Bug ID 431109

Bug Tracker
ID 431109

Bug ID 431109: Best threshold setting under IP Fragment Flood

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
11.4.1

Opened: Sep 19, 2013

Severity: 2-Critical

Symptoms

On HSBe2 based platforms, the default threshold does not provide best performance under IP fragment flood attack.

Impact

Slow performance.

Conditions

This occurs on HSBe2 based platforms including B4300 and B2100 blades

Workaround

Change the default threshold setting for the ip fragment vector to the following: ip-frag { default-internal-rate-limit 10000 detection-threshold-percent 500 detection-threshold-pps 1000 } ip-frag-flood { default-internal-rate-limit 10000 detection-threshold-percent 500 detection-threshold-pps 1000 }

Fix Information

None

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips