CPU pegged at 100%

RonRN18

I've been running pfSense on a Jetway NF9HG motherboard with an Intel Celeron N2930 CPU (1.83GHz, 4 cores) and 8 GB of RAM for several years. Initially, this setup was adequate, but over time, I've added features such as multiple VLANs, WireGuard VPNs, and HAProxy. Recently, I've noticed that the pfSense web interface has become sluggish, and the CPU usage often hovers around 100%.

To diagnose the issue, I uninstalled all non-essential packages and installed htop via the command line. Running htop revealed multiple instances of "php-fpm: pool nginx," each consuming about 30-40% of CPU resources. Restarting PHP-FPM (option 16) didn't resolve the problem. Considering the N2930's limited processing power, I'm contemplating upgrading my hardware.

Hardware Considerations:

CPU Architecture: Does pfSense+ have a preference for Intel or AMD CPUs? Are there diminishing returns with higher-end CPUs?

RAM: Is there an optimal amount of RAM for pfSense+, especially when running multiple services?

Storage: I'm seeking a motherboard with two M.2 slots to set up a mirrored NVMe system filesystem.

Network Interfaces: Currently, I have a 1 Gbps AT&T fiber connection bridged to my pfSense+ box via one of its four gigabit ports, with a single LAN cable connected to a 1 Gbps port on a network switch. The switch has SFP+ ports. I'm considering hardware with multiple SFP+ ports, either integrated or via a PCIe card, to achieve higher bandwidth connections to the switch and to accommodate potential future upgrades to higher-speed internet connections.

Questions:

Hardware Compatibility: Are there specific hardware components or configurations I should avoid when building a new pfSense+ system from scratch?

pfSense+ License Transfer: Once I assemble the new hardware, can I transfer my existing pfSense+ license from the old system to the new one?

I appreciate any insights or recommendations from the community regarding these considerations.

Gblenn

@RonRN18 What version of pfsense are you running?
I have a site with a PC Engines APU2 which runs an AMD GX-412TC SOC that is much less powerful than your Celeron. And it's got only 4GB of RAM.
I run a few packages like Suricata (legacy mode), pfBlocker, Zabbix, IPSec and Wireguard. It's sitting at ~2-3% "idle" and goes up/down between 10 and 20% when the web UI is active. I'm running CE 2.7.2 since some time back.

I have seen a lot of complaints about 24.11 consuming a lot of CPU resources for some reason?

stephenw10

The increased usage in 24.11 is mostly due to chnanges in the widget handling on the dashboard. Because most users check the CPU usage on the dashboard it shows far more there than anywhere else.

If you check the CLI without the dashboard open it should not be significantly different.

However if it's just continuously pegged at 100% that may be something else.

Gertjan

@Gblenn said in CPU pegged at 100%:

I have seen a lot of complaints about 24.11 consuming a lot of CPU resources for some reason?

CPU Usage - pfSense 24.11 on a 4100.

edit : true, I didn't activate every bell and whistle and I'm more a log watcher guy, the dashboard isn't my thing.