F5 LTM – Connection Management

Adaptive Reapers

Adaptive reapers provide the ability for the system to automatically clear connections at the point of a predefined threshold being reached. This provides both system and connection stability during the point of a Denial of Service attack.
At the point memory usage reaches the low water mark threshold (default %85) all half open connections are dropped.
If the memory usage is still in excess of the low water mark, connections that have a long idle period are dropped.
Finally if the high water mark is reached (95%) then no new connections are permitted until the memory usage reaches the low water mark.

SYN Check

To alleviate the effects of a SYN Flood attack the BIG-IP provides a feature called SYN Check. SYN Check works by recording the ISN (initial sequence number) from the embryonic connection. This embryonic connection is then removed from the SYN queue.
When the remainder of the connection is received BIG-IP rebuilds the connection entry using the previously recorded ISN data.


To configure both Adaptive Reapers and SYN Check go to ‘System / Configuration /  Device / General / Local Traffic’ from within the Web UI’.

Rick Donato

Want to become an F5 Loadbalancers expert?

Here is our hand-picked selection of the best courses you can find online:
F5 BIG-IP 101 Certification Exam – Complete Course
F5 BIG-IP 201 Certification Exam – Complete Course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial