Forum Discussion

kridsana's avatar
kridsana
Icon for Cirrocumulus rankCirrocumulus
Sep 10, 2015

F5 impact for fastL4 reassemble-fragments option (CVE-2015-4638)

Hi

 

I've got issue about https://support.f5.com/kb/en-us/solutions/public/17000/100/sol17155.html

 

Which is occur with fastL4 profile reassemble-fragments option.

 

I may be upgrade to fix this issue but before that I have to workaround this.

 

Workaround method is enable reassemble-fragments on fastL4 profile.

 

So I want to know Did we have any Impact or disadvantage to make fastL4 vs (like forwarding vs) to reassemble-fragments ?

 

Thank you very much

 

3 Replies

  • Did forwarding VS or performance L4 vs need to disable reassemble-fragments option ?

     

    I'm curious

     

  • good question, was wondering the same thing, anyone asked support or knows?

     

  • FYI

     

    F5 support told me about this

     

    Enabling the Reassemble-Fragments option on a fastL4 virtual will make the LTM wait for all fragments of a (fragmented) packet, before passing the completed packet to the serverside. This may introduce some initial latency as the packet fragments arrive and are assembled, but will utilise serverside networks settings to deliver larger complete packets (or fragments) to the pool member.

     

    Overall, this setting should be mostly neutral in impact. However, as every network traffic pattern may be different and your specific environment is unknown, we do recommend testing this change and monitoring closely to ensure that there are no adverse impacts in your environment.