2.4.5.a.20200110.1421 and earlier: High CPU usage from pfctl
-
I love that I am very new to this forum but still know exaclty what you are talking about.
-
Appears to affect physical hardware as well. I have been investigating unexplained CARP state changes between a HA pair with Netgate C2758 hardware. The CARP state change is always preceded by a filter reload. Thanks @jimp and team for tracking this down. Looking forward to 2.4.5-p1 to fix.
-
@mjh_ca looks like the last open bug was merged yesterday if I am reading the redmine right. Can't be too long :) Then I can add all my cpu core back!
-
@tomahhunt said in 2.4.5.a.20200110.1421 and earlier: High CPU usage from pfctl:
@mjh_ca looks like the last open bug was merged yesterday if I am reading the redmine right. Can't be too long :) Then I can add all my cpu core back!
There are 4 more hidden bugs, so hopefully they're done soon!
-
@psylenced said in 2.4.5.a.20200110.1421 and earlier: High CPU usage from pfctl:
There are 4 more hidden bugs, so hopefully they're done soon!
3 of those are just administrivia things like updating the docs, release notes, and blog. Just one "bug" left and it should be solved just waiting for internal confirmation. Main thing we're waiting on now is internal testing of the release images.
-
@jimp said in 2.4.5.a.20200110.1421 and earlier: High CPU usage from pfctl:
Main thing we're waiting on now is internal testing of the release images.
Any way we could help with testing an "RC" kinda version?
-
Not in this case since there aren't many changes and we were able to confirm the original issue and the fix internally. We're not going to have a long RC period and if testing goes well, it should be out next week sometime.
If it was going to be in RC for a while we might have made public snapshots but in this case a short cycle is warranted.
-
Thought so but wanted to offer the help nonetheless :)
-
https://forum.netgate.com/topic/154337/pfsense-2-4-5-release-p1-now-available
-
2.4.5-p1 did not fix the issue for me. Or it is a different issue with very similar symptoms?Netgate C2758 hardware, HA configuration. LAGG to switches. Configuration has been rock solid for years and unchanged, since upgrading to 2.4.5 I have had issues with unexpected CARP failovers. Thought the L2 switches had gone bad so I replaced them with Cisco switches, no improvement.Correction - the 2.4.5-p1 high CPU fix does fix my issue.
Somehow both units were incorrectly in "Persistent CARP Maintenance Mode" (likely that way before the upgrade). Taking them out of maintenance mode, and the upgrade to 2.4.5-p1 for high CPU fix, seems to have resolved my CARP state change issues. Thank you Netgate!
-
Disabling promiscious mode triggers the CARP failover since it talks to the NIC?
Can you adjust failover latency?
-
2.4.5-RELEASE-p1 solved this problem for me.
Thanks! -
Hyper-V 2 CPU cores with pfBlockerNG and Table Usage Count: 24691 is every 2 seconds unbound using 1CPU at 100%. When pfBlockerNG is disabled, all ok. With same lists on 2.4.4 there is no noticeable CPU usage at all. Problem still there. but not so critical as it was.
p.s.
And memory usage with pfBlockerNG is increased twice compare to 2.4.4. -
been running 2.4.5-RELEASE-p1 (amd64) since release and all ok however since a recent reboot i now have unbound causing 100%+ CPU spikes. This was present in 2.4.5-RELEASE (amd64) but not in 2.4.4-RELEASE-p3 (amd64)
-
this causes DNS outages frequently for 10-15 seconds at a time.
-
unbound-c
-
What do you see in the logs?
System logs, Resolver log ... -
@Krisbe said in 2.4.5.a.20200110.1421 and earlier: High CPU usage from pfctl:
What do you see in the logs?
System logs, Resolver log ...
-
That has nothing to do with this thread. Start your own thread for that issue. Locking.
-
C cclarke69 referenced this topic on
-
M maliaga referenced this topic on
