Bug ID 497970: IP Intelligence Logging and Reporting present Auto-Blacklist stats that do not match other sources

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Opened: Dec 22, 2014
Severity: 4-Minor

Symptoms

In order to provide visibility, hardware-accelerated blacklisting leaks 1 packet in 256 (configurable). In software, in order to maintain the correct number of packets that would have been received if the hardware was not present, for every leaked pkt we add 255. tmctl bl_sw_entry_hit counts only software processed packets, but the shun counter counts both hardware and software, so the values may be inconsistent.

Impact

Inconsistent statistics

Conditions

HW acceleration of IP Intelligence auto-blacklist/shun list feature

Workaround

None

Fix Information

None

Behavior Change