Bug ID 793217: HW DoS on BIG-IP i2800/i4800 might have up to 10% inaccuracy in mitigation

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
15.1.0, 15.0.0, 14.1.0, 14.0.0, 13.1.0

Fixed In:
17.1.1

Opened: Jun 13, 2019

Severity: 3-Major

Symptoms

Depending on traffic patterns, when HW DoS on BIG-IP i2800/i4800 is configured, HW DoS might mitigate up to 10% more aggressively. If the rate-limit configured is 1000pps, the device might allow only 900pps.

Impact

HW DoS mitigates more aggressively, which might result in seeing fewer packets than what is configured.

Conditions

-- HW DoS on BIG-IP i2800/i4800 platforms. -- Attack pattern is distributed evenly on all tmm threads.

Workaround

Configure the rate-limit to be 10% more than what is desired.

Fix Information

HW DoS now shows mitigation more accurately.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips