Forum Discussion
NimbostratusSyncookie threshold 1994 exceeded
Hi team,
We have BIG IP LTM device in cluster for our production system, we are receiving below error message during peak window and suspect some of genuine connections are getting dropped due to SYN Protection. Few customers also complained that few financial transaction getting dropped intermediately.
Syncookie threshold 1994 exceeded, virtual = 172.16.170.55:443
Limiting open port RST response from 501 to 500 packets/sec
kindly suggest your inputs/solution to mitigate this issue.
3 Replies
PeteWhiteEmployee
Increase the syn cookie threshold. https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14779.html
EcesureshkumarCan you please brief me which database variable needs to be increased for smooth operation.
pvasyncookies.virtual.connthresholdhigh
pvasyncookies.virtual.maxsyncache
pvasyncookies.virtual.invalidthreshold
- PeteWhite
You should read the following article that provides further information SOL14779: Overview of BIG-IP SYN cookie protection (11.3.x - 12.x)
You should note that the settings are per tmm so would trigger at a lower than expected rate when traffic is pinned to a single tmm such as from a limited range of IP addresses.
Configuration of the global threshold is at System>Configuration>Local Traffic>General ( SYN Check™ Activation Threshold ) and is set to 16384 by default. Try doubling it to 32768 first and see whether it still triggers. You can further narrow this down if you want to.
