Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Fixed In:
14.1.0, 13.1.3
Opened: Aug 23, 2018 Severity: 2-Critical
With SAML or Form-based Client-initiated SSO configured, BIG-IP system memory usage increases with every HTTP request that is proxied to the backend. The type of memory that increases is tmjail. You can view memory usage using the following command: tmsh sys show memory. At some point, the BIG-IP system enables connection evictions in order to reduce the memory pressure, which causes service disruptions. You might see the following warning log messages. -- warning tmm[20537]: 011e0002:4: sweeper_segment_cb_any: Aggressive mode /Common/default-eviction-policy activated (0) (global memory). -- warning tmm1[20537]: 01010290:4: TCP: Memory pressure activated. -- err tmm1[20537]: 011e0003:3: Aggressive mode sweeper: /Common/default-eviction-policy (100000000000b) (global memory) 413 Connections killed.
Potential service disruption.
SAML or Form-based Client-initiated SSO is used.
No workaround other than not using SAML or Form-based Client-initiated SSO.
The memory leak associated with SAML or Form-based Client-initiated SSO no longer occurs.