Bug ID 480903: AFM DoS ICMP sweep mitigation performance impact

Last Modified: Mar 12, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3

Fixed In:
12.0.0, 11.6.0 HF4

Opened: Sep 24, 2014
Severity: 2-Critical

Symptoms

In AFM DoS, the performance of ICMP Sweep Vector Mitigation brings down the performance of the BIG-IP system.

Impact

Slower performance of the BIG-IP system. A lot of CPU is used to mitigate the AFM DoS Sweep vector.

Conditions

ICMP Traffic levels at 4 million pps from ~100 Src IP addresses, with the AFM DoS Sweep vector enabled to mitigate ICMP traffic.

Workaround

Do not enable the AFM DoS Sweep vector for ICMP Traffic when the attack rate is over 4 Million pps.

Fix Information

AFM DoS ICMP sweep mitigation performance issues have been alleviated.

Behavior Change