IBM Support

IT07956: USING ACCESS CONTROL LISTS IN A NETWORK ENVIRONMENT WITH PACKET FRAGMENTATION MIGHT RESULT IN THE INSTABILITY OF TCP CONNECTIONS

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • When services using Access Control Lists are deployed in a
    network environment with IP packet fragmentation, packets might
    be dropped unexpectedly, which might result in broken TCP
    connections.  This is more likely to manifest with longer
    transfers, for example, when using the appliance for file
    transfer.
    

Local fix

  • Disable/remove ACL.
    

Problem summary

  • Affected are DataPower configurations with services using
    several distinct Access Control Lists to restrict the range of
    client IP addresses.
    
    In network environment with frequent or deterministic IP packet
    fragmentation, parts of fragmented packets might be unexpectedly
    dropped.  The packet loss might result in network delays or TCP
    connection breakdown.
    

Problem conclusion

Temporary fix

Comments

APAR Information

  • APAR number

    IT07956

  • Reported component name

    DTAPWR B2B APL

  • Reported component ID

    DP905XB62

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2015-03-30

  • Closed date

    2015-06-15

  • Last modified date

    2015-06-29

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    DTAPWR B2B APL

  • Fixed component ID

    DP905XB62

Applicable component levels

  • R600 PSN

       UP

  • R601 PSN

       UP

  • R700 PSN

       UP

  • R710 PSN

       UP



Document information

More support for: WebSphere DataPower B2B Appliance XB62

Software version: 7.0.0

Reference #: IT07956

Modified date: 29 June 2015