CE v2.8.0 issues
-
I had a router instance that has over 300 VPNs having issues with 2.8.0 ever since installation. Editing VPN configurations and saving them would cause the router to become sluggish to the point of total non-responsive. Power cycling was required to get the unit back up. I replaced the router, about 6 yrs old, with a new Supermicro 6-core Xeon E2356G with HT, 16GB RAM and SSD drives, convinced the issue was with hardware. Same issue on the new router. I reverted the router to v2.7.2 and IPSEC edits work perfectly with no impact on router performance. What I did notice before pulling the plug on 2.8.0, that during a top -P display CPU0 had 75-80% utilization and CPU1-12 were essentially idle (98-100%) after an edit and save. A top -P on 2.7.2 shows an essentially equal distribution of load across the 12 CPUs. Edits never hit more than 8% on any CPU. I've got other CE routers on 2.8.0 with fewer VPNs that exhibit no bad behavior. All my NICs are 10G-Base T Intel. Only package installed is OpenVPN client export.
-
Hmm 300 IPSec VPNs is a lot. What sort of IPSec config are are you using?
What is shown as using the CPU cycles when that is loading up one core?
What size is the config file? Do you have ACB enabled?
-
@stephenw10 - Pretty typical AES IPSEC configurations. I didn't get a chance to gather a lot of details on the failure since it was a production router. Total config is a little of a 1MB. I do have ACB setup. We're trying to reproduce the issue in a lab environment, no luck so far.
-
Hmm, but they are policy based tunnels? And 300 Phase 1 configs not a total of 300 Phase 2 configs for example?
I'm not aware of any issue in 2.8 that might present like that for IPSec.
