Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

High CPU utilization when multicast peer not in AllowedPublicKeys #1141

Open
jgoerzen opened this issue May 21, 2024 · 3 comments
Open

High CPU utilization when multicast peer not in AllowedPublicKeys #1141

jgoerzen opened this issue May 21, 2024 · 3 comments

Comments

@jgoerzen
Copy link

Hello,

I had a situation in which one laptop on my network was showing constant high CPU utilization from Yggdrasil even when Yggdrasil was effectively idle (confirmed with tcpdump/iftop both on the tun interface as well as the host's interface). The CPU utilization was about 50%.

This particular laptop has MulticastInterfaces defined with a password. It also has some entries in AllowedPublicKeys. My understanding was that AllowedPublicKeys was not consulted for connections established via multicast.

Finally upon running strace on yggdrasil, I saw it was repeatedly accepting connections from two multicast peers on the LAN. Those two peers knew the multicast password, but were not listed in AllowedPublicKeys. yggdrasilctl getpeers showed the IPv6 link-local (fe80:) address in the URI column, but the IP address column was blank.

After adding them both to AllowedPublicKeys on the laptop, the CPU utilization issue went away and they were then listed with Yggdrasil IPs in getpeers.

So I think there are two bugs here:

  1. There is no backoff from a client connecting to a multicast peer, and having the connection dropped due to not being in AllowedPublicKeys
  2. The documentation isn't clear about AllowedPublicKeys and how it relates to MulticastInterfaces (or perhaps the implementation doesn't follow the documentation)

Thanks again for Yggdrasil!
@neilalexander
Copy link
Member

Thanks for the report, I'll take a look into this.

@waseigo
Copy link

waseigo commented Sep 26, 2024

I had the same issue. Two nodes (VMs) A and B in the same subnet, both of them with the default settings for MultiCast in yggdrasil.conf, but only one of them (B) had a single entry in AllowedPublicKeys for a third yggdrasil node (C) at a different site.

/var/log/syslog of node A grew to fill the disk, as it was logging the connection attempts to B. CPU of both A and B went to 100%, as did network traffic (looking at the stats that virt-manager shows).

So, I concur with @jgoerzen regarding the backoff.

neilalexander added a commit that referenced this issue Sep 29, 2024
@neilalexander
Fix bug where ephemeral links would try to reconnect in a fast loop
d1b8495 
Helps #1141, although not a complete solution.
neilalexander added a commit that referenced this issue Sep 29, 2024
@neilalexander
The AllowedPublicKeys option should not apply to multicast listeners
377bc66 
Another fix for #1141.
@neilalexander
Copy link
Member

Please check with the latest develop commits if possible!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jgoerzen @neilalexander @waseigo