VERY HIGH (up to 180%) processor load

Home Page Forums Network Management ZeroShell VERY HIGH (up to 180%) processor load

This topic contains 7 replies, has 0 voices, and was last updated by  vadimka 9 years, 10 months ago.

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #41805

    vadimka
    Member

    Hello everyone.
    I am happily running zeroshell, with great results, but, after setting up OpenVPN, my system is barely holding up. The processor load is sometimes up to 180%, and it is visibly slowing down my internet speed.

    I am sure that it is connected to the fact that I run Host-to LAN Openvpn server on port 80 (it was the only way, since the person that uses it has only port 80 access). I had to change some things for that.

    It is clear, from the picture, that when VPN is not active(between 23:00 and 6:00 AM), the system load is very low.

    .

    using the top command,i get the following results:

    top - 18:40:39 up 2 days, 17:24,  1 user,  load average: 1.75, 1.62, 1.56
    Tasks: 66 total, 2 running, 64 sleeping, 0 stopped, 0 zombie
    Cpu(s): 46.5% user, 51.9% system, 0.0% nice, 1.6% idle, 0.0% IO-wait
    Mem: 247484k total, 187312k used, 60172k free, 31032k buffers
    Swap: 131064k total, 0k used, 131064k free, 40720k cached

    PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
    3997 nobody 20 0 1696 648 556 R 47.8 0.3 477:21.73 pppoe
    4698 root 20 0 4168 2152 1336 S 29.9 0.9 442:04.56 vpn
    4 root 15 -5 0 0 0 S 19.3 0.0 163:11.43 ksoftirqd/0
    1641 root 20 0 59656 31m 2652 S 0.7 12.9 0:46.31 named

    ..So, ppoe takes up 47.8%, and vpn 29.9% ..and that’s an average…

    Thanks in advance for the help. Hope you people understood what I wrote here

    #48478

    zevlag
    Member

    If you are running VPN on port 80, because port 80 is commonly crawled for attempts to find public webservers, I would highly recommend and iptables firewall rule only allowing access from the specific IP your VPN client is connecting from.

    #48479

    vadimka
    Member

    I made the firewall change, but there is no difference.
    The load seems heavily connected with VPN traffic. If VPN connection is idle(<1megabyte) , system load is quite low, ~20% , but at a sustained VPN speed of 7 megabytes (~750 kB/S) , the load is 160%.
    Quite strange, taking into consideration that i can have traffic up to 90 Mbit/s on non-vpn interfaces with minimal load.

    #48480

    zevlag
    Member

    See this:
    http://openvpn.net/archive/openvpn-users/2007-09/msg00247.html

    You could try turning off compression (http://www.zeroshell.net/eng/forum/viewtopic.php?t=1448&highlight=lzo), but that isn’t an option yet in ZeroShell.

    You might also try changing the openvpn config to use different encryption method (blowfish, 3des, aes)

    Upgrade hardware, or add an encryption/compression offload card.

    #48481

    ppalias
    Member

    I have also noticed extremely large cpu usage after enabling openvpn. I’ll try to disable compression to see if this helps.

    #48482

    Do we know if Zeroshell can use the crypto acceleration features of the AMD Geode LX yet?

    This is the combo used in the Soekris net5501 box, I would like to run openVPN in the future, but now I have seen this, I’m worried about it chewing up all my CPU.

    There was some talk of a kernel update earlier this year that would allow for this – I think!?

    Jeff

    #48483

    zevlag
    Member

    I don’t know if it does, I’m not familiar with the hardware offloading/acceleration for such.

    I have posted a patch on the other thread on how to disable compression.

    #48484

    ppalias
    Member

    A few hours ago I upgraded to ZS beta 12 and disabled lzo compression on Openvpn. I think the graph speaks for itself.
    [img=http://img23.imageshack.us/img23/8741/systemday.th.png]

    #48485

    vadimka
    Member

    I disabled the compression. Not much of a difference, about 30% less.

    Currently i’m on beta 11. I’ll go to beta 12.

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.