USG20-VPN is constantly pegging at 99% CPU usage and sometimes causes drops in network

Jford
Jford Posts: 4
First Anniversary First Comment
edited April 2021 in Security
I've turned off all the features, bells, and whistles.  Just using it as a basic firewall, no VPN or anything else, and the thing maxes out at 99% and drops my connections.  No firmware updates that I can see and yet this seems to be a problem across many of your systems.  What the heck is going on?

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Jford,

    Use the command "debug system show cpu status" to check the details of CPU usage.

    Router> debug system show cpu status

    If the percentage of softirq is high, it means the CPU is occupied with traffic load.


    If the percentage of system is high, it means the CPU is spent on running in kernel space.

    You can then use the command "debug system ps" to check the process status.

    Router> debug system ps

  • Jford
    Jford Posts: 4
    First Anniversary First Comment
    The firewall is at my house with a 100MB pipe.  The firewall should not be maxing out on network traffic, ever. The configuration is a all computers and devices connect to a switch that connects to the firewall so internal traffic is not being handled by the firewall.  The firewall only handles the traffic leaving the house.  the 99% doesnt last long enough for me to identify that it has happened and then log into the firewall and see what is causing it.  is there a log command that can be configured to autorun the commands mentioned above and log the results when the cpu load gets to a specific threshold?

  • Jford
    Jford Posts: 4
    First Anniversary First Comment
    The process that is maxing out the CPU is the one listed below.

    python /usr/sbin/reg_agent.pyc 0 S182L44200495 BC9911BD856F 4.39(ABAQ.0)

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @Jford,
    You can use the attached script "Get_status_loop_show_cpu_average.ttl" to automatically execute the following three commands automatically every 60 seconds.
    show cpu average
    debug system show cpu status
    debug system ps

    On TeraTerm, open Control > Macro and select "Get_status_loop_show_cpu_average.ttl".
    It starts executing commands on the console.

    You can log all messages to a txt file automatically on TeraTerm>  File > Log.

    If you'd like to reboot USG, remember to click "End" to stop the script first.

  • I have exactely same issue since few weeks... reboot, disable all updates - nothing helps.

    Router# show cpu average
    CPU        Usage
    ===============================================================================
    0          15 %

    CPU average: 15 %
    Network Traffic: 7 %

    CPU   MEM   TIME                       APPLICATION
    ===============================================================================
    3.6   0.4   01:29:32                   SNMP server
    2.4   1.3   00:59:48                   Zyxel Service
    2.4   0.8   01:00:50                   IPsec VPN
    1.7   0.2   00:43:57                   Log
    1.6   0.1   00:40:02                   wacd
    1.2   0.0   00:29:49                   System statistics
    1.1   0.2   00:28:23                   User access management
    0.8   0.4   00:20:52                   ttyd
    0.8   0.0   00:19:50                   Process packets
    Router# debug system show cpu status
    CPU utilization: 86 % (system: 11 %, user: 66 %, irq: 0 %, softirq 9 %)
    CPU utilization (1 minute): 62 % (system: 18 %, user: 37 %, irq: 0 %, softirq 7 %)
    CPU utilization (5 minute): 62 % (system: 17 %, user: 39 %, irq: 0 %, softirq 6 %)
    Router#

    PS shows no significant CPU usage of processes, except:

    29043 29038 python          root     ?         19   0 87.6  0.8 R     15076  8436  5088  3769 14:03:18       00:03 00:00:02 python /usr/sbin/reg_agent.pyc 3 8391643833fe00f1b1f3be8a949ea669e565ef9ad56846745c057ed5 4.60(AALA.0) noneedcnmid

    What tells me that there seems to be an issue with the sync to the cloud. Sometimes the problem disappear with no intervention, but comes back minutes later. The CPU usage of this process is always ~ 80%.

    ZyWall USG 40
    Current Version: V4.60(AALA.0)
    Released Date: 2020-10-17 00:06:21

    Never had this isse with last version of the Firmware. Maybe I'm going back ...

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,366  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @ThomasCan

    “ZyXEL service” is a process which will in charge of license status services.

    29043 29038 python          root     ?         19   0 87.6  0.8 R     15076  8436  5088  3769 14:03:18       00:03 00:00:02 python /usr/sbin/reg_agent.pyc 3 8391643833fe00f1b1f3be8a949ea669e565ef9ad56846745c057ed5 4.60(AALA.0) noneedcnmid

    This kind of service will consume CPU resource within a short period and won’t affect the system operation.

    However, from the information you provide, we saw that the CPU average status shows SNMP sever with higher usage.

    Are there many SNMP queries send to USG in the short time?

     

    You may also share us the CPU usage in graphic view. It will display device CPU usage in past 24 hours.


  • Jford
    Jford Posts: 4
    First Anniversary First Comment
    I clocked your fetchurl_agent.pyc at 108%

    [2021-08-30 10:20:04.830]  2442  2426 python          root     ?         19   0  108  0.4 R     16920  9924  6376  4230 10:20:02       00:03 00:00:03 python /usr/sbin/fetchurl_agent.pyc 0 8a0dd579b64a8d6de25547429462c1e036448571d7dbf321f931f46a 4.65(ABAQ.1) USG20-VPN 4.65(ABAQ.0) USG20-VPN

    is this the new "reg_agent.pyc" that was hogging up process before?

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,366  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Hi @Jford
    The "fetchurl" is a background service to get correct URL for UTM function. Does process still displaying usage like it? You may update to latest version and have a check if display issue still exist.

Security Highlight