Bug ID 818833: TCP re-transmission during SYN Cookie activation results in high latency

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1

Fixed In:
16.0.0, 15.1.4, 14.1.4.4

Opened: Aug 29, 2019

Severity: 3-Major

Symptoms

Issue is reported at the following system setup: client <-> BIG-IP <-> concentrator <-> proxy <-> BIG-IP nat gateway <-> Internet -- SYN Cookie got activated on F5 nat gateway. -- Latency from 'Internet' (public host) is observed at 'Proxy' device sitting before F5 nat gw. -- During the latency issue, SYN Cookie was active and evicting connections. -- When SYN Cookie is enabled, it switches to l7 delayed binding as expected but it is not sending ACK for HTTP request so the client sends it again and again.

Impact

High latency is observed.

Conditions

Haredware SYN Cookie is enabled on FastL4 profile

Workaround

Disable the SYN Cookie on the FastL4 profile

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips