Vyos high cpu usage

Saad · May 17, 2024, 7:14pm

Vyos high cpu usage out of 4 core 1 core is used 100%. Using top I realized ksoftirqd/0 is using cpu. Vyos is running running as proxmox vm.

roedie · May 17, 2024, 8:36pm

Without any info it is very hard to extract a problem or provide a solution for what you observe. For what it’s worth you could be pushing 10gbit through the router and be amazed a core maxes out.

Please provide info with your help questions or big report.

Saad · May 18, 2024, 4:41am

traffic passimg through is 400mbps upload and download. Basically running pppoe server. almost 450 subscriber were connected and also running cgnat

Apachez · May 18, 2024, 7:10am

Please add the output of “show config commands | strip-private” to your forumthread.

Saad · May 18, 2024, 8:12am

irewall global-options
set firewall ipv4 forward filter rule 50 action ‘drop’
set firewall ipv4 forward filter rule 50 description ‘Drop QUIC’
set firewall ipv4 forward filter rule 50 destination port ‘80,443’
set firewall ipv4 forward filter rule 50 protocol ‘udp’
set firewall ipv4 forward filter rule 100 action ‘accept’
set firewall ipv4 forward filter rule 100 destination port ‘80,443’
set firewall ipv4 forward filter rule 100 log
set firewall ipv4 forward filter rule 100 log-options level ‘debug’
set firewall ipv4 forward filter rule 100 protocol ‘tcp’
set firewall ipv4 forward filter rule 100 state ‘new’
set firewall ipv6 forward filter rule 50 action ‘drop’
set firewall ipv6 forward filter rule 50 description ‘Drop QUIC’
set firewall ipv6 forward filter rule 50 destination port ‘80,443’
set firewall ipv6 forward filter rule 50 protocol ‘udp’
set firewall ipv6 forward filter rule 100 action ‘accept’
set firewall ipv6 forward filter rule 100 destination port ‘80,443’
set firewall ipv6 forward filter rule 100 log
set firewall ipv6 forward filter rule 100 log-options level ‘debug’
set firewall ipv6 forward filter rule 100 protocol ‘tcp’
set firewall ipv6 forward filter rule 100 state ‘new’
set interfaces ethernet eth0 hw-id ‘xx:xx:xx:xx:xx:fd’
set interfaces ethernet eth0 vif 321 description ‘Kamran-Distri’
set interfaces ethernet eth0 vif 321 disable
set interfaces ethernet eth0 vif 362 description ‘Ijaz-Distri’
set interfaces ethernet eth0 vif 362 disable
set interfaces ethernet eth0 vif 401 address ‘xxx.xxx.135.172/26’
set interfaces ethernet eth0 vif 401 address ‘xxxx:xxxx:0:1::2/64’
set interfaces ethernet eth0 vif 3901 description ‘DC-IPv6-1’
set interfaces loopback lo
set nat cgnat pool external ext1 external-port-range ‘1001-65535’
set nat cgnat pool external ext1 per-user-limit port ‘1000’
set nat cgnat pool external ext1 range xxx.xxx.209.48/29
set nat cgnat pool external ext1 range xxx.xxx.209.56/29
set nat cgnat pool internal ConPool range ‘xxx.xxx.0.0/22’
set nat cgnat rule 10 source pool ‘ConPool’
set nat cgnat rule 10 translation pool ‘ext1’
set nat64 source rule 100 source prefix ‘xxxx:xxxx::/96’
set nat64 source rule 100 translation pool 10 address ‘xxx.xxx.209.2’
set nat64 source rule 100 translation pool 10 port ‘1025-65535’
set protocols static route xxx.xxx.0.0/0 next-hop xxx.xxx.135.177
set protocols static route6 ::/0 next-hop xxxx:xxxx:0:1::1
set service dns
set service ntp allow-client xxxxxx ‘xxx.xxx.0.0/8’
set service ntp allow-client xxxxxx ‘xxx.xxx.0.0/16’
set service ntp allow-client xxxxxx ‘xxx.xxx.0.0/8’
set service ntp allow-client xxxxxx ‘xxx.xxx.0.0/12’
set service ntp allow-client xxxxxx ‘xxx.xxx.0.0/16’
set service ntp allow-client xxxxxx ‘::1/128’
set service ntp allow-client xxxxxx ‘fe80::/10’
set service ntp allow-client xxxxxx ‘fc00::/7’
set service ntp allow-client xxxxxx ‘xxx.xxx.0.0/0’
set service ntp allow-client xxxxxx ‘::/0’
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service ntp server xxxxx.tld
set service pppoe-server authentication mode ‘radius’
set service pppoe-server authentication protocols ‘pap’
set service pppoe-server authentication protocols ‘chap’
set service pppoe-server authentication protocols ‘mschap’
set service pppoe-server authentication protocols ‘mschap-v2’
set service pppoe-server authentication radius accounting-interim-interval ‘180’
set service pppoe-server authentication radius dynamic-author key xxxxxx
set service pppoe-server authentication radius dynamic-author port ‘3799’
set service pppoe-server authentication radius dynamic-author server ‘xxx.xxx.135.172’
set service pppoe-server authentication radius nas-identifier ‘VyOS’
set service pppoe-server authentication radius nas-ip-address ‘xxx.xxx.135.172’
set service pppoe-server authentication radius rate-limit attribute ‘Mikrotik-Rate-Limit’
set service pppoe-server authentication radius rate-limit enable
set service pppoe-server authentication radius rate-limit vendor ‘Mikrotik’
set service pppoe-server authentication radius server xxxxx.tld disable
set service pppoe-server authentication radius server xxxxx.tld key xxxxxx
set service pppoe-server authentication radius server xxxxx.tld key xxxxxx
set service pppoe-server authentication radius source-address ‘xxx.xxx.135.172’
set service pppoe-server client-ip-pool Con-Pool range ‘xxx.xxx.0.0/22’
set service pppoe-server client-ip-pool expired-pool range ‘xxx.xxx.0.0/22’
set service pppoe-server client-ipv6-pool delegate-prefix delegate xxxx:xxxx:3::/56 delegation-prefix ‘64’
set service pppoe-server client-ipv6-pool delegate-prefix prefix xxxx:xxxx:2::/56 mask ‘64’
set service pppoe-server default-pool ‘Con-Pool’
set service pppoe-server gateway-address ‘xxx.xxx.1.1’
set service pppoe-server interface eth0.3901
set service pppoe-server name-server ‘xxx.xxx.135.166’
set service pppoe-server name-server ‘xxxx:xxxx:4860::6464’
set service pppoe-server pado-delay 50 sessions ‘500’
set service pppoe-server pado-delay 100 sessions ‘1000’
set service pppoe-server ppp-options disable-ccp
set service pppoe-server ppp-options ipv4 ‘allow’
set service pppoe-server ppp-options ipv6 ‘allow’
set service router-advert interface eth0 default-lifetime ‘3600’
set service router-advert interface eth0 default-preference ‘high’
set service router-advert interface eth0 hop-limit ‘64’
set service router-advert interface eth0 interval max ‘30’
set service router-advert interface eth0 link-mtu ‘1450’
set service router-advert interface eth0 name-server ‘xxxx:xxxx:4860::6464’
set service router-advert interface eth0 prefix ::/64 preferred-lifetime ‘3600’
set service router-advert interface eth0 prefix ::/64 valid-lifetime ‘7200’
set service router-advert interface eth0 reachable-time ‘300’
set service router-advert interface eth0 retrans-timer ‘100’
set service snmp community corbis
set service ssh
set system config-management commit-revisions ‘100’
set system conntrack modules ftp
set system conntrack modules h323
set system conntrack modules nfs
set system conntrack modules pptp
set system conntrack modules sip
set system conntrack modules sqlnet
set system conntrack modules tftp
set system console device ttyS0 speed ‘115200’
set system host-name xxxxxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication encrypted-password xxxxxx
set system login user xxxxxx authentication plaintext-password xxxxxx
set system logs logrotate messages max-size ‘1024’
set system logs logrotate messages rotate ‘5’
set system name-server ‘xxx.xxx.135.166’
set system option performance ‘throughput’
set system syslog global facility all level ‘info’
set system syslog global facility local7 level ‘debug’
set system syslog host xxx.xxx.135.171 facility kern level ‘all’
set system syslog host xxx.xxx.135.171 port ‘514’
set system update-check url xxxxxx

tjh · May 18, 2024, 9:45am

I’ve never used accel-ppp I wonder does Vyos set thread-count= option?
Anyway to get a copy of the config file Vyos generates for accel-ppp and see if that option is set?

edit: This thread says it’s supported. How many CPUs does your system have?

Saad · May 18, 2024, 10:15am

4 cpu core are present in my setup

Saad · May 18, 2024, 10:25am

thread count is set properly set to 4 equals to core count. I don’t thinks the issue is related to accel-ppp. Issue is something else. Previously I tested on physical machine there was no issue. Now, vyos is running on Proxmox. I think its kvm related issue

roedie · May 18, 2024, 11:31am

Could it be there’s something wrong in your network and the vyos vm is seeing a lot of traffic for which is not the destination? Ie, your virtual network flooding all traffic towards vyos?

Saad · May 18, 2024, 12:09pm

nope there is no problem in network. I have checked

tjh · May 18, 2024, 8:17pm

What CPU type are you using under Proxmox?

Saad · May 19, 2024, 5:38am

I am using host cpu type

fernando · May 19, 2024, 8:58pm

well , there are many points where you can improve , enable multiquee on KVM/promox to the virtual NIC , also if you are using intel, it’s recomended disabled the HT to high trought VMs , check max ring buffer enable and try to play with the offload.

Apachez · May 19, 2024, 11:59pm

Also since CGNAT is used dont forget to tweak the conntrack tables size preferly 1:1 hash/bucket ratio (for performance).

Edit: Also consider/test these optimizations and see which one will improve your situation: