Last Modified: Oct 07, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.5.4, 11.5.5, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5
Fixed In:
14.1.0, 14.0.0, 13.1.0.6, 13.0.1, 12.1.3.6, 11.6.3.2, 11.5.6
Opened: Sep 12, 2017 Severity: 3-Major Related Article:
K22904904
APM performance of handling HTTP request drops gradually when Kerberos SSO is being used over a period of time. Websso CPU usage is very high. The BIG-IP system response can rate drop to the point that the clients disconnect after waiting for a response. The system logs error messages similar to the following: Failure occurred when processing the work item.
Increased latency of HTTP request processing.
-- Running APM. -- A large number of APM end users (~20 KB) have logged on and are using Kerberos SSO.
Reduce the number of cached Kerberos user tickets by lowering the cache lifetime.
Improvements to the krb5 library have been implemented for better scalability, so the latency of HTTP request processing has been significantly improved.