Forum Discussion
f5beginner
Cirrostratus
CirrostratusExceed bandwidth utilization on standby device
Hello All, I have two virtual F5 in HA, one of them Active and second one is in standby mode.
From my monitoring I received ping delay, which is around 400ms, so I checked logs on F5.
On active F5 there was everything okay, but on Standby F5 there are this logs (logs have connection with ping delay of monitoring , I have checked time):
notice tmm[<PID>]: 01010045:5: Bandwidth utilization is <rate> Mbps, exceeded <percent>% of Licensed <limit> Mbps
Why are this logs on Standby device ?
Could you please help me how to find out, where I can see there is realy exceeded bandwidth?
Thank you
Yes, the problem you are facing is because of this UDP 8116 traffic. There are 360 packets (of 500) related to this flow.
# cat output.txt | grep 8116 | wc -l 360This is not a specific problem of F5, so you should check your enviroment to figure out what the source of traffic is and how to stop it.
BTW, I would appreciate if you mark my answer as 'the best' or give me some upvote :-).
KR,
Dario.
The message is for you license throughput limit ->
https://support.f5.com/csp/article/K14810
I suspect that you have configure mirroring, which generates a bunch of traffic.
Here there is some config recommendations for your network resources ->
https://support.f5.com/csp/article/K14135
KR,
Dario.
BTW, In case you don't have any mirroring options configured in your device. I recommend you to reboot this box (standby).
f5beginnerHi, Dario Garrido,
Mirroring is setted up.
I have checked recomendations and I have one vlan which is used for ConfigSync, Failover Network and Mirroring together. Physical interface is shared for all (inc. data). Do you thing this configuration can cause error logs and ping delays ?
I can make a test, that I turn off mirroring, is there any recomendation before turning of mirroring ?
Thank you
Yes, your license establish a throughput limit in your box, so if you cross it you are going to face errors and latency.
You should reduce your throughput consumption, disabling mirroring is a good point.
KR,
Dario.
- f5beginner
Hello,Dario Garrido,
I have checked my configuration of Mirroring and I found out, there was only IPs of mirroring(I remove them), so it looks, it was not enabled finally, I have restarted standby box, but there is still exceeded bandwidth limit and this logs are only on standby device, on Active device there are any logs regarding bandwidth exceed.
I have already checked bandwidth throughput and graph show me that there is maximumum 50Mbits.
Thank you
Check your connections in both devices. Is there more connections in your standby device?
# tmsh show sys connectionAlso, do you have any 3rd party script configured in your device?
You can check with tcpdump what type of traffic is exceeding the network limits.
tcpdump -nnei 0.0 -c 500 tcpdump -nnei eth0 -c 500KR,
Dario.
- f5beginner
Hi, I have checked connections but on standby device, there is 68 connections only, on Active there are much more. I do not use any 3rd party script.
I have checked tcpdump, it looks there is lot of broadcast from checkpoint, isn´t there ?
I attached txt file and packet to zip, could you please check it ?
Thank you
Yes, the problem you are facing is because of this UDP 8116 traffic. There are 360 packets (of 500) related to this flow.
# cat output.txt | grep 8116 | wc -l 360This is not a specific problem of F5, so you should check your enviroment to figure out what the source of traffic is and how to stop it.
BTW, I would appreciate if you mark my answer as 'the best' or give me some upvote :-).
KR,
Dario.
- f5beginner
Hi, I also attached throughput, above is Active device and at the bottom is Standby device.
- f5beginner
Hi Dario Garrido, thanks for help on switch level I defined only vlans which are used and now it looks it helped. Everything was caused by broadcasts, which abnormaly increasing throughput. What I still do not understand is, that why was throughput higher on Standby box as on Active box.
Actually, I don't know for sure. That depends on the enviroment.
I suspect that the broadcast was generated because the standby was ignoring all this traffic. Maybe active device was responding with a reset packet and standby wasn't.
KR,
Dario.
