CPU 100% problem
- 
				scegg
- Posts: 19
- Joined: Mon Mar 31, 2014 5:26 pm
CPU 100% problem
Hello. I have a strange 100% CPU usage problem about SoftEther.
My Test Environment:
Client side: Ubuntu Server 13.10 on Soekris Net6501-70 (CPU: Atom 1.6G, Mem: 2GB).
Server side in Test A1/2: Ubuntu Server 14 on Windows Azure
Server side in Test B1/2: Windows Server 2012 R2 on Windows Azure
SoftEther Version: 4.06 Build 9435.
Coz Windows Azure blocked all protocols other than TCP/UDP, I just used port 443 and SSTP for testing. Only SSTP clone is on.
Test A1:
Running a linux x64 version on server side with SecureNAT (bridge off) as well as a linux x86 version on client.
Result:
The cpu usage of vpnclient on client side will raise to 100% periodically. The cycle is no more than 1 min and it will keep on 100% for about 10 secs. After that, the server side will be similar to keep at 100% for 10 secs. Within these periods, no communication by VPN can be passed. In other time, it works great.
Test A2:
Running a linux x64 version on server side with bridge to a TAP device (SecureNAT is off) as well as a linux x86 version on client. Routing is set to on in server.
Result:
It works great for several hours then back to the same as A1.
Test B1:
Running a Windows version on server side with SecureNAT (bridge off) as well as a linux x86 version on client.
Result:
Same as A1. But the CPU usage on server side is not reached to 100%.
Test B2:
Running a Windows version on server side with bridge to a loopback NIC (SecureNAT is off) as well as a linux x86 version on client. RRAS is enabled for routing.
Result:
Same as A2. But the CPU usage on server side is not reached to 100%. I can reboot both server and client to reset this back to normal.
What's wrong with these?
Thanks for any advice.
			
									
									
						My Test Environment:
Client side: Ubuntu Server 13.10 on Soekris Net6501-70 (CPU: Atom 1.6G, Mem: 2GB).
Server side in Test A1/2: Ubuntu Server 14 on Windows Azure
Server side in Test B1/2: Windows Server 2012 R2 on Windows Azure
SoftEther Version: 4.06 Build 9435.
Coz Windows Azure blocked all protocols other than TCP/UDP, I just used port 443 and SSTP for testing. Only SSTP clone is on.
Test A1:
Running a linux x64 version on server side with SecureNAT (bridge off) as well as a linux x86 version on client.
Result:
The cpu usage of vpnclient on client side will raise to 100% periodically. The cycle is no more than 1 min and it will keep on 100% for about 10 secs. After that, the server side will be similar to keep at 100% for 10 secs. Within these periods, no communication by VPN can be passed. In other time, it works great.
Test A2:
Running a linux x64 version on server side with bridge to a TAP device (SecureNAT is off) as well as a linux x86 version on client. Routing is set to on in server.
Result:
It works great for several hours then back to the same as A1.
Test B1:
Running a Windows version on server side with SecureNAT (bridge off) as well as a linux x86 version on client.
Result:
Same as A1. But the CPU usage on server side is not reached to 100%.
Test B2:
Running a Windows version on server side with bridge to a loopback NIC (SecureNAT is off) as well as a linux x86 version on client. RRAS is enabled for routing.
Result:
Same as A2. But the CPU usage on server side is not reached to 100%. I can reboot both server and client to reset this back to normal.
What's wrong with these?
Thanks for any advice.
- 
				arprip
- Posts: 27
- Joined: Wed Feb 26, 2014 3:36 am
Re: CPU 100% problem
Hi,
Thanks for the information. Since you are testing with SSTP.
Is there any chance to try l2tp or ether/ip mode ? Just guessing if SSTP is root cause.
			
									
									
						Thanks for the information. Since you are testing with SSTP.
Is there any chance to try l2tp or ether/ip mode ? Just guessing if SSTP is root cause.
- 
				scegg
- Posts: 19
- Joined: Mon Mar 31, 2014 5:26 pm
Re: CPU 100% problem
Thanks for your reply.
I don't think it's possible to test other than SSTP coz GRE (used by PPTP) and ESP (used by L2TP and IKEv2) are not allowed by Windows Azure.
			
									
									
						I don't think it's possible to test other than SSTP coz GRE (used by PPTP) and ESP (used by L2TP and IKEv2) are not allowed by Windows Azure.
- 
				thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: CPU 100% problem
Could you check a sever-side vpn logs ? Is there any error or warning?
			
									
									
						- 
				scegg
- Posts: 19
- Joined: Mon Mar 31, 2014 5:26 pm
Re: CPU 100% problem
thisjun wrote:
> Could you check a sever-side vpn logs ? Is there any error or warning?
I dont know how to get the log from server side.
After I rebooted the server side, in the Test case B2, I haven't repo this problem but the log file is not deleted by me.
			
									
									
						> Could you check a sever-side vpn logs ? Is there any error or warning?
I dont know how to get the log from server side.
After I rebooted the server side, in the Test case B2, I haven't repo this problem but the log file is not deleted by me.
- 
				thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: CPU 100% problem
Please see this manual http://www.softether.org/4-docs/1-manua ... n_Terminal
			
									
									
						- 
				scegg
- Posts: 19
- Joined: Mon Mar 31, 2014 5:26 pm
Re: CPU 100% problem
thisjun wrote:
> Please see this manual
> http://www.softether.org/4-docs/1-manua ... n_Terminal
There is no such a button to get log file on my instance of Server Manager. Maybe manual is obsoleted?
			
									
									
						> Please see this manual
> http://www.softether.org/4-docs/1-manua ... n_Terminal
There is no such a button to get log file on my instance of Server Manager. Maybe manual is obsoleted?
- 
				mstenz
- Posts: 42
- Joined: Wed Mar 19, 2014 9:36 pm
Re: CPU 100% problem
Hi, 
I have the same problem with Windows Server 2012 R2. I have currently connected one Client via VPN and one Bridge, also I use a Virtual switch and Virtual DHCP without NATing.
I have tested this scenario with a previous version before without any issues, but with the last beta communctions stop regularly as can be checked ping:
Reply from 10.50.1.251: bytes=32 time=2ms TTL=255
Reply from 10.50.1.251: bytes=32 time=2ms TTL=255
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 10.50.1.12: Destination host unreachable.
Reply from 10.50.1.12: Destination host unreachable.
Reply from 10.50.1.12: Destination host unreachable.
Reply from 10.50.1.251: bytes=32 time=1298ms TTL=255
I can let give you access to our Server if needed.
The only errr message in the log is that:
2014-04-05 21:24:02.913 [HUB "AdminVPNGate"] Session "SID-MSTENZ-7": A large volume of broadcast packets has been detected. There are cases where packets are discarded based on the policy. The source MAC address is 00-AC-F5-3E-13-8B, the source IP address is fe80::15b8:173d:a110:ef73, the destination IP address is ff02::1:3. The number of broadcast packets is equal to or larger than 36 items per 1 second (note this information is the result of mechanical analysis of part of the packets and could be incorrect).
But thats my client VPN session and the unstable connection also happens if my client VPN connection is not established.
What I also see in the Windows Performance Monitor, that about 10MByte/s traffic is running through the SE daemon, even no real data are transferred.
Would be really great if you can find out what this issue is.
			
									
									
						I have the same problem with Windows Server 2012 R2. I have currently connected one Client via VPN and one Bridge, also I use a Virtual switch and Virtual DHCP without NATing.
I have tested this scenario with a previous version before without any issues, but with the last beta communctions stop regularly as can be checked ping:
Reply from 10.50.1.251: bytes=32 time=2ms TTL=255
Reply from 10.50.1.251: bytes=32 time=2ms TTL=255
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 10.50.1.12: Destination host unreachable.
Reply from 10.50.1.12: Destination host unreachable.
Reply from 10.50.1.12: Destination host unreachable.
Reply from 10.50.1.251: bytes=32 time=1298ms TTL=255
I can let give you access to our Server if needed.
The only errr message in the log is that:
2014-04-05 21:24:02.913 [HUB "AdminVPNGate"] Session "SID-MSTENZ-7": A large volume of broadcast packets has been detected. There are cases where packets are discarded based on the policy. The source MAC address is 00-AC-F5-3E-13-8B, the source IP address is fe80::15b8:173d:a110:ef73, the destination IP address is ff02::1:3. The number of broadcast packets is equal to or larger than 36 items per 1 second (note this information is the result of mechanical analysis of part of the packets and could be incorrect).
But thats my client VPN session and the unstable connection also happens if my client VPN connection is not established.
What I also see in the Windows Performance Monitor, that about 10MByte/s traffic is running through the SE daemon, even no real data are transferred.
Would be really great if you can find out what this issue is.
- 
				mstenz
- Posts: 42
- Joined: Wed Mar 19, 2014 9:36 pm
Re: CPU 100% problem
Additional note: I have disabled all other protocols. Only native SE VPN is used.
			
									
									
						- 
				mstenz
- Posts: 42
- Joined: Wed Mar 19, 2014 9:36 pm
Re: CPU 100% problem
Hi, please note that I have:
- disabledUDPAcceleration set to 1 in all hubs
and now the problem is gone.
			
									
									
						- disabledUDPAcceleration set to 1 in all hubs
and now the problem is gone.
- 
				scegg
- Posts: 19
- Joined: Mon Mar 31, 2014 5:26 pm
Re: CPU 100% problem
mstenz wrote:
> Hi, please note that I have:
>
> - disabledUDPAcceleration set to 1 in all hubs
>
> and now the problem is gone.
Thanks for your information.
After I rerun my test, this is proved useful but only in bridge mode. The problem is still existed while using SecureNAT but seems be better than before.
			
									
									
						> Hi, please note that I have:
>
> - disabledUDPAcceleration set to 1 in all hubs
>
> and now the problem is gone.
Thanks for your information.
After I rerun my test, this is proved useful but only in bridge mode. The problem is still existed while using SecureNAT but seems be better than before.
- 
				mstenz
- Posts: 42
- Joined: Wed Mar 19, 2014 9:36 pm
Re: CPU 100% problem
Hi,
but you wrote you dont used NAT? I think with NAT 100% CPU is normal and this should not really be used.
rgds.
Michael
			
									
									
						but you wrote you dont used NAT? I think with NAT 100% CPU is normal and this should not really be used.
rgds.
Michael
- 
				scegg
- Posts: 19
- Joined: Mon Mar 31, 2014 5:26 pm
Re: CPU 100% problem
mstenz wrote:
> Hi,
>
> but you wrote you dont used NAT? I think with NAT 100% CPU is normal and
> this should not really be used.
>
> rgds.
>
> Michael
I have 4 test scenarios.
			
									
									
						> Hi,
>
> but you wrote you dont used NAT? I think with NAT 100% CPU is normal and
> this should not really be used.
>
> rgds.
>
> Michael
I have 4 test scenarios.
- 
				mstenz
- Posts: 42
- Joined: Wed Mar 19, 2014 9:36 pm
Re: CPU 100% problem
So I understand without NAT its working now like a charm?
If yes, all is ok.
Please do not use NAT, as 100% is normal when using it.
			
									
									
						If yes, all is ok.
Please do not use NAT, as 100% is normal when using it.
- 
				inten
- Posts: 370
- Joined: Fri Oct 18, 2013 8:15 am
Re: CPU 100% problem
scegg wrote:
 
> I have 4 test scenarios.
How many hubs do you operate?
			
									
									
						> I have 4 test scenarios.
How many hubs do you operate?
- 
				scegg
- Posts: 19
- Joined: Mon Mar 31, 2014 5:26 pm
Re: CPU 100% problem
inten wrote:
> scegg wrote:
>
> > I have 4 test scenarios.
>
> How many hubs do you operate?
1 for each.
the 4 test servers are dedicated.
			
									
									
						> scegg wrote:
>
> > I have 4 test scenarios.
>
> How many hubs do you operate?
1 for each.
the 4 test servers are dedicated.
- 
				inten
- Posts: 370
- Joined: Fri Oct 18, 2013 8:15 am
Re: CPU 100% problem
and how many users in each hub?
			
									
									
						- 
				scegg
- Posts: 19
- Joined: Mon Mar 31, 2014 5:26 pm
Re: CPU 100% problem
inten wrote:
> and how many users in each hub?
1 for each.
			
									
									
						> and how many users in each hub?
1 for each.
- 
				inten
- Posts: 370
- Joined: Fri Oct 18, 2013 8:15 am
Re: CPU 100% problem
post vpn_server.config here.
			
									
									
						- 
				scegg
- Posts: 19
- Joined: Mon Mar 31, 2014 5:26 pm
Re: CPU 100% problem
inten wrote:
> post vpn_server.config here.
it works without SecureNAT and UDP Accelerating. I don't need troubleshooting for this. Thanks.
			
									
									
						> post vpn_server.config here.
it works without SecureNAT and UDP Accelerating. I don't need troubleshooting for this. Thanks.
