VE LTM Frequently Reporting Bandwidth Exceeding 75% of Licensed 1000 Mbps
- Dec 16, 2022
Hi speachey ,
Have you checked if Promiscuous mode had been set to Accept on all vSwitches under ESXi. This effectively means they act as hubs and not switches. They copy any traffic they see to all members of the port group. The F5 could be receiving traffic not only for it but every single server on any VLAN's to which it was connected. Every other server will be seeing the traffic as well. It would have been placing quite a bit of network load on customer machines.
Please check if Promiscuous mode can be set to Reject if possible
If you are hosting your VM on ESXi you can refere the following link as Vmware does not encourage customers to turn on promiscuous mode as per: KB1004099
https://kb.vmware.com/s/article/1004099
The current method of calculating bandwidth is: SOL15831
How the BIG-IP VE system enforces the licensed throughput rate (f5.com)
Determine licensed throughputTo determine the maximum allowed throughput rate for a BIG-IP VE system, perform the following procedure:
Impact of procedure: Performing the following procedure should not have a negative impact on your system.
Log in to the TMOS Shell (tmsh) by entering the following command:
tmshTo display the maximum allowed throughput rate, enter the following command:
show /sys license detail | grep perf_VE_throughput_Mbps
View dropped ingress/egress packetsTo view the number of ingress or egress packets that have been dropped, perform the following procedure:
Impact of procedure: Performing the following procedure should not have a negative impact on your system.
Log in to the BIG-IP command line.
To list the number of ingress and egress packets dropped by each TMM, enter the following command:
tmctl -d blade tmm/if_shaperThe output of the command appears similar to the following example:
Note: The following output is from an idle system that has not experienced any ingress or egress packet drops.
# tmctl -i -d blade tmm/if_shaper -w 180
https://support.f5.com/csp/article/K15831
Recommended Actions
1. If your BIG-IP system continually logs messages indicating that the system is exceeding the maximum licensed throughput rate, you may want to consider increasing the licensed throughput rate to avoid traffic drop by the rate shaper.2. If you are not using MAC masquerading on your BIG-IP Virtual Edition (VE) system that is hosted on a VMWare ESX/ESXi hypervisor, you may want to consider turning off promiscuous mode on the hypervisor.
3. For instructions on turning off promiscuous mode on the hypervisor, refer to the documentation from your hypervisor vendor.
HTH