Bug ID 640352: Connflow can be leaked when DHCP proxy in forwarding mode with giaddr set in DHCP renewal packet

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP PEM(all modules)

Known Affected Versions:
13.0.0

Fixed In:
13.1.0, 13.0.0 HF1, 12.1.2 HF1

Opened: Jan 19, 2017

Severity: 2-Critical

Related Article: K01000259

Symptoms

Connflow entry memory are leaked when BIG-IP DHCP proxy is configured in forwarding mode and the DHCP relay agent between the DHCP client and the BIG-IP system sets giaddr field to itself after connflows created are aged out in a particular order.

Impact

Some connflows are not freed. Memory leak occurs. Eventually memory is exhausted.

Conditions

1) BIG-IP DHCP proxy is configured in forwarding mode. 2) DHCP relay agent sits between the DHCP client and the BIG-IP system sets giaddr field in DHCP renewal packet to itself (this has been observed in Cisco devices), so that DHCP renewal packet will be sent to a relay agent by DHCP servers. 3) Connflow created to giaddr(relay agent) ages out before connflows created to DHCP clients.

Workaround

None.

Fix Information

Ref count handing for giaddr connflows are now decremented when the client side connflow is removed, preventing the memory leak.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips