Forum Discussion
NimbostratusIssues with F5 appliance black holeing traffic
EmployeeThat's an intriguing set of symptoms.
BIG-IP divides up CPU cores between running TMM and running control-plane processes. Most of the cores should be scheduled running TMM as fast as possible. TMM is the user-space traffic microkernel that communicates with the network interfaces directly, has its own IP stack, etc. One of the cores should be mostly running control plane (not TMM) processes.
You can ask TMM if it's been starved for CPU or runaway iRules or other data-plane stuff by looking for "clock advanced" errors:
https://my.f5.com/manage/s/article/K10095
When BIG-IP first gets a flow (first packet of TCP or ICMP or whatever), it's added to the flow table after virtual server selection. It sounds like this may be interrupted somehow, like maybe there is a large influx of new connections that has both the right periodicity and right amount of complexity to trigger some bad behavior. BIG-IP doesn't categorize traffic into "inbound" and "outbound", they're all flows that go into the same table. So inbound and outbound traffic should be the same.
I have seen symptoms that seem sort of similar to the ones you describe when there are MAC address conflicts.
