Bug ID 500786: Heavy memory usage while using FastL4/BIGTCP virtual server with HTTP profile

Last Modified: Jan 06, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1

Fixed In:
12.1.0, 12.0.0 HF3, 11.6.1, 11.5.4 HF2

Opened: Jan 13, 2015
Severity: 3-Major
Related Article:
K16783

Symptoms

When a FastL4 virtual server with HTTP profile is used, certain kinds of traffic may cause huge memory growth and result in out-of-memory situation.

Impact

Memory growth could grow unbounded due to lack of flow control. This may lead to out of memory conditions eventually. Traffic disrupted while tmm restarts.

Conditions

-- FastL4 virtual server with HTTP profile. -- Handles HTTP cloaking traffic that starts up as HTTP and then switches over to non-HTTP data

Workaround

To work around this issue, you can perform one of the following actions: -- If the HTTP profile is required, use a standard virtual server rather than performance (FastL4) type. -- If the HTTP profile is not required, you can remove the HTTP profile from the virtual server. -- To process connections that change from HTTP to non-HTTP, create an iRule that uses HTTP::disable after the first HTTP_REQUEST or HTTP_RESPONSE boundary can be identified.

Fix Information

If the FastL4 virtual server with HTTP profile handles HTTP cloaking traffic that starts up as HTTP and then switches over to non-HTTP data then a http-transparent profile can now be added to the FastL4 virtual. Then the following workaround must be implemented so memory growth no longer increases unbounded due to lack of flow control. Workaround: -- Use FastL4 and HTTP-Transparent profile combinations instead. -- Set the http-transparent profile attribute enforcement.pipeline to 'pass-through'. This allows the HTTP filter to run in 'passthrough' mode which avoids the excessive memory consumption.

Behavior Change