Bug ID 803109: Certain configuration may result in zombie forwarding flows

Last Modified: Jun 10, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1

Opened: Jul 08, 2019
Severity: 3-Major

Symptoms

OneConnect profile in conjunction with 'Source-port preserve-strict' or cmp-hash setting of 'dst-ip' or 'src-ip' on the server-side VLAN may result in zombie forwarding flows. On the server-side the incoming traffic hits a different TMM from the one that handles the outgoing traffic. Unexpected 'Inet port exhaustion' messages may be logged in the LTM log file.

Impact

Zombie forwarding flows. Over time, the current allocation count grows and does not return to its prior level when traffic stops. The current allocation can be checked with this command: # tmctl memory_usage_stat name=connflow -s name,cur_allocs

Conditions

-- OneConnect configured. And one of the following: -- Source-port is set to preserve-strict. -- The cmp-hash setting on the server-side VLAN is set to 'dst-ip' or 'src-ip'.

Workaround

You can use any of the following workarounds: -- Remove the OneConnect profile from the Virtual Server. -- Do not use 'source-port preserve' setting on the Virtual Server. -- Set the 'cmp-hash default' on the server-side VLAN if it is set to 'cmp-hash src-ip' or 'cmp-hash dst-ip'.

Fix Information

None

Behavior Change