Symptoms
When an iRule throws an error, the default is to abort the connection. When the error occurs in the CLIENT_ACCEPTED event and the Virtual Server is using source-address-translation type LSN, the source address translation may be executed before the connection is aborted. The address translation may succeed even though the connection fails.
Impact
There are a number of possible side effects depending on configuration:
- Any LSN commands in the failing iRule may be ignored.
- LSN Pool translation statistics may be incremented.
- A log message indicating a successful translation may be output.
- Multiple RSTs may be sent for the aborted connection.
- PBA port blocks may be allocated.
- Persistence mapping entries may be created.
- Inbound mapping entries may be created.
Conditions
A Virtual Server is using source-address-translation type LSN and has an iRule that does not handle errors.
Workaround
Use the Tcl catch command to handle Tcl errors. When an error occurs, use the LSN::disable command to prevent the translation.
Fix Information
When an unhandled error occurs in a iRule, the connection will be aborted withoot executing LSN address translation.
