Bug ID 549543: DSR rejects return traffic for monitoring the server

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0, 11.6.1, 11.5.4 HF2

Opened: Sep 30, 2015
Severity: 3-Major
Related AskF5 Article:
K37436054

Symptoms

System DB variable 'tm.monitorencap' controls whether the server monitor traffic is encapsulated inside DSR tunnel. If it is set to 'enable', monitor traffic is encapsulated, and return traffic is without the tunnel encapsulation. In such a case, the return traffic is not mapped to the original monitor flow, and gets rejected/lost.

Impact

Monitor traffic gets lost, and server pool is marked down.

Conditions

System DB variable 'tm.monitorencap' is set to 'enable', and DSR server pool is monitored.

Workaround

None.

Fix Information

The DSR tunnel flow now sets the correct underlying network interface, so that the return monitor flow can match the originating flow, which results in the DSR monitor working as expected.

Behavior Change