Bug ID 874317: Client-side asymmetric routing could lead to SYN and SYN-ACK on different VLAN

Last Modified: Feb 20, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,,, 13.1.3,,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,,, 14.1.2,,,, 15.0.0, 15.0.1,,, 15.1.0

Opened: Jan 29, 2020
Severity: 3-Major


When BIG-IP is configured with at least two VLANs/interfaces, and a virtual server with auto-lasthop disabled, then when that virtual server receives a SYN from a client and sends the SYN/ACK back to the client on a different VLAN/interface, it currently expects the ACK to be received on the outgoing interface.


The mismatch could lead to connections failing to establish.


BIG-IP is configured with (at least) two VLANs/interfaces, and with a virtual server with auto-lasthop disabled.


Use the same VLAN on the client side.

Fix Information


Behavior Change