Symptoms
Incoming packets are dropped, connections are dropped.
"Aggressive mode sweeper" messages recorded in "ltm" log, such as:
warning tmm[457]: 011e0003:3: Aggressive mode sweeper: /Common/default-eviction-policy (1cf1) (global memory) 99 Connections killed
The output of the following command shows a value of 2.3G for "Alloc (bytes)":
# tmsh show sys memory | grep -E "SubSystem|EB.Tree"
Impact
Dropping packets and connections impedes handling of network traffic.
In extreme cases, the shortage of available TMM memory may trigger a greater disruption.
Conditions
-- At least one virtual server has a clientssl profile configured to enable the TLS 1.3 protocol, along with the advanced option setting "0-RTT/Early Data with Anti-Replay".
(In the Configuration Utility, the field in Profile Properties is "Data 0-RTT" and the value would be "Enabled with Anti-Replay".)
Workaround
In the "clientssl" profile, set the TLS 1.3 option "Data 0-RTT" to "Disabled".
