Any reason why rc.newipsecdns eats all the resources?

  • PFS 2.1 64bit two node CARP cluster. ~1000 IPsec VPN tunnels. (actual network load is less than 1Mbps)
    All of the sudden happens what the attached picture shows. No users were logged on the devices and no config changes have been applied.

    And "top" shows php is eating all the CPU, running one after another "/usr/local/bin/php -f /etc/rc.newipsecdns" processes
    Syslog shows no events.

    Same thing happens on both master and standby servers. The graphs attached are from the standby server.

    What could trigger such a loop with rc.newipsecdns? And when this script is executed?

  • Seems that the issue is caused by the gateway monitoring engine. I have few gateways, all monitored. I have disabled monitoring and the memory and cpu resources got released…
    At least that's on first sight for now.

  • Aaand another update:
    Looks like increasing Probe Interval to 30 and Down to 300 fixed the problem.

Log in to reply