Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.1.0, 12.0.0 HF3, 11.6.1 HF1
Opened: Jan 14, 2016 Severity: 3-Major
Existing TCP connection is being sporadically disrupted by the BIG-IP virtual server sending out a SYN, ACK, causing existing connection to fail. The client and virtual server set up a good TCP connection, complete the SSL handshake, and start to pass application data. APM virtual server then sends SYN, ACK with sequence and ACK numbers that do not match the existing stream. The APM then tries three SYN-ACKs before giving up and sending out a RST-ACK, which drops the connection attempt, but as it shares the same ip:port number as the existing connection, resets the good connection.
APM RDG feature does not work
Auto Last Hop setting is disabled.
You can use either of the following workarounds: -- Enable Auto Last Hop. -- Set cmp_enabled to 'NO' on the virtual server.
APM RDG feature now works as expected when Auto Last Hop is disabled.