Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
13.1.0, 12.1.3
Opened: Jun 30, 2017 Severity: 3-Major Related Article:
K64461712
When selecting server-side source ports, the BIG-IP system favors ephemeral ports in the upper range.
If connections on the servers are in the TIME_WAIT state and connection recycling is not configured, the servers may reset those connections that reused a source port too quickly.
In many cases, the BIG-IP system needs to select a source port for the server-side flow different than the source port selected by the client. This is always the case when the virtual server's 'source-port' option is set to 'change'.
Modify the virtual server's 'source-port' option to 'preserve'. This will reduce the need to find suitable source ports for the server-side by the BIG-IP system.
When searching for an available source port, and wrapping into the privileged port range (<1024), the BIG-IP system now performs a small jump out of that range, thus not going into the upper range unnecessarily.
