshoot the connectivity issue from remote devices, no ICMP diagnostic data is available from the BIG-IP system.

Impact

In versions 11.3.0 through 11.4.1, the system silently drops the request. In versions 11.5.0 and later, the system sends back the ICMP message with type 13 ('administratively filtered').

Conditions

This issue occurs when the following condition is met: All pool members for the UDP virtual server are unavailable.

Workaround

None.

Fix Information

LTM now sends back an ICMP Destination Unreachable message Code 3 (port unreachable), which is expected behavior.

Behavior Change

In version 11.2.1 and earlier, the system responded to a request with an ICMP packet containing the type code 'port unreach' when a UDP virtual server pool member was down due to no available pool members. For the same scenario in versions 11.3.0 through 11.4.1, the system sends no ICMP packet. In versions 11.5.0 through this hotfix/release, the system sends an ICMP packet containing the 'administratively filtered' type code for the same scenario. In this hotfix/release, the 11.2.1 behavior is restored. In this case, the system responds with an ICMP packet containing the type code set to 'port unreach'.