Filter reload causes CPU and latency spike
-
I have managed to track down what was causing issues with CPU and latency whenever any of my Wireguard tunnels came up/down (posted in the WG section)
It is caused by the filter reload action as I am able to reproduce the issue by triggering a filter reload from Diagnostics menu.The filter reload causes
CPU spike
Latency spike both RTT and RTTsd on all interfacesresult is Teams/VOIP/WiFi calling calls freeze/drop, streaming services buffer and other symptoms you would expect.
this is very similar to issues reported a few years ago see these threads
https://forum.netgate.com/topic/169955/latency-spikes-during-filter-reload-ce-2-6-0/25
https://redmine.pfsense.org/issues/12827
https://forum.netgate.com/topic/151819/2-4-5-high-latency-and-packet-loss-not-in-a-vm/76
https://forum.netgate.com/topic/149595/2-4-5-a-20200110-1421-and-earlier-high-cpu-usage-from-pfctl/76?_=1759823899870I have tried a couple of the things people used then as workarounds like commenting out the keepcounters line and disabling kern smp but neither helped and neither did disabling block bogon network on all interfaces.
I have pfSense + running on a Sophos XG 430 Rev2
running latest version 25.07.1
I have PfblockerNG with GEO blocking setup.Anyone else seeing this behaviour still?
-
Just been doing further testing with the SMP disabled via boot loader conf as per the 2020 threads does help.
I now just get a split second interruptions to teams calls rather than minute long and network dropouts.
And also just a couple of spikes in latency.CPU does spike to 55% but it is now running on one core only due to disabling SMP.
So it does looks very similar to the bug reported in 2020 anyone else seeing this behavier?