Bug ID 649613: Multiple UDP/TCP packets packed into one DTLS Record

Last Modified: Oct 10, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1

Fixed In:
13.1.0, 12.1.3.2, 11.6.2

Opened: Mar 08, 2017
Severity: 3-Major

Symptoms

The system converts the server provided packet into PPP buffers. These PPP packets are used to pack into DTLS records. Currently there is a limit of about 14 KB of DTLS records, such that the system can pack multiple PPP records into one DTLS record. However, creating bigger DTLS record can cause server IP Fragmentation. In the lossy environment, losing one IP fragment can cause the complete DTLS record to be lost, resulting in poor performance.

Impact

In networks with packet losses, the APM end-user application might suffer poor network performance.

Conditions

Multiple UDP/TCP packets packed into one DTLS Record.

Workaround

None.

Fix Information

DTLS performance has been improved in lossy or high latency networks by optimizing the number of encoded ppp records inside of DTLS records.

Behavior Change