Bug ID 1012413: Tmm performance impact for DDoS vector on virtual server when hardware mitigation is enabled

Last Modified: Feb 07, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1

Fixed In:
17.0.0, 15.1.4

Opened: Apr 19, 2021

Severity: 3-Major

Symptoms

When a DoS profile is attached to a virtual server, the mitigation limit is set to the system limit and not the HSB limit. This causes more packets to be handled by software. Depending on attack size, it could pass up to 200% of the set mitigation limit. This can impact tmm performance.

Impact

Tmm performance may be degraded.

Conditions

-- Dos profile is configured on virtual server. -- Hardware platform that has HSB -- Hardware mitigation is enabled

Workaround

None

Fix Information

The HSB limit is set to (vector configured mitigation limit) / (number of hsbs on BIG-IP)

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips