Bug ID 1384509: The ePVA syncookie protection stays activated in hardware

Last Modified: Sep 27, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4

Opened: Oct 23, 2023

Severity: 3-Major

Symptoms

Hardware syncookie protection might be activated without TMM reflecting such state. Only the following log will be shown when this happens (even though hardware protection is activated): warning tmm5[24301]: 01010038:4: Syncookie counter 53 exceeded vip threshold 52 for virtual = 1.1.1.1:443 Normally two following messages should be visible: warning tmm5[24301]: 01010038:4: Syncookie counter 53 exceeded vip threshold 52 for virtual = 1.1.1.1:443 notice tmm5[24301]: 01010240:5: Syncookie HW mode activated, server name = /Common/test server IP = 1.1.1.1:443, HSB modId = 5 There exist exceptions to this rule. If unsure, please open a support case.

Impact

Hardware syncookie protection stays activated without TMM reflecting the state. Hardware syncookie protection stays activated until traffic subsides and hardware deativates protection. Some connections might not be opened properly.

Conditions

Hardware syncookie protection activated on a TCP/fastL4 profile. Undisclosed traffic pattern hits virtual server.

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips