Bug ID 605270: On some platforms the SYN-Cookie status report is not accurate

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP vCMP(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5

Fixed In:
13.0.0, 12.1.3.6, 11.5.7

Opened: Jul 15, 2016
Severity: 3-Major

Symptoms

On a vCMP guest, after a ePVA-enabled virtual server enters SYN Cookie mode, the FPGA will never leave SYN Cookie mode even though BIG-IP has returned to normal mode.

Impact

Since this occurs very intermittently, the entire impact is not known. Initially this is an incorrect SYN Cookie status reporting issue for LTM Virtual statistics, but it is possible that if SYN Cookie mode is triggered again, hardware SYN might not be enabled properly.

Conditions

This occurs intermittently on virtual servers with ePVA enabled on a vCMP instance where SYN Protection is triggered.

Workaround

Upgrade with new fixes for this.

Fix Information

BIG-IP FPGAs now correctly report hardware SYN Cookie mode.

Behavior Change