Bug ID 521572: Overly aggressive API use can lead to system instability.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.1.0

Opened: May 05, 2015

Severity: 3-Major

Symptoms

Each successful login request will create a token. If many tokens are created in a short amount of time, the system might run out of memory.

Impact

System becomes unstable as tokens take up more memory. The default configuration for tokens expiration is 20 minutes. Unexpired tokens are kept in memory so creating a large number in a short period might consume all memory.

Conditions

Logon continuously at a very high speed. Logins must be successful to trigger this condition.

Workaround

Check that API calls are limited per minute to avoid out of memory resource issues.

Fix Information

The system now guards against creating so many tokens at once that the system runs out of memory.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips