Site-to-Site Wireguard: Very high CPU usages
-
Dear all,
I have a site-to-site Wireguard setup between a SG1100 and 8200 and since I have the tunnel up, the CPU usage on SG1100 is very high - 70% to 100% pretty much all the time.
Is it expected? Is there any tuning that can be done?
8200 stays around 8% to 12%, with occasional spike of about 56%
Any guiding form anyone?
-S
-
@MacUsers What is causing the usage (DiagnosticsSystem Activity)?
-
I just restarted the box and frist few lines after that:
doesn't look like matching with the reported CPU usages?
-S
-
@MacUsers I have seen something like that, with the newest beta though.
-
The openssl line is from the cert check which runs when it looks for pkg updates and should complete after some time.
A lot of what you see on the dashboard can be from the dashboard widgets themselves. To get a better idea try running
top -HaSPat the command line without the webgui open at all.See what's actually using CPU cycles.
-
@stephenw10, sorry for the late reply.
This is without GUI running and first two lines a re constantly 97%-99%
-S
-
Looks like the very same/similar issue?
https://forum.netgate.com/topic/190824/cpu-load-on-1100/2 -
@MacUsers 99% idle is good.
See thread https://forum.netgate.com/topic/190824/cpu-load-on-1100/22
-
@MacUsers said in Site-to-Site Wireguard: Very high CPU usages:
first two lines a re constantly 97%-99%
Yes, but that's the idle usage. If those are at 100% the CPUs are doing nothing. That screenshot of the top output shows the expected low use, that 1100 is barely doing anything!
-
@stephenw10
yeah, the graph on the status page is constantly showing near 100% CPU usages.
Also, isn't a high CPU usage in Idle state normally indicates some sort of software issue; probably some background process is excessevely using the resources?? Not saying it's necessarily a bad thing. I never noticed that until upgraded to 24.11, if I think slowly.The moment I took the WG out of Interface widget, the graph on admin page, went down to 56% (still high for a machine, pretty much not doing anything)
-S
-
@MacUsers By "status page" do you mean the dashboard? If so did you try the patch in the above thread?
"Idle" as in "it's not doing anything so falls into this bucket."
-
Yup the idle process simply indicates otherwise unused CPU cycles. It's expected in normal running.
You're adding the WG interface just to the Interfaces widget?
-
@stephenw10 said in Site-to-Site Wireguard: Very high CPU usages:
You're adding the WG interface just to the Interfaces widget?
yes, that's true
-
Okay, looks like the issue is particularly on 1100. My other 8200 shows CPU usages just fine with or without any sorts of Wireguard widget. Whatever I do, on 8200, it always stays below 12% if not loaded.
-S
-
The CPU in the 8200 is a lot more powerful so you see the widget usage in the 1100 far more. That is especially so because the refresh rate can start to hit the time taken to pull the data.
Did you try the patch linked above to revert to the previous widget behaviour?
