Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Haproxy 100% cpu usage

    Scheduled Pinned Locked Moved Cache/Proxy
    47 Posts 7 Posters 9.5k Views 10 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      maverick_slo
      last edited by maverick_slo

      Hi.

      After I upgraded to pfsense plus 24.03-RELEASE (amd64) I have problems with HAPROXY.
      After some random time it just starts to use 100% CPU even though there are virtuallly NO requests and no traffic at all...
      In previous versions this did not happen.
      Haprox is 2.9.1 can you please upgrade to latest binary which will probably solve the issue?

      Bug:
      https://github.com/replicatedhq/ekco/pull/214

      Workaround:
      https://github.com/haproxy/haproxy/issues/2402#issuecomment-1875104101

      dcd6d88b-6d24-4687-820e-c1376fb7e1e3-image.png

      Thanks!

      D 1 Reply Last reply Reply Quote 3
      • D Offline
        DaniloZ Administrator @maverick_slo
        last edited by stephenw10

        @maverick_slo

        I have submitted a bug report. Thank you!

        https://redmine.pfsense.org/issues/15457

        M 1 Reply Last reply Reply Quote 1
        • M Offline
          maverick_slo
          last edited by

          Anyone?

          Is updating binary really so hard?

          1 Reply Last reply Reply Quote 0
          • M Offline
            maverick_slo @DaniloZ
            last edited by

            Can someone pretty please update binary to latest?
            There are many things fixed in latest version.

            1 Reply Last reply Reply Quote 0
            • R Offline
              rootbg
              last edited by

              Hi,

              I'm having the same problem like @maverick_slo after the latest pfSense upgrade I have 100% CPU from haproxy after working couple of days. @DaniloZ is there any news about this issue?

              M 1 Reply Last reply Reply Quote 0
              • M Offline
                maverick_slo @rootbg
                last edited by

                Pleeease? :)

                1 Reply Last reply Reply Quote 0
                • C Offline
                  coreybrett
                  last edited by

                  I have this issue also. Is there a work-around ?

                  M 1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    Looks like we lost the screenshot from the first post.

                    Does this actually cause a kernel panic when you hit it or just uses all the available CPU time?

                    Steve

                    M L 2 Replies Last reply Reply Quote 0
                    • M Offline
                      maverick_slo @stephenw10
                      last edited by

                      @stephenw10
                      Just cpu usage.
                      Updated versions resolve the issue
                      Also workaround is working and if applied cpu is ok.

                      1 Reply Last reply Reply Quote 0
                      • M Offline
                        maverick_slo @coreybrett
                        last edited by

                        @coreybrett
                        Come on dude, read a little it is in the first post I made.

                        1 Reply Last reply Reply Quote 0
                        • C Offline
                          coreybrett
                          last edited by

                          Adding...

                          tune.disable-zero-copy-forwarding
                          

                          did not fix for me.

                          M 1 Reply Last reply Reply Quote 0
                          • M Offline
                            maverick_slo @coreybrett
                            last edited by maverick_slo

                            @coreybrett
                            Did you entered it in correct settings tab?

                            1 Reply Last reply Reply Quote 0
                            • C Offline
                              coreybrett
                              last edited by

                              9865886a-71df-49ae-b063-702e2a2fa9da-image.png

                              984c9778-fa5b-4c3e-8629-ee6b34b07147-image.png

                              1 Reply Last reply Reply Quote 0
                              • C Offline
                                coreybrett
                                last edited by

                                3b7600db-31c0-4270-bb5f-be08b1112e02-image.png

                                After a stop/start, the HAP process hit 100% and stops responding to inbound requests.

                                1 Reply Last reply Reply Quote 0
                                • L Offline
                                  Luca De Andreis @stephenw10
                                  last edited by

                                  @stephenw10

                                  I can confirm. in my case haproxy generates a kernel panic (occasionally). pfsense 24.03 is stable (more than 30 installations in my case) only with the use of haproxy do kernel panics occur. in this case I went back to the previous version.

                                  Luca

                                  1 Reply Last reply Reply Quote 0
                                  • stephenw10S Offline
                                    stephenw10 Netgate Administrator
                                    last edited by

                                    Do you also see the high CPU usage?

                                    L M 2 Replies Last reply Reply Quote 0
                                    • L Offline
                                      Luca De Andreis @stephenw10
                                      last edited by

                                      @stephenw10

                                      We have two PfSense with HAProxy (dedicated) in 24.03, on the site with the most traffic (a while ago now), we noticed that the VM would reboot going the crash.
                                      Both VMs were experiencing abnormal CPU load (not 100%).
                                      On the third crash I rolled back to 23.09.1 and it has been working perfectly ever since.
                                      The site with less load at the HAProxy level (I left it only for testing in 24.03) never crashed but still has abnormal CPU load (30-40% without doing practically anything).
                                      The site in production with a fair number of accesses, stayed UP 3-5 days, then crashed. After downgrade to version 23.09.1.... perfect.

                                      All PfSense works in VM and we have about 30 of them, only those with HAProxy gave this problem with 24.03.

                                      Sergei_ShablovskyS 1 Reply Last reply Reply Quote 1
                                      • M Offline
                                        maverick_slo @stephenw10
                                        last edited by

                                        @stephenw10 why are we discussing this when solution is crystal clear?
                                        Binary has to be updated, end of story.

                                        1 Reply Last reply Reply Quote 1
                                        • stephenw10S Offline
                                          stephenw10 Netgate Administrator
                                          last edited by

                                          Yup, raised it internally. But trying to determine if the reported kernel panic is actually related.

                                          L 1 Reply Last reply Reply Quote 2
                                          • L Offline
                                            Luca De Andreis @stephenw10
                                            last edited by

                                            @stephenw10

                                            For me, yes, it's related.

                                            In my case a PfSense 24.03 VM (with HA Proxy 2.9.1) crashed (and therefore auto rebooted) every 3-5 days.
                                            With a usage load... typical of a reverse proxy in production.

                                            The same VM but with almost no workload, it never crashed apart from an anomalous CPU load.

                                            In my opinion yes, the events are correlated, but only when the reverse proxy is used above a certain threshold.

                                            In this regard I had also opened a ticket via "professional" support, which was closed with the response... "HAProxy is a third-party package, its update is managed in best effort" .... closed.

                                            Sergei_ShablovskyS 1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.