Bug ID 620929: New iRule command, MR::ignore_peer_port

Last Modified: Oct 25, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
13.1.0, 12.1.3, 11.6.3

Opened: Oct 06, 2016
Severity: 3-Major

Symptoms

For incoming connections where the client used a ephemeral source port, subsequents connections from the same client may connect using a different ephemeral port. Without being able to identify the current connection as equivalents to other connections from the same IP, it will not be discoverable as an equivalent connection.

Impact

Without being able to identify the current connection as equivalents to other connections from the same IP, it will not be discoverable as an equivalent connection.

Conditions

For incoming connections where the client used a ephemeral source port, subsequents connections from the same client may connect using a different ephemeral port.

Workaround

Without this change, a new connection would need to be created to the client.

Fix Information

New iRule command allow script author to identify the current connection as equivalent to other connections of the IP and route domain ID matches.

Behavior Change