Bug ID 747960: BIG-IP VE with 1nic does not handle fragmented traffic to webui or ssh properly

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1

Opened: Oct 25, 2018

Severity: 4-Minor

Symptoms

Attempts to send fragmented packets destined for SSH or the webui of BIG-IP VE running with 1 NIC will fail. This is a rare situation generally, but one noted area where we have seen it is when BIG-IQ attempts to discover the BIG-IP.

Impact

The IP fragments will not be properly reassembled and the connection will ultimately fail. This is only an issue for IP fragmented traffic sent with 1nic destined for SSH or the webui.

Conditions

BIG-IP VE configured with 1 network interface. Send IP fragmented traffic to either SSH or the web interface (TCP/8443 for 1nic).

Workaround

Prevent IP fragmentation, or configure multiple network interfaces.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips