F5 LTM - Connection Management
Adaptive reapers provide the ability for the system to automatically clear connections at the point of a predefined threshold being reached. This provides both system and connection stability during the point of a Denial of Service attack.
At the point memory usage reaches the low water mark threshold (default %85) all half open connections are dropped.
If the memory usage is still in excess of the low water mark, connections that have a long idle period are dropped.
Finally if the high water mark is reached (95%) then no new connections are permitted until the memory usage reaches the low water mark.
To alleviate the effects of a SYN Flood attack the BIG-IP provides a feature called SYN Check. SYN Check works by recording the ISN (initial sequence number) from the embryonic connection. This embryonic connection is then removed from the SYN queue.
When the remainder of the connection is received BIG-IP rebuilds the connection entry using the previously recorded ISN data.
To configure both Adaptive Reapers and SYN Check go to ‘System / Configuration / Device / General / Local Traffic’ from within the Web UI'.
Tags: BIG-IP F5