USG20-VPN is constantly pegging at 99% CPU usage and sometimes causes drops in network

Jford
Jford Posts: 4  Freshman Member
First Comment First Anniversary
edited April 2021 in Security
I've turned off all the features, bells, and whistles.  Just using it as a basic firewall, no VPN or anything else, and the thing maxes out at 99% and drops my connections.  No firmware updates that I can see and yet this seems to be a problem across many of your systems.  What the heck is going on?

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,385  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments

    Hi @Jford,

    Use the command "debug system show cpu status" to check the details of CPU usage.

    Router> debug system show cpu status

    If the percentage of softirq is high, it means the CPU is occupied with traffic load.


    If the percentage of system is high, it means the CPU is spent on running in kernel space.

    You can then use the command "debug system ps" to check the process status.

    Router> debug system ps

  • Jford
    Jford Posts: 4  Freshman Member
    First Comment First Anniversary
    The firewall is at my house with a 100MB pipe.  The firewall should not be maxing out on network traffic, ever. The configuration is a all computers and devices connect to a switch that connects to the firewall so internal traffic is not being handled by the firewall.  The firewall only handles the traffic leaving the house.  the 99% doesnt last long enough for me to identify that it has happened and then log into the firewall and see what is causing it.  is there a log command that can be configured to autorun the commands mentioned above and log the results when the cpu load gets to a specific threshold?

  • Jford
    Jford Posts: 4  Freshman Member
    First Comment First Anniversary
    The process that is maxing out the CPU is the one listed below.

    python /usr/sbin/reg_agent.pyc 0 S182L44200495 BC9911BD856F 4.39(ABAQ.0)

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,385  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Hi @Jford,
    You can use the attached script "Get_status_loop_show_cpu_average.ttl" to automatically execute the following three commands automatically every 60 seconds.
    show cpu average
    debug system show cpu status
    debug system ps

    On TeraTerm, open Control > Macro and select "Get_status_loop_show_cpu_average.ttl".
    It starts executing commands on the console.

    You can log all messages to a txt file automatically on TeraTerm>  File > Log.

    If you'd like to reboot USG, remember to click "End" to stop the script first.

  • I have exactely same issue since few weeks... reboot, disable all updates - nothing helps.

    Router# show cpu average
    CPU        Usage
    ===============================================================================
    0          15 %

    CPU average: 15 %
    Network Traffic: 7 %

    CPU   MEM   TIME                       APPLICATION
    ===============================================================================
    3.6   0.4   01:29:32                   SNMP server
    2.4   1.3   00:59:48                   Zyxel Service
    2.4   0.8   01:00:50                   IPsec VPN
    1.7   0.2   00:43:57                   Log
    1.6   0.1   00:40:02                   wacd
    1.2   0.0   00:29:49                   System statistics
    1.1   0.2   00:28:23                   User access management
    0.8   0.4   00:20:52                   ttyd
    0.8   0.0   00:19:50                   Process packets
    Router# debug system show cpu status
    CPU utilization: 86 % (system: 11 %, user: 66 %, irq: 0 %, softirq 9 %)
    CPU utilization (1 minute): 62 % (system: 18 %, user: 37 %, irq: 0 %, softirq 7 %)
    CPU utilization (5 minute): 62 % (system: 17 %, user: 39 %, irq: 0 %, softirq 6 %)
    Router#

    PS shows no significant CPU usage of processes, except:

    29043 29038 python          root     ?         19   0 87.6  0.8 R     15076  8436  5088  3769 14:03:18       00:03 00:00:02 python /usr/sbin/reg_agent.pyc 3 8391643833fe00f1b1f3be8a949ea669e565ef9ad56846745c057ed5 4.60(AALA.0) noneedcnmid

    What tells me that there seems to be an issue with the sync to the cloud. Sometimes the problem disappear with no intervention, but comes back minutes later. The CPU usage of this process is always ~ 80%.

    ZyWall USG 40
    Current Version: V4.60(AALA.0)
    Released Date: 2020-10-17 00:06:21

    Never had this isse with last version of the Firmware. Maybe I'm going back ...

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary

    Hi @ThomasCan

    “ZyXEL service” is a process which will in charge of license status services.

    29043 29038 python          root     ?         19   0 87.6  0.8 R     15076  8436  5088  3769 14:03:18       00:03 00:00:02 python /usr/sbin/reg_agent.pyc 3 8391643833fe00f1b1f3be8a949ea669e565ef9ad56846745c057ed5 4.60(AALA.0) noneedcnmid

    This kind of service will consume CPU resource within a short period and won’t affect the system operation.

    However, from the information you provide, we saw that the CPU average status shows SNMP sever with higher usage.

    Are there many SNMP queries send to USG in the short time?

     

    You may also share us the CPU usage in graphic view. It will display device CPU usage in past 24 hours.


  • Jford
    Jford Posts: 4  Freshman Member
    First Comment First Anniversary
    I clocked your fetchurl_agent.pyc at 108%

    [2021-08-30 10:20:04.830]  2442  2426 python          root     ?         19   0  108  0.4 R     16920  9924  6376  4230 10:20:02       00:03 00:00:03 python /usr/sbin/fetchurl_agent.pyc 0 8a0dd579b64a8d6de25547429462c1e036448571d7dbf321f931f46a 4.65(ABAQ.1) USG20-VPN 4.65(ABAQ.0) USG20-VPN

    is this the new "reg_agent.pyc" that was hogging up process before?

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,378  Zyxel Employee
    100 Answers 1000 Comments Friend Collector Seventh Anniversary
    Hi @Jford
    The "fetchurl" is a background service to get correct URL for UTM function. Does process still displaying usage like it? You may update to latest version and have a check if display issue still exist.

Security Highlight