Performance Problem: my cpu full load on 100% all the time

[Moty_p]

hi all...:)

i have problem with my OPNSense machine

i run my opnsense on hyper-v virtual machine and i give 50% power of my i7-2600 cpu
in the web interface:      Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz (2 cores, 4 threads)
even if there are no loads on the network, the router is still at 100% all the time
before that it wasn't like that
I would only see the CPU jump to 100% every 10 minutes or so

Now because the processor is at 100% I can't get more than 200MB download speed now it's on 100MB

Sometimes the router's website doesn't even load (stuck)
I am attaching a screenshot
I'm afraid that someone wants to cyber your system to cause it to crash
Hope you help

https://pasteboard.co/vKT2FIp7laHo.png

[Moty_p]

My system is already update

[cookiemonster]

Does it happen straight away after booting?
If yes then is easier to monitor. Boot, connect to shell and use both htop if installed, or top that is default included and ps. Both with admin rights.
What you're looking for are the processes that are taking up all the cpu cycles.

[Moty_p]

python3.9 - 90% load
and i no need it so can i uninstall it?

[Patrick M. Hausen]

Python is needed practically everywhere. Use this command to find out what this python process is actually doing:

Code Select Expand

ps awwux | grep python

[Moty_p]

well... now it has calmed down but jump some times to 100%
https://ibb.co/Tvd35KY

[Patrick M. Hausen]

Please copy and paste the output of that command as text. Thank you.

Code Select Expand

there is a code tag to format command output, you know?

[passeri]

Moty_p you speak about how much CPU you have handed the VM, and high utilisation. However your load factors are comfortable for 2 cores / 4 threads. Do you have a specific performance problem?

I notice you have given it 4 GB RAM, ordinarily plenty (circa 2 GB total use is pretty normal), and have 25% swap usage. My perimeter i7 (massive overkill) with 16 GB (massive overkill) needs zero swap as does a little J3160 4 GB interior router. The smaller machine bounces its % CPU from time to time but load factors remain low.

I can not see all of the processes you are running. My conjecture is that you are running stuff which would really appreciate a few more GB of RAM in which to play, or maybe this is a function of the virtual environment -- I use bare silicon. However, without a defined performance problem related to particular software plug-in tests it is unclear what might attention, if any at all.

[Moty_p]

Patrick M. Hausen
i don't know how to copy and paste the output of that command as text sorry


passeri
You can blame the virtual environment but I'm not convinced of that
all the point is that It's very strange it sometimes happens suddenly unexpectedly like a cyber attack
and you need to know what it is
i use:

Service    Description       
acme   ACME client      
captiveportal   Captive Portal      
cicap   C-ICAP server      
clamd   ClamAV Daemon      
configd   System Configuration Daemon      
cron   Cron      
ddclient   ddclient      
dhcpd   DHCPv4 Server      
flowd_aggregate   Insight Aggregator      
iperf   iperf Performance Test      
ipfw   Shaper      
login   Users and Groups      
miniupnpd   Universal Plug and Play      
nginx   Reverse Proxy and Web Server      
ntpd   Network Time Daemon      
openvpn   OpenVPN server: OpenVPN2023      
pf   Packet Filter      
routing   System routing      
samplicate   NetFlow Distributor      
suricata   Intrusion Detection      
sysctl   System tunables      
syslog-ng   Syslog-ng Daemon      
unbound   Unbound DNS      
vnstatd   vnStat Daemon      
webgui   Web GUI      

i like to try migret my opnsense from vm to physical pc (I3) and see if this happening again but it will take me a while (if at all)

[passeri]

I did not blame the VM, I said "maybe" because I do not use it for a firewall so I do not know.

If you have another platform handy, sure, you can test it. My approach would be a base install, check loads and repeat as you add feature by feature. I notice Suricata is among the services you run. 8 GB is usually recommended for that aside from other loads. I suspect your swap usage is a relevant symptom.

In your opening post you mentioned getting 100mb/s instead of 200. This is completely uncharacterised. What base system? What is different? What makes it a surprise?

[Patrick M. Hausen]

@Moty_p You need to login to your OPNsense via SSH, anyway, to enter commands, don't you? Then just select the output, Ctrl-C, Ctrl-V ...

[Moty_p]

passeri
i have 8GB ram in my i3 pc for Intrusion Detection (Suricata) so
what is meant by say
what base system?
and what makes it a surprise? - (i don't know)

i need to get 1GB Download and 250MB upload but if the cpu on 100% load i get only 200mb max sometimes 50mb like you see in the pictrure i send so

Patrick M. Hausen
i have try to go System -> Settings -> Administration
and I marked  Enable Secure Shell and Permit password login for  Authentication Method (and unmarked  it for test) so i can use putty but  putty  give me Access denied for root user and closes the putty window softwarefor exit efter i log via my user name Moty_p so i don't know waht to do also i can't access the opnsense web url like the pictrues i upload for you mp-nt-firewall.mp-lab.co.il only via ip address

[passeri]

Moty_p, this is getting less clear by the day. One moment you have a VM on an i7 running Opnsense with an allocation of 4 GB running a list of items which includes, since we are mentioning it, Suricata. Next, Suricata is on a separate i3 with 8 GB, running in association with...what? I am unable to tell what is your environment, what prior system or baseline you have, on what basis you should have any particular performance expectations or in fact what is the real world problem. Sorry that I sound a little frustrated; I need to understand your situation better.

I think it best to focus now on resolving access to Opnsense via SSH, answer Patrick's request, and see what is happening there. Access via SSH is 'basic' so let us start working from the ground up. Are you also saying you can no longer access the web GUI?

Reinstallation and slow build-up of options, tests along the way, might be a way to go.

[cookiemonster]

For ssh access i suggest to do this as it encourages to elevate privileges only when needed:
1. System > Access > users: create your own user.
Chose any shell that you prefer, and is not /nologin obviously.
Make it member of the Admins group.
Leave keys for a later time. Save.
Now you have a user that can become root but is not root.
2. System > Settings > Administration: here you setup the server side of SSH on OPNSense.
Enable secure shell.
Do not permit root login. (Set to disabled by unticking)
Login group is wheel, admins. This way your user is allowed to login.
Permit password login.

That's it. Now you can ssh to OPN with your own user. Once there when you need to do admin tasks, do sudo first for one offs. Later when more comfortable, can begin becoming root for longer sessions, when really necessary.

[Moty_p]

 :) Thank you very much for your answers now the ssh works


ssh@mp-nt-firewall:~ $ ps awwux | grep python (command output:)
ssh  67861  0.0  0.0 12724 2036  0  R+   12:29   0:00.00 grep python

top command:
last pid: 77202;  load averages:  0.56,  0.61,  0.65    up 3+10:28:45  12:33:47
3 processes:   1 running, 2 sleeping
CPU:  0.0% user,  0.0% nice,  0.0% system,  0.5% interrupt, 99.5% idle
Mem: 1500M Active, 736M Inact, 139M Laundry, 1290M Wired, 395M Buf, 287M Free
Swap: 8192M Total, 2107M Used, 6085M Free, 25% Inuse

  PID USERNAME    THR PRI NICE   SIZE    RES STATE    C   TIME    WCPU COMMAND
97705 ssh           1  20    0    14M  3124K CPU1     1   0:00   0.06% top
77283 ssh           1  20    0    18M  7020K select   3   0:00   0.05% sshd
77580 ssh           1  20    0    13M  2916K wait     1   0:00   0.00% sh