Bug ID 1125733: Wrong server-side window scale used in hardware SYN cookie mode

Last Modified: Mar 26, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,, 17.0.0,,

Fixed In:

Opened: Jul 12, 2022
Severity: 3-Major


Client enables Window Scale in the first SYN packet with a specific factor value, however the BIG-IP system disables Window Scale in its SYN/ACK response. Instead, disabling the Window Scale TCP option in both peer BIG-IPs, TMM honors the Window Scale presented by the client in the first SYN, whereas client assumes Window Scale is disabled. This will cause BIG-IP to send data payload bytes exceeding the client's Windows Size.


This can cause performance issues because some packets could need to be retransmitted. In rare cases where client TCP stack is configured to abort connection when it receives window overflow the connection will be RST by client.


Below conditions must be met in order to match this issue: - Client and server enables timestamp TCP option. - Client enables Window Scale TCP option. - SYN Cookie HW is activated in BIG-IP.


The preferred workaround is changing to Software SYN Cookie mode.

Fix Information


Behavior Change