Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5
Fixed In:
12.0.0, 11.6.0 HF6, 11.5.3 HF2
Opened: Mar 14, 2015 Severity: 3-Major Related Article:
K68275911
The PVA stat curr_pva_assist_conn is not being updated properly for certain Fast L4 flows.
Stats counts for Fast L4 virtual server, curr_pva_assist_conn value and 'Current SYN Cache', show invalid counts. If the hardware SYN cookie protection is on, the SYN cookie protection may be activated when it is not supposed to.
1) Fast L4 virtual server. 2) PVA-acceleration enabled. This occurs when the connection flow is not created because UDP traffic arrives at an undefined port on the virtual server. The curr_pva_assist_conn value is incremented though there are no active PVA flows. This can also occur when LTM gets ICMP unreachable messages from the serverside.
None.
Stats counts for Fast L4 virtual server, curr_pva_assist_conn value and 'Current SYN Cache', now show the correct counts.