PC Engines apu2 experiences

Veldkornet

Does anyone else use the gwled package for the other 2 lights on the front?

I noticed that it’s using massive amounts of CPU, pushing the load average well above 20. Even disabling doesn’t fix it, only removing the package helps. Below is only a snippet of "px auxw", there are still many more processes of the same.

USER      PID  %CPU %MEM    VSZ    RSS TT  STAT STARTED        TIME COMMAND
root       11 156.5  0.0      0     64  -  RNL  Wed17   16794:28.46 [idle]
root    55074   4.6  0.9  96292  35144  -  R    12:28       0:00.59 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    57431   4.5  0.9  96292  35144  -  R    12:28       0:00.60 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    58665   4.5  0.9  96292  35144  -  R    12:28       0:00.58 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    56863   4.4  0.8  96420  34636  -  R    12:28       0:00.56 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    58037   4.4  0.9  96292  35144  -  R    12:28       0:00.59 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    51369   4.3  0.9  96304  35948  -  R    12:28       0:00.65 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    52694   4.3  0.9  96292  35144  -  R    12:28       0:00.60 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    53220   4.3  0.9  96292  35144  -  R    12:28       0:00.59 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    56211   4.3  0.9  96292  35144  -  R    12:28       0:00.58 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    57826   4.3  0.9  98468  35212  -  R    12:28       0:00.56 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    58322   4.3  0.9  96292  35144  -  R    12:28       0:00.58 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    58337   4.3  0.9  98468  35212  -  R    12:28       0:00.56 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    51633   4.1  0.8  96420  34584  -  R    12:28       0:00.56 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    52119   4.1  0.9  96420  35268  -  R    12:28       0:00.57 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    55153   4.1  0.9  98468  35212  -  R    12:28       0:00.55 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    56521   4.1  0.8  98468  35036  -  R    12:28       0:00.54 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    58153   4.1  0.9  98468  35212  -  R    12:28       0:00.54 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    39184   4.0  7.5 339404 308808  -  Ss   22:56      48:49.73 /usr/local/bin/suricata -i igb1 -D -c /usr/local/etc/suricata/s
root    51525   4.0  0.9  96292  35160  -  R    12:28       0:00.58 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php
root    57568   4.0  0.9  98468  35200  -  R    12:28       0:00.54 /usr/local/bin/php-cgi -q /usr/local/bin/gwled.php

See here the difference in CPU after removing the package:

stephenw10

Hmm, odd. Actual CPU time on those processes is all pretty small though. You see it generating those everytime at boot?

Steve

cwagz

@wgentine said in PC Engines apu2 experiences:

@qinn No. CPB is not describe in ACPI so, powerd doesn't know.

Is it a best practice to disable powerd then?

stephenw10

Powerd doesn't do anything on the APU anyway, there's no driver for cpufreq to use.

Mar 17 17:48:47 	php-fpm 	92195 	/system_advanced_misc.php: The command '/usr/sbin/powerd -b 'hadp' -a 'hadp' -n 'hadp'' returned exit code '69', the output was 'powerd: no cpufreq(4) support -- aborting: No such file or directory' 

Steve

Veldkornet

@stephenw10 said in PC Engines apu2 experiences:

Hmm, odd. Actual CPU time on those processes is all pretty small though. You see it generating those everytime at boot?

Steve

Hmm, I’ll have to check what it is at boot. I haven’t put much time into investigating it. Looking at the SNMP though, this is the first time the CPU has dropped down (after uninstalling the package). So, I guess it starts up pretty quick after boot since I don’t even see a dent in the SNMP.

Just watching “top”, it seems to come in bursts, like every 10 seconds for 5 seconds long for example.
A wild guess is that that’s how often it polls the gateways.

I just re-installed pfSense from scratch, not restoring any backups, and it still does it.

Since there’s not much to configure, I assume anyone could reproduce it. If not, I’m really curious as to what’s so special about my system.

You can basically choose what the last 2 lights are, which I have as:
2 - WAN_DHCP4
3 - VPN

I've made a new topic for this here

dugeem

@wgentine True - although as soon as powerd sets CPU frequency to maximum GX-412TC frequency 1000MHz via ACPI then AMD CPB is available - however whether CPB it is used depends on CPU core state & thermal parameters.

Although the question of whether powerd is still useful for APU2 given both the CPB performance gains and power savings is interesting...

Edit: some excellent CPB info here https://github.com/pcengines/apu2-documentation/blob/master/docs/debug/cpu_frequency.md

dugeem

@stephenw10 You mean the original APU (with AMD G-T40E CPU) - not the APU2 (with AMD GX-412TC CPU) right? No issues with powerd on APU2 (although whether it makes any sense now with CPB is the issue)

stephenw10

@dugeem Ah, true! That was referring to the original APU, my mistake.

Veldkornet

Is anyone using the CoDel / FQ_CoDel Traffic Shaping on the APU2?

Working well? Any problems?

cwagz

@Veldkornet said in PC Engines apu2 experiences:

Is anyone using the CoDel / FQ_CoDel Traffic Shaping on the APU2?

Working well? Any problems?

I have an APU2 box at work to provide a separate network for personal devices. It is setup with the FQ_CoDel limiter / floating rules method described towards the end of the Playing with FQ-CoDel Thread. It has been rock solid and seems to provide equal bandwidth sharing for the 30 - 50 devices connected each day and 16 - 20 GB of traffic that is passed on our 150/150 FiOS link.

daemonix

@Veldkornet said in PC Engines apu2 experiences:

@qinn SSH into it and install flashrom. No need to boot from USB etc.

pkg install flashrom

Upload the firmware to /tmp with scp and run:
flashrom -w /tmp/apu2_v4.9.0.2.rom -p internal:boardmismatch=force

Shutdown pfSense, pull the power for 10 seconds, then boot up.

I still run the original (legacy) bios that came with my apu2c4 almost 2 years ago?! (maybe 1 year I cant remember). I also run the latest stable pfsense.

Anything I need to do (regarding settings or something else) before flushing from the pfsense itself??
thanks

Qinn

@daemonix Nope, just install the flashrom like above, then download the latest Mainline from here

https://pcengines.github.io/

then flash it and reboot, I have switched from Legacy to Mainline months ago and everything works still fine.

...and btw you don't need the force option, this is enough

flashrom -w /tmp/apu2_v4.9.0.7.rom -p internal

daemonix

@Qinn said in PC Engines apu2 experiences:

@daemonix Nope, just install the flashrom like above, then download the latest Mainline from here

https://pcengines.github.io/

then flash it and reboot, I have switched from Legacy to Mainline months ago and everything works still fine.

...and btw you don't need the force option, this is enough

flashrom -w /tmp/apu2_v4.9.0.7.rom -p internal

Thanks a lot for the quick replay!
Im do it later in the evening and hopefully Ill have internet after the reboot heheheh

daemonix

This post is deleted!

daemonix

@Qinn said in PC Engines apu2 experiences:

@daemonix Nope, just install the flashrom like above, then download the latest Mainline from here

https://pcengines.github.io/

then flash it and reboot, I have switched from Legacy to Mainline months ago and everything works still fine.

...and btw you don't need the force option, this is enough

flashrom -w /tmp/apu2_v4.9.0.7.rom -p internal

Done without a problem!
I had a serial link to it so I did it from there so I can see the boot sequence.

Now that I have time to experiment a bit.
What are the recommended combination of settings that favour performance on a openvpn server nowadays ?

BSD crypto ON/OFF? CBC/GBC algo? etc..
I get 40mbit on the apu2 hosted server.

fireodo

@daemonix said in PC Engines apu2 experiences:

BSD crypto ON/OFF? CBC/GBC algo? etc..
I get 40mbit on the apu2 hosted server.

From my knowledge for the APU2-Board the settings should be AES-NI (in CPU).

Regards,
fireodo

Qinn

I agree try AES-NI (in cpu) read this please, especially the reply from "jimp" https://forum.netgate.com/topic/114212/aes-ni-cryptodev-openvpn-help-a-n00b-understand/16

The setting is in :

System/Advanced/Miscellaneous

try it and see how it performs.

daemonix

fast-io
sndbuf 524288
rcvbuf 524288

added this, changed my PIA client to GCM (my server was already GCM) and I already had just the hardware acceleration only...
Gone from 45-sih mbit to 70-70mbit in both PIA and my server!!!

kevindd992002

@Qinn said in PC Engines apu2 experiences:

https://pcengines.github.io/

Does this mean that "AES-NI CPU-based acceleration" is better than the "AES-NI and BSD Crypto Device" option? I'm still confused what the difference between those two are.

fireodo

@kevindd992002 said in PC Engines apu2 experiences:

Does this mean that "AES-NI CPU-based acceleration" is better than the "AES-NI and BSD Crypto Device" option? I'm still confused what the difference between those two are.

Yes! The Apu2 does not have a dedicated Crypto-Device, the Crypto-Functions are integrated in the CPU (much faster). IMHO