Bug ID 1075905: TCP connections may fail when hardware SYN Cookie is active

Last Modified: Aug 31, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5

Fixed In:
15.1.5.1, 14.1.5

Opened: Jan 26, 2022
Severity: 2-Critical

Symptoms

When an object is in hardware SYN Cookie mode, some of the valid connections are also rejected with "No flow found for ACK" reset cause.

Impact

Service degradation.

Conditions

VELOS and rSeries platforms.

Workaround

Disable hardware SYN Cookie on all objects (virtual server, VLAN, etc.).

Fix Information

Valid connections are now accepted in hardware SYN Cookie mode.

Behavior Change