Bug ID 552566: AFM DoS Profile Sweep vector configured thresholds are per blade instead of being per device

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2

Fixed In:
12.1.0, 12.0.0 HF3

Opened: Oct 14, 2015
Severity: 3-Major

Symptoms

All the AFM DoS Profile vector configurations are meant to be per device. The issue is that the configured thresholds are instead used as though they apply to each blade separately - hence in a multi-blade system the virtual DoS thresholds will be much larger than configured.

Impact

DoS protection could kick in much later than actually configured by the user.

Conditions

A multi-blade system with AFM and DoS profile configured on a virtual with the Sweep Vector enabled.

Workaround

Take the thresholds that you want to configure for the vector and divide it by the number of blades in the system, and configure those thresholds instead.

Fix Information

Fix the bug which considered those numbers to be per blade.

Behavior Change