Bug ID 523128: At SYN time PVA offloading enabled, SYN-Cookie mode can be triggered earlier than other mode with same SYN-Cookie threshold level

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Opened: May 13, 2015
Severity: 4-Minor


When syncookie is enabled, given same threshold and same traffic, Syncookie mode is easier to trigger when PVA acceleration is enabled than when PVA-acceleration is disabled.


SYN cookie protection is easier to be triggered when PVA acceleration is enabled, especially when the syncache level is lowered from the default value.


Virtual server with PVA hardware acceleration and hardware SYN cookie support.


Change the pva offload state from "embryonic" to "establish" root@(localhost)(cfg-sync Standalone)(Offline)(/Common)(tmos)# modify ltm profile fastl4 fastL4 pva-offload-state establish

Fix Information


Behavior Change