Forum Discussion
NimbostratusCookie Encryption and CPU
Not getting much love on this issue...
If anyone out there is using cookie encryption in v11 (and not having CPU issues), could you run the below command and post your output? Do you have a large keys_reused value?
I'm trying to see if we are affected by https://support.f5.com/kb/en-us/solutions/public/14000/300/sol14329.html - in testing, we're experiencing very high CPU load on our new 4200 platform running 11.3.0 HF3.
Running tmctl -w 200 tmm_aes_stat I get the below output. According to the SOL, it looks like ARE probably affected because of the high number of keys_evicted and keys_derived. The SOL never mentions the keys_reused column, which is 0 - does that mean that every single cookie processed by my F5 is deriving a new key? After fixing the issue (HF upgrade), should I assume we'll see this number start going up?
tmctl -w 200 tmm_aes_stat
keys keys_cached keys_evicted keys_found keys_reused keys_derived encrypts
8224 8192 80708327 3433 0 80944342 88854576
Thanks for your time,
-Funkdaddy
Full output:
keys keys_cached keys_evicted keys_found keys_reused keys_derived encrypts encrypts_compat encrypted_bytes decrypts decrypts_compat decrypted_bytes verifies_failed salts_generated
8224 8192 80708327 3433 0 80944342 88854576 0 1864672818 154686765 1924225 9095038343 227878 55
1 Reply
funkdaddy_31014So...to answer my own question: We upgraded our LTM to 11.3.0 HF8 as suggested by the SOL, and now our output shows the below output. After running for 6 hours, there have been 0 keys evicted (was constantly increasing) and an ever-increasing keys_used value - so it does appear that have a keys_reused value of 0 was indicative of the issue specified in SOL 14329, and that value should be always going up in a healthy environment using cookie encryption.
tmctl -w 200 tmm_aes_stat keys keys_cached keys_evicted keys_found keys_reused keys_derived encrypts ---- ----------- ------------ ---------- ----------- ------------ -------- 52 52 0 928 417013 36 1267454
