Exceed bandwidth utilization on standby device

Hello All, I have two virtual F5 in HA, one of them Active and second one is in standby mode.

From my monitoring I received ping delay, which is around 400ms, so I checked logs on F5.

On active F5 there was everything okay, but on Standby F5 there are this logs (logs have connection with ping delay of monitoring , I have checked time):

notice tmm[<PID>]: 01010045:5: Bandwidth utilization is <rate> Mbps, exceeded <percent>% of Licensed <limit> Mbps

Why are this logs on Standby device ?

Could you please help me how to find out, where I can see there is realy exceeded bandwidth?

Thank you

Dario_Garrido
Jun 25, 2019
Yes, the problem you are facing is because of this UDP 8116 traffic. There are 360 packets (of 500) related to this flow.
# cat output.txt | grep 8116 | wc -l 360
This is not a specific problem of F5, so you should check your enviroment to figure out what the source of traffic is and how to stop it.
BTW, I would appreciate if you mark my answer as 'the best' or give me some upvote :-).
KR,
Dario.

Dario_Garrido
MVP
Jun 23, 2019
The message is for you license throughput limit ->
https://support.f5.com/csp/article/K14810

I suspect that you have configure mirroring, which generates a bunch of traffic.

Here there is some config recommendations for your network resources ->
https://support.f5.com/csp/article/K14135

KR,
Dario.
- Dario_Garrido
  MVP
  Jun 23, 2019
  BTW, In case you don't have any mirroring options configured in your device. I recommend you to reboot this box (standby).
f5beginner
Cirrostratus
Jun 24, 2019
Hi, Dario Garrido,

Mirroring is setted up.
I have checked recomendations and I have one vlan which is used for ConfigSync, Failover Network and Mirroring together. Physical interface is shared for all (inc. data). Do you thing this configuration can cause error logs and ping delays ?

I can make a test, that I turn off mirroring, is there any recomendation before turning of mirroring ?

Thank you
- Dario_Garrido
  MVP
  Jun 24, 2019
  Yes, your license establish a throughput limit in your box, so if you cross it you are going to face errors and latency.
  
  You should reduce your throughput consumption, disabling mirroring is a good point.
  
  KR,
  Dario.
f5beginner
Cirrostratus
Jun 24, 2019
Hello,Dario Garrido,

I have checked my configuration of Mirroring and I found out, there was only IPs of mirroring(I remove them), so it looks, it was not enabled finally, I have restarted standby box, but there is still exceeded bandwidth limit and this logs are only on standby device, on Active device there are any logs regarding bandwidth exceed.

I have already checked bandwidth throughput and graph show me that there is maximumum 50Mbits.

Thank you
- Dario_Garrido
  MVP
  Jun 24, 2019
  Check your connections in both devices. Is there more connections in your standby device?
  # tmsh show sys connection
  Also, do you have any 3rd party script configured in your device?
  You can check with tcpdump what type of traffic is exceeding the network limits.
  tcpdump -nnei 0.0 -c 500 tcpdump -nnei eth0 -c 500
  KR,
  Dario.
f5beginner
Cirrostratus
Jun 25, 2019
Hi, I have checked connections but on standby device, there is 68 connections only, on Active there are much more. I do not use any 3rd party script.

I have checked tcpdump, it looks there is lot of broadcast from checkpoint, isn´t there ?
I attached txt file and packet to zip, could you please check it ?

Thank you
- Dario_Garrido
  MVP
  Jun 25, 2019
  Yes, the problem you are facing is because of this UDP 8116 traffic. There are 360 packets (of 500) related to this flow.
  # cat output.txt | grep 8116 | wc -l 360
  This is not a specific problem of F5, so you should check your enviroment to figure out what the source of traffic is and how to stop it.
  BTW, I would appreciate if you mark my answer as 'the best' or give me some upvote :-).
  KR,
  Dario.
f5beginner
Cirrostratus
Jun 25, 2019
Hi, I also attached throughput, above is Active device and at the bottom is Standby device.
f5beginner
Cirrostratus
Jun 25, 2019
Hi Dario Garrido, thanks for help on switch level I defined only vlans which are used and now it looks it helped. Everything was caused by broadcasts, which abnormaly increasing throughput. What I still do not understand is, that why was throughput higher on Standby box as on Active box.
- Dario_Garrido
  MVP
  Jun 25, 2019
  Actually, I don't know for sure. That depends on the enviroment.
  
  I suspect that the broadcast was generated because the standby was ignoring all this traffic. Maybe active device was responding with a reset packet and standby wasn't.
  
  KR,
  Dario.

Forum Discussion

Exceed bandwidth utilization on standby device

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

How much bandwidth are we using?

How Much Bandwidth is Too Much?

F5 utilization

APM VPN Bandwidth Controller iApp

F5 APM VPN Choking Internet Bandwidth

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS