Bug ID 510883: Change in default DoS attack detection threshold can degrade L4 performance

Last Modified: Nov 22, 2021

Affected Product(s):
BIG-IP AFM(all modules)

Fixed In:
12.0.0

Opened: Mar 06, 2015

Severity: 3-Major

Symptoms

Lower throughput at very high levels of SYN flood. A more obvious symptom is an "Attack Detected" log message.

Impact

CPS degrades 5-13%, depending on platform.

Conditions

This degradation occurs only under high rate of new TCP connection creation, typically when CPU usage is greater than 60%.

Workaround

Change device DoS detection threshold from default to infinite.

Fix Information

Change in default DoS attack detection threshold can degrade L4 performance

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5, Inc. All rights reserved. Policies | Privacy | Trademarks