RPKI process efficiency

darshankowlaser commented 19 hours ago

Description

Hello

I reached out the FRR mailing list however didn't received a response so this is why im here.

I'm experiencing high CPU usage on my RPKI process which is very odd. To elaborate, I have two vyos boxes that have similar configuration for the edge just handling BGP and OSPF to the core. On one of the routers I have excessively high CPU usage and when checking the processes RPKI sits very high compared to the other router.

Version

FRR Version:
`FRRouting 9.1.1 (za-ct-ter-dc-rt-edge-01) on Linux(6.6.43-amd64-vyos).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
configured with:
    '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--localstatedir=/var/run/frr' '--sbindir=/usr/lib/frr' '--sysconfdir=/etc/frr' '--with-vtysh-pager=/usr/bin/pager' '--libdir=/usr/lib/x86_64-linux-gnu/frr' '--with-moduledir=/usr/lib/x86_64-linux-gnu/frr/modules' '--disable-dependency-tracking' '--enable-rpki' '--enable-scripting' '--enable-pim6d' '--with-libpam' '--enable-doc' '--enable-doc-html' '--enable-snmp' '--enable-fpm' '--disable-protobuf' '--disable-zeromq' '--enable-ospfapi' '--enable-bgp-vnc' '--enable-multipath=256' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' 'build_alias=x86_64-linux-gnu' 'PYTHON=python3'

How to reproduce

Here is my RPKI configuration on the router experiencing high process CPU usage :

In Vtysh: rpki rpki cache cpt-rpki-validator-01.example.xyz 3323 preference 1 rpki cache cpt-rpki-validator-02.example.xyz 8282 preference 2

In VyOS: set protocols rpki cache cpt-rpki-validator-01.example.xyz port '3323' set protocols rpki cache cpt-rpki-validator-01.example.xyz preference '1' set protocols rpki cache cpt-rpki-validator-02.example.xyz port '8282' set protocols rpki cache cpt-rpki-validator-02.example.xyz preference '2' set protocols rpki polling-period '3600

The only thing different on the other box is that the server preference is inverted. RPKI servers are running routinator and stayRTR, the router with the issue preferences routinator. See below showing that it is the most intensive process on the CPU :

Expected behavior

Stable CPU

Actual behavior

Erratic CPU

Additional context

No response

Checklist

[X] I have searched the open issues for this bug.
[X] I have not included sensitive information in this report.

ton31337 commented 18 hours ago

Possible to get the perf data (flamegraph)? Also, would you mind testing with 10.x?

darshankowlaser commented 16 hours ago

will try and get the perf data for you and send it over.

i'll see if i can test with the latest version otherwise the latest FRR implemented on Vyos is my only option, unfortunately this is prod box routing around 40gbps aggregate.

liuxyon commented 15 hours ago

将尝试为您获取性能数据并将其发送过来。

我会看看是否可以使用最新版本进行测试，否则在 Vyos 上实现的最新 FRR 是我唯一的选择，不幸的是这是大约 40gbps 聚合的生产盒路由。

According to my previous experience, it is really necessary to upgrade to the latest version of FRR

FRRouting / frr