Author Topic: 6.2 SP2 PR2 CPU lag / spiking fix (Read 1911 times)

b_hackbarth · « **on:** July 13, 2017, 01:54:51 PM »

For any of you that use the FTP Engineering builds for MiVoice Office, be aware that in 6.2 SP2 PR2 they added a new firewall feature to the web interface. Behind the scenes this uses linux iptables.

It comes with a lot of pre-defined rules that work for most customers and deny everything else.

On high-traffic controllers with lots of phones, phone manager, oai, etc, you may see CPU spikes and lagginess. If you get to the shell and run top you might see the "perl" process is causing the spikes. This is because iptables must inspect the packets to decide whether to drop them or not. This requires CPU.

To fix this, SSH / PuTTY to the controller and go to the OLM. Then type shell.

At the shell, type iptables –F

This causes the new firewall feature not to work, but also will return your CPU to normal. Releases prior to SP2 PR2 did not have this firewall feature.

If you still need the new firewall feature and low CPU, Mitel tech support can help.

It's always better to have a firewall in front of the Controller rather than trying to make the Controller say no to traffic.

Commands:

OLM> shell

<hostname> # : iptables -F

<hostname>#: exit

OLM> exit

----------------------------------------------

To just list the iptables rules instead:

iptables –L

Shoutout to Jeff at Mitel Tech support, he was awesome and helped me with this.

sarond · « **Reply #1 on:** July 13, 2017, 07:34:45 PM »

Does flushing the firewall persist with a reboot?

I'm going to assume it won't

sarond · « **Reply #2 on:** July 13, 2017, 11:10:33 PM »

I have just confirmed on my system that a reboot will apply the original firewall rules again.

b_hackbarth · « **Reply #3 on:** July 14, 2017, 02:56:44 PM »

Thanks for the info sarond. I would bet Mitel will be issuing a patch for this, hopefully soon.
Unfortunately without root privileges we wouldn't be able to tell iptables to make anything persistent, and Mitel is running a script at boot time to set up the rules.

I have one site that is unbearable with the iptables rules. Good thing they usually have high uptime.

sarond · « **Reply #4 on:** July 14, 2017, 08:23:18 PM »

Yes it's good info to have. If Mitel are aware of the issue I'm sure they'll do something about it.

b_hackbarth · « **Reply #5 on:** July 16, 2017, 01:41:32 PM »

I've updated my ticket with Mitel asking if there's a way to make it persistent in the mean time. Jeff is looking into it, I will let you know what his response is.

b_hackbarth · « **Reply #6 on:** July 17, 2017, 10:00:36 PM »

Mitel says they will have this fixed in 6.2 SP2 PR3, slated for release yet in July. They say the firewall rules will be preserved but the CPU will not be impacted.

b_hackbarth · « **Reply #7 on:** July 25, 2017, 02:45:31 PM »

6.2 SP2 PR3 is now available on the FTP site. They say it maintains the new security scripts but does not affect system performance.

Mitel Forums - The Unofficial Source

News:

Author Topic: 6.2 SP2 PR2 CPU lag / spiking fix (Read 1911 times)

b_hackbarth

6.2 SP2 PR2 CPU lag / spiking fix

sarond

Re: 6.2 SP2 PR2 CPU lag / spiking fix

sarond

Re: 6.2 SP2 PR2 CPU lag / spiking fix

b_hackbarth

Re: 6.2 SP2 PR2 CPU lag / spiking fix

sarond

Re: 6.2 SP2 PR2 CPU lag / spiking fix

b_hackbarth

Re: 6.2 SP2 PR2 CPU lag / spiking fix

b_hackbarth

Re: 6.2 SP2 PR2 CPU lag / spiking fix

b_hackbarth

Re: 6.2 SP2 PR2 CPU lag / spiking fix