Bug ID 521572: Overly aggressive API use can lead to system instability.

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0

Opened: May 05, 2015
Severity: 3-Major

Symptoms

Each successful login request will create a token. If many tokens are created in a short amount of time, the system might run out of memory.

Impact

System becomes unstable as tokens take up more memory. The default configuration for tokens expiration is 20 minutes. Unexpired tokens are kept in memory so creating a large number in a short period might consume all memory.

Conditions

Logon continuously at a very high speed. Logins must be successful to trigger this condition.

Workaround

Check that API calls are limited per minute to avoid out of memory resource issues.

Fix Information

The system now guards against creating so many tokens at once that the system runs out of memory.

Behavior Change