OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: neek on February 26, 2022, 11:28:46 pm

Title: [SOLVED] CPU utilization much higher than with pfSense
Post by: neek on February 26, 2022, 11:28:46 pm

I've just gotten Opnsense 22.1.3 up and running on my router box, which is based on a 4-core Intel Pentium 3700 running on a 4-NIC Supermicro motherboard. The hardware is old-ish (built in 2016) but I've been using it with pfSense for years with no problem. It's only serving up my home network, so the actual traffic through the box is normally not very high.

With pfSense (2.5.2) I never noticed the CPU running at > 40%. With Opnsense I'm seeing the CPU running at roughly 70%. From reading the XML of my pfSense backup it looks like I had both Segmentation Offloading and Large Receive Offloading. pfSense doesn't have an obvious equivalent of the Hardware CRC Checksum control (Opnsense Interfaces -> Settings -> Hardware CRC.

Not sure what else I should be looking at? It's not like network traffic has shot up much in the past couple of days. I do run a few (6) VLANs but I'd guess this is something based on network traffic. I haven't enabled Intrusion Detection and it is indeed off. My firewall rules are quite basic, it's just 1-3 rules per VLAN.

Title: Re: CPU utilization much higher than with pfSense
Post by: heyheyheyhey on February 27, 2022, 03:05:02 am

The NIC offload settings are located under interfaces>advanced in opnsense. By default all offloading is disabled.

Title: Re: CPU utilization much higher than with pfSense
Post by: allebone on February 27, 2022, 05:03:33 am

This is often asked and normally its because pfsense defaults is to disable spectre/meltdown while opnsense enables these mitigations consuming more cpu. You can lookup the tunables to disable them and see if cpu returns to what you had before.

Title: Re: CPU utilization much higher than with pfSense
Post by: neek on February 27, 2022, 05:21:48 am

PROBLEM SOLVED.

I found that the plugin "os-mdns-repeater" was absolutely bombarding my syslog with errors of the form:

Code: [Select]

<27>1 2022-02-25T23:59:48-08:00 opnsense.lan mdns-repeater 43304 - [meta sequenceId="55384"] send(): Network is down
<27>1 2022-02-25T23:59:51-08:00 opnsense.lan mdns-repeater 43304 - [meta sequenceId="55385"] send(): Network is down
<27>1 2022-02-25T23:59:51-08:00 opnsense.lan mdns-repeater 43304 - [meta sequenceId="55386"] send(): Network is down
<27>1 2022-02-25T23:59:51-08:00 opnsense.lan mdns-repeater 43304 - [meta sequenceId="55387"] send(): Network is down
I had enabled a physical interface that I wasn't actively using as one of the repeated mdns networks, and that seemed to make the plugin very grumpy and noisy. I disabled that interface and now all is well.

While I get that this is a plugin, it shouldn't be so extremely chatty. syslog-ng nearly killed the router.

In nearly all cases, my CPU utilization is now down at roughly 1%, which is what I'd have hoped for.

Title: Re: [SOLVED] CPU utilization much higher than with pfSense
Post by: neek on February 27, 2022, 08:25:43 pm

Bug filed: https://github.com/opnsense/plugins/issues/2869