Site-to-Site Wireguard: Very high CPU usages

MacUsers · Feb 11, 2025, 11:31 AM

Dear all,

I have a site-to-site Wireguard setup between a SG1100 and 8200 and since I have the tunnel up, the CPU usage on SG1100 is very high - 70% to 100% pretty much all the time.

🔒 Log in to view

Is it expected? Is there any tuning that can be done?

8200 stays around 8% to 12%, with occasional spike of about 56%
🔒 Log in to view

Any guiding form anyone?

-S

Bob.Dig · Feb 11, 2025, 12:07 PM

@MacUsers What is causing the usage (DiagnosticsSystem Activity)?

MacUsers · Feb 11, 2025, 12:21 PM

@Bob-Dig

I just restarted the box and frist few lines after that:

🔒 Log in to view

doesn't look like matching with the reported CPU usages?

-S

Bob.Dig · Feb 11, 2025, 12:32 PM

@MacUsers I have seen something like that, with the newest beta though.

stephenw10 · Feb 11, 2025, 1:42 PM

The openssl line is from the cert check which runs when it looks for pkg updates and should complete after some time.

A lot of what you see on the dashboard can be from the dashboard widgets themselves. To get a better idea try running top -HaSP at the command line without the webgui open at all.

See what's actually using CPU cycles.

MacUsers · Feb 12, 2025, 7:59 AM

@stephenw10, sorry for the late reply.

This is without GUI running and first two lines a re constantly 97%-99%

🔒 Log in to view

-S

MacUsers · Feb 12, 2025, 12:26 PM

Looks like the very same/similar issue?
https://forum.netgate.com/topic/190824/cpu-load-on-1100/2

SteveITS · Feb 12, 2025, 1:10 PM

@MacUsers 99% idle is good.

See thread https://forum.netgate.com/topic/190824/cpu-load-on-1100/22

stephenw10 · Feb 12, 2025, 1:29 PM

@MacUsers said in Site-to-Site Wireguard: Very high CPU usages:

first two lines a re constantly 97%-99%

Yes, but that's the idle usage. If those are at 100% the CPUs are doing nothing. That screenshot of the top output shows the expected low use, that 1100 is barely doing anything!

MacUsers · Feb 12, 2025, 4:14 PM

@stephenw10
yeah, the graph on the status page is constantly showing near 100% CPU usages.
Also, isn't a high CPU usage in Idle state normally indicates some sort of software issue; probably some background process is excessevely using the resources?? Not saying it's necessarily a bad thing. I never noticed that until upgraded to 24.11, if I think slowly.

The moment I took the WG out of Interface widget, the graph on admin page, went down to 56% (still high for a machine, pretty much not doing anything)

-S

SteveITS · Feb 12, 2025, 4:25 PM

@MacUsers By "status page" do you mean the dashboard? If so did you try the patch in the above thread?

"Idle" as in "it's not doing anything so falls into this bucket."

stephenw10 · Feb 12, 2025, 5:19 PM

Yup the idle process simply indicates otherwise unused CPU cycles. It's expected in normal running.

You're adding the WG interface just to the Interfaces widget?

MacUsers · Feb 12, 2025, 6:17 PM

@stephenw10 said in Site-to-Site Wireguard: Very high CPU usages:

You're adding the WG interface just to the Interfaces widget?

yes, that's true

MacUsers · Feb 12, 2025, 7:51 PM

Okay, looks like the issue is particularly on 1100. My other 8200 shows CPU usages just fine with or without any sorts of Wireguard widget. Whatever I do, on 8200, it always stays below 12% if not loaded.

-S

stephenw10 · Feb 12, 2025, 7:11 PM

The CPU in the 8200 is a lot more powerful so you see the widget usage in the 1100 far more. That is especially so because the refresh rate can start to hit the time taken to pull the data.

Did you try the patch linked above to revert to the previous widget behaviour?