Last Modified: Sep 24, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 17.1.0.1, 17.1.0.2, 17.1.0.3
Fixed In:
17.1.1, 16.1.5
Opened: Jun 01, 2023 Severity: 3-Major
If a duplicate SYN arrives on a connection before the SYN/ACK is processed and the connection is pushed into PVA, then when it is later evicted from PVA it may stop passing traffic and be reset with the RST cause "Handshake Timeout".
Connection will stop passing traffic and resets when they are evicted from PVA.
- PVA enabled - Mirroring enabled - Duplicate SYNs on the network
Perform one of the following as a workaround: - Disable PVA - Disable mirroring - Modify sys db tm.fastl4_ack_mirror value to Disable - Modify sys db tm.fastl4_mirroring_taciturn value to Enable.
None