Topics

1

Zenarmor (Sensei) / Provide firm date on multicore/thread support

« on: June 27, 2024, 06:37:46 pm »

Hello ZenArmor team,

Reading thru several posts, your documentation, road-map, there is set a target to have ZenArmor support multicore/thread architectures. This topic goes for quiet some time now, the date of delivery of this essential feature is always moved.

In your H/W sizing docs is written Q1, 2024 which is long past due. It was moved to Q2, and then in some forum post is randomly mentioned Q3/4.

I think and many will too, having support for multicore is more essential than SASE and other features...

Why?
Because your product is designed to be implemented on LAN side. Due to the fact that ZenArmor is resource heavy and runs only one core, it creates a bottleneck for InterVlan routing. As the H/W throughput sizing actually limits the backplane.

A lot of users and customer may have limited WAN BW, however the story for LAN is completely different we can scale up to 10G connections for Intranet networks.

Can you please state and provide firm date when this multicore support will arrive and deliver it.

Regards,
S.

2

Zenarmor (Sensei) / ZenArmor 1.17 memory consumption

« on: May 13, 2024, 10:50:17 am »

Hello,

Just my observation, but it hit my eyes. Since 1.17 release of Zenarmor there is a huge consumption of RAM happening and its increasing. The only way how to lower the consumption is to restart the ZenEngine, but this is only temperarely the memory consumption starts to grow again.

Code: [Select]

# top -atSzo res -s 3

last pid: 33864;  load averages:  0.62,  0.63,  0.57                                                                                                                                                  up 13+21:28:35  10:44:34
86 processes:  1 running, 84 sleeping, 1 waiting
CPU:  8.5% user,  0.0% nice,  8.3% system,  0.0% interrupt, 83.2% idle
Mem: 1696M Active, 3179M Inact, 2317M Laundry, 8014M Wired, 176K Buf, 491M Free
ARC: 526M Total, 233M MFU, 243M MRU, 6040K Anon, 7334K Header, 37M Other
     422M Compressed, 2114M Uncompressed, 5.01:1 Ratio
Swap: 8192M Total, 2557M Used, 5635M Free, 31% Inuse

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    C   TIME    WCPU COMMAND
31143 root         13  20  -20    10G  9033M nanslp   2 716:03   5.88% eastpect: Eastpect Instance 1 (eastpect)
21223 elasticsea   63  52    0  7052M  1982M uwait    3 473:38   1.34% /usr/local/openjdk8/bin/java -Xms2g -Xmx2g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+Always
30149 root         13  20  -20  4455M   173M nanslp   1 216:19   4.65% eastpect: Eastpect Instance 0 (eastpect)
60818 root          2  20  -20   396M   126M nanslp   2   9:22   0.13% /usr/local/zenarmor//bin/eastpect -D
33027 root          1  52  -20   396M   126M wait     0   0:00   0.00% eastpect: Eastpect Streamer Instance (eastpect)
50178 root          1  20    0   102M    51M nanslp   2 152:20   0.80% /usr/local/bin/php /usr/local/opnsense/scripts/routes/gateway_watcher.php interface routes alarm
 1137 root          1  20    0    81M    47M accept   3   0:01   1.15% /usr/local/bin/php-cgi
69064 root          1  52    0    81M    46M accept   2   0:02   1.74% /usr/local/bin/php-cgi
20343 root          1  21    0    81M    46M accept   3   0:01   2.69% /usr/local/bin/php-cgi
47394 root          1  20    0    81M    46M accept   0   0:00   0.54% /usr/local/bin/php-cgi
   20 root          1  52    0    81M    46M accept   3   0:01   0.00% /usr/local/bin/php-cgi
14981 root          1  52    0    81M    46M accept   1   0:00   0.00% /usr/local/bin/php-cgi

To me it looks like this is just insane amount it takes. This behavior was not there before.

Regards,
S.

3

Zenarmor (Sensei) / ZenArmor 1.17 broken Live sessions view from Blocks report tab

« on: April 24, 2024, 12:44:18 pm »

Hi,

Does somebody has similar issue, prior 1.17 it worked alright.

When you go to reports tab > Blocks and choose any of the metrics there clicking on popup "Live sessions" it should show specific Blocked sessions per what you choose.

This worked prior 1.17. but now it not usable, it shows mixed permitted valid sessions and only some blocked.

Regards,
S.

4

General Discussion / Syncache full | Possibilities to Tshoot

« on: April 04, 2024, 10:04:08 am »

Hey all,

A have a bit problem with syncache getting full, which result in Zenarmor engine getting crashed.

Is there any way from OPNsense or BSD (cli) to tshoot what is causing the saturation of syncache?

I could run a capture, but as this is happening in random times/dates its very hard to schedule a capture, due to the amount of traffic I am routing.

Is there any command or logs in BSD that could show what is triggering the syncache being eating out?

Regards,
S.

5

Zenarmor (Sensei) / View of current active sessions

« on: January 17, 2024, 03:49:27 pm »

Hi there,

I have a weird question either I missed it or I am just blind.

Is there a way to see in Zenarmor the current active sessions?

Because when Inspecting the Connections tab for example. This shows only sessions that are closed/finished. For example I had a session open for Application that uses QUIC, OPNsense was able to show me the session in state table as active. But it didn't appear in the Zenarmor until the session was not finished/closed.

Regards,
S.

6

23.7 Legacy Series / [SOLVED] New default Firewall > Rules interface OpenVPN 23.7.4

« on: September 16, 2023, 03:57:00 pm »

Hello,

I upgraded today to the latest release 23.7.4 and can see that Under Firewall > Rules a new Interface appeared "OpenVPN". I am not using OpenVPN and I can see it among the rule TAB.

Is this a new default?

Just asking for clearence.

Regards,
S.

7

23.7 Legacy Series / [SOLVED] Typo in the release notes?

« on: August 16, 2023, 09:55:02 am »

Yea Sorry to be that guy but....

I am reading Release notes for the 23.7 “Restless Roadrunner” (love those code names, I hope you will do them forever).

But right before the bullet points of fixes/features start there is mentioned version 23.1.11 instead of 23.7.1. Is this a possible typo? I know its silly from me to point it but it can cause confusion for people.

https://docs.opnsense.org/releases/CE_23.7.html


Regards,
S.

8

23.1 Legacy Series / [SOLVED] Static route removed after reboot

« on: April 12, 2023, 07:51:37 pm »

Hello everyone,

First, let me say great work on the OPNsense as such. I have been using it for a year and am very happy with it!

Now to the problem.

I am running OPN on the latest OS, 23.1.5_4 HW APU2D2. And I am seeing that on this current release, every time I reboot the device, the static route I have set is removed. I have to reapply it in order to have it in the routing table again.

Has anyone else encountered this issue as well?

Regards,
Seimus