Bug ID 1100409: Valid connections may fail while a virtual server is in SYN cookie mode.

Last Modified: Feb 07, 2024

Affected Product(s):
BIG-IP All(all modules)

Fixed In:
17.1.0, 16.1.4, 15.1.9

Opened: Apr 19, 2022

Severity: 3-Major

Symptoms

Some of the valid connections to a TCP virtual server may fail while the virtual server is in SYN cookie mode due to an attack.

Impact

Failed connections, service degradation.

Conditions

-- BIG-IP i4x00 platform. -- TCP virtual server under SYN flood attack.

Workaround

Disabling SYN cookie in the TCP or fastL4 profile is a possible workaround, but that would leave the virtual server open to SYN flood attacks.

Fix Information

The ePVA module is now correctly initialized on the i4x00 platform.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips