[FROG] RPKI process efficiency

Celsa Sanchez ccssantana25 at gmail.com
Tue May 20 14:45:18 UTC 2025 

Hi all,

Thanks for sharing your experience, Darshan.

In my case, the high CPU usage was mostly caused by `zebra` and `bgpd`
after enabling RPKI validation in FRR 9.0.1 on Ubuntu 20.04.6.
Additionally, I noticed failed attempts to install routes and continuous
nexthop hash entry errors in the logs, which seemed to trigger a loop of
kernel update attempts.

I’ve now upgraded to FRR 10.3 and the issue has been resolved. CPU usage
dropped significantly, and the RPKI process behaves normally.

Best regards,
Celsa Sánchez

El dom, 18 may 2025 a las 6:06, Darshan Kowlaser (<
darshan at darshankowlaser.com>) escribió:

> Hello,
>
> It ended up being related to SNMP. after disabling SNMP my problem
> disappeared.
>
> Thanks,
> Darshan
>
>
> On Fri, 16 May 2025 at 16:54, Celsa Sanchez <ccssantana25 at gmail.com>
> wrote:
>
>> Hi,
>>
>> I'm also experiencing high CPU usage after enabling RPKI validation in
>> FRR.
>> I'm running version 9.0.1 on Ubuntu 20.04.6 LTS.
>>
>> Additionally, I'm having trouble stopping the RPKI validation using
>> `vtysh`.
>> Is there any known issue with this version, or recommended steps to
>> properly reset or disable RPKI?
>>
>> Any suggestions would be appreciated.
>>
>> Best regards,
>> Celsa Sánchez
>>
>> El lun, 25 nov 2024 a las 5:43, Darshan Kowlaser via frog (<
>> frog at lists.frrouting.org>) escribió:
>>
>>>
>>>
>>>
>>> ---------- Forwarded message ----------
>>> From: Darshan Kowlaser <darshan at darshankowlaser.com>
>>> To: frog at lists.frrouting.org
>>> Cc:
>>> Bcc:
>>> Date: Mon, 25 Nov 2024 10:22:11 +0200
>>> Subject: RPKI process efficiency
>>> Hello
>>>
>>> I'm experiencing high CPU usage on my RPKI process which is very odd. To
>>> elaborate, I have two vyos boxes that have similar configuration for the
>>> edge just handling BGP and OSPF to the core. On one of the routers I have
>>> excessively high CPU usage and when checking the processes RPKI sits very
>>> high compared to the other router.
>>>
>>> FRR Version:
>>> `*FRRouting 9.1.1 (za-ct-ter-dc-rt-edge-01) on
>>> Linux(6.6.43-amd64-vyos).*
>>>
>>>
>>> *Copyright 1996-2005 Kunihiro Ishiguro, et al.configured with:
>>> '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include'
>>> '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info'
>>> '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking'
>>> '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu'
>>> '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode'
>>> '--localstatedir=/var/run/frr' '--sbindir=/usr/lib/frr'
>>> '--sysconfdir=/etc/frr' '--with-vtysh-pager=/usr/bin/pager'
>>> '--libdir=/usr/lib/x86_64-linux-gnu/frr'
>>> '--with-moduledir=/usr/lib/x86_64-linux-gnu/frr/modules'
>>> '--disable-dependency-tracking' '--enable-rpki' '--enable-scripting'
>>> '--enable-pim6d' '--with-libpam' '--enable-doc' '--enable-doc-html'
>>> '--enable-snmp' '--enable-fpm' '--disable-protobuf' '--disable-zeromq'
>>> '--enable-ospfapi' '--enable-bgp-vnc' '--enable-multipath=256'
>>> '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty'
>>> '--enable-configfile-mask=0640' '--enable-logfile-mask=0640'
>>> 'build_alias=x86_64-linux-gnu' 'PYTHON=python3'*
>>> `
>>>
>>> Here is my RPKI configuration on the router experiencing high process
>>> CPU usage :
>>>
>>> In Vtysh:
>>> `*rpki*
>>>
>>> * rpki cache cpt-rpki-validator-01.example.xyz
>>> <http://cpt-rpki-validator-01.example.xyz> 3323 preference 1 rpki cache
>>> cpt-rpki-validator-02.example.xyz
>>> <http://cpt-rpki-validator-02.example.xyz> 8282 preference 2*
>>> `
>>>
>>> In VyOS:
>>> `*set protocols rpki cache cpt-rpki-validator-01.example.xyz
>>> <http://cpt-rpki-validator-01.example.xyz> port '3323'*
>>>
>>>
>>>
>>> * set protocols rpki cache cpt-rpki-validator-01.example.xyz
>>> <http://cpt-rpki-validator-01.example.xyz> preference '1' set protocols
>>> rpki cache cpt-rpki-validator-02.example.xyz
>>> <http://cpt-rpki-validator-02.example.xyz> port '8282' set protocols rpki
>>> cache cpt-rpki-validator-02.example.xyz
>>> <http://cpt-rpki-validator-02.example.xyz> preference '2'*
>>> * set protocols rpki polling-period '3600*
>>> `
>>>
>>> The only thing different on the other box is that the server preference
>>> is inverted. RPKI servers are running routinator and stayRTR, the router
>>> with the issue preferences routinator. See below showing that it is the
>>> most intensive process on the CPU :
>>>
>>> [image: image.png]
>>>
>>> Would be greatly appreciated if anyone could advise.
>>>
>>>
>>>
>>> ---------- Forwarded message ----------
>>> From: Darshan Kowlaser via frog <frog at lists.frrouting.org>
>>> To: frog at lists.frrouting.org
>>> Cc:
>>> Bcc:
>>> Date: Mon, 25 Nov 2024 10:22:11 +0200
>>> Subject: [FROG] RPKI process efficiency
>>> _______________________________________________
>>> frog mailing list
>>> frog at lists.frrouting.org
>>> https://lists.frrouting.org/listinfo/frog
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20250520/63bdc1ff/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 32278 bytes
Desc: not available
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20250520/63bdc1ff/attachment-0001.png>

More information about the frog mailing list