SG-1000 shows 100% CPU.
-
Hi All,
I have a SG-1000, default configuration, with no packages installed, no FW rules enabled. Pretty much nothing! I am running the latest stable release.
On the Status: Dashboard shows 100% CPU.
I have opened a ssh / command line and run top -aSH, this shows a netstat process that uses between 900% and 1800%
Are these 2 items related? Has anyone else had this scenario? If yes, what was the resolution?
Resolution being;
Displaying correct CPU usage.
If correct CPU usage is displayed, what can lower CPU usage?
What is a "typical" CPU usage for my scenario? I.e. Default configuration, no packages, no FW rules.I have attached screenshots.
Many thanks to ALL in advance.
 -
That is definitely not normal for it to be stuck like that, but the CPU usage is also bogus, it can't be over 100% on there. That makes me think somehow your kernel and the base OS are not matching.
What shows in "pkg info -x pfsense"?
Can you run a firmware update and make sure it's completely up-to-date on 2.4.0-RELEASE, or even a 2.4.1 snapshot?
-
Hi Jimp,
Many thanks for your response.
At the moment, I prefer to stay with the stable release.
When you mention "Can you run a firmware update…", I don't want to appear pedantic, however, are you referring to;
The regular update (I don't think you are referring to this)? N.B. This has already been carried out.
Or a specific lower level update (I think more so this)?If it is the "lower level update", would you be so good as to point me at some instructions?
I ran "pkg info -x pfsense" from the command line, the output is;
[2.4.0-RELEASE][root@pfSense.localdomain]/root: pkg info -x pfsense
pfSense-2.4.0
pfSense-Status_Monitoring-1.7.3
pfSense-base-2.4.0
pfSense-default-config-serial-2.4.0
pfSense-kernel-pfSense-uFW-2.4.0
pfSense-rc-2.4.0
pfSense-repo-2.4.0_3
pfSense-u-boot-ufw-2.4.0
pfSense-upgrade-0.34
php56-pfSense-module-0.54
[2.4.0-RELEASE][root@pfSense.localdomain]/root:Again, many thanks and kind regards
-
When you mention "Can you run a firmware update…", I don't want to appear pedantic, however, are you referring to;
The regular update (I don't think you are referring to this)? N.B. This has already been carried out.
Or a specific lower level update (I think more so this)?There is no "lower level update", just a regular update from System > Update.
Though it looks like your kernel version and base version match, it's still odd that it would show a CPU usage percentage that high, it can't be accurate.
2.4.1 is now at release candidate stage, so you can try updating to that in a couple days when it's released. If you still have issues after that, let us know.
-
I am having similar issues - just set up an SG-1000 I bought a while ago and I am seeing very high CPU usage for no apparent reason. I wrote the 2.4.1 image to a microSD card, and just did the minimal/basic setup. The SG-1000 is connected directly to an Unifi AP-AC Pro. Previously I had been using an Ubiquiti EdgeMax router/firewall - with that setup I would consistently see 200 MBPS+ when running a bandwidth test (Comcast is my ISP). After replacing it with the SG-1000 (3x the $$$!) I now get ~150 MBps tops. CPU usage as reported by the web console is always between 50-100% (even when nothing is happening). Top would seem to indicated that a "netstat -mb" process is hogging the CPU, screenshot attached. Anyone have any suggestions? This seems pretty ridiculous.
Thanks,
-Rimas
 -
Thought I'd add another data point - just for kicks I switched the update settings to use the experimental/development release and went through the update process (build date was today I believe), but the behavior persists. For now I'm going back to using the $50 EdgeRouter X, hope this can get sorted!!
-Rimas
-
try to roll back to the last stable release that wasn't causing you heartache.
I don't have a sg1000 - not sure how easy it is. -
I see this too as soon as I open the admin GUI in the browser. This problem exists with versions 2.4.0 and 2.4.1. Culprit is netstat. Top running via ssh shows CPU usage >1000% for this process at times. As soon as I close the wed admin page (or navigate away from the main web page), I see CPU 98% idle. Maybe I have too much stuff (traffic graphs, firewall logs) open in the GUI.
-
I actually bought the SG-1000 on a whim (intending to use it as a backup for an SG-2220 in case of hardware failure) but never got around to configuring it. Hence I don't know which stable release was known to work well (without any horrible widely known security flaws). Any suggestions?
In it's present state it is pretty useless. I see the CPU spikes when logged into the console over the serial port, and can't get more than ~150 MBps throughput with nothing running on it but the most basic firewall configuration. Have other people been using these things with some degree of success (and ~250 mbps throughput)?
-Rimas
-
Well - Those things arn't flaws. Your internet is just too fast for that box. Also, it would be better if you didn't make a habit of leaving up the GUI on a pfsense that tiny.
250mps and up, you should really be looking for a much faster machine. Id bet 100mbps is about all you can get usually without problems with that tiny CPU.
-
I agree with everything kejianshi said. Problem is that CPU usage sticks out when the GUI is up and folks may not know how to check it without it and hence do not know that CPU usage goes down when GUI is closed. So, yes the light does go off when you close the fridge. :)
-
Um, OK well it is clearly stated on this page:
https://www.netgate.com/solutions/pfsense/sg-1000.html#footnote1
"Using pfSense with the default ruleset offers performance exceeding 200Mbps"
which I have demonstrated is not true. I have been checking the CPU usage without the GUI running (by SSHing in) and it is crazy high regardless of whether or not any traffic is passing through. Pretty obviously a (major) bug that somehow made it through QA (assuming QA is a thing at Netgate).
This is pretty pathetic, given that a $49 EdgeRouter X can handle 230 MBps (my bandwidth cap is 200) while running a web GUI (and has 5 ethernet ports instead of 2). Its CPU is a Dual-Core 880 MHz, MIPS1004Kc, 256MB RAM, 256MB NAND flash. Obviously its not as fully featured as the SG-1000, but those features are useless to me if they cripple my bandwidth.
Given my experiences, I would stay far away from FreeBSD running on ARM platforms (certainly wouldn't be in a rush to order an SG-3100). My experience with the SG-2220 (now discontinued) has also not been stellar (I had to RMA it once because it got into a state where I couldn't reflash it from USB, sent it to Netgate and they refused to tell me what they did to fix it). Can't say I would recommend this company or its products to any of my cohorts. Time to start researching alternatives…
-Rimas
-
I'm sorry you've had such bad experience. It's pretty clear we dropped the ball with the RMA. I checked your tickets about 2220, you haven't received a response from our RMA department due new workflow that was implemented at that time. But it still should not have happened! Looks like your unit was tested and confirmed working correctly so it was just reflashed with the latest pfSense and sent back to you. Does the unit work now, have you had any issues with it?
It appears you've found a typo on the SG-1000 page. The top of the page says 100Mbps, but the footer has a typo. https://www.netgate.com/solutions/pfsense/sg-1000.html
The unit is not going to be well suited for 200-250Mbps throughput.
I'm aware that this experience was pretty bad for you so please let me know what we can do to change it.
-
Yes, the SG-2220 seems to be working OK for the moment. What bugged me about the RMA was that I tried reflashing pfSense from a USB stick many many times (and I had done it successfully before) but would consistently get error messages about corruption on the eMMC (or something like that, it's been a while). Whoever handled the RMA must have done something different than what I was doing, and I would really like to know what that was, so I could handle such a situation myself should it happen again (saving me the hassle of being without the device for several weeks).
I noticed the page has been updated, but I have to say that I still wouldn't recommend the SG-1000 over the EdgeRouter X, certainly not worth 3x the price unless I am missing something obvious… not as versatile but there aren't a whole lot of spare CPU cycles for doing anything interesting.
-Rimas
-
Well - I think the SG-1000 is mostly for playing at the moment. Its a beta.
However, while its true that much cheaper hardware can handle the same connection speeds as the SG-1000, thats because they are purpose build hardware designed for nothing but router/switch use.
However, I bet the SG-1000 will smoke them all as a vpn server or vpn client.
-
Yes, the SG-2220 seems to be working OK for the moment. What bugged me about the RMA was that I tried reflashing pfSense from a USB stick many many times (and I had done it successfully before) but would consistently get error messages about corruption on the eMMC (or something like that, it's been a while). Whoever handled the RMA must have done something different than what I was doing, and I would really like to know what that was, so I could handle such a situation myself should it happen again (saving me the hassle of being without the device for several weeks).
I noticed the page has been updated, but I have to say that I still wouldn't recommend the SG-1000 over the EdgeRouter X, certainly not worth 3x the price unless I am missing something obvious… not as versatile but there aren't a whole lot of spare CPU cycles for doing anything interesting.
-Rimas
OK, I'm glad the 2220 is still working. You have an extended warranty for the unit so if there's any issues let us know (and reference this thread or just mention me in the ticket).
About the SG-1000, looks like it's not a good fit for your network. Here's my suggestion, send it back to us and let's replace it with Minnowboard Turbot Dual-E, free of charge. This model specifically:
https://store.netgate.com/MBT-2220-system.aspx
It comes with a Dual Core Atom E3826 1.46 GHz CPU, 2GB RAM and a 32 GB M.2 SSD. It's just our way of saying sorry for the troubles you've had. And we're really sorry. If you agree, let me know and we can arrange the details.
Thanks!
-
Wow… I take back everything I've said about Ivor!
-
Thanks for the offer - I would like to take you up on it! Email me and let's work out the details.
-
Sounds good! We already have your information from the previous tickets so expect an email from us. Thank you!
