Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Update 21.05.2-RELEASE (arm) : High

    Scheduled Pinned Locked Moved Official Netgate® Hardware
    8 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • kiwi91K
      kiwi91
      last edited by

      Hello ,
      I recently upgraded from PFSense plus 21.05.01 to 21.05.02 and i noticed high CPU consumption : before upgrade 35% average with peak for some seconds to 60/70, after update continuously 65/70 with peak at 85/90.
      I did « high CPU troubleshooting » at https://docs.netgate.com/pfsense/en/latest/troubleshooting/high-cpu-load.html , it confirmed this high CPU rate but i can’t explain that.
      I use this packages : PFblockerNG-devel with DNSBL ( unbound DNS activated and suricata ).
      Thanks for your help
      Regards

      S 1 Reply Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @kiwi91
        last edited by

        @kiwi91 said in Update 21.05.2-RELEASE (arm) : High:

        21.05.02

        21.05.02 has no changes except the version number unless you have a 6100.

        Take a look at Diagnostics/System Activity and see if you can see what is using CPU.

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
        Upvote 👍 helpful posts!

        kiwi91K 1 Reply Last reply Reply Quote 0
        • kiwi91K
          kiwi91 @SteveITS
          last edited by

          @steveits
          Thanks for your reply.
          Here is what i see in ‘system activities’
          —————————————
          last pid: 4655; load averages: 1.85, 1.28, 1.20 up 1+05:38:04 22:47:44
          140 threads: 3 running, 115 sleeping, 22 waiting
          CPU: -2.8% user, 0.8% nice, 6.3% system, 0.3% interrupt, 0.4% idle
          Mem: 259M Active, 699M Inact, 249M Wired, 84M Buf, 856M Free

          PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
          10 root 155 ki31 0B 16K RUN 0 857:43 62.26% [idle{idle: cpu0}]
          10 root 155 ki31 0B 16K CPU1 1 841:39 55.08% [idle{idle: cpu1}]
          74247 unbound 21 0 860M 558M kqread 1 56:35 2.98% /usr/local/sbin/unbound -c /var/unbound/unbound.conf{unbound}
          74247 unbound 20 0 860M 558M kqread 0 0:00 0.78% /usr/local/sbin/unbound -c /var/unbound/unbound.conf{unbound}
          43699 root 23 0 90M 34M piperd 1 0:32 0.39% php-fpm: pool nginx (php-fpm)
          11 root -92 - 0B 176K WAIT 1 3:03 0.00% [intr{mpic0: mvneta2}]
          11 root -60 - 0B 176K WAIT 1 2:04 0.00% [intr{swi4: clock (0)}]
          11 root -92 - 0B 176K WAIT 0 1:58 0.00% [intr{mpic0: mvneta1}]
          11 root -72 - 0B 176K WAIT 0 1:37 0.00% [intr{swi1: netisr 0}]
          8 root -16 - 0B 8192B pftm 0 1:23 0.00% [pf purge]
          ——————————————
          PID 10 seems to consume CPU a lot.
          Always on top whith much more than 50.
          In this copy it was "low "
          But it is idle time in fact , load average is low finally.
          So i don’t understand what i see so much consomption in the Dashboard ( start page)…
          This percentage is normally concerning process that are not idle and consume CPU ressources.

          In the mean time i noticed those behaviour :

          • sometimes from iOS , i see " no internet connection" for i while
          • slowlyness of DNS resolution
            It’s strange because since i first installed this SG-3100 , it has ben working perfectly ( DNS resolution with unbound DNS is much more higher than with ISP DNS , pages came very much quicker ( minimum 5 times).
            I really enjoy this product.

          Regards
          Emmanuel

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Rebel Alliance @kiwi91
            last edited by

            @kiwi91 "idle" is everything not in use, so on a not-busy router it should be close to 90+ %. Displaying the System Activity page for instance will take some processing time, but we have a 3100 and it is around 80-95% on those "idle" processes.

            Is "-2.8% user" a typo?

            Have you rebooted again?

            One common issue/complaint with Unbound on pfSense is that if the "Register DHCP leases in the DNS Resolver" option is checked, whenever a lease renews Unbound is stopped and started.

            Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
            Upvote 👍 helpful posts!

            kiwi91K 1 Reply Last reply Reply Quote 1
            • kiwi91K
              kiwi91 @SteveITS
              last edited by

              @steveits
              Hi, "-2,8% user" was not a type.
              Today i have :

              last pid: 77477; load averages: 1.37, 1.44, 1.40 up 3+01:00:54 17:10:34
              153 threads: 3 running, 128 sleeping, 22 waiting
              CPU: -1.5% user, 1.4% nice, 0.0% system, 0.2% interrupt, -2.7% idle

              Regards
              Emmanuel

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                If you are viewing that via the system activitues page in the GUI the top line usafe can be incorrect. It runs top in one shot output and that take a few updates to show anything useful. Particularly on the 3100 if that's what you have:
                https://redmine.pfsense.org/issues/11473

                Use top -aSH at the command line instead to get a better view.

                Steve

                kiwi91K 1 Reply Last reply Reply Quote 1
                • kiwi91K
                  kiwi91 @stephenw10
                  last edited by

                  @stephenw10
                  I used the command : (top -aSH)
                  noticed that , every 2 or 3 seconds , unbound execute the folowing command :
                  /usr/local/sbin/unbound-control -c /var/unbound/unbound.conf stats_noreset

                  This command uses 99% of CPU . Is this normal ?

                  [Update] i found the problem , it's this post
                  https://forum.netgate.com/topic/151801/unbound-conf-stats_noreset-use-20-28/5
                  I set 30 seconds insteaf or 5 and now CPU usage is normal (17% to 42% max)

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Ah, the pfBlocker widget. If you have very large number of DNS-BL entries you may have to change that, yes.

                    Steve

                    1 Reply Last reply Reply Quote 2
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.