Bug ID 984089: Tcpdump captures at the partition level may show packets in the wrong time order

Last Modified: Jun 10, 2021

Bug Tracker

Affected Product:  See more info
F5OS Velos(all modules)

Known Affected Versions:
1.1.0, 1.1.1, 1.1.2

Opened: Jan 16, 2021
Severity: 3-Major

Symptoms

Tcpdump may show the packets in an out-of-order fashion if it is run from a partition that spans multiple blades. The order refers to the timeline of these packets appearing on the network links outside the system, e.g., a TCP SYN may come from the client to the system, and the system may have responded with a SYN-ACK to the outside client. The capture may show the SYN-ACK packet first and then the SYN. Other than inferring from knowledge of the protocol what these packets represent, there is no real way to mitigate in the multiple-port aggregation scenario. Note: A tcpdump run from inside a BIG-IP tenant shows the correct order.

Impact

Tcpdump captures show the order of the packets differently from when they really happened, leading to possible misinterpretation of events.

Conditions

-- This may be encountered where there is an LACP-aggregated link that spans two ports on two different blades. -- It has also been seen less frequently as out-of-order between ingress (outside-to-host) and egress (host-to-outside) packets.

Workaround

None

Fix Information

None

Behavior Change