Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5
Fixed In:
14.1.5.1
Opened: Jan 20, 2022 Severity: 3-Major
If an error occurs while deleting a hardware SYN cookie Neuron rule, TMM may crash. Possible (but not required) symptoms include TMM logs before the crash like: neuron_client_send_data: Error: mds_conn_send_xbuf failed neuron_client_send_req: neuron_client_send_data failed: ERR_REJECT hudproxy_neuron_client_closed_cb: Neuron client connection terminated
Traffic disrupted while tmm restarts.
-- Platforms with Neuron/TCAM support (BIG-IP iSeries)
On HSB platforms it is possible to disable the Neuron SYN cookie feature by the 'HSBE::syncookie_neuron_enabled 0' Tcl command in /config/tmm_init.tcl. However, this would prevent full hardware SYN cookie protection for wildcard or subnet virtual servers.
Error handling during Neuron rule deletion is fixed.