Bug ID 602329: syncookie header of HA channel mirror packets is not cleared

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3

Opened: Jun 30, 2016

Severity: 3-Major

Symptoms

You notice that L7 connections on the standby unit are increasing and may not be cleared until the tcp timeout.

Impact

Connections increase unnecessarily on the standby unit.

Conditions

This can occur when using mirroring when syn cookies are enabled. It is more severe with hardware syn cookies but still occurs with software syn cookies.

Workaround

Although it does not completely clear the condition, you can disable hardware syncookies to work around this problem. In tmsh: modify /ltm profile tcp <profile_name> hardware-syn-cookie disable

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips