Bug ID 781449: CPU can go high when a single srcIP attacks many dstIPs on a wildcard virtual server with sPVA DoS

Last Modified: Jun 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 15.0.0

Opened: May 10, 2019
Severity: 3-Major

Symptoms

cpu can go high when a single src IP attacks many dst IPs on a wildcard virtual server with sPVA DoS.

Impact

CPU usage increases, which might result in legitimate packets veing dropped/delayed.

Conditions

-- AFM hardware sPVA DoS. -- Bad-actor configured on a wildcard virtual server. -- A srcIP attacks many dstIPs in that virtual server.

Workaround

Configure bad-actor at the global-level instead of at the wildcard virtual server level.

Fix Information

None

Behavior Change