Intro and problem:
So I recently cut over to 25.1 coming from pFsense latest community and I seem to be running into some sort of compatability issue that the logs dont specifically give any clues to as far as I can tell.
My system is an old cpu but should have no problem running freebsd.
Hardware Configuration:
My system is an i5-650 "Westmere(clarksdale)",Q57 chipset, 8gb ddr3 1333, dual port intel 1000base-T nic and 120gb Samsung 840 EVO in zfs single stipe single drive config (no raid) using onboard intel gfx.
Problem Details and actions taken:
The real issue is the the system is so dogged slow that diagosing the issue is almost impossible with 3 to 4 minute load times on the webgui for a single save proc and 20+ minute reboot times.
Things Ive managed to do is enable and configure PowerD cfg and enable intel CPU on-die temp mon, dumped ram usage, cpu usage times and disk stats and all look fine afaik Its just after cpu and system detection on init during boot every module takes for EVER to load for some reason.
on boot the real slowdown seems to occur when UNBOUND Dns starts. Unbount starts, signals done then loads again and signals done again. I dont believe this should be loading twice.
When viewing diagnostics> activity I can see the process py3././././filter/update_tables.py (python 3.11) utilizing 100.00% of a single thread 100% of the time.
It appears these two issues are unrelated.
There should be no reason for this to be a point of contention and the cpu is not being pinned whatsoever while loading things and it seems to be a bug possibly with thread ordering.
Although the cpu is a q2 2010 release it should be plenty fast for the application and the system meets exactly the recommended spec on opnsense man pages.
Just the loading from page to page seems broken on opnsense and my dashboard homepage errors out on every widget, its all red with exclamation marks and so far I have not seen so much as an error in system logs. Im beginning to think my install may be botched somehow despite verifilying my install media twice against sha256 hash.
Compartitive Experience:
On pfsense the hardware was major overkill and I am an advanced to to expert level user and have been using since m0n0wall dating back to 2006ish, switched to smoothwall with 3.0 and 3.1 and back to pfsense in about 2013 till recent when I decided to try opnsense.
With pfsense 23.1+ was able to run:
~3-12% normal idle with background loads
<50% cpu utilization under moderate load
~70% - 100% with the rare extreme load.
Addons running and configured:
1)squidproxy
2)suricata and or snort
3Unbound dns forward and resolver
4)netflow Plugin
5)ldap and ccdp plugins
6)bgp forwarding
7)iperf
8)rrd graphing and logging (30 days)
9)FreeRadius server
10) TFTP server on opt1
11) speedtest.net plugin and widget with hourly cron job.
12)opnvpn always on vpn
13) kea
14) NTP with remote link to NIST secure NTP servers
15) Service Watchdog
40 inbound and outbound firewall rules with explicit and explicit ranging. 7 vlan's with 2 of them tunneled. GeoIP Blocking. Snort ET and The other guys ET rulesets as well as some botnet rulesets from cisco and a broad gateway ad blocking and spam blocking ruleset.
with this running config I could do:
980mbps sustained on outbound with minimum inspection.
320mbps inbound with all filtering enabled and cloudflare DNS directing inbound traffic via vpn port forwarded to proxy service on pfsense.
To further expand on the expected performance characteristics:
the epyc 3201 used in deciso's opnsense hardware offering between 3k and 5k usd is only 150pts higher in single core single thread performance and about 3.5x multithread mutlicore performance than my cpu and can handle 15 to 21 gbps firewall throughput performance not including tdp rating as this doesnt matter in my case. Furthermore my cpu beats the Intel xeon D offerings in every bench again just with a higher tdp.
Why am I testing opnsense over pFsense?
I am planning to expand the wan profile to a higher speed tier and due to opnsense's ability to reach higher throughput than pfsense while maintaining service stability and having a more mature freebsd base I am exploring opnsense deployment. My internal network is all fiber 40g running cumulus and HPE and gigamon equipment directing selective flows to and from multi-wan's.
This is my production homelab btw.
Question 1)
Could you tell me if there is a post-install logfile that logs initial installation? It may bear clues as to what is going on. Could not find this in man pages.
Question 2)
Is there any reason for a specific compatibility issue with no error in the boot and running config logs for my particular setup?
Question 3)
Could someone please shed some light on this issue of py 3.11 having a single thread pinned at 100% cpu constantly.
Question 4)
Can someone shed some light on 20+ minute boot times?
Ive solved the issue with multiple ram reseats, I was mistaken in thinking this was a software issue.