Bug ID 555369: CGNAT memory leak when non-TCP/UDP traffic directed at public addresses

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.1.0, 12.0.0 HF3, 11.6.1

Opened: Oct 30, 2015

Severity: 2-Critical

Related Article: K43151094

Symptoms

When rejecting non-TCP/UDP inbound traffic a small amount of memory is leaked with each packet. Depending on the volume of such traffic this may be a slow or fast leak.

Impact

TMM might eventually run out of available memory. The aggressive mode sweeper might be triggered, causing connections to be killed. Eventually TMM restarts.

Conditions

CGNAT configured with inbound connections enabled or hairpinning enabled Non-TCP/UDP traffic with a destination in the LSN Pool address space

Workaround

None.

Fix Information

This release fixes a memory leak that occurred When rejecting non-TCP/UDP inbound traffic.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips