99% Memory Useage



  • So where to start well I have been running Pfsense for about 8 years now. the Problem I Am running in to is after a reset I get to about 99% memory Usage
    and the network become's unstable a restart or setting Ram dsik fix's this. I can set up a Ram Disk but it gets used up. If i set up a ram disk does not use all my memory. This was a fresh install then backup applied . What happend was I did a hardware swap and then had a bad disk.
    The hardware I came from was a Dell 2900v3 2x Xeon 4 cores Also due to to much power usage.
    That's when this Problem start the old system did have 58Gb ECC of Ram.

    New Harware Specs:
    AMD 6 Core FX-6300
    ASUS M5A99FX
    32Gb Crucial DDR3 ECC Non Reg
    4 Port Intel Nic
    3x2Tb HDD In Raidz1 Setup as a ZFS Raid.

    States are At Default setting so are Mbufs.

    Packages:
    Suricata
    PfblockerNG
    Removed: Squid Proxy to help with memory usage

    0_1537293935875_pfsense.png 0_1537293944623_pf2.png !0_1537297437570_pf3.png



  • First things first, it would really help if you used some of the tools up the top there are applied a tiny bit of formatting to your text so it's easy to read.

    At the moment it's a giant wall of text, with many spelling errors, bad formatting and honestly, it's almost impossible to read and understand.

    If it's running out of memory, the first thing to do would be to post the output of any logs that show this. What's the output of vmstat -h ? You'll have to run it from the CLI.
    What does top show you? Do you have hundreds of processes?

    If you're not sure how to parse the output of those commands, that's fine, paste them here.
    PLEASE PLEASE PLEASE paste them using the "code" formatting button above, the </>
    Otherwise it becomes a horrid wall of text that's impossible to read.
    It should look like this:

    [2.4.3-RELEASE][admin@wallbanger]/root: vmstat -h
    procs  memory       page                    disks     faults         cpu
    r b w  avm   fre   flt  re  pi  po    fr   sr md0 md1   in    sy    cs us sy id
    1 0 0 1.1G  647M   666   0   0   1   839   11   0   0  206   884   766  0  1 99
    

    etc.

    I hope this helps - please take the time to clearly explain the problem etc - read back over what you've written before submitting it, make sure it's clear, so that it'll be much easier for us to help you.

    Cheers,
    El Muppo.



  • Sorry about that Edited and Fixed I hope. I know I can make some walla of text and it sounds like I am a mad man. Yeah my spelling & Grammar are pretty bad Only have around a 8th grade spelling level Thanks to public school... when I concentrate.



  • I've had this happen to me too. It was something between pfblocker and unbound. Try updating pfblocker to lates "development" version. I can vouch it works great. That interacts much better with unbound.



  • Well do thanks will update if it fix's it just did this Going to have to do a Power Button reset as it produced this error. Fatal error: Call to undefined function pfb_alerts_default_page() in /usr/local/www/pfblockerng/pfblockerng_general.php on line 96 PHP ERROR: Type: 1, File: /usr/local/www/pfblockerng/pfblockerng_general.php, Line: 96, Message: Call to undefined function pfb_alerts_default_page() And the Remote Client Is frozen.

    Crash report:
    Crash report begins. Anonymous machine information:
    amd64
    11.1-RELEASE-p10
    FreeBSD 11.1-RELEASE-p10 #13 r313908+293707af843(RELENG_2_4): Thu May 10 15:09:24 CDT 2018 root@buildbot2.netgate.com:/builder/ce-243/tmp/obj/builder/ce-243/tmp/FreeBSD-src/sys/pfSense
    Crash report details:
    PHP Errors:
    [18-Sep-2018 13:41:28 America/Chicago] PHP Fatal error: Call to undefined function pfb_alerts_default_page() in /usr/local/www/pfblockerng/pfblockerng_general.php on line 96
    No FreeBSD crash data found.

    Error after reboot but memory is at 10%.

    0_1537296839475_PHP_errors.log.gz

    other then the error it seems like this is the fix.



  • Well update after about 1h and siting around 38% memory used but will see to night when my power user's log on and start to hit the network hard.
    Still Having the crashing problem but it is not freezing the Remote UI like it was doing at the start of the PfblockerNG update.
    Also I had a question is it useful to run var as a ram disk? Or do you only see this being usefully in heavy network utilization environments?



  • @snowaks You first post looks much better, thanks, I'm sorry I hope I didn't come across as rude.

    The only reason to run var as a RAM disk is if you're worried about disk writes on a SDCard or similar. If you're running this on a decent SSD/hard disk then I wouldn't bother doing it, keep the RAM for something useful.



  • ok update seem's to have level off at 80% witch is ok Will update after 2 day's.
    Still getting a Crash report but none of my system & network seem to not be affected.
    Remote UI still works, All packages are up and ruining I may have to do some tuning to
    get squid up and ruining. So I can see what amount of ram I will have left over to be used with squid.

    0_1537370380714_pf5.png



  • I think it's still broken. Under no condition should unbound use this much memory. Try running it with pfblocker disabled. If memory stays low, post an issues in the pfblocker section.


  • Moderator

    @snowaks said in 99% Memory Useage:

    So where to start well I have been running Pfsense for about 8 years now. the Problem I Am running in to is after a reset I get to about 99% memory Usage
    and the network become's unstable a restart or setting Ram dsik fix's this. I can set up a Ram Disk but it gets used up. If i set up a ram disk does not use all my memory. This was a fresh install then backup applied . What happend was I did a hardware swap and then had a bad disk.
    The hardware I came from was a Dell 2900v3 2x Xeon 4 cores Also due to to much power usage.
    That's when this Problem start the old system did have 58Gb ECC of Ram.

    Check out the following reddit thread and see if that helps:
    https://www.reddit.com/r/PFSENSE/comments/9g9csi/pfblockerngdevel_high_cpu_usage/

    Also try running the following top command:

    top -aSH
    


  • Should I Do a restart after disable of Pf blocker ? Will take a look at the reddit post thanks guys!
    Do you think the Cpu problem is just like the Ram one ? Hey I will try any thing with in reason.
    My best fix yet is to set var/ to as a ram disk and it does not allow it to go over the set parameter.
    Will Disable and update my post It takes around 2-3 day's to for the memory to hit 99%.
    I change Cron to 4h set logging on unbound to level 3 as it was on level 2.

    0_1537460859199_pf6.png
    0_1537461047564_PF7.png

    unbound-control -c /var/unbound/unbound.conf status (Edit2)
    0_1537462276566_PF9.png



  • PFblockerNG Off for 1 day still showing 90% Plus
    0_1537528992561_PF10.png



  • @bbcan177 said in 99% Memory Useage:

    top -aSH

    0_1537538691062_Pf11.png
    I mist your command as it was in black.



  • Are Your sure it's not Surricata eating all the RAM?

    P.S. - You could install htop with "pkg install htop". Might need a reboot to work(for me at least). There you can check in real time what's going on.


  • Moderator

    @xciter327 said in 99% Memory Useage:

    Are Your sure it's not Surricata eating all the RAM?

    Yes its definately Suricata .. you can see several PIDs for the same interface...

    If you are using the package "Service Watchguard", do not add Snort/Suricata as it will try to restart the package when cron is updating the rules leading to phantom processes.



  • @bbcan177 @xciter327

    I have used it in the past have not reinstalled it. Do to the memory problem and read some where about cron and problems with it
    I can disable Suricata and will still get 99% I mean I may Be mistaken and end up with my foot in my mouth.
    I will also do a reboot to clear the used Ram as this is the only way I have found to get it to back to normal.
    If so I think it would be a good idea to add in a memory setting in general to only control the packages amount of Max used Ram?
    I will Disable Suricata and add screen shots.

    PS Is there a way to set per a package max used Ram in tunables?



  • @snowaks said in 99% Memory Useage:

    top -aSH

    0_1537627151468_pf12.png 0_1537627155810_Pf13.png



  • With Suricata disabled, do a reboot to make sure it's all clean.

    P.S. - this is not related, but why run both unbound and dns forwarder?



  • I was Under the understanding that Unbound was for internal traffic Lan and forward was for Wan side incoming.
    I had some problems get stuff to see some stuff from the outside the network
    Did not matter what firewall rule/port forwarding I added. I read some where that you should enable
    forwarder I did and the traffic worked. So I prayed to the Pfsense gods and walked a way with it up and happy. 💊
    Plex was the problem Program.



  • @snowaks said in 99% Memory Useage:

    I was Under the understanding that Unbound was for internal traffic Lan and forward was for Wan side incoming.
    I had some problems get stuff to see some stuff from the outside the network
    Did not matter what firewall rule/port forwarding I added. I read some where that you should enable
    forwarder I did and the traffic worked. So I prayed to the Pfsense gods and walked a way with it up and happy. 💊
    Plex was the problem Program.

    Hi,

    Have you tried a clean install, without using your backup config?
    Then just change your settings manually and add one package at the time.


  • Netgate Administrator

    Mmm, something is very wrong there. Try this. Run top -aSH at the command line, so probably via SSH.

    Then when it's running hit o to change the sort order and then type size to sort by size. Hit q to quit. Copy paste that here.

    Steve



  • Yes Cisco I have did not change. I've some how fixed the problem I have suricata on even higher setting.
    Then I had be for when they where stock. Ive also install Squid proxy. like 12 more Pf blockers Lists so thing On pfsense side cause a memory leak.
    I've been stable at 10-20% memory now With Lan/Wan with Suricata on high, Max pending packets on 10k.
    Also Set Pattern Matcher Algorithm off auto to hyper scan. I did this to try and see if it Suricata Or to see if I
    could get what was happening in 2-3day to happen in 1. Pf blocker was change to Dlev.

    0_1537825278950_pf14.png



  • If you guys still want to see if I can reproduce the problem I can go back to bone stock suricata setup.
    I also disable DNS Forwarder and just set unbound to do every thing it was split be for.
    So maybe this was the cause and not the packages I can re enable DNS forwarder and see if my memory goes back to what was seen.


  • Netgate Administrator

    If you can pin down a memory leak it would be good to know about it.

    Steve



  • Well with the Update to 2.4.4 I can not reproduce this memory leak not sure what was the root cause
    but pretty sure it was Dns Unbound and Dns forwarder, Not playing nice with each other.
    I have try removing the packages and just setting both to run.
    I have no more use for forwarder so it is now disabled. Pretty much was using
    Dns Forwarder to Query Dns servers sequentially. Not sure if I was ruing just a really odd
    config or using some thing for that it was not its intended use. If this pop's up again I will install
    my config on a 2nd system to do a test bench to find the problem.

    0_1538133967207_PF15.png