For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kridsana's avatar
kridsana
Icon for Cirrocumulus rankCirrocumulus
Sep 10, 2015

F5 impact for fastL4 reassemble-fragments option (CVE-2015-4638)

Hi   I've got issue about https://support.f5.com/kb/en-us/solutions/public/17000/100/sol17155.html   Which is occur with fastL4 profile reassemble-fragments option.   I may be upgrade to fi...
application delivery
design
fast l4
LTM
security
TMOS
kridsana's avatar
kridsana
Icon for Cirrocumulus rankCirrocumulus
Sep 15, 2015

FYI

 

F5 support told me about this

 

Enabling the Reassemble-Fragments option on a fastL4 virtual will make the LTM wait for all fragments of a (fragmented) packet, before passing the completed packet to the serverside. This may introduce some initial latency as the packet fragments arrive and are assembled, but will utilise serverside networks settings to deliver larger complete packets (or fragments) to the pool member.

 

Overall, this setting should be mostly neutral in impact. However, as every network traffic pattern may be different and your specific environment is unknown, we do recommend testing this change and monitoring closely to ensure that there are no adverse impacts in your environment.