35-45% cpu initization in testing lab



  • I am experimenting with 1.2-beta 1 on a Celeron 1.7 with 512 megs of ram with no extra packages.

    (1 Wan- Dlink 1Ghz nic),  (1 DMZ - 3com- currently not in use) and (1 LAN - builtin mother board card, I'm not sure of the make off hand but it's in a IBM desktop)

    The cpu hovers around 35-40% with no real traffic except for me configuring the fw and internet testing. This seems high
    to me. I even tried the latest snapshot didn't make a difference.

    Is this normal as it seems high to me.

    One thing to note. It crashed twice. Once when I was configuring the fw from home. I was setting up PPTP and I tested the vpn client. I tested the pptp connection and connected fine. Then I was adding a rule to allow pptp clients access to * and it crashed when I saved the rule. I was still in the pptn connection as well has connected to the fw from the wan ip address when it crashed

    Another time I added the new dashboard and I click on the new states in the new dashboards. The both times it crashed I was configuring the fw from the WAN (connecting from home vs the LAN side in the office). No network errors on either the WAN nor LAN interfaces

    Since I can't connect right now I don't have any memory dumps but I was more concerned with 35-40%

    I reinstalled the fw twice with the same results. Would a nic be causing this problem.

    Thanks,



  • Hi,

    Have you already updates directly after installing to the latest snapshot ? 06-06-2007 seems to be running fine here.

    Cheers,

    Matt



  • The crashing was down to hardware. I came into the office to see NO OS found. Reboot the machine, same thing NO OS found. Looks like either the HD or motherboard is going. Re-inserted the power and ide cables on the HD/motherboard and it booted. Still can't explain the high 35-40% CPU with no real traffice unless it's related to the drive and or motherboard dying.



  • From shell you could use the following commands
    systat
    top -S
    systat -vm 1
    to trace a bottleneck. Also remove the dlink as the 3com might be better supported.



  • I replaced the HD and the CPU % has dropped down to 5-7% from 35-45%. I guess a bad HD increases CPU load quite a bit. LOL ::)

    What's wrong with the Dlink card? It's a 1 Gig card. I was going to replace the LAN and DMZ cards with them as I was planning of having a webserver (fronted)in the DMZ and a MySql server in the LAN side for protection so I figured that faster cards between to DMZ and LAN would be better and stick with the 3com and the WAN side.



  • Intel and 3com should in general have better written drivers for Freebsd, by that means lower cpu usages. So it could be worth a test imo.



  • It's back up to 35%-40%. When I did a top -S I see that syslogd hovering around 17-18% and the STATE is SELECT.

    Why is syslogd so high is that normal?



  • @Perry:

    Intel and 3com should in general have better written drivers for Freebsd, by that means lower cpu usages. So it could be worth a test imo.

    Is the same for their Desktop Version ?

    I normally use always Intel because it's default supported by most distro's.

    But are there advantages comparing to the server versions ?



  • t's back up to 35%-40%. When I did a top -S I see that syslogd hovering around 17-18% and the STATE is SELECT.

    Why is syslogd so high is that normal?

    Do you have log on your rules?



  • No logs on the rules.



  • Figure it out. Went back into the system log settings and noticed that I had turned on

    Log packets blocked by the default rule
    Hint: packets that are blocked by the implicit default block rule will not be logged anymore if you uncheck this option. Per-rule logging options are not affected.

    As soon as I deslected it syslogd dropped to barely a reading..



  • @eyepodder:

    Figure it out. Went back into the system log settings and noticed that I had turned on

    Log packets blocked by the default rule
    Hint: packets that are blocked by the implicit default block rule will not be logged anymore if you uncheck this option. Per-rule logging options are not affected.

    As soon as I deslected it syslogd dropped to barely a reading..

    I also have that on, so that's already an issue. OK :)



  • Figure it out. Went back into the system log settings and noticed that I had turned on

    It's on by default and without using cpu

    What i would do is as following. (with a default install)

    Replacing ram, cpu,  motherboard if you got any spare stuff in the lap.
    try a different freebsd version using pfsense 1.01 and m0n0wall.
    last resort use another pc.



  • Yeah logging packets blocked by the default rule certainly shouldn't use ~20% CPU unless you're getting hammered by something that's getting blocked.


Log in to reply