Hi,
I had enabled IPv6 in my ER-X, all seemed to work well until I had to reboot it this morning. Now I see that these processes are using up lots of CPU:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
10822 root 20 0 13024 7256 3520 S 30.5 2.8 0:00.93 dhcpv6-pd-respo
10827 root 20 0 12564 6324 3140 R 29.2 2.5 0:00.89 dhcpv6-pd-respo
10829 root 20 0 11208 5260 2872 R 20.3 2.1 0:00.62 vyatta_gen_radv
And this shows up in the log files repeatedly:
Aug 14 10:30:43 172.16.26.1 <27>Aug 14 10:30:43 ERXCORE01 radvd[9374]: Exiting, privsep_read_loop is complete.
Aug 14 10:30:47 172.16.26.1 <28>Aug 14 10:30:47 ERXCORE01 radvd[9399]: exiting, 1 sigterm(s) received
Aug 14 10:30:47 172.16.26.1 <27>Aug 14 10:30:47 ERXCORE01 radvd[9400]: Exiting, privsep_read_loop had readn return 0 bytes
Aug 14 10:30:47 172.16.26.1 <27>Aug 14 10:30:47 ERXCORE01 radvd[9400]: Exiting, privsep_read_loop is complete.
Aug 14 10:30:49 172.16.26.1 <28>Aug 14 10:30:49 ERXCORE01 radvd[9427]: exiting, 1 sigterm(s) received
Aug 14 10:30:49 172.16.26.1 <27>Aug 14 10:30:49 ERXCORE01 radvd[9428]: Exiting, privsep_read_loop had readn return 0 bytes
Aug 14 10:30:49 172.16.26.1 <27>Aug 14 10:30:49 ERXCORE01 radvd[9428]: Exiting, privsep_read_loop is complete.
Aug 14 10:30:53 172.16.26.1 <28>Aug 14 10:30:53 ERXCORE01 radvd[9451]: exiting, 1 sigterm(s) received
Aug 14 10:30:53 172.16.26.1 <27>Aug 14 10:30:53 ERXCORE01 radvd[9452]: Exiting, privsep_read_loop had readn return 0 bytes
Aug 14 10:30:53 172.16.26.1 <27>Aug 14 10:30:53 ERXCORE01 radvd[9452]: Exiting, privsep_read_loop is complete.
Aug 14 10:30:55 172.16.26.1 <28>Aug 14 10:30:55 ERXCORE01 radvd[9479]: exiting, 1 sigterm(s) received
Aug 14 10:30:55 172.16.26.1 <27>Aug 14 10:30:55 ERXCORE01 radvd[9480]: Exiting, privsep_read_loop had readn return 0 bytes
Aug 14 10:30:55 172.16.26.1 <27>Aug 14 10:30:55 ERXCORE01 radvd[9480]: Exiting, privsep_read_loop is complete.
Any ideas ?
FWIW, here is my config.
set firewall all-ping enable
set firewall broadcast-ping disable
set firewall ipv6-name insidev6 default-action accept
set firewall ipv6-name insidev6 rule 10 action accept
set firewall ipv6-name insidev6 rule 10 description 'Log New'
set firewall ipv6-name insidev6 rule 10 log enable
set firewall ipv6-name insidev6 rule 10 protocol all
set firewall ipv6-name insidev6 rule 10 state established disable
set firewall ipv6-name insidev6 rule 10 state invalid disable
set firewall ipv6-name insidev6 rule 10 state new enable
set firewall ipv6-name insidev6 rule 10 state related disable
set firewall ipv6-name outsidev6 default-action drop
set firewall ipv6-name outsidev6 enable-default-log
set firewall ipv6-name outsidev6 rule 10 action drop
set firewall ipv6-name outsidev6 rule 10 description 'Drop invalid state'
set firewall ipv6-name outsidev6 rule 10 state invalid enable
set firewall ipv6-name outsidev6 rule 20 action accept
set firewall ipv6-name outsidev6 rule 20 description 'Allow established/related sessions'
set firewall ipv6-name outsidev6 rule 20 state established enable
set firewall ipv6-name outsidev6 rule 20 state related enable
set firewall ipv6-name outsidev6 rule 30 action accept
set firewall ipv6-name outsidev6 rule 30 description 'Allow IPv6 icmp'
set firewall ipv6-name outsidev6 rule 30 protocol ipv6-icmp
set firewall ipv6-name outsidev6 rule 40 action accept
set firewall ipv6-name outsidev6 rule 40 description 'allow dhcpv6'
set firewall ipv6-name outsidev6 rule 40 destination port 546
set firewall ipv6-name outsidev6 rule 40 protocol udp
set firewall ipv6-name outsidev6 rule 40 source port 547
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall name inside default-action accept
set firewall name inside rule 10 action accept
set firewall name inside rule 10 description 'Log New'
set firewall name inside rule 10 log enable
set firewall name inside rule 10 protocol all
set firewall name inside rule 10 state established disable
set firewall name inside rule 10 state invalid disable
set firewall name inside rule 10 state new enable
set firewall name inside rule 10 state related disable
set firewall name outside default-action drop
set firewall name outside enable-default-log
set firewall name outside rule 10 action drop
set firewall name outside rule 10 description 'Drop invalid'
set firewall name outside rule 10 log enable
set firewall name outside rule 10 state established disable
set firewall name outside rule 10 state invalid enable
set firewall name outside rule 10 state new disable
set firewall name outside rule 10 state related disable
set firewall name outside rule 20 action accept
set firewall name outside rule 20 description 'Related, established'
set firewall name outside rule 20 log disable
set firewall name outside rule 20 state established enable
set firewall name outside rule 20 state related enable
set firewall name outside rule 30 action accept
set firewall name outside rule 30 description 'Permit ping'
set firewall name outside rule 30 icmp type-name echo-request
set firewall name outside rule 30 log enable
set firewall name outside rule 30 protocol icmp
set firewall name outside rule 30 state new enable
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set interfaces ethernet eth0 address 172.16.26.1/24
set interfaces ethernet eth0 description inside
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 firewall in ipv6-name insidev6
set interfaces ethernet eth0 firewall in name inside
set interfaces ethernet eth0 ipv6 dup-addr-detect-transmits 1
set interfaces ethernet eth0 ipv6 router-advert cur-hop-limit 64
set interfaces ethernet eth0 ipv6 router-advert link-mtu 0
set interfaces ethernet eth0 ipv6 router-advert managed-flag false
set interfaces ethernet eth0 ipv6 router-advert max-interval 600
set interfaces ethernet eth0 ipv6 router-advert other-config-flag false
set interfaces ethernet eth0 ipv6 router-advert prefix '::/64' autonomous-flag true
set interfaces ethernet eth0 ipv6 router-advert prefix '::/64' on-link-flag true
set interfaces ethernet eth0 ipv6 router-advert prefix '::/64' valid-lifetime 2592000
set interfaces ethernet eth0 ipv6 router-advert reachable-time 0
set interfaces ethernet eth0 ipv6 router-advert retrans-timer 0
set interfaces ethernet eth0 ipv6 router-advert send-advert true
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth0 vif 94 address 10.0.24.1/22
set interfaces ethernet eth0 vif 94 description lan
set interfaces ethernet eth0 vif 94 firewall in ipv6-name insidev6
set interfaces ethernet eth0 vif 94 firewall in name inside
set interfaces ethernet eth0 vif 94 ipv6 dup-addr-detect-transmits 1
set interfaces ethernet eth0 vif 94 ipv6 router-advert cur-hop-limit 64
set interfaces ethernet eth0 vif 94 ipv6 router-advert link-mtu 0
set interfaces ethernet eth0 vif 94 ipv6 router-advert managed-flag false
set interfaces ethernet eth0 vif 94 ipv6 router-advert max-interval 600
set interfaces ethernet eth0 vif 94 ipv6 router-advert other-config-flag false
set interfaces ethernet eth0 vif 94 ipv6 router-advert prefix '::/64' autonomous-flag true
set interfaces ethernet eth0 vif 94 ipv6 router-advert prefix '::/64' on-link-flag true
set interfaces ethernet eth0 vif 94 ipv6 router-advert prefix '::/64' valid-lifetime 2592000
set interfaces ethernet eth0 vif 94 ipv6 router-advert reachable-time 0
set interfaces ethernet eth0 vif 94 ipv6 router-advert retrans-timer 0
set interfaces ethernet eth0 vif 94 ipv6 router-advert send-advert true
set interfaces ethernet eth1 address dhcp
set interfaces ethernet eth1 description outside
set interfaces ethernet eth1 dhcpv6-pd pd 1 interface eth0 host-address '::1'
set interfaces ethernet eth1 dhcpv6-pd pd 1 interface eth0 prefix-id 1
set interfaces ethernet eth1 dhcpv6-pd pd 1 interface eth0 service slaac
set interfaces ethernet eth1 dhcpv6-pd pd 1 interface eth0.94 host-address '::1'
set interfaces ethernet eth1 dhcpv6-pd pd 1 interface eth0.94 prefix-id 2
set interfaces ethernet eth1 dhcpv6-pd pd 1 interface eth0.94 service slaac
set interfaces ethernet eth1 dhcpv6-pd pd 1 prefix-length /56
set interfaces ethernet eth1 dhcpv6-pd rapid-commit disable
set interfaces ethernet eth1 duplex auto
set interfaces ethernet eth1 firewall in ipv6-name outsidev6
set interfaces ethernet eth1 firewall in name outside
set interfaces ethernet eth1 firewall local ipv6-name outsidev6
set interfaces ethernet eth1 firewall local name outside
set interfaces ethernet eth1 speed auto
set interfaces ethernet eth2 duplex auto
set interfaces ethernet eth2 speed auto
set interfaces ethernet eth3 duplex auto
set interfaces ethernet eth3 speed auto
set interfaces ethernet eth4 duplex auto
set interfaces ethernet eth4 speed auto
set interfaces loopback lo
set interfaces switch switch0 mtu 1500
set port-forward auto-firewall enable
set port-forward hairpin-nat enable
set port-forward lan-interface eth0
set port-forward lan-interface eth0.94
set port-forward wan-interface eth1
set protocols static route 10.0.0.0/8 next-hop 172.16.26.2
set protocols static route 192.168.88.0/24 next-hop 172.16.26.2
set service dhcp-server disabled false
set service dhcp-server hostfile-update disable
set service dhcp-server shared-network-name inside authoritative disable
set service dhcp-server shared-network-name inside subnet 172.16.26.0/24 default-router 172.16.26.1
set service dhcp-server shared-network-name inside subnet 172.16.26.0/24 dns-server 10.0.32.10
set service dhcp-server shared-network-name inside subnet 172.16.26.0/24 dns-server 10.0.32.4
set service dhcp-server shared-network-name inside subnet 172.16.26.0/24 lease 3600
set service dhcp-server shared-network-name inside subnet 172.16.26.0/24 start 172.16.26.100 stop 172.16.26.200
set service dhcp-server shared-network-name lan authoritative disable
set service dhcp-server shared-network-name lan subnet 10.0.24.0/22 default-router 10.0.24.1
set service dhcp-server shared-network-name lan subnet 10.0.24.0/22 dns-server 10.0.32.10
set service dhcp-server shared-network-name lan subnet 10.0.24.0/22 dns-server 10.0.32.4
set service dhcp-server shared-network-name lan subnet 10.0.24.0/22 lease 3600
set service dhcp-server shared-network-name lan subnet 10.0.24.0/22 start 10.0.26.1 stop 10.0.26.254
set service dhcp-server use-dnsmasq disable
set service gui http-port 80
set service gui https-port 443
set service gui older-ciphers enable
set service nat rule 5000 log enable
set service nat rule 5000 outbound-interface eth1
set service nat rule 5000 protocol all
set service nat rule 5000 source address 172.16.26.0/24
set service nat rule 5000 type masquerade
set service nat rule 5001 log disable
set service nat rule 5001 outbound-interface eth1
set service nat rule 5001 protocol all
set service nat rule 5001 source address 10.0.24.0/22
set service nat rule 5001 type masquerade
set service ssh port 22
set service ssh protocol-version v2
set service ubnt-discover disable
set service webproxy cache-size 0
set service webproxy default-port 3128
set service webproxy enable-access-log
set service webproxy listen-address 10.0.24.1
set service webproxy listen-address 172.16.26.1
set service webproxy mem-cache-size 5
set service webproxy url-filtering squidguard allow-ipaddr-url
set service webproxy url-filtering squidguard block-category ads
set service webproxy url-filtering squidguard block-category malware
set service webproxy url-filtering squidguard block-category phishing
set service webproxy url-filtering squidguard block-category publicite
set service webproxy url-filtering squidguard block-category marketingware
set service webproxy url-filtering squidguard block-category ddos
set service webproxy url-filtering squidguard block-category dangerous_material
set service webproxy url-filtering squidguard block-category bitcoin
set service webproxy url-filtering squidguard block-category proxy
set service webproxy url-filtering squidguard block-category redirector
set service webproxy url-filtering squidguard block-category strict_redirector
set service webproxy url-filtering squidguard block-category strong_redirector
set service webproxy url-filtering squidguard default-action allow
set service webproxy url-filtering squidguard local-ok 10.0.32.10
set service webproxy url-filtering squidguard local-ok 10.0.32.4
set service webproxy url-filtering squidguard local-ok 10.92.24.5
set service webproxy url-filtering squidguard local-ok 10.92.25.56
set service webproxy url-filtering squidguard local-ok 10.92.25.55
set service webproxy url-filtering squidguard local-ok 10.92.25.54
set service webproxy url-filtering squidguard local-ok 10.92.25.57
set service webproxy url-filtering squidguard local-ok 10.92.25.58
set service webproxy url-filtering squidguard local-ok 10.0.34.6
set service webproxy url-filtering squidguard local-ok 10.92.24.4
set service webproxy url-filtering squidguard local-ok 10.92.25.4
set service webproxy url-filtering squidguard log all
set service webproxy url-filtering squidguard redirect-url 'http://10.0.32.10/blocked.html'
set system host-name ERXCORE01
set system ntp server 0.ubnt.pool.ntp.org
set system ntp server 1.ubnt.pool.ntp.org
set system ntp server 2.ubnt.pool.ntp.org
set system ntp server 3.ubnt.pool.ntp.org
set system offload hwnat enable
set system offload ipsec enable
set system package repository wheezy components 'main contrib non-free'
set system package repository wheezy distribution wheezy
set system package repository wheezy password ''
set system package repository wheezy url 'http://http.us.debian.org/debian'
set system package repository wheezy username ''
set system package repository wheezy-security components main
set system package repository wheezy-security distribution wheezy/updates
set system package repository wheezy-security password ''
set system package repository wheezy-security url 'http://security.debian.org'
set system package repository wheezy-security username ''
set system syslog global facility all level notice
set system syslog global facility protocols level debug
set system syslog host 10.0.32.8 facility all level warning
set system time-zone America/Montreal
set system traffic-analysis dpi enable
set system traffic-analysis export enable
set system traffic-analysis signature-update update-hour 3