Last Modified: Jun 14, 2019
See more info
BIG-IP DNS, LTM
Known Affected Versions:
13.1.0, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 13.1.1, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 14.0.0, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 14.1.0, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 15.0.0
Opened: May 17, 2019
The TMM may crash and restart when an iRule on a DNS virtual server performs the 'drop' command while the BIG-IP system is handling both a DNS request and DNS response at the same time for the same DNS client IP and port without UDP Datagram-LB.
TMM crash or restart. Traffic impacted. Traffic disrupted while tmm restarts.
-- The BIG-IP instance has two or more TMM processes as a result of having two or more physical cores or virtual CPUs. -- A virtual server with both DNS and UDP profiles and one or more iRules. -- The UDP profile has Datagram LB disabled. -- The iRules have a 'drop' command. -- The iRules have a DNS_REQUEST and/or DNS_RESPONSE event with an iRule command that require coordinating data with another TMM on the system, such as the 'table' command.
F5 strongly recommends using a UDP profile with Datagram-LB enabled for DNS UDP virtual servers. Alternatively, replace the 'drop' command with DNS::drop in DNS_REQUEST and DNS_RESPONSE events, or with UDP::drop in other iRule events. See the respective references pages for DNS::drop and UDP::drop for the Valid Events each iRule command is available in: https://clouddocs.f5.com/api/irules/DNS__drop.html https://clouddocs.f5.com/api/irules/UDP__drop.html