Bug ID 1012413: Tmm performance impact for DDoS vector on virtual server when hardware mitigation is enabled

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1

Fixed In:
17.0.0, 15.1.4

Opened: Apr 19, 2021
Severity: 3-Major

Symptoms

When a DoS profile is attached to a virtual server, the mitigation limit is set to the system limit and not the HSB limit. This causes more packets to be handled by software. Depending on attack size, it could pass up to 200% of the set mitigation limit. This can impact tmm performance.

Impact

Tmm performance may be degraded.

Conditions

-- Dos profile is configured on virtual server. -- Hardware platform that has HSB -- Hardware mitigation is enabled

Workaround

None

Fix Information

The HSB limit is set to (vector configured mitigation limit) / (number of hsbs on BIG-IP)

Behavior Change