Pfsense 2.1 vmware cpu host high usage
-
I'm having similar issues running pfSense in virtual box on a Linux Mint 16 Petra host.
At first I thought it was because my hardware was underpowered. The machine in question is my homebrew nas / backup server and the hardware was chosen for low noise and low power consumption over performance.
Machine's specs:
1.86Ghz dual core Intel Atom processor
2GB Ram
1 TB 2.5" hard drive
Integrated graphics (don't remember the chipset)
Linux Mint 16 Petra, XFCE desktop
Oracle Virtualbox
pfSense 2.1 running in Virtualbox
3x NICs. One WAN, two lan, with each lan being served by a SOHO router that's acting solely as a switchAt first CPU usage was running around 90% when the VM was under load downloading large files. I installed virtio drivers on pfSense and got it to use paravirtualized NICs. This seemed to help it a little, but it still routinely sits on 80 percent while under network load, although at times it hovers more around 65 to 70 percent. It also matters which utility I'm using to measure CPU consumption. Mint's Task Manager application shows cpu usage hovering around 70 percent, but I think it aggregates from both cores. htop from the terminal tends to show somewhat heavier load, with one core fairly regularly pegging out at 95%+. The core that pegs out does change, it's not just the one that the VM is using.
The VM is configured to use a single core of the dual core CPU (I am not give an option to allocate the second core to it).
The paravirtualization of the NICs seemed to help things some, I haven't leveraged virtio yet for hard drive access, though I have doubts about that having much effect.
Now, maybe it IS that my hardware is underpowered, but I know that pfSense will run well in a small network (less than 8 clients or so) on a 500 MHZ Geode processor. I'm kind of amazed the virtual box adds that much overhead and that that overhead is apparently not mostly from virtualized NICs (if it were, going to virtio for the NICs should've solved the problem outright).
As far as real world performance, I'd say my pfsense VM still, despite everything, compares favorably to my old Netgear SOHO router, and it has allowed me to set up two lans on different subnets (one with restrictive firewall rules; that one's for guests that don't need to be able to talk to my personal desktop machine). Latency pinging out to the internet is about 10 ms higher on average than on my old router, but since I don't play much Quake anymore I can tolerate that ;D Ping latency goes quite high under load, but my aforementioned Netgear router would do that too, so that's clearly a different problem.
The last time I checked, the heavy CPU load only happened when pulling in data from the WAN. CPU usage was minimal when my Roku streamed music or video from the plex server, though the VM router might not have much direct involvement in that traffic (the Linux Mint host has a connection, through a physical interface, to the same lan that the Roku has a connection to)
Maybe I should just run it and not worry about it, but I don't really want to run the thing hard all the time if I can help it.
-
I have two ESX hosts and I can run two nodes in CARP, I don't wanna give up redundancy by going to a physical box. I wish we could figure this out, almost everyone I talk to who runs 2.x in ESX has this problem. I tried vmxnet3 NICs today with the latest driver from vmwaretools 9 and still 10x cpu in ESXTOP.
-
I am also experiencing this issue on my ESXi box with pfSense 2.1 running in a VM with the latest open-vm-tools installed.
The ESXi host is a Dell R620 with Intel NICs.
I'm running ESXi 5.5. Will be upgrading to 5.5 U1 this weekend to see if that helps any.
-
Exactly the same here with pfSense 2.1.2 on top of ESXi 5.1u2 … Has this already been identified as a bug? Developers are aware of this issue?
-
Exactly the same here with pfSense 2.1.2 on top of ESXi 5.1u2 … Has this already been identified as a bug? Developers are aware of this issue?
No one seems to acknowledge this. The base recommendation is to use Intel NICs, but in my case I'm using all Intel NICs and the problem persists. I'm also using HCL servers using the official OEM (Dell) install image.
This problem is still occurring on ESXi 5.5 U1.
If it matters, I'm using Intel I350 1G NICs.
-
Has anybody also noticed some increased latency when using pfSense in ESXi 5.x? I haven't had time to test it, but I'm really curios weather this hight ESXi cpu load is just "cpu load issue" or does it also affect firewall efficiency (especially when multiple TCP connections are being handled simultaneously)?
-
Bump. Any news on this? Anybody solved this?
-
This keeps popping up. It might be helpful if people experiencing this problem posted a few standard things about their setup. Then we might be able to see whether there is something common between them:
- What is the ESXi host machine and processor?
- Which version of pfSense and whether 32 or 64-bit?
- How many vCPUs have you allocated to the VM?
- How much memory have you allocated to the VM?
- Have you installed the pfSense packaged VM tools or the VMware-supplied tools?
- Are you using the e1000 adapter type or something else?
-
- What is the ESXi host machine and processor?
IBM, Intel Xeon X5650
- Which version of pfSense and whether 32 or 64-bit?
2.1.3 64-bit
- How many vCPUs have you allocated to the VM?
1 CPU @ 2.67 GHz
- How much memory have you allocated to the VM?
512 MB
- Have you installed the pfSense packaged VM tools or the VMware-supplied tools?
pfSense packaged VM tools
- Are you using the e1000 adapter type or something else?
E1000
BTW: in my particular case there is very low and constant bandwidth (cca. 2 Mbps) but with thousands of active TCP connections (many small packets); currently I have only like 2% CPU load inside pfsense (cca. 50 Mhz), but cca. 1800 MHz Consumed Host CPU
-
kenshirothefist,
Forgot to ask:
- Any other pfSense packages running?
I assume you have seen the last post in this thread https://forum.pfsense.org/index.php?topic=41647.0. Anything like that going on in your system?
I should also say that I've never experienced this problem, even though I've run multiple 32 and 64-bit versions of pfSense on at least four different (HP) hardware platforms since ESXi 3.5 was released.
-
- Any other pfSense packages running?
Open-VM-Tools, OpenVPN, pfBlocker, remote logging … however, even if I disable all these packages, cpu host usage still high
-
-
What is the ESXi host machine and processor?
Tried many builds of 5.1 and 5.5 with same result
Supermicro X8SIL
Intel(R) Xeon(R) CPU X3440 @ 2.53GHz (Lynnfield) -
Which version of pfSense and whether 32 or 64-bit?
Tried 2.1.1 x64, then tried 2.1.2-3 x86 -
How many vCPUs have you allocated to the VM?
Tried 1, had to bump up to 2 because if this issue, 50Mbit throughput = 70-80% of one physical core -
How much memory have you allocated to the VM?
Tried 512-2048 MB -
Have you installed the pfSense packaged VM tools or the VMware-supplied tools?
Tried packaged tools in the past but since read not to use them. Then tried VMware-supplied, no difference -
Are you using the e1000 adapter type or something else?
Tried both e1000 and vmxnet3 (w/VMware-supplied driver), no difference.
Packages - Avahi, OpenVPN export util, Cron, RRD Summary.
It also happens on fresh install.Just to be clear, you have to watch esxtop to see this issue, it doesn't show up in the guest.
-
-
@biggsy, any news regarding this topic?
-
I can't see anything common between these configs and haven't been able to reproduce it any way. Only have one machine to play with now though.
Have you guys checked that link about speed mismatch?
-
Have you guys checked that link about speed mismatch?
I have auto negotiate and it negotiates at 1000 Full … Anyway, I have 20+ running VM's on this host and only this pfSense appliance is having these issues with high pCPU load, although pfSense is the only freeBSD-based VM (others are centos and ubuntu based).
-
The worst I can do is about 93% CPU running a 120 Mbit/s download from AARNET (it's local).
That's with a single vCPU on a Xeon E3-1265L v2 @ 2.5 GHz inside a Gen8 MicroServer.
Idle the VM runs along at about 1.5% CPU :-[
-
That's the thing, it has no business doing 93% of one core at 120Mbit, virtualization overhead should be minimal like with other OSes.
I'm starting to think that people who "don't have" this problem aren't really seeing it.
-
Is it possible that this is related to VMware virtual machine monitor mode?
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1036775
For example:
datetime| vmx| MONITOR MODE: allowed modes : BT HV HWMMU
datetime| vmx| MONITOR MODE: user requested modes : BT HV HWMMU
datetime| vmx| MONITOR MODE: guestOS preferred modes: BT HWMMU HV
datetime| vmx| MONITOR MODE: filtered list : BT HWMMU HVWhere:
allowed modes – Refers to the mode that the underlying hardware is capable of.
user requested modes – Refers to the setting defined in the virtual machine configuration.
guestOS preferred modes – Refers to the default values for the selected guest operating system.
filtered list – Refers to the actual monitor modes acceptable for use by the Hypervisor, with the left-most mode being utilized.I have "automatic" for my pfsense VM and it reads like this:
datetime| vmx| I120: MONITOR MODE: allowed modes : BT32 HV HWMMU
datetime| vmx| I120: MONITOR MODE: user requested modes : BT32 HV HWMMU
datetime| vmx| I120: MONITOR MODE: guestOS preferred modes: HWMMU HV BT32
datetime| vmx| I120: MONITOR MODE: filtered list : HWMMU HV BT32Therefore it is using hardware MMU and hardware instruction set virtualization … can't change it right now, but can someone test with different settings and post results?
Also, is it possible that is related to using distributed vSwitch? Can someone test by using regular vSwitch vs. distributed vSwitch (again, I can't change my environment to regular vSwitch right now)?
-
Distributed vSwitch is just an abstraction for many standard vSwitches.
-
FYI: there is even more overhead when you go from 1 vCPU to 2 vCPU … I had 2.3 GHz CPU usage when my pfSense VM was configured with 1 vCPU (approaching to limit 2.67 GHz), then I reconfigured VM to use 2 vCPU and now I have 3.0 GHz CPU usage (probably from CPU threads trashing) ... this is really annoying ... and I really don't want to go back to physical ...