Pfsense high cpu usage KVM (Unraid)
-
What CPU actually is it? What speed is it running at?
If it was an older CPU stuck at, say, 800MHz you might see that sort of usage.
Steve
-
@stephenw10 I am running on an (old-school) FX-8350. Stock speeds, water cooled running at 4ghz max (nearly always at maximum). I pass it trough 2 out of 8 cores, so i was thinking like 2*4000MHz would be enough.
-
Hmm, yeah if that's what it's really getting it should be far more than what is needed for 250Mbps.
What is the output of
sysctl hw.clockrateorsysctl dev.cpu.0?Steve
-
@stephenw10 Heres the output:
Default clock of an fx 8350 is 3.6Ghz. Just know that this is a Virtual Machine. Unraid config over here:
During a speedtest on the pfsense (speedtest-cli with 150mbit download) the clock rates are this on unraid (8 core cpu so 8 speeds):
-
Also a little addon on how it looks in the pfsense WebGui when the firewall is at idle and when doing a speedtest:
During a speedtest top -S -H:
-
From what i have found so far i think this has to do because i am using virtual nic and not a physical nic. Can someone confirm this?
-
It should not just of itself. There are many people running virtualised and not seeing that, including in KVM.
Something about Unraids setup perhaps? I've never run that personally.
Steve
-
indeed , i'm using kvm on my ubuntu server and i don't have this. idk what unraid is so i can't be of any help
-
Maybe i should just try to reïnstall it. Shouldn't be that hard to do. Ill post more after some more testing.
-
A reïnstall made no change, the cpu usage went up on 1 of the cores. during this test i even gave it 8 Cpu core's (4.0ghz) and 4GB of RAM. Download speed was 150mbit. So i have no clue what the option is other than the virtual nic or something...
Sadly i dont have any other nics available to test with. Any suggestions on a step i might try out?Thanks!
-
With vmx NICs you will need to add the following line to /boot/loader.conf.local to get multiple queue support:
hw.pci.honor_msi_blacklist=0Reboot to apply that. Check the output of
vmstat -ito be sure it's creating multiple queues.Be sure all hardware offloading support is disabled in Sys > Adv > Networking.
Steve
-
Hi, Thanks for your reply,
I tried to find the /boot/loader.conf.local file but could only find a /boot/loader.conf
I tried adding it into there ( hw.pci.honor_msi_blacklist=0 ) but still no change.
It has done something because it moved up in the file.During speedtest i get these results with vmstat -i:
And when using the top -S -H command still get the same results.Any other suggestions?
Thanks!
-
you need to create the file
/boot/loader.conf.local
if it's missing
copy inside
hw.pci.honor_msi_blacklist=0
save and reboot -
Yup create the file if it doesn't exist. If you put it in loader.conf it may get overwritten.
However that will only do anything for vmx NICs. You have em NICs there currently.
Steve
-
@stephenw10 Allright, will set them to VMXNET3, reboot, create the file with the line and inform if there are any changes.
Thanks for the help @kiokoman & @stephenw10 !
Creating config file:
-
Okay so further testing will come in later but for now i seem to reach my maximum provider speed on my linux server behind the firewall:
BUT it did drop back down to 14.4Megabyte's per second and go up and down all the time:
Cpu usage seems to have set a bit:
Using SMB protocol i get this from moving a file WAN to LAN:
It's 2 virtual cores are running at nearly full power (cpu 6/7) (cpu 4 is being used on the server side in the LAN network.):
I don't know if this is just a performance bug but speeds seem to have increased, altough cpu usage is still high (compared to the hardware specifications of pfsense)
Changing to a quad core (virtual processor) did not change much either, cpu usage stays high on 2 cores:
Wish i could put my finger on the issue.
-
I still only see one tx queue and one rx queue on each NIC. Does
vmstat -ishow more?I assume you created that file in /boot
Steve
-
yep its placed under /boot/loader.conf.local
vmstat -i during speedtest on server in lan side:
-
I actually don't know how to read the vmstat -i, but i hope you might know more @stephenw10
-
one queue
vmx0: tq0 (transmission queue 0)
vmx0: rq0 (receive queue 0)with multiple queue you should see tq0 / tq1 etc etc
