x86 ROS Device SSL process spikes router CPU to 100%

plexicommsam · August 22, 2016, 6:09pm

I am running the Dude on a VM that has a 2.5ghz processor assigned to it.

At frequent intervals ABOUT 30-60 seconds apart (but not exact) the SSL process spikes the CPU to 100%. This seems to effect SNMP probes primarily, as we don’t drop pings but we lose probes and therefor generate a false notification.

A certificate log entry is made called ‘start CRL update’

We have no certificates installed on this machine.

I disabled api-ssl and www-ssl under IP>Services.

There’s no hotspot running a web server on the device.

We are runing v6.26

krisjanis · August 24, 2016, 8:26am

Please contanct support@mikrotik.com regarding this problem. And includ supout file from that problematic device generated during moment when cpu load has spiked. And one from The Dude server host also.

http://wiki.mikrotik.com/wiki/Manual:Support_Output_File

Ciambot · November 22, 2016, 4:53pm

I’m having the same issue on version 6.37.2.
x86 with 2 CPU, 1800mhz.
CPU is always at 100%, ssl process takes all resources.

Does fix exist?

RafaelUrsoft · December 20, 2016, 11:48am

I’m having the same problem, yours solved?

RafaelUrsoft · January 10, 2017, 2:26pm

My problem persists, does anyone have the solution?

PaulsMT · January 10, 2017, 2:28pm

Should be fixed in 6.38
What version are you using ?

RafaelUrsoft · January 16, 2017, 2:52pm

I am using version 6.39. I have already tried with version 6.38 and also did not work, the SSL gets very high and the CPU goes to 100%. I am using a virtual machine and running on x86.

PaulsMT · January 17, 2017, 7:33am

Please write to support@mikrotik.com
We will need a remote access.
Thanks.

Ciambot · January 20, 2017, 8:02am

6.39rc13 problem persists.

cgood · November 19, 2017, 6:36pm

Aruba CHR OVPN server:

/interface ovpn-server server> /system resource monitor
          cpu-used: 100%
  cpu-used-per-cpu: 100%
       free-memory: 885812KiB

/system resource print
                   uptime: 1w3d3h13m44s
                  version: 6.40.5 (stable)
               build-time: Oct/31/2017 13:05:15
              free-memory: 864.9MiB
             total-memory: 972.9MiB
                      cpu: Intel(R)
                cpu-count: 1
            cpu-frequency: 1699MHz
                 cpu-load: 100%
           free-hdd-space: 19.8GiB
          total-hdd-space: 19.9GiB
  write-sect-since-reboot: 523672
         write-sect-total: 523673
        architecture-name: x86_64
               board-name: CHR
                 platform: MikroTik
/interface ovpn-server server> /tool profile
NAME                    CPU        USAGE
ppp                                 0.5%
ethernet                            0.5%
ssh                                 0.5%
networking                          0.5%
logging                             0.5%
ssl                                  97%
unclassified                        0.5%
total                               100%

Disabling of OVPN server not work - 100% CPU.

/ip service print
Flags: X - disabled, I - invalid
 #   NAME                                       PORT ADDRESS                                                                         CERTIFICATE
 0 XI telnet                                    23
 1 XI ftp                                          21
 2 XI www                                          80
 3   ssh                                       22
 4 XI www-ssl                                     443                                                                                 none
 5 XI api                                        8728
 6   winbox                                     8291
 7 XI api-ssl                                    8729                                                                                 none

wtf??

yonnie · November 20, 2017, 2:34pm

I been trying to find why my networks have a cyclic interference issue that make them operate like a yo-yo (up-down) and we were thinking it was a feedback issue. At least now I can see other people are experiencing something too! This problem actually cuts clients off from the internet momentarily. To resolve the issue I un-plugged the Dude router and am not using a monitor system. I don’t like flying blind and need a monitor system that works. Please fix this problem ASAP.

Running Dude from a RB750gr3 version 6.39.2 on a microSD chip. All monitored network routers are running 6.39.2 as well. I would like to update to a later version that doesn’t have this problem but I don’t know how to get the Dude to update. Is there a list of commands available?

Lakis · November 23, 2017, 1:41pm

cgood “SLL CPU 100%” is not fixed yet I m also searching for solution.
in 6.38rc51
*) Fixed - Changed SSL connection timeouts. SSL connections caused CPU overload
but I m running ver. 6.40.4 SSL problem still persist.

rajasagheer2000 · February 23, 2018, 1:46pm

you just need to create new SSL certificate. because the certificate you have created using CPU 100% .

try this script

/certificate
add name=ca-template common-name=myCa key-usage=key-cert-sign,crl-sign
sign ca-template name=myCa

MikrotikOdessa · February 23, 2018, 8:26pm

6.41.2
RB750Gr3 running Dude
While making pptp-out connection attempts router has cpu ssl spikes up to 40%
When connected, CPU shows 1-2 %, no any spikes

fbi · April 14, 2019, 9:01am

Is there any solution for this problem? I have the same issue with 6.43.2 (I know it is a little bit old ROS version, but the last change with the dude was in the 6.43). I am using the dude with a x86 VM (under proxmox), the CPU usage is 0% until I start the dude. After that all CPUs are 100% loaded and the / tool prifle shows that as many ssl processes go 100% as many CPUs I have. The dude client can’t connect if I want to use secure connection. If I select the plain connection, the client can connect, but the server still has 100% CPU usage.