FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12615 questions

14984 answers

23964 comments

46771 members

0 votes
68 views 1 comments
by
We have an RUT950 running 7.02.07 with an IPSec tunnel back to a Cisco ASA.

When the IPSec connection is enabled, the RUT950 goes from ~83% idle CPU to ~30% idle, sometimes showing 0% idle.

The RUT950 also becomes laregly unresponsive, even from the RMS management interface.

In "top", the process that appears to use the most CPU is [ksoftirqd/0].

If we disable the IPSec tunnel, the RUT950 CPU returns to normal, as does the overall responsiveness of the unit.

1 Answer

0 votes
by

Hello,

A good explanation of [ksoftirqd/0] process is explained here, thus my assumptions are that you pass a lot of traffic over IPsec tunnel, or encryption algorithms of your configuration are rather computationally expensive. Or there are additional services running within the device.

I would suggest to check, if enabling the following helps to reduce CPU load. Login to the WebUI, navigate to Network -> Firewall -> General settings. Under ROUTING/NAT OFFLOADING section, enable Software flow offloading setting. Save & apply. 

If you have created any custom firewall rules, you can also review their ordering Network -> Firewall -> Traffic rules, to have the drop/reject rules at the top, in order to reduce time, taken to process packets matching them.

Best regards,

by
Hi there,

Thank you for your reply and information provided.

We are pushing around 15Mbps over the IPsec tunnel, which didn't seem like a lot. We haven't been able to identify what the specifications are on IPsec tunnel bandwidth on the RUT950 or any of the Teltonika routers, so we didn't know whether we were hitting a limit there.

We have made the change mentioned to enable Software flow offloading, so we will see if that makes a difference.

Best regards,