fir3net
PPS-Firenetbanner-780.5x190-30-03-17

F5 LTM - Connection Management

Adaptive Reapers

Adaptive reapers provide the ability for the system to automatically clear connections at the point of a predefined threshold being reached. This provides both system and connection stability during the point of a Denial of Service attack.
At the point memory usage reaches the low water mark threshold (default %85) all half open connections are dropped.
If the memory usage is still in excess of the low water mark, connections that have a long idle period are dropped.
Finally if the high water mark is reached (95%) then no new connections are permitted until the memory usage reaches the low water mark.

SYN Check

To alleviate the effects of a SYN Flood attack the BIG-IP provides a feature called SYN Check. SYN Check works by recording the ISN (initial sequence number) from the embryonic connection. This embryonic connection is then removed from the SYN queue.
When the remainder of the connection is received BIG-IP rebuilds the connection entry using the previously recorded ISN data.

Configuration

To configure both Adaptive Reapers and SYN Check go to ‘System / Configuration /  Device / General / Local Traffic’ from within the Web UI'.

Tags: BIG-IP F5

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001