NimbostratusF5 BIG IP memory issues
Hi Friends,
I am facing some memory related issues in my vCMP guest. It looks like BIG IP is dropping some connections and i believe it is because of tm.tcpmemorypressure db keys.
[root@F5_Prod:/S1-green-P:Active:In Sync] log tmctl -d blade tmm/tcp4 -s mem_packets_dropped
mem_packets_dropped
-------------------
20853196
20703315
[root@F5_Prod:/S1-green-P:Active:In Sync] log tmsh list sys db tm.tcpmemorypressure*
sys db tm.tcpmemorypressure {
value "enable"
}
sys db tm.tcpmemorypressure.hiwater {
value "90"
}
sys db tm.tcpmemorypressure.lowater {
value "80"
}
[root@F5_Prod:/S1-green-P:Active:In Sync] log tmctl -d blade tmm/pagemem
name used avail
------- ------- -------
pagemem 1069034 1347584
As per the above command, we are using 79% of the memory allocated to tmm.
But as per the below command, we are using just above 50%. Which one is right?
[root@F5_Prod:/S1-green-P:Active:In Sync] log tmsh show sys memory
Sys::System Memory Information
------------------------------------------------------------------
Memory Used(bytes) Current Average Max(since 04/18/16 08:51:57)
------------------------------------------------------------------
Total Phys Memory 11.1G 11.1G 11.1G
OS Used Memory 11.0G 11.0G 11.0G
TMM Alloc Memory 5.1G 5.1G 5.1G
TMM Used Memory 2.4G 2.4G 2.4G
OS Used Swap 44.0K 44.0K 44.0K
------------------------
Sys::Host Memory (bytes)
------------------------
Host: 1
Available 11.1G
Used 11.0G
- Jinshu
(Updated as of 17 Jan/2017 to correct an error in the initial answer)
Your first observation is what matters. You're just near the 80% threshold with your tmm/pagemem.
Consider using a custom memory-friendly FastL4 profile if you have apps that require long timeouts (i.e. 2 hours):
Idle timeout - Anything from 30 to 300 seconds Reset on Timeout - Disabled Loose Initiation - EnabledThat will allow F5 to remove a connection entry from the table once idle timeout is exceeded without potentially impacting the user session. Should the session resume after idle timeout is exceeded, F5 will (re)add connection record even in case of alien TCP/ACK packet - normally, without
, it would reply with TCP/RST, demanding a new handshake. Such a profile is not an option if you use AFM module as that software explicitly does not accept any alien TCP/ACK or TCP/PSH packets - "SYN must be seen" is a strict requirement there. Neither is such a profile an option in case of use of L7 iRules.Loose InitiationAlternatively, you can contact support for instructions to increase tmm/pagemem (not intended to be a directly adjustable variable). You can also increase thresholds of TCP memory pressure, effectively delaying the activation of adaptive reaper (instructions here: https://support.f5.com/csp/article/K16562)
Regards,
