Bug ID 836357: SIP MBLB incorrectly initiates new flow from virtual IP to client when existing flow is in FIN-wait2

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.1, 12.1.2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,, 15.0.0, 15.0.1,,,, 15.1.0,

Fixed In:

Opened: Oct 10, 2019

Severity: 4-Minor


In MBLB/SIP, if the BIG-IP system attempts to send messages to the destination over a TCP connection that is in FIN-wait2 stage, instead of returning a failure and silently dropping the message, the BIG-IP system attempts to create a new TCP connection by sending a SYN. Eventually, the attempt fails and causes the connection to be aborted.


This causes the BIG-IP system to abort the flow that originates the message.


-- This happens on MBLB/SIP deployment with TCP. -- There is message sent from the server to the BIG-IP system. -- The BIG-IP system forwards the message from the server-side to client-side. -- The destination flow (for the BIG-IP system to forward the message to) is controlled by 'node <ip> <port>' and 'snat <ip> <port>' iRules command. -- The destination flow is in the FIN-wait2 stage.



Fix Information

SIP MBLB correctly initiates a new flow from a virtual IP to the client when an existing flow is in the FIN-wait2 stage.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips