Forum Discussion

Ecesureshkumar's avatar
Ecesureshkumar
Icon for Nimbostratus rankNimbostratus
Aug 01, 2016

Syncookie threshold 1994 exceeded

Hi team,

 

We have BIG IP LTM device in cluster for our production system, we are receiving below error message during peak window and suspect some of genuine connections are getting dropped due to SYN Protection. Few customers also complained that few financial transaction getting dropped intermediately.

 

Syncookie threshold 1994 exceeded, virtual = 172.16.170.55:443

 

Limiting open port RST response from 501 to 500 packets/sec

 

kindly suggest your inputs/solution to mitigate this issue.

 

application delivery
big-ip ltm
LTM

3 Replies

Sort By
  • Ecesureshkumar's avatar
    Ecesureshkumar
    Icon for Nimbostratus rankNimbostratus
    Aug 08, 2016

    Can you please brief me which database variable needs to be increased for smooth operation.

     

    pvasyncookies.virtual.connthresholdhigh

     

    pvasyncookies.virtual.maxsyncache

     

    pvasyncookies.virtual.invalidthreshold

     

  • PeteWhite's avatar
    PeteWhite
    Icon for Employee rankEmployee
    Aug 08, 2016

    You should read the following article that provides further information SOL14779: Overview of BIG-IP SYN cookie protection (11.3.x - 12.x)

     

    You should note that the settings are per tmm so would trigger at a lower than expected rate when traffic is pinned to a single tmm such as from a limited range of IP addresses.

     

    Configuration of the global threshold is at System>Configuration>Local Traffic>General ( SYN Check™ Activation Threshold ) and is set to 16384 by default. Try doubling it to 32768 first and see whether it still triggers. You can further narrow this down if you want to.