[2.2.3] High CPU usage when going to the IPSec status page - Lot of SAD
-
Hello,
I have the following issue: plenty of SA (7997 SAD for 34 SPD), probably because of some re-keying issue (the other end of the tunnels are pfsense but in 2.2 or 2.2.1 release).
So when I try to go to the IPSec status page, it take a looong time before the page appears. And the CPU is burning:
last pid: 7952; load averages: 1.03, 0.73, 0.53 up 11+04:28:04 16:07:12 197 processes: 4 running, 173 sleeping, 20 waiting Mem: 407M Active, 210M Inact, 1295M Wired, 27M Cache, 217M Buf, 21M Free Swap: 4096M Total, 1771M Used, 2325M Free, 43% Inuse PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 84646 root 103 0 267M 65700K CPU1 1 1:19 100.00% php-fpm: pool lighty (php-fpm) 11 root 155 ki31 0K 32K RUN 1 261.4H 55.96% [idle{idle: cpu1}] 11 root 155 ki31 0K 32K RUN 0 263.4H 36.96% [idle{idle: cpu0}] 85226 root 20 0 1749M 353M uwait 0 9:14 0.98% [charon{charon}] 0 root -16 0 0K 192K swapin 0 1075.4 0.00% [kernel{swapper}] 14 root -8 - 0K 48K - 0 22:38 0.00% [geom{g_down}] 3346 proxy 20 0 442M 63456K kqread 1 20:28 0.00% (squid-1) -f /usr/pbi/squid-amd64/local/et 12 root -92 - 0K 320K WAIT 0 20:20 0.00% [intr{irq256: vmx0}] 67652 root 20 0 14656K 1980K biowr 0 18:41 0.00% /usr/sbin/syslogd -s -c -c -l /var/dhcpd/v 12 root -60 - 0K 320K WAIT 0 14:45 0.00% [intr{swi4: clock}] 4 root -16 - 0K 32K - 1 14:40 0.00% [cam{doneq0}] 12 root -88 - 0K 320K WAIT 0 12:59 0.00% [intr{irq17: mpt0}] 21 root 16 - 0K 16K syncer 0 12:18 0.00% [syncer] 50744 root 20 0 107M 3576K select 1 9:45 0.00% /usr/local/bin/vmtoolsd -c /usr/pbi/open-v 85226 root 20 0 1749M 353M uwait 0 9:41 0.00% [charon{charon}] 85226 root 20 0 1749M 353M uwait 0 9:20 0.00% [charon{charon}] 85226 root 20 0 1749M 353M uwait 1 9:17 0.00% [charon{charon}] 85226 root 20 0 1749M 353M uwait 0 9:17 0.00% [charon{charon}]
Anything I can do in order to avoid this situation?
Thank you.