Bug ID 434468: htsplit mode may lead to false-alarm of AFM DOS detection/mitigation.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP AFM, Install/Upgrade(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10

Opened: Oct 18, 2013

Severity: 2-Critical


For 11.5 htsplit mode is enabled by default. htsplit is actuals only for platform/blades which have CPU with hyper-threading. htsplit mode decrease number of tmms in twice. So after upgrade from 11.4 to 11.5, you may see that DOS attacks happens on normal traffic rates. Example: You have BIG-IP 10000/12000 with 11.4 with 12 tmms, and you configure DOS accordingly. Then when you make upgrade to 11.5 and you end up with 6 tmms because of htsplit mode.


You may see false-alarm DOS attack on normal traffic rates.


Platform/blade CPU have hyper-threading and sys db scheduler.splitplanes.ltm = "true"


Double the thresholds for AFM DOS vectors.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips