Bug ID 671935: Possible uneven ephemeral port reuse.

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
13.1.0, 12.1.3

Opened: Jun 30, 2017
Severity: 3-Major
Related AskF5 Article:
K64461712

Symptoms

When selecting server-side source ports, the BIG-IP system favors ephemeral ports in the upper range.

Impact

If connections on the servers are in the TIME_WAIT state and connection recycling is not configured, the servers may reset those connections that reused a source port too quickly.

Conditions

In many cases, the BIG-IP system needs to select a source port for the server-side flow different than the source port selected by the client. This is always the case when the virtual server's 'source-port' option is set to 'change'.

Workaround

Modify the virtual server's 'source-port' option to 'preserve'. This will reduce the need to find suitable source ports for the server-side by the BIG-IP system.

Fix Information

When searching for an available source port, and wrapping into the privileged port range (<1024), the BIG-IP system now performs a small jump out of that range, thus not going into the upper range unnecessarily.

Behavior Change