Forum Discussion
Walter_Kacynski
Cirrostratus
Cirrostratusmptcp-mobile-optimized and Hardware SYN Cookie Protection
Does anyone know why the TCP protocol profile mptcp-mobile-optimized ships with Hardware SYN Cookie Protection disabled? It is still enabled on tcp-mobile-optimized.
Here is a copy of my two profiles, which should be the default:
ltm profile tcp mptcp-mobile-optimized {
abc disabled
app-service none
congestion-control illinois
defaults-from tcp
delay-window-control disabled
delayed-acks disabled
dsack disabled
ecn enabled
hardware-syn-cookie disabled
init-cwnd 16
limited-transmit enabled
mptcp enabled
nagle enabled
pkt-loss-ignore-burst 0
pkt-loss-ignore-rate 0
proxy-buffer-high 131072
proxy-buffer-low 131072
rate-pace enabled
receive-window-size 131072
reset-on-timeout disabled
selective-acks enabled
send-buffer-size 262144
slow-start enabled
timestamps enabled
}
ltm profile tcp tcp-mobile-optimized {
abc disabled
app-service none
congestion-control high-speed
defaults-from tcp
delay-window-control disabled
delayed-acks disabled
dsack disabled
ecn enabled
init-cwnd 16
limited-transmit enabled
nagle enabled
pkt-loss-ignore-burst 0
pkt-loss-ignore-rate 0
proxy-buffer-high 131072
proxy-buffer-low 131072
receive-window-size 131072
reset-on-timeout disabled
selective-acks enabled
send-buffer-size 131072
slow-start enabled
timestamps enabled
}
Yann_DesmarestCirrus
Hello,
This is a compatibility issue at the specification level as the M-TCP stack is not designed to support syn-cookie protection. I think that if you activate syn-cookie protection on a m-tcp enabled system, you expose yourself to many false positives and TCP retransmission.