Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 26 replies
  • Answers 1 answer
  • Subscribers 43 subscribers
  • Views 5977 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Home VM v20 - Snort using all CPU with some random trigger

Bryan Lucas

I've seen similar topics here, but none seem to quite work.  XG Home VM, v20, with a pretty minimal ruleset.  I'm really the only person on my home network.  At some random times the VM will go to 90-100% CPU usage and stay there.  This has happened at 2 in the morning when nothing is really being used.  Traffic through the XG will usually stop flowing when this happens.  TOP shows that snort is the top process on both CPUs when this happens, followed by conntrack.  If I drop the snort service, I regain about 50% of my CPU.  The only thing that actually fixes the issue for a time is to use the console to purge logs and reboot.

I'm about at the point where I just want to rebuild from scratch, as I can't pin down the event that causes this.  Any advice?



This thread was automatically locked due to age.
Parents
  • +1

    Looks like we've found the issue - thanks to everyone and to  for the eyes on-box and the info to track down what was causing this.

    I have a Home Assistant VM running on my network.  I also have a NAT rule in my XG that redirects all DNS / sDNS (DNS over TLS/HTTPS) requests to my internal DNS server.  The internal DNS server doesn't yet support sDNS, but the service on my XG included both 53 and 853.  The Home assistant VM includes a config with a "fallback" DNS to Cloudflare.  at random times, the VM will attempt to reach out to Cloudflare, get redirected to internal DNS, fail to connect, and then start repeating that connection  attempt multiple times a second.  Either disabling that fallback DNS entry, updating my DNS server to support sDNS, or removing the NAT rule redirecting DNS would fix the problem.  I chose the final option to start with.

    I can't post the link, as this post will get flagged.  Googling "home assistant fallback DNS improve Privacy" will bring up a post on the Home Assistant forums called "Improve Privacy, Stop using hardcoded DNS."  That article describes what was happening.

    So, once again, it was DNS.  It's always DNS.

Reply
  • +1

    Looks like we've found the issue - thanks to everyone and to  for the eyes on-box and the info to track down what was causing this.

    I have a Home Assistant VM running on my network.  I also have a NAT rule in my XG that redirects all DNS / sDNS (DNS over TLS/HTTPS) requests to my internal DNS server.  The internal DNS server doesn't yet support sDNS, but the service on my XG included both 53 and 853.  The Home assistant VM includes a config with a "fallback" DNS to Cloudflare.  at random times, the VM will attempt to reach out to Cloudflare, get redirected to internal DNS, fail to connect, and then start repeating that connection  attempt multiple times a second.  Either disabling that fallback DNS entry, updating my DNS server to support sDNS, or removing the NAT rule redirecting DNS would fix the problem.  I chose the final option to start with.

    I can't post the link, as this post will get flagged.  Googling "home assistant fallback DNS improve Privacy" will bring up a post on the Home Assistant forums called "Improve Privacy, Stop using hardcoded DNS."  That article describes what was happening.

    So, once again, it was DNS.  It's always DNS.

Children
No Data
Unfiltered HTML