CPU utilization on HP t620 plus
-
I am not familiar with reading these. Does WCPU at 100% indicate an issue?
Memory installed is only 4gb right now. There is a 64gb ssd drive. Overall system performance seems to be a little slower than the old PC it replaced.System Activity CPU Activity last pid: 39812; load averages: 0.43, 0.24, 0.13 up 0+00:15:27 14:27:46 188 threads: 5 running, 152 sleeping, 31 waiting CPU: 0.8% user, 0.1% nice, 0.8% system, 0.0% interrupt, 98.4% idle Mem: 217M Active, 4568K Inact, 348M Wired, 133M Buf, 2752M Free Swap: 2759M Total, 2759M Free PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 11 root 155 ki31 0B 64K RUN 2 15:16 100.00% [idle{idle: cpu2}] 11 root 155 ki31 0B 64K CPU0 0 15:15 100.00% [idle{idle: cpu0}] 11 root 155 ki31 0B 64K CPU1 1 15:13 100.00% [idle{idle: cpu1}] 11 root 155 ki31 0B 64K CPU3 3 15:12 100.00% [idle{idle: cpu3}] 338 root 21 0 102M 36M piperd 3 0:03 0.20% php-fpm: pool nginx (php-fpm) 0 root -76 - 0B 576K - 1 0:02 0.10% [kernel{if_io_tqg_1}] 0 root -16 - 0B 576K swapin 0 0:26 0.00% [kernel{swapper}] 75369 unbound 20 0 136M 106M kqread 3 0:04 0.00% /usr/local/sbin/unbound -c /var/unbound/unbound.conf{unbound} 0 root -76 - 0B 576K - 0 0:02 0.00% [kernel{if_io_tqg_0}] 0 root -76 - 0B 576K - 2 0:02 0.00% [kernel{if_io_tqg_2}] 0 root -76 - 0B 576K - 3 0:02 0.00% [kernel{if_io_tqg_3}] 337 root 52 0 102M 37M accept 3 0:01 0.00% php-fpm: pool nginx (php-fpm) 23645 root 20 0 17M 7004K select 2 0:01 0.00% /usr/local/sbin/openvpn --config /var/etc/openvpn/server1/config.ovpn{openvpn} 85830 root 20 0 65M 40M piperd 1 0:01 0.00% /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog 84831 root 20 0 65M 40M piperd 2 0:01 0.00% /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog 25507 root 20 0 12M 3020K bpf 1 0:01 0.00% /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid 6831 root 20 0 15M 3100K nanslp 1 0:01 0.00% /usr/local/sbin/pcscd{pcscd} 12 root -60 - 0B 496K WAIT 2 0:01 0.00% [intr{swi4: clock (0)}] 86281 root 20 0 59M 35M piperd 1 0:00 0.00% /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl 20 root -16 - 0B 16K pftm 0 0:00 0.00% [pf purge] 26114 root 20 0 11M 2652K select 2 0:00 0.00% /usr/sbin/syslogd -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf 75369 unbound 20 0 136M 106M kqread 2 0:00 0.00% /usr/local/sbin/unbound -c /var/unbound/unbound.conf{unbound} 86587 root 52 0 59M 34M piperd 3 0:00 0.00% /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc index 16 root -68 - 0B 400K - 3 0:00 0.00% [usb{usbus3}] 16 root -68 - 0B 400K - 2 0:00 0.00% [usb{usbus0}] 16 root -68 - 0B 400K - 1 0:00 0.00% [usb{usbus1}] 0 root -76 - 0B 576K - 2 0:00 0.00% [kernel{if_config_tqg_0}] 22 root -16 - 0B 48K psleep 3 0:00 0.00% [pagedaemon{dom0}] 75369 unbound 20 0 136M 106M kqread 0 0:00 0.00% /usr/local/sbin/unbound -c /var/unbound/unbound.conf{unbound} 84473 root 20 0 10M 2132K kqread 0 0:00 0.00% /usr/bin/tail_pfb -n0 -F /var/log/filter.log 85792 root 20 0 10M 2132K kqread 3 0:00 0.00% /usr/bin/tail_pfb -n0 -F /var/log/filter.log 75369 unbound 20 0 136M 106M kqread 1 0:00 0.00% /usr/local/sbin/unbound -c /var/unbound/unbound.conf{unbound} 40774 root 20 0 14M 2652K nanslp 2 0:00 0.00% /usr/local/bin/dpinger -S -r 0 -i WANGW -B 67.210.32.129 -p /var/run/dpinger_WANGW~67.210.32.129~67.210.32.1.pid -u /var/run/dpinger_WANGW~67.210.32.129~67.210.32.1.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 67.210.32.1{dpinger} 24 root -16 - 0B 64K qsleep 2 0:00 0.00% [bufdaemon{bufdaemon}] 11317 root 52 20 11M 2604K wait 3 0:00 0.00% /bin/sh /var/db/rrd/updaterrd.sh 21 root -16 - 0B 16K - 1 0:00 0.00% [rand_harvestq] 12 root -88 - 0B 496K WAIT 1 0:00 0.00% [intr{irq280: ahci0:ch1}] 89249 dhcpd 20 0 22M 11M select 1 0:00 0.00% /usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid igb1 81952 root 20 0 18M 6340K select 2 0:00 0.00% /usr/local/sbin/ntpd -g -c /var/etc/ntpd.conf -p /var/run/ntpd.pid{ntpd} 85947 root 20 0 18M 7260K kqread 1 0:00 0.00% /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf 80752 root 20 0 18M 8120K kqread 0 0:00 0.00% nginx: worker process (nginx) 24 root 20 - 0B 64K sdflus 1 0:00 0.00% [bufdaemon{/ worker}] 26 root 16 - 0B 16K syncer 2 0:00 0.00% [syncer] 40774 root 20 0 14M 2652K sbwait 3 0:00 0.00% /usr/local/bin/dpinger -S -r 0 -i WANGW -B 67.210.32.129 -p /var/run/dpinger_WANGW~67.210.32.129~67.210.32.1.pid -u /var/run/dpinger_WANGW~67.210.32.129~67.210.32.1.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 67.210.32.1{dpinger} 336 root 20 0 101M 25M kqread 1 0:00 0.00% php-fpm: master process (/usr/local/lib/php-fpm.conf) (php-fpm) 6831 root 20 0 15M 3100K select 3 0:00 0.00% /usr/local/sbin/pcscd{pcscd} 40774 root 20 0 14M 2652K nanslp 3 0:00 0.00% /usr/local/bin/dpinger -S -r 0 -i WANGW -B 67.210.32.129 -p /var/run/dpinger_WANGW~67.210.32.129~67.210.32.1.pid -u /var/run/dpinger_WANGW~67.210.32.129~67.210.32.1.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 67.210.32.1{dpinger} 12 root -96 - 0B 496K WAIT 1 0:00 0.00% [intr{irq16: hdac1}] 12 root -60 - 0B 496K WAIT 2 0:00 0.00% [intr{swi4: clock (1)}] 12 root -60 - 0B 496K WAIT 3 0:00 0.00% [intr{swi4: clock (3)}] 12 root -60 - 0B 496K WAIT 1 0:00 0.00% [intr{swi4: clock (2)}] 0 root -76 - 0B 576K - 3 0:00 0.00% [kernel{softirq_3}] 1 root 20 0 9548K 944K wait 3 0:00 0.00% [init] 40774 root 20 0 14M 2652K accept 2 0:00 0.00% /usr/local/bin/dpinger -S -r 0 -i WANGW -B 67.210.32.129 -p /var/run/dpinger_WANGW~67.210.32.129~67.210.32.1.pid -u /var/run/dpinger_WANGW~67.210.32.129~67.210.32.1.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 67.210.32.1{dpinger} 0 root -76 - 0B 576K - 1 0:00 0.00% [kernel{softirq_1}] 7 root -16 - 0B 32K - 1 0:00 0.00% [cam{scanner}] 0 root -76 - 0B 576K - 0 0:00 0.00% [kernel{softirq_0}] 35829 root 20 0 11M 2756K select 2 0:00 0.00% /usr/local/sbin/xinetd -syslog daemon -f /var/etc/xinetd.conf -pidfile /var/run/xinetd.pid 0 root -76 - 0B 576K - 2 0:00 0.00% [kernel{softirq_2}] 25 root -16 - 0B 16K vlruwt 2 0:00 0.00% [vnlru] 16 root -68 - 0B 400K - 1 0:00 0.00% [usb{usbus4}] 81313 root 20 0 11M 2576K nanslp 1 0:00 0.00% /usr/sbin/cron -s 22 root -16 - 0B 48K umarcl 3 0:00 0.00% [pagedaemon{uma}] 16 root -68 - 0B 400K - 0 0:00 0.00% [usb{usbus2}] 24 root -16 - 0B 64K - 2 0:00 0.00% [bufdaemon{bufspacedaemon-0}] 7 root -16 - 0B 32K - 0 0:00 0.00% [cam{doneq0}] 24 root -16 - 0B 64K - 3 0:00 0.00% [bufdaemon{bufspacedaemon-1}] 27435 root 52 0 11M 2792K wait 3 0:00 0.00% login [pam] (login) 375 root 40 20 11M 2760K kqread 1 0:00 0.00% /usr/local/sbin/check_reload_status 29544 root 52 0 12M 3040K wait 2 0:00 0.00% -sh (sh) 14 root -8 - 0B 48K - 2 0:00 0.00% [geom{g_event}] 67 root -8 - 0B 16K mdwait 0 0:00 0.00% [md0] 12 root -72 - 0B 496K WAIT 0 0:00 0.00% [intr{swi1: netisr 3}] 39812 root 22 0 13M 3288K CPU2 2 0:00 0.00% /usr/bin/top -baHS 999 31402 root 52 0 11M 2872K ttyin 2 0:00 0.00% /bin/sh /etc/rc.initial 591 root 20 0 10M 1276K select 3 0:00 0.00% /sbin/devd -q -f /etc/pfSense-devd.conf 12 root -96 - 0B 496K WAIT 3 0:00 0.00% [intr{irq256: hdac0}] 27993 root 52 0 11M 2204K ttyin 2 0:00 0.00% /usr/libexec/getty Pc ttyv3 28679 root 52 0 11M 2204K ttyin 3 0:00 0.00% /usr/libexec/getty Pc ttyv6 14 root -8 - 0B 48K - 1 0:00 0.00% [geom{g_down}] 0 root 8 - 0B 576K - 1 0:00 0.00% [kernel{thread taskq}] 27736 root 52 0 11M 2204K ttyin 1 0:00 0.00% /usr/libexec/getty Pc ttyv1 28978 root 52 0 11M 2204K ttyin 2 0:00 0.00% /usr/libexec/getty Pc ttyv7 28221 root 52 0 11M 2204K ttyin 2 0:00 0.00% /usr/libexec/getty Pc ttyv4 27832 root 52 0 11M 2204K ttyin 1 0:00 0.00% /usr/libexec/getty Pc ttyv2 28434 root 52 0 11M 2204K ttyin 3 0:00 0.00% /usr/libexec/getty Pc ttyv5 80781 root 20 0 18M 7720K kqread 1 0:00 0.00% nginx: worker process (nginx) 37847 root 32 0 19M 7992K select 2 0:00 0.00% /usr/sbin/sshd 80477 root 52 0 17M 7264K pause 2 0:00 0.00% nginx: master process /usr/local/sbin/nginx -c /var/etc/nginx-webConfigurator.conf (nginx) 40774 root 52 0 14M 2652K uwait 1 0:00 0.00% /usr/local/bin/dpinger -S -r 0 -i WANGW -B 67.210.32.129 -p /var/run/dpinger_WANGW~67.210.32.129~67.210.32.1.pid -u /var/run/dpinger_WANGW~67.210.32.129~67.210.32.1.sock -C /etc/rc.gateway_alarm -d 1 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 67.210.32.1{dpinger} 34187 root 52 20 10M 2044K nanslp 1 0:00 0.00% sleep 60 12 root -88 - 0B 496K WAIT 3 0:00 0.00% [intr{irq18: ohci0 ohci1}] 14 root -8 - 0B 48K - 1 0:00 0.00% [geom{g_up}] 27308 root 20 0 10M 2104K nanslp 3 0:00 0.00% minicron: helper /usr/local/bin/ping_hosts.sh (minicron) 8 root -16 - 0B 16K - 0 0:00 0.00% [soaiod1] 17 root -16 - 0B 16K - 3 0:00 0.00% [soaiod3] 27583 root 52 0 10M 2088K wait 1 0:00 0.00% /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts 27059 root 52 0 10M 2084K wait 1 0:00 0.00% /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh 28136 root 52 0 10M 2088K wait 1 0:00 0.00% /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data 18 root -16 - 0B 16K - 2 0:00 0.00% [soaiod4] 9 root -16 - 0B 16K - 2 0:00 0.00% [soaiod2] 377 root 52 20 11M 2588K kqread 2 0:00 0.00% check_reload_status: Monitoring daemon of check_reload_status (check_reload_status) 27906 root 52 0 10M 2108K nanslp 0 0:00 0.00% minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.expireaccounts (minicron) 28433 root 52 0 10M 2108K nanslp 2 0:00 0.00% minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data (minicron) 16 root -68 - 0B 400K - 2 0:00 0.00% [usb{usbus3}] 12 root -52 - 0B 496K WAIT 1 0:00 0.00% [intr{swi6: task queue}] 19 root -16 - 0B 16K waitin 3 0:00 0.00% [sctp_iterator] 12 root -52 - 0B 496K WAIT 1 0:00 0.00% [intr{swi6: Giant taskq}] 12 root -88 - 0B 496K WAIT 0 0:00 0.00% [intr{irq17: ehci0 ehci1}] 23645 root 52 0 17M 7004K kqread 2 0:00 0.00% /usr/local/sbin/openvpn --config /var/etc/openvpn/server1/config.ovpn{openvpn} 0 root -8 - 0B 576K - 2 0:00 0.00% [kernel{CAM taskq}] 0 root 8 - 0B 576K - 2 0:00 0.00% [kernel{inm_free taskq}] 13 root -16 - 0B 64K sleep 2 0:00 0.00% [ng_queue{ng_queue0}] 6831 root 52 0 15M 3100K piperd 0 0:00 0.00% /usr/local/sbin/pcscd{pcscd} 13 root -16 - 0B 64K sleep 2 0:00 0.00% [ng_queue{ng_queue1}] 16 root -68 - 0B 400K - 2 0:00 0.00% [usb{usbus0}] 16 root -68 - 0B 400K - 2 0:00 0.00% [usb{usbus2}] 0 root 8 - 0B 576K - 2 0:00 0.00% [kernel{firmware taskq}] 10 root -16 - 0B 16K audit_ 2 0:00 0.00% [audit] 22 root -16 - 0B 48K launds 1 0:00 0.00% [pagedaemon{laundry: dom0}] 16 root -68 - 0B 400K - 2 0:00 0.00% [usb{usbus1}] 16 root -68 - 0B 400K - 2 0:00 0.00% [usb{usbus4}] 0 root 8 - 0B 576K - 1 0:00 0.00% [kernel{acpi_task_0}] 0 root 8 - 0B 576K - 2 0:00 0.00% [kernel{linuxkpi_short_wq_3}] 0 root 8 - 0B 576K - 1 0:00 0.00% [kernel{linuxkpi_short_wq_2}] 0 root 8 - 0B 576K - 1 0:00 0.00% [kernel{in6m_free taskq}] 0 root 8 - 0B 576K - 3 0:00 0.00% [kernel{linuxkpi_short_wq_4}] 0 root 8 - 0B 576K - 2 0:00 0.00% [kernel{kqueue_ctx taskq}] 0 root -20 - 0B 576K - 0 0:00 0.00% [kernel{crypto_3}] 0 root -52 - 0B 576K - 2 0:00 0.00% [kernel{mca taskq}] 16 root -68 - 0B 400K - 2 0:00 0.00% [usb{usbus4}] 16 root -68 - 0B 400K - 2 0:00 0.00% [usb{usbus2}] 16 root -68 - 0B 400K - 2 0:00 0.00% [usb{usbus0}] 16 root -76 - 0B 400K - 0 0:00 0.00% [usb{usbus2}] 0 root 8 - 0B 576K - 2 0:00 0.00% [kernel{mlx4}] 0 root 8 - 0B 576K - 1 0:00 0.00% [kernel{aiod_kick taskq}] 0 root 8 - 0B 576K - 2 0:00 0.00% [kernel{linuxkpi_short_wq_0}] 0 root 8 - 0B 576K - 3 0:00 0.00% [kernel{linuxkpi_short_wq_1}] 0 root 8 - 0B 576K - 1 0:00 0.00% [kernel{linuxkpi_long_wq_0}] 0 root 8 - 0B 576K - 2 0:00 0.00% [kernel{linuxkpi_long_wq_1}] 0 root 8 - 0B 576K - 3 0:00 0.00% [kernel{linuxkpi_long_wq_2}] 0 root 8 - 0B 576K - 2 0:00 0.00% [kernel{acpi_task_2}] 27 root -16 - 0B 16K aldslp 1 0:00 0.00% [ALQ Daemon] 0 root 8 - 0B 576K - 3 0:00 0.00% [kernel{acpi_task_1}] 0 root 8 - 0B 576K - 2 0:00 0.00% [kernel{linuxkpi_long_wq_4}] 0 root 8 - 0B 576K - 1 0:00 0.00% [kernel{linuxkpi_long_wq_3}] 15 root -16 - 0B 16K seqsta 1 0:00 0.00% [sequencer 00] 23 root -16 - 0B 16K psleep 1 0:00 0.00% [vmdaemon] 0 root -20 - 0B 576K - 2 0:00 0.00% [kernel{crypto_1}] 0 root -20 - 0B 576K - 1 0:00 0.00% [kernel{crypto_2}] 0 root -20 - 0B 576K - 0 0:00 0.00% [kernel{crypto_0}] 16 root -68 - 0B 400K - 2 0:00 0.00% [usb{usbus1}] 13 root -16 - 0B 64K sleep 2 0:00 0.00% [ng_queue{ng_queue3}] 13 root -16 - 0B 64K sleep 2 0:00 0.00% [ng_queue{ng_queue2}] 6 root -16 - 0B 16K crypto 2 0:00 0.00% [crypto returns 3] 4 root -16 - 0B 16K crypto 1 0:00 0.00% [crypto returns 1] 3 root -16 - 0B 16K crypto 2 0:00 0.00% [crypto returns 0] 2 root -16 - 0B 16K crypto 1 0:00 0.00% [crypto] 5 root -16 - 0B 16K crypto 2 0:00 0.00% [crypto returns 2] 16 root -68 - 0B 400K - 2 0:00 0.00% [usb{usbus3}] 16 root -72 - 0B 400K - 2 0:00 0.00% [usb{usbus2}] 16 root -72 - 0B 400K - 2 0:00 0.00% [usb{usbus4}] 16 root -72 - 0B 400K - 2 0:00 0.00% [usb{usbus0}] 16 root -72 - 0B 400K - 2 0:00 0.00% [usb{usbus1}] 16 root -72 - 0B 400K - 2 0:00 0.00% [usb{usbus3}] 16 root -76 - 0B 400K - 2 0:00 0.00% [usb{usbus3}] 16 root -76 - 0B 400K - 2 0:00 0.00% [usb{usbus1}] 16 root -76 - 0B 400K - 2 0:00 0.00% [usb{usbus4}] 16 root -76 - 0B 400K - 2 0:00 0.00% [usb{usbus0}] 12 root -56 - 0B 496K WAIT -1 0:00 0.00% [intr{swi5: fast taskq}] 12 root -64 - 0B 496K WAIT -1 0:00 0.00% [intr{swi3: vm}] 12 root -72 - 0B 496K WAIT -1 0:00 0.00% [intr{swi1: pfsync}] 12 root -72 - 0B 496K WAIT -1 0:00 0.00% [intr{swi1: pf send}] 12 root -72 - 0B 496K WAIT -1 0:00 0.00% [intr{swi1: netisr 0}] 12 root -72 - 0B 496K WAIT -1 0:00 0.00% [intr{swi1: netisr 2}] 12 root -72 - 0B 496K WAIT -1 0:00 0.00% [intr{swi1: netisr 1}] 12 root -76 - 0B 496K WAIT -1 0:00 0.00% [intr{swi0: uart uart}] 12 root -84 - 0B 496K WAIT -1 0:00 0.00% [intr{irq1: atkbd0}] 12 root -84 - 0B 496K WAIT -1 0:00 0.00% [intr{irq7: ppc0}] 12 root -88 - 0B 496K WAIT -1 0:00 0.00% [intr{irq279: ahci0:ch0}] 12 root -88 - 0B 496K WAIT -1 0:00 0.00% [intr{irq281: ahci0:2}] 12 root -88 - 0B 496K WAIT -1 0:00 0.00% [intr{irq284: ahci0:5}] 12 root -88 - 0B 496K WAIT -1 0:00 0.00% [intr{irq286: ahci0:7}] 12 root -88 - 0B 496K WAIT -1 0:00 0.00% [intr{irq283: ahci0:4}] 12 root -88 - 0B 496K WAIT -1 0:00 0.00% [intr{irq282: ahci0:3}] 12 root -88 - 0B 496K WAIT -1 0:00 0.00% [intr{irq285: ahci0:6}] 12 root -88 - 0B 496K WAIT -1 0:00 0.00% [intr{irq278: xhci0}] 12 root -92 - 0B 496K WAIT -1 0:00 0.00% [intr{irq277: re0}] pfSense is developed and maintained by Netgate. © ESF 2004 - 2021 View license.
-
@briankelly63 said in CPU utilization on HP t620 plus:
Does WCPU at 100% indicate an issue?
Hi,
No, don't worry it's idle.... 4 core (100%) you have to interpret it the other way round
CPU=0,8%, so 98.4% idle you have plenty to spare
+++edit:
otherwise the clock speed per core and say the speed of the RAM(s) matters more
(f.e.: Single Thread Performance, BUS + pci BUS clock, etc.)if you are running resource intensive packages like SQUID, pfBlockerNG with large lists, Snort/Suricata, you might need more RAM
-
@daddygo
Thanks for the quick reply. I just switched over to the T620 and I’m changing Internet providers next week so a lot going on.
One of the things that caught my attention is that when I connect to OpenVPN from my laptop from a remote location it takes about 3-4 seconds to connect when it probably took no longer than 1 second with the old PC that I was using for PFsense. So far I haven’t been able to determine what might be causing that delay. -
@briankelly63 said in CPU utilization on HP t620 plus:
OpenVPN
OpenVPN on the firewall is a typical case of single-threaded behaviour
OPENVPN single threaded, so your best friend in this case is a high CPU clock speed on a single core
-
@briankelly63 said in CPU utilization on HP t620 plus:
2752M Free
You don't need more RAM. At least not yet.
Actual time taken to connect is unlikely to vary much unless you have a huge number of users. Was the old device running the same pfSense version? Are you testing from the same client version? 3-4s is pretty much what I expect though. Even on something very fast.
Steve
-
@stephenw10
Thx for the reply. The old device was running same version and I was connecting from same client.
As an experiment I created a second OpenVPN server on the same Pfsense box (t620) by first making a copy, testing (same result) and then simplifying the configuration so it would be more lightweight. With that change the connect time of the client dropped dramatically. Looks like it is the negotiation time when things are a little slower. I'm going to be adding more memory to that machine this week. In order to preserve the SSD I had originally selected the option to run var and tmp out of system memory but 4gb wasn't enough. With more memory I'll be able to do that which may speed things up.
Interestingly I did find a 'bad' setting in my configuration which was the Pure Nat vs Nat plus Proxy which was generating lots of errors in the log and may have been slowing things a bit. Fixed. -
Mmm, how large a RAM drives did you set? I usually use double the default size so 120/80MB.
You can't run Snort/Suricata in that but you shouldn't use RAM drives at all if you're running those.
Steve
-
@stephenw10
I probably only set it for 60 each. Maybe that’s why it ran out of space and was crashing. Not using snort or Siri at a right now just pfblockerNG -
Yeah I would go to at least double. On x86 the available kernel space is large and you're only using a bit over 1G so you could easily go larger if you need to.
You probably don't though. My edge device right now:Steve
-
@stephenw10
Thanks, I will give that a try. I did order some more memory which I’ll install in the next couple of days so that should give me plenty of room. -
@briankelly63 said in CPU utilization on HP t620 plus:
I did order some more memory which I’ll install in the next couple of days
In that case, I'd get rid of the RAM disks,......- and an additional proposal pls. put the installation to ZFS, although you still have enough memory in the current situation, many people are running with 2G RAM.
(You don't gain as much on "shrine" of the speed as you lose in RAM disk usage and security, although a good UPS can always be a solution.)
if you want later IPS/IDS this excludes the RAM disk, as Stephen described, ergo better to think ahead than to reconfigure later
I read above about the relationship between RAM disk and SSD 64GB.
Don't worry about the SSD 64GB, would be plenty enough for up to 3 - 4 complete pfSense installationsThe RAM disk, in my reading, is always a necessary solution if the HW is lower ability for some reason, but that's not the case with you and you are free to expand it.
Fast RAM + MOBO speed + SSD disk = good approach
don't forget it's just a router + firewall in SOHO environment
(not a heavy loaded database server)price/value invested + scope of use = economic efficiency
always good for your wallet -
Thanks... I think I'll avoid the RAM disk for now and just keep an eye on memory.