Last Modified: May 29, 2024
Affected Product(s):
BIG-IP All
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1
Fixed In:
16.0.0, 15.1.4, 14.1.4.4
Opened: Aug 29, 2019 Severity: 3-Major
Issue is reported at the following system setup: client <-> BIG-IP <-> concentrator <-> proxy <-> BIG-IP nat gateway <-> Internet -- SYN Cookie got activated on F5 nat gateway. -- Latency from 'Internet' (public host) is observed at 'Proxy' device sitting before F5 nat gw. -- During the latency issue, SYN Cookie was active and evicting connections. -- When SYN Cookie is enabled, it switches to l7 delayed binding as expected but it is not sending ACK for HTTP request so the client sends it again and again.
High latency is observed.
Haredware SYN Cookie is enabled on FastL4 profile
Disable the SYN Cookie on the FastL4 profile
None