Bug ID 526277: AFM attack may never end on AVR dos overview page in a chassis based BIG-IP

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5

Fixed In:
12.0.0, 11.6.0 HF6

Opened: Jun 03, 2015
Severity: 3-Major

Symptoms

In a BIG-IP chassis, it is possible that the AFM "attack started" event and "attack stopped" event happen on two different slots of the chassis. In that case avrd is not able to detect and report "attack stopped" event and the user would continue to see "attack ongoing" in the DoS Overview Page.

Impact

User will get confused when he see that the AFM DoS Overview Page still shows the attack as ongoing when it has actually stopped.

Conditions

This will only happen in a BIG-IP chassis based system with multiple slots, and if the AFM DoS "attack started" and "attack stopped" events are given to different slots.

Workaround

No workaround

Fix Information

With this change the bug has been fixed and now the AFM DoS Overview Page will always know when a attack has stopped.

Behavior Change