Bug ID 984897: Some connections performing SSL mirroring are not handled correctly by the Standby unit.

Last Modified: Feb 04, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 16.0.0, 16.0.0.1, 16.0.1

Opened: Jan 19, 2021
Severity: 3-Major

Symptoms

Some of the connections performing SSL mirroring do not advance through TCP states as they should on the Standby unit. Additionally, these connections do not get removed from the connection table of the Standby unit when the connections close. Instead, they linger on until the idle timeout expires.

Impact

Should the units fail over, some connections may not survive as expected. Additionally, given a sufficient load and a long idle timeout, this could cause unnecessary TMM memory utilization on the Standby unit.

Conditions

A virtual server configured to perform SSL connection mirroring.

Workaround

None.

Fix Information

None

Behavior Change