Reply
New Member
Posts: 15
Registered: ‎04-17-2014

USG High CPU with IPS Enabled - 60% +/-

Random issue with USG and IPS.

 

With IPS enabled, it will randomly go from normal CPU usage to high CPU usage without any apparent change on the network. It can happen in the middle of the night with no one working. I've tried to determine if a certain computer is causing this, but I can't find the culprit if that is the case.

 

Is there a way I can see what is specifically causing IPS to spike?

rvptop.PNG
rvpusg.PNG
Ubiquiti Employee
Posts: 545
Registered: ‎08-10-2017
Kudos: 298
Solutions: 22

Re: USG High CPU with IPS Enabled - 60% +/-

spike on IPS can happen when you have multiple signatures matched or spikes of traffic.

What is your USG Model and What firmware you are running ?
New Member
Posts: 15
Registered: ‎04-17-2014

Re: USG High CPU with IPS Enabled - 60% +/-

UniFi Security Gateway 3P

4.4.22.5086045

 

I turned off IPS after my original post and now averaging less then 3% CPU usage.

Ubiquiti Employee
Posts: 545
Registered: ‎08-10-2017
Kudos: 298
Solutions: 22

Re: USG High CPU with IPS Enabled - 60% +/-

On USG 3P and USG Pro it is expected to have IPS/IDS running with high CPU as this will use all resources available so nothing wrong on that.

High CPU by itself does not mean you have a problem just that your CPU is being utilized to do something and in this case it is IPS/IDS.

Remember that with IPS/IDS enabled all packets are decoded and the system tries to match rules with packet so this will utilize a lot of CPU.
New Member
Posts: 15
Registered: ‎04-17-2014

Re: USG High CPU with IPS Enabled - 60% +/-

[ Edited ]

OK. It does go up an expected amount of usage when enabled, but then spikes to high levels for no apparent reason. I have 10 sites all with full UniFi sans a switch or two, and this is the only site that does this.

 

Is there a way to know the originaing IP of the requests so I can see if there is a "bad" device on the network (hacked IoT, computer, bot, etc.)?

Ubiquiti Employee
Posts: 545
Registered: ‎08-10-2017
Kudos: 298
Solutions: 22

Re: USG High CPU with IPS Enabled - 60% +/-

if you are not receiving any alert this may be related to Malicious IP or TOR, but these ones can be found on USG

grep BLOCK /var/log/messages

should list all blocks and you can also disable TOR and Malicious IP Firewall restrictions on your IPS/IDS configuration page
New Member
Posts: 15
Registered: ‎04-17-2014

Re: USG High CPU with IPS Enabled - 60% +/-

Thanks! I'll give it a look and do some more testing.

New Member
Posts: 6
Registered: ‎10-09-2017

Re: USG High CPU with IPS Enabled - 60% +/-

I'm seeing similar results.  When enabling IPS, CPU increases a nominal amount and continues to run fine for a couple days before suddenly jumping to about 60%.  As soon as I disable it, CPU drops to pre-IPS levels.

2018-10-24_20h10_21.png
Ubiquiti Employee
Posts: 545
Registered: ‎08-10-2017
Kudos: 298
Solutions: 22

Re: USG High CPU with IPS Enabled - 60% +/-

you can try the new Beta 4.4.32dev that includes more work on IPS/IDS related to CPU and memory or wait to next stable release

https://community.ubnt.com/t5/UniFi-Routing-Switching-Beta/USG-Firmware-v4-4-32dev-available-for-tes...
New Member
Posts: 17
Registered: ‎05-03-2017

Re: USG High CPU with IPS Enabled - 60% +/-

Just adding in a 'me too' post.

 

Same issue, same usage actually...50-60% randomly.

New Member
Posts: 6
Registered: ‎09-23-2018
Kudos: 1

Re: USG High CPU with IPS Enabled - 60% +/-

Same problem here but my USG also disconnects regularly after enabling IDS and also gives me timouts like in Nashional's charts. In the past it ran fine for a couple of days but then disconnects and had to restart the USG. The problem became more frequent and i had to eventually do a factory reset on the unit to be able to login again and to disable IDS.

 

I do want to use IDS/IPS but it does not seem to run the way it should work. 

 

PS. througput is just fin with IDS enabled on my USG 3P (withoud IDS/IPS 200-20/ With IDS/IPS 160/20)

Ubiquiti Employee
Posts: 545
Registered: ‎08-10-2017
Kudos: 298
Solutions: 22

Re: USG High CPU with IPS Enabled - 60% +/-

can you try last stable 4.4.34 and see if you have any improvement ?
New Member
Posts: 6
Registered: ‎09-23-2018
Kudos: 1

Re: USG High CPU with IPS Enabled - 60% +/-

Hello Marcus,

 

Yes i can but i can only see last firmware UniFi Security Gateway firmware 4.4.29 for the USG 3P?

Ubiquiti Employee
Posts: 545
Registered: ‎08-10-2017
Kudos: 298
Solutions: 22

Re: USG High CPU with IPS Enabled - 60% +/-

New Member
Posts: 6
Registered: ‎09-23-2018
Kudos: 1

Re: USG High CPU with IPS Enabled - 60% +/-

[ Edited ]

Installed new firmware and my USG 3P seems to be more stable. On the other hand the usage (average 75-80%) is more than it was before and i am experiencing some latency when playing movies etc!

 

Is there a way to solve this problem?

 

Schermafbeelding 2018-12-08 om 13.45.27.png

Reply