For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Joad's avatar
Joad
Icon for Nimbostratus rankNimbostratus
Jun 18, 2019
Solved

ASM bypass_upon_load variable

Hi all, when you enable the bypass_upon_load variable , web application traffic bypasses the BIG-IP ASM system when there are insufficient resources for BIG-IP ASM service.   I would like to kno...
application delivery
ASM Advanced WAF
  • Andrew-F5's avatar
    Andrew-F5
    Jun 19, 2019

    By default, the bypass kicks in if the system idle is under 10% (i.e., is 90% used); this can be altered by changing the "bypass_under_high_cpu" system variable from 10 to some other value.

     

    /usr/share/ts/bin/add_del_internal update bypass_under_high_cpu <value>

     

    Sample log when the event has started:

    "High CPU Utilization: event code I617 Bypassing ASM"

     

    There is no log indicating the event has ceased, you'll just stop seeing additional logs.

WAF_Engineering's avatar
WAF_Engineering
Icon for Nimbostratus rankNimbostratus
Jul 08, 2019

Andrew we have a follow up question:

if bypass_upon_load is left disabled, meaning upon high load the 'spill over' traffic will be blocked, what can we expect the customer experience to be like during that? Is the response page issue for the block or does it simply appear as latency in the browser?

 

Please advise.

 

Thank you.

 

Andrew-F5's avatar
Andrew-F5
Icon for Employee rankEmployee
Jul 08, 2019

To the best of knowledge the F5 will simply drop SYNs for new connections.