Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1
Fixed In:
13.1.0, 12.1.3.2, 11.6.3.2, 11.5.7
Opened: Sep 11, 2017 Severity: 2-Critical
tmm might crash when using a virtual server-to-virtual server connection, and that connection has a TCP profile with keepalive configured.
Shortly after the keepalive packet is received, which then is decompressed, the assert is triggered, and tmm restarts. Traffic disrupted while tmm restarts.
-- L7 virtual server-to-virtual server connection (Virtual command, cpm rule, etc.). -- TCP profile with keepalive configured. -- (Deflate profile.) -- At the beginning of the connection, there is a stall for longer than the specified keepalive timer interval. -- The received response decompresses to a size that is greater than the advertised window size on the first virtual server's TCP stack.
Remove keepalive from the TCP profiles of the two virtual servers involved.
The system now honors the current receive window size when sending keepalives, so the tmm crash no longer occurs.