Results 1 to 8 of 8
  1. #1
    tjk
    tjk is offline
    Untanglit
    Join Date
    Apr 2021
    Posts
    23

    Default Performance / process questions

    Hey All,

    I've been doing some testing on Untangle and had a question about the java process that is running and taking up a ton of cpu time when doing high traffic through the system?

    See the attached screen cap as an example, I am running iperf3 through the box generating about 9Gb/s of traffic and the java process is chewing up the cpu.
    Attached Images Attached Images

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,475

    Default

    Yes, NGFW is a UVM which is more than a router. UVM has to have traffic processed in user-space which is in the layered CPU cycles. The more traffic pushed through, the more CPU power it will consume.
    CMcNaughton likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    tjk
    tjk is offline
    Untanglit
    Join Date
    Apr 2021
    Posts
    23

    Default

    Quote Originally Posted by jcoffin View Post
    Yes, NGFW is a UVM which is more than a router. UVM has to have traffic processed in user-space which is in the layered CPU cycles. The more traffic pushed through, the more CPU power it will consume.
    Thanks, understand the user space bit, but are you using java for the routing engine? Just curious what the java app is doing.

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,475

    Default

    Correct the UVM is a Java app.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    tjk
    tjk is offline
    Untanglit
    Join Date
    Apr 2021
    Posts
    23

    Default

    Quote Originally Posted by jcoffin View Post
    Correct the UVM is a Java app.
    Routing packets with java, not the most efficient to say the least.

    Thanks.

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,475

    Default

    Routing on layer 7 objects like traffic application identification is never efficient but necessary in some cases. Simple Layer 3 routing on Untangle is still done at the kernel level.

    Untangle NGFW apps routing (except WAN Failover and Balancer) are handled in UVM. All routing in Config -> Network is done in the kernel.
    CMcNaughton likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    tjk
    tjk is offline
    Untanglit
    Join Date
    Apr 2021
    Posts
    23

    Default

    Quote Originally Posted by jcoffin View Post
    Routing on layer 7 objects like traffic application identification is never efficient but necessary in some cases. Simple Layer 3 routing on Untangle is still done at the kernel level.

    Untangle NGFW apps routing (except WAN Failover and Balancer) are handled in UVM. All routing in Config -> Network is done in the kernel.
    Thanks, so a question then. In my testing, no fw rules, just external and internal and nat off the external, pushing iperf3 tests. That should be all kernel space? Nothing else is enabled, so about as simple as it gets. The java app should not be touching any of those packets (I think), so why is the java process chewing up so much cpu?

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,808

    Default

    Anything TCP or UDP that's transiting Untangle unless bypassed is subject to the UVM, and therefore running through the java process.

    It's not just a Java process... it's a virtual environment running all of the collective apps. And yes... it's a pig. That being said, it scales REALLY well. It is very heavy to get started but it scales up to thousands of endpoints without really changing the requirements much. Or at least, no changing things drastically like other platforms tend to do. You still need a beast of a box for large installs.
    tjk likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2