Haproxy 100% cpu usage
- 
 Great, thanks for testing. 
- 
 I upgraded last night. Still having same issue.  
- 
 @coreybrett you probably did not restart service after upgrade. 
 Please restart service so that new binary can be run...
- 
 @maverick_slo I am pretty sure I rebooted after running the package update 
 will do so again and check it in the morning
- 
 You should see it in the stats page: HAProxy version 2.9.7-5742051, released 2024/04/05 Statistics Report for pid 81592
- 
 I can confirm that after this uptime: 
  HAProxy on a normal production load and without workaround applied... works fine:  
- 
 Still having trouble with this.  Shell Output - /usr/local/sbin/haproxy -v HAProxy version 2.9.7-5742051 2024/04/05 - https://haproxy.org/ Status: stable branch - will stop receiving fixes around Q1 2025. Known bugs: http://www.haproxy.org/bugs/bugs-2.9.7.html Running on: FreeBSD 15.0-CURRENT FreeBSD 15.0-CURRENT #0 plus-RELENG_24_03-n256311-e71f834dd81: Fri Apr 19 00:28:14 UTC 2024 root@freebsd:/var/jenkins/workspac
- 
 
- 
 @coreybrett said in Haproxy 100% cpu usage: Still having trouble with this. Are you still seeing panics too? 
- 
 For me the system is absolutely stable, while with HAProxy 2.9.1, it rebooted after 1-2 days of uptime 
- 
 @stephenw10 said in Haproxy 100% cpu usage: panics No panics for me, but it stops serving content and sites go down 
- 
 
- 
 @stephenw10 no, that was never an issue for me 
- 
 these sites have very little traffic, but they service web hooks that must work when called 
- 
 Before upgrading HAProxy, then using version 2.9.1, I had problems with instability, PfSense reboots and high CPU load on the system in production (higher network load). 
 On an identical system, but at low load I had only CPU "waste" but no system instability.
 In my opinion, with version 2.9.1 of HAProxy the crashing problem occurs only if a certain system load is exceeded.
 With 2.9.7 everything was ok after 11 days of uptime.
- 
 
- 
 Hmm, disappointing. Looks like exactly the same crash. You didn't see the high CPU loading before it panicked? 
- 
 No, low or very low rate (on HAProxy 2.9.7) abnormal high CPU usage on 2.9.1 
 Just a note, PfSense plus run on a VM on more than 40 firewalls, only PfSense using HAProxy has this behavior.
- 
 I was not able to use more that one backend server. With only one backend, it would run without any issues, but if I had more that one backend, it wouldn't last 24 hours before it consumed 100% of CPU and stopped accepting new connections. The HAP logs did not reveal anything. However, I was looking thru the system logs and noticed that one of my WAN interfaces was glitching, and that coincided with HAP locking up. The WAN interface was not really necessary (it had a static IP and was connected to a Cradlepoint cellular modem), so I just disabled it to see what would happen. This interface was not used by the HAP config at all. HAP has been solid since and is working fine with my full config that has 4 backends. This also fixed another issue I had with "loading the rules: pfctl: DIOCADDRULENV" errors. 
- 
 @Luca-De-Andreis said in Haproxy 100% cpu usage: @stephenw10 
 The site in production with a fair number of accesses, stayed UP 3-5 days, then crashed.???? 
 That’s VERY BAD idea to MAKE FRESH UPDATE ON A PRODUCTION node!!!Who stop You to keep balancer (the same HAproxy, for example, or claster of HAproxy’s behind pairs master-slave/slave-slave LVS) above Your’s 30 of pfSenses to having the ability of flawlessly redirect a part of whole traffic on a node which You need to test on a real loading after fresh update ? Sketch of this structure are on a picture below:  (You may change “Mobile Frontend” on a “pfSense” name, but the sense of structure would be the same: You have HA and balancing above set of Your pfSense’s nodes.) Or may be this topic also would be helpful for You in building infrastructure. If You so serious in business and having 30+ firewalls, creating whole architecture to be able flawlessly pull out/put in nodes (for updates, hardware maintenance and upgrades) - only one way not to having headaches. All PfSense works in VM and we have about 30 of them, I strongly suggest not to using pfSense on VM on HighLoad in production, and ALWAYS USING BARE METAL servers (no matter this would be Netgate hardware or DIY server from IBM, Dell, Fujitsu, SuperMicro,…), even You have fast-and-costly NICs like Mellanox, Intel… Using pfSense on VM You make step on a way with a lot of different troubles. Part of them You receive at start, and most of them You achieve only after Your business are in the middle of the way and changing the infrastructure are so much costly (if possible at all). 
 


