Ndppd using 100% CPU

jbhardman · November 10, 2023, 5:17pm

I had at one point configured nat66 source rules. I re-configured some other things and it is no longer needed, so I deleted all of those rules. But, ndppd is still running and is consuming 100% of one CPU core. Why is it running and why take up so much CPU?

Here is the config file it is using:

# sudo cat /run/ndppd/ndppd.conf
########################################################
#
# autogenerated by nat66.py
#
#   The configuration file must define one upstream
#   interface.
#
#   For some services, such as nat66, because it runs
#    stateless, it needs to rely on NDP Proxy to respond
#   to NDP requests.
#
#   When using nat66 source rules, NDP Proxy needs
#   to be enabled
#
########################################################

There is nothing here. Just comments. There are not nat66 source rules. Shouldn’t the process not run?

artooro · November 10, 2023, 11:13pm

What version of VyOS are you running, and do you have any IPv6 enabled interfaces?

2038y2k · December 20, 2023, 4:39am

Noticed the same issue in one of our instances. We do have a NAT66 source rule for a wireguard interface.

I’ve restarted the ndp daemon and the problem hasn’t come back yet (I suspect it will).

$ sudo systemctl restart ndppd.service

Our current version:

$ show version
Version:          VyOS sagitta
Release train:    current

Built by:         root@36a035b7590c
Built on:         Sun 17 Sep 2023 05:51 UTC
Build UUID:       95dbfd7e-4eb9-4193-b102-5246534e6460
Build commit ID:  221b622f7b2b63

cmonck · January 20, 2024, 11:11am

I’ve had the same issue myself in a VM in Google Cloud:

Version:          VyOS 1.4.0-rc1
Release train:    sagitta

Built by:         Sentrium S.L.
Built on:         Thu 21 Dec 2023 19:06 UTC
Build UUID:       2463607a-ddc5-4942-8685-00d078350c68
Build commit ID:  81ec3de04eb291

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  Google
Hardware model:   Google Compute Engine
Hardware S/N:     GoogleCloud-DE6E0B04AB4AEAC7794FE2985677FD7C
Hardware UUID:    de6e0b04-ab4a-eac7-794f-e2985677fd7c

Copyright:        VyOS maintainers and contributors

This is my NAT66 config:

set nat66 destination rule 10 destination address '2600:1900:xxxx:xxxx::/64'
set nat66 destination rule 10 inbound-interface name 'eth1'
set nat66 destination rule 10 translation address '2403:5815:xxxx:xxxx::/64'
set nat66 source rule 10 outbound-interface name 'eth1'
set nat66 source rule 10 source prefix '2403:5815:xxxx:xxxx::/64'
set nat66 source rule 10 translation address '2600:1900:xxxx:xxxx::/64'

I’ve restarted the service. Let’s see what happens.