How much CPU usage is "normal"?



  • Hi,
    I'm wondering why pfSense seems to take quite a lot of CPU time? There is no activity on my network, no traffic and yet the system status says 22% of the CPU time is in use. I checked with "top" and the big user seems to be interrupt which takes 20-22% of CPU time. Interrupts take that much?! I'm confused why this is happening. System is a P3-500 with 512 MB RAM.



  • Log into your firewall, and go to http://yourpfSense/status.php

    Look under the interfaces. If anywhere on the interfaces it says POLLING, then go to System>Advanced and enable device polling.

    If your NICs support device polling this can reduce your cpu load for interrupt.



  • Unfortunately my NIC's do not support ist. I only investigated it because I saw a complaint in another forum that pfsense uses a lot of CPU resources compared to m0n0wall. I found in this forum that this is because of the newer FreeBSD version pfsense is using. But now m0n0wall switched to FreeBSD 6.2-RC1 in the latest Beta. According to users nothing has changed on the CPU usage.

    But pfsense always uses much more CPU even if it's a fresh install and no other packages are installed. Maybe there is some bug if m0n0 doesn't have this "problem"?



  • It seems the latest Snapshot did something?
    http://www.pfsense.com/~sullrich/1.0.1-SNAPSHOT-12-22-2006/
    Now the CPU is at 3% when idle. Sweet :)



  • What nics do you use? Try enabling polling at system>advanced and have a look at the status.php then. It only will show the "polling" flag if the feature is turned on.

    Polling is a good idea if available. Though our stock install polling settings are not yet optimized you can "fix" the 100% cpu userland freeze issue by using polling. If you use the settings from our wiki ( http://wiki.pfsense.com/wikka.php?wakka=Tuning ) you'll even have the same throughput like without polling (at least on the wrap I used to do the tests).

    Btw, I benched m0n0 1.3b1 and the latest snapshot of pfSense on a wrap yesterday. Surprisingly both distributions perform at nearly the exact same level when it comes to throughput though the firewallfilters in use and lot of stuff under the hood are completely different. Atm it looks like m0n0 doesn't outperform pfSense anymore. However it's the first beta release based on freebsd 6 and this might change (if it does we'll have a look if we can get the improvements to pfSense as well but we already did a lot of tweaking to get to the performance that we have now).

    Polling is a good idea if available. Though our stock install polling settings are not yet optimized you can "fix" the 100% cpu userland freeze issue by using polling. If you use the settings from our wiki ( http://wiki.pfsense.com/wikka.php?wakka=Tuning ) you'll even have the same throughput like without polling (at least on the wrap I used to do the tests).



  • I use some old 3com Nics, I would have to open the box to be 100% sure which ones, I think 359. There is no polling with these.



  • Perhaps he is using DHCP on wan and it kept configuring the NIC. One of the snapshots had this particular issue.

    Cheers,

    Seth



  • I've got the 12-23-2006 snapshot on my WRAP board and CPU usage goes to 100% when I enable Bittorrent - even if it's only one file.  I can't get into the GUI when it's running because it makes the WRAP unresponsive.

    I realize pfSense is a bigger firewall over m0n0wall, but m0n0wall didn't have this problem.

    Would I enable polling on a WRAP platform?  Any other tweaks needed?

    Robert



  • Enable polling and use these tweaks: http://wiki.pfsense.com/wikka.php?wakka=Tuning
    This way I'm able to get the same throughput like without polling but the webgui, ssh,… stays responsive though slower than without load.



  • I did those tweaks and my CPU spiked to 100% and stayed there, without Bittorrent.  My last saved settings doesn't put back what I had either.  Crap.



  • CPU-Load will be calculated incorrectly due to changed timings. The CPU-meter won't be correct with the tweaks. The question is, does it work better?


Locked