Netgate 2100 Max CPu pings 100% when download large files
-
@SteveITS So 50000 had the same result. When I went down to 40000 then 30000 I was seeing a lot more cpu idle so it was not 0% all the time but just fluctuated around and looked better.
Is something wrong with my firewall or the configs or is it just at its limit with the bandwidth it can handle before getting stressed out?
Thats back at 50000.
-
It depends what's shown in the full top output. If it's all NIC loading then you probably are hitting the hardware limit with whatever config you have running.
With a basic config I expect to see something ~650Mbps LAN to WAN through a 2100 so ~80MBps
-
Oh you edited. So you can see netstat is using quite a bit. You have bandwidhd or traffic totals installed? Try disabling it as a test.
-
@stephenw10 I don't have those installed. Should I? I dont have anything crazy going on here as far as I know. I did run through some netgate forums on best practices when I got the 2100 Max a couple years ago.
-
Does that netstat line remain there constantly at 30% use?
What packages do you have installed?
-
@stephenw10 These are all I haved left. I had some others but earlier in this thread I was advised to removed them. I dont know why I have that aws-wizard unless it was there out of the box.
-
Yup those wizards are installed by default.
It could have been netstat showing momentarily. Or it could be a continuous 30% usage which would be worth digging into.
-
@northernsky ok I just saw something odd. I was watching top -HaSP and was sitting on the system/package manager/Installed packages screen while I had a download going at 50000 mb/s and the cpu sits here:
When I move to the dashboard....:
And when I moved to ANY other page other then the dashboard the CPU idle came back to life hovering around 40-55% idle. Crazy.
-
Yup, the dashboard is not insignificant on lower powered devices like the 2100. Some of that is due to the new widget update behaviour in 24.11 that was referenced above. That's a lot better in 25.03.
But that is the reason you should test at the CLI if you can. The dashboard is the biggest user but even using the System Activity page in the gui uses a lot more CPU than running the command at the CLI.
-
But that 1st screenshot without a dynamic page open in GUI looks pretty much what I'd expect.
-
@stephenw10 OK sounds good. I think we I can close this one out. I do have a couple questions. Is it worth installing the bandwidhd or traffic totals packages? I guess is probably a good time for me to re-check to make sure I am using the best practices and was wondering if you knew a good website resource from netgate?
-
@northernsky What you install is up to you/dependent on what you need. Something that counts bytes or scans packets is going to take CPU cycles per packet.
FWIW we have bandwidthd installed on one router out of several dozen (us and clients) and it’s for a specific reason.
-
@northernsky said in Netgate 2100 Max CPu pings 100% when download large files:
Is it worth installing the bandwidhd or traffic totals packages?
These create stats. Loads of stats.
This means :
They need 'a lot of space' to store the stats (so your disk storage device will be used way more faster ... and remember : these don't live forever, they have a max write cycle live time)
They 'tap' into the network driver(s) to get access to the real time data (packet) flow, and pareses every one of them. Probably only the headers, but still : overall impact will be noticeable.
They will 'log' a lot, so again : disk space and a lot of writes cycles.It's always the same : even it's is free, there is a price and performance tradeoff. You decide what's OK for you.
Btw : your last image : I see several identical dpinger processes using 76.135.2xx.111.
Normally, there is only one (two) dpinger process(es) - one for every IP type : IPv4 and IPv6.
Not sure why you have several of them.I have an IPv4 and IPv6 connection, so :
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
Odd I see them too but they use the same pid. Not sure why there are multiples displayed there.
-
@northernsky said in Netgate 2100 Max CPu pings 100% when download large files:
same pid
Ah, ok. Seems less fishy then.
-
@Gertjan said in Netgate 2100 Max CPu pings 100% when download large files:
Btw : your last image : I see several identical dpinger processes using 76.135.2xx.111.
Normally, there is only one (two) dpinger process(es) - one for every IP type : IPv4 and IPv6.
Not sure why you have several of them.He is using the System Activity page rather than the ps command. The System Activity page uses the command:
/usr/bin/top -baHS 999A somewhat equivalent ps command would be:
/bin/ps -axlrHwwwwThe -H option for both means list all threads.
dpinger uses dedicated threads for its tasks. In pfSense, dpinger will have 5 threads:
- Main process control thread
- ICMP sender thread
- ICMP receiver thread
- Alert monitor thread
- UDP socket status thread
There is a potential 6th thread, the reporting thread, but this is not used in pfSense. pfSense polls the UDP socket instead.
I'm expect this is more than you ever wanted to know about dpinger.
-
The more you know.
Lots of tribal knowledge out there so you do us all a solid by sharing. :)
-
@dennypage said in Netgate 2100 Max CPu pings 100% when download large files:
/usr/bin/top -baHS 999
Didn't saw him using that command ...
Thanks, now knowing this, I'm seeing the same results.
And top ? switched to htop ages go me. -
Any idea when the next update will be out?
-
It's in beta now. I'm running it in "production" and see no issues. That may not be an option for you though.
Hard to give anything certain but we are looking at weeks I think.
