Bug ID 443895: TMM using 100% CPU

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10

Fixed In:
11.6.0

Opened: Jan 16, 2014

Severity: 3-Major

Related Article: K15214

Symptoms

In some cases, ICMP unreachable messages generated by the BIG-IP system through IPsec tunnels might be looping between tmm processes. TMM using 100% cpu in 2 cores

Impact

When this occurs, TMM uses 100% of the CPU.

Conditions

This occurs when multiple IPsec Tunnels are configured and up. On the terminating IPsec endpoint, if traffic coming out of the tunnel is unreachable from the BIG-IP system, the generated ICMP unreachable messages can occasionally go through the wrong tunnel, and in some cases the ICMP packet can loop between tmm processes.

Workaround

To work around this, delete IPsec tunnel using the command 'tmsh delete net ipsec ipsec-sa' can get the system out of the state. However, doing so also brings down the tunnels. In addition, the system might return to this state if the ICMP unreachable messages are constantly generated by the BIG-IP system .

Fix Information

The ICMP messages generated by the BIG-IP system will not loop between tmm processes through IPsec Tunnels.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips