1
23.7 Legacy Series / Re: High CPU usage when downloading
« on: December 09, 2023, 10:42:25 pm »
Thank you for sharing this!
Maybe next year I will buy new hardware.
Regards
Maybe next year I will buy new hardware.
Regards
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
23.7 Legacy Series / Re: High CPU usage when downloading
« on: December 02, 2023, 10:19:12 pm »Hi all,
when downloading big files from internet the firewall's CPU goes to 90 - 100% on APU2C4 (with Intel network cards).
SYSTEM: DIAGNOSTICS: ACTIVITY
root 93 0 43M 28M CPU2 2 795:57 76.86% /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.9)
I've read many topic (eg. https://forum.opnsense.org/index.php?topic=31999.0), tried to clear logs and disable Netflow but no luck.
Any ideas?
"when downloading big files from internet"
Whats your throughput?
APU uses really very very very old SOC (I have one APU at home) and I can tell you such behaviors are kinda now normal on that SOC and more prominent the more throughput + features configured you have.
APU performs OK with OPNsense at 200Mbit/s with around 6VLANs + Shaper + basic rules. Anything above that and you will see performance degradation.
Regards,
S.
My throughput is about 170Mbit/s, 2 VLANs, Shaper, Monit, Wireguard and 15/20 rules. In your signature you have APU2D2, mine is APU2C4. So do you think this is normal behavior?
Thank you
4
23.7 Legacy Series / Re: High CPU usage when downloading
« on: November 25, 2023, 03:45:06 pm »If you're not experience any performance issues, I'd just leave it alone. If this isn't the norm for you and something has changed, we'll need more data to help diagnose.It happens mostly with torrents, I'm trying to download 4 Linux Mint and the CPU usage is at 100%
5
23.7 Legacy Series / Re: High CPU usage when downloading
« on: November 25, 2023, 03:30:32 pm »Hardware offload active ?No
6
23.7 Legacy Series / High CPU usage when downloading
« on: November 23, 2023, 08:56:32 pm »
Hi all,
when downloading big files from internet the firewall's CPU goes to 90 - 100% on APU2C4 (with Intel network cards).
SYSTEM: DIAGNOSTICS: ACTIVITY
root 93 0 43M 28M CPU2 2 795:57 76.86% /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.9)
I've read many topic (eg. https://forum.opnsense.org/index.php?topic=31999.0), tried to clear logs and disable Netflow but no luck.
Any ideas?
when downloading big files from internet the firewall's CPU goes to 90 - 100% on APU2C4 (with Intel network cards).
SYSTEM: DIAGNOSTICS: ACTIVITY
root 93 0 43M 28M CPU2 2 795:57 76.86% /usr/local/bin/python3 /usr/local/opnsense/scripts/netflow/flowd_aggregate.py (python3.9)
I've read many topic (eg. https://forum.opnsense.org/index.php?topic=31999.0), tried to clear logs and disable Netflow but no luck.
Any ideas?
7
23.7 Legacy Series / Re: WSD and Bonjour service block
« on: October 07, 2023, 11:49:02 pm »
In Interfaces - Other types - VLAN5 I've set LAN as Parent interface and 5 as VLAN tag. Next I've set a static IP in the newly created interface VLAN5 in Interface Assignments. And lastly there is the LAN-block rule.
Connected at this port there is a trunk port of a managed switch. It has a 802.1Q VLAN configuration with some ports PVID1 and others PVID5 and another one set to trunk connected to an access point multi SSID.
What is wrong in this configuration?
Connected at this port there is a trunk port of a managed switch. It has a 802.1Q VLAN configuration with some ports PVID1 and others PVID5 and another one set to trunk connected to an access point multi SSID.
What is wrong in this configuration?
8
23.7 Legacy Series / Re: WSD and Bonjour service block
« on: October 05, 2023, 01:16:00 am »
I've tried on a fresh install on different hardware, same problem.
WAN - LAN - VLAN5
VLAN5 with only one rule that blocks all traffic to LAN
Printer discovered by WSD on Win10.
Can someone explain why this happens?
WAN - LAN - VLAN5
VLAN5 with only one rule that blocks all traffic to LAN
Printer discovered by WSD on Win10.
Can someone explain why this happens?
9
23.7 Legacy Series / Re: WSD and Bonjour service block
« on: October 03, 2023, 02:21:53 pm »
mDNS repeater is not installed.
10
23.7 Legacy Series / Re: WSD and Bonjour service block
« on: October 03, 2023, 12:00:53 pm »
But this could not be the default behavior... How can I block it?
11
23.7 Legacy Series / Re: WSD and Bonjour service block
« on: October 02, 2023, 04:42:24 pm »
None of them, they are not installed...
12
23.7 Legacy Series / Re: WSD and Bonjour service block
« on: October 02, 2023, 02:59:00 pm »
Packet capture:
IPv4, length 76: 192.168.110.116.5353 > 224.0.0.251.5353: UDP, length 34
Live view:
action: [pass]
dir: [out]
dst: 192.168.110.116
dstport: 5353
interface_name: VLAN5
ipversion: 4
label: let out anything from firewall host itself
protoname: udp
reason: match
src: 192.168.199.76
srcport: 5353
This is probably the reason why it doesn't apply the rule from my previous post, because a pass rule is already set among the "Automatically generated rules". How can I block it?
IPv4, length 76: 192.168.110.116.5353 > 224.0.0.251.5353: UDP, length 34
Live view:
action: [pass]
dir: [out]
dst: 192.168.110.116
dstport: 5353
interface_name: VLAN5
ipversion: 4
label: let out anything from firewall host itself
protoname: udp
reason: match
src: 192.168.199.76
srcport: 5353
This is probably the reason why it doesn't apply the rule from my previous post, because a pass rule is already set among the "Automatically generated rules". How can I block it?
13
23.7 Legacy Series / Re: WSD and Bonjour service block
« on: October 02, 2023, 02:25:15 pm »
Added between them or as first rule, same problem.
1.
Action: Block
Interface: VLAN5
Direction: in
TCP/IP version: IPv4+6
Protocol: UDP
Source: any
Destination: any
Destination port range: 5353 - 5353
1.
Action: Block
Interface: VLAN5
Direction: in
TCP/IP version: IPv4+6
Protocol: UDP
Source: any
Destination: any
Destination port range: 5353 - 5353
14
23.7 Legacy Series / Re: WSD and Bonjour service block
« on: September 30, 2023, 06:23:53 pm »
1.
Action: Block
Interface: VLAN5
Direction: in
TCP/IP version: IPv4+6
Protocol: any
Source: VLAN5 net
Destination: LAN net
2.
Action: Pass
Interface: VLAN5
Direction: in
TCP/IP version: IPv4+6
Protocol: any
Source: VLAN5 net
Destination: any
Action: Block
Interface: VLAN5
Direction: in
TCP/IP version: IPv4+6
Protocol: any
Source: VLAN5 net
Destination: LAN net
2.
Action: Pass
Interface: VLAN5
Direction: in
TCP/IP version: IPv4+6
Protocol: any
Source: VLAN5 net
Destination: any
15
23.7 Legacy Series / Re: WSD and Bonjour service block
« on: September 29, 2023, 07:03:20 pm »
Same problem, printer is still there