Forum Discussion

speachey's avatar
speachey
Icon for Cirrus rankCirrus
Dec 15, 2022

VE LTM Frequently Reporting Bandwidth Exceeding 75% of Licensed 1000 Mbps

A new production VE is constantly reporting that bandwidth is exceeding 75% of licensed bandwith (1G).  Looking at the TMM client-side and server-side throughput graphs, the averages are around 10M (...
  • F5_Design_Engineer's avatar
    Dec 16, 2022

    Hi speachey ,

    Have you checked if Promiscuous mode had been set to Accept on all vSwitches under ESXi. This effectively means they act as hubs and not switches. They copy any traffic they see to all members of the port group. The F5 could be receiving traffic not only for it but every single server on any VLAN's to which it was connected. Every other server will be seeing the traffic as well. It would have been placing quite a bit of network load on customer machines.


    Please check if Promiscuous mode can be set to Reject if possible

    If you are hosting your VM on ESXi you can refere the following link as Vmware does not encourage customers to turn on promiscuous mode as per: KB1004099
    https://kb.vmware.com/s/article/1004099


    The current method of calculating bandwidth is: SOL15831
    How the BIG-IP VE system enforces the licensed throughput rate (f5.com)


    Determine licensed throughput

    To determine the maximum allowed throughput rate for a BIG-IP VE system, perform the following procedure:

    Impact of procedure: Performing the following procedure should not have a negative impact on your system.

    Log in to the TMOS Shell (tmsh) by entering the following command:
    tmsh

    To display the maximum allowed throughput rate, enter the following command:
    show /sys license detail | grep perf_VE_throughput_Mbps


    View dropped ingress/egress packets

    To view the number of ingress or egress packets that have been dropped, perform the following procedure:

    Impact of procedure: Performing the following procedure should not have a negative impact on your system.

    Log in to the BIG-IP command line.
    To list the number of ingress and egress packets dropped by each TMM, enter the following command:
    tmctl -d blade tmm/if_shaper

    The output of the command appears similar to the following example:

    Note: The following output is from an idle system that has not experienced any ingress or egress packet drops.

    # tmctl -i -d blade tmm/if_shaper -w 180

    https://support.f5.com/csp/article/K15831

     

    Recommended Actions
    1. If your BIG-IP system continually logs messages indicating that the system is exceeding the maximum licensed throughput rate, you may want to consider increasing the licensed throughput rate to avoid traffic drop by the rate shaper.

    2. If you are not using MAC masquerading on your BIG-IP Virtual Edition (VE) system that is hosted on a VMWare ESX/ESXi hypervisor, you may want to consider turning off promiscuous mode on the hypervisor.

    3. For instructions on turning off promiscuous mode on the hypervisor, refer to the documentation from your hypervisor vendor.

    HTH