Bug ID 1287981: Hardware SYN cookie mode may not exit

Last Modified: Dec 13, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3

Fixed In:
17.1.1, 15.1.10

Opened: Apr 12, 2023

Severity: 3-Major

Symptoms

-- Virtual server reports SYN cookie mode is "full hardware" even after a SYN flood has stopped. -- The virtual_server_stat tmstat table columns sc_mode0,sc_mode1 show "FRS" and the syncookies.hwsyncookie_inst column is greater than zero, even after a SYN flood has stopped.

Impact

-- SYN/ACK responses that include a SYN cookie are generated by HW even after a SYN flood attacked has stopped. -- SYN pkts are not seen by the virtual server.

Conditions

-- Platform with Neuron/TCAM support. -- AFM is not provisioned.

Workaround

Set the pvasyncookies.preferhwlmode BigDB variable to "true".

Fix Information

Virtual servers properly exit HW SYN cookie mode.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips