PFsense on Esxi - 100% CPU Usage?

richtj99

Hi,

I have been running PFsense on a 6 ESXI box, server specs:

E3-1245
Supermicro - X11SSL-CF-O
64gb ram
Evo SSD

The system has been running since mid may.  It has been great & I have had to do very little with it.  I have a Freepbx installation running (Asterisk) for my home phones on another Esxi box (cheapie Dell T110II) & I would like to change the setup so the Freepbx is on the Pfsense box & I can repurpose the Dell server to a freenas backup - that is besides the point).  I did upgrade Pfsense from 2.3.1 to p5.

Anyway, I transfered my Freepbx vm to the Pfsense esxi box on Friday & left it running over the weekend.  We dont do much calling on home phones so I am not surpirsed we didnt notice anything amiss.

So my wife is working from home today & has mentioned that the IP pbx system keeps dropping calls.  Separately I noticed a big delay when browsing the web.  While looking at pfsense on the dashboard I saw the CPU spike to 100%.  Typically a speedtest.net run will make the pfsense dashboard cpu goto 4%.

I tried rebooting pfsense, then rebooting the esxi box.  Then I shutdown the pfsense vm, gave it a second core, and rebooted it.  My wife again said the phones kept disconnecting.

My next test was to shutdown the freepbx vm on the Supermicro box & turn it back on the dell box.

Just now the CPU on the dashboard spiked to 35% - its just my wife & I home, no major downloading just email & web.

Any idea what could be causing the issues?  The main change was adding freepbx to the pfsense/esxi box but freepbx is pretty low CPU usage.

Thanks,
Rich

cmb

If it was just 100% for a brief moment, that's safe to disregard. The dashboard itself pulls a lot of system details and will chew a bit of CPU, especially if it's a single vCPU VM, will very briefly have periods of high CPU usage. That runs at a lesser priority than the actual packet processing of the system, so it won't really have a noticeable impact on its function. Status>Monitoring is a better gauge of long-term CPU usage. Doubtful CPU usage has anything to do with dropping VoIP calls.

richtj99

It looks like i am at 100% - though I am not exactly sure what this means (see attached).  I did add a second core & the system seemed normal in the middle of the day today.  The drop seems in line with me messing around.

@cmb:

If it was just 100% for a brief moment, that's safe to disregard. The dashboard itself pulls a lot of system details and will chew a bit of CPU, especially if it's a single vCPU VM, will very briefly have periods of high CPU usage. That runs at a lesser priority than the actual packet processing of the system, so it won't really have a noticeable impact on its function. Status>Monitoring is a better gauge of long-term CPU usage. Doubtful CPU usage has anything to do with dropping VoIP calls.


cmb

That's the number of processes. Your CPU usage is trivially low. No indication of any problem there.

richtj99

@cmb:

That's the number of processes. Your CPU usage is trivially low. No indication of any problem there.

So should i take away a core?  I had 1, gave it 2 & the phone kept kicking my wife off.

The phone is VOIP so I dont know what the issue was related to.  I assumed it was due to internet bandwidth.  I noticed I was having a very hard time connecting on my wired desktop.  Once i moved the pbx vm to the other Esxi box things went back to normal.

Is there something or somewhere else i should look?  The esxi box itself?  I would like to run 1 esxi box with both vms on it.

cmb

2 is fine, and better than 1. I'd leave it at 2. My point was just that the CPU usage isn't 100% for any length of time, so subject isn't actually an issue and you can rule out anything CPU-related.

It's not likely the firewall that's dropping calls. Maybe you were having general Internet connectivity issues at the time, since you mentioned connectivity issues with other things. Which is likely ISP-induced. But that's the next step of troubleshooting, see if you have solid connectivity in general.

mgittelman

Was a solution to this ever found?  Recently discovered I have the exact same issue, but with pfsense 2.4.2 and esxi 6.5.  I can't find anything about it on the web, and this seems to be the most comprehensive discussion that was had on the topic.

Derelict

Read up one post. There is no identifiable problem with the firewall software. I would suggest starting another thread detailing exactly what you are seeing instead.