Netgate SG-1000 microFirewall

Author Topic: Traffic Shaping ovpnc interface results in extreme CPU usage  (Read 109 times)

0 Members and 1 Guest are viewing this topic.

Offline namezero111111

  • Full Member
  • ***
  • Posts: 107
  • Karma: +0/-0
    • View Profile
Traffic Shaping ovpnc interface results in extreme CPU usage
« on: January 19, 2018, 04:35:36 pm »
Dear folks,

since upgrading one system for testing from 2.1 to 2.3.5, there have been extreme issues due to CPU usage.

The system is used as a VPN gateway at a remote side and uses OpenVPN in Client mode as well as a CBQ shaper on the openvpn interface.

However, after a few minutes (or heavy activity) the openvpn process pegs the CPU at 100% (mostly kernel time), and it stays that way even if the traffic stops.
The high CPU causes timeouts and makes realtime apps (VoiP / RDP) unusable.
Also, SSH connections to PFSense may break off as well as the WebGUI becomes sluggish/unresposive.

As soon as the traffic shaper is disabled, the CPU usage drops to a few percent and the issue is gone (except no shaping, of course).

There have been a few  reports about this, but no solution of using openvpn together with the shaper on 2.3.x:


Quote
https://forum.pfsense.org/index.php?topic=134769.0
Quote
https://forum.pfsense.org/index.php?topic=83861.15

The altq config looks as follows:
Code: [Select]
altq on ovpnc1 cbq qlimit 600  bandwidth 7168Kb queue {  qACK,  qDefault,  qDFSR,  qHigh,  qVeryHigh  }
queue qACK on ovpnc1 bandwidth 15% priority 6 cbq (  red  , rio  , ecn ,  borrow  )
queue qDefault on ovpnc1 bandwidth 20% priority 3 cbq (  red  , rio  , ecn  , default ,  borrow  )
queue qDFSR on ovpnc1 bandwidth 20% priority 3 qlimit 550 cbq (  red  , rio  , ecn ,  borrow  )
queue qHigh on ovpnc1 bandwidth 20% priority 4 cbq (  red  , rio  , ecn ,  borrow  )
queue qVeryHigh on ovpnc1 bandwidth 20% priority 5 cbq (  red  , rio  , ecn ,  borrow  )

Are there any insights into where to start debugging?
We'd really like to upgrade from the older 2.1 versions.