Bug ID 1125733: Wrong server-side window scale used in hardware SYN cookie mode

Last Modified: Feb 07, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,,, 16.1.4,,,,

Fixed In:
17.1.0, 15.1.9

Opened: Jul 12, 2022

Severity: 3-Major


Client enables Window Scale in the first SYN packet with a specific factor value, however the BIG-IP system disables Window Scale in its SYN/ACK response. Instead, disabling the Window Scale TCP option in both peer BIG-IPs, TMM honors the Window Scale presented by the client in the first SYN, whereas client assumes Window Scale is disabled. This will cause BIG-IP to send data payload bytes exceeding the client's Windows Size.


This can cause performance issues because some packets could need to be retransmitted. In rare cases where client TCP stack is configured to abort the connection when it receives a window overflow, the connection will be RST by the client.


Below conditions must be met in order to match this issue: - Client and server enables timestamp TCP option. - Client enables Window Scale TCP option. - SYN Cookie HW is activated in BIG-IP.


The preferred workaround is changing to Software SYN Cookie mode.

Fix Information

Correct server-side Window Scale behavior is provided when: - Client and server enables timestamp TCP option - Client enables Window Scale TCP option - SYN Cookie HW is activated in BIG-IP

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips