Bug ID 481189: Change the default value of pccd.hash.load.factor to 25

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3

Fixed In:
12.0.0, 11.6.0 HF4, 11.5.1 HF6

Opened: Sep 25, 2014
Severity: 4-Minor

Symptoms

Sometimes the firewall rule BLOB is very big even though the configurations do not seems to be very big.

Impact

One factor that contribute to the BLOB size is the load factor (percentage of fullness) of the internal hash tables. The load factor specifies the minimum percentage of fullness that need to be reached before the table is expanded to a larger size.

Conditions

The BLOB size depends on many factors such as Src/Dst IP addresses in a rule. There is no straightforward rule to estimate the size of the BLOB from static inspection of the rules. Two set of configurations that look very similar can generate BLOB of very different sizes sometimes.

Workaround

You can manually set the hash load factor from 0 (don't check) to 75.

Fix Information

The load factor controls the minimum percentage of fullness that need to be reached before the table is expanded to a larger size. Setting it to 25 by default prevent the firewall rule compiler from growing the table size too aggressively and results in big firewall BLOB.

Behavior Change