How to find out the process that causes high CPU usage on Mikrotik

How to find out the process that causes high CPU usage on Mikrotik

The CPU (Central Processing Unit) is very important in devices that use the Operating System. On Mikrotik devices, the CPU is very influential on the processes that run on the RouterOS operating system. High and low CPU usage is very dependent on the number of processes that occur on the operating system itself. The use of high CPU resources, especially close to 100% continuously, will certainly reduce the performance of the Mikrotik device itself.

So here we will discuss how to see why Mikrotik CPU Usage can be high, close to 100%. What process actually occurs in the RouterOS operating system that causes high CPU usage.

To be able to find out CPU usage, we can look at winbox in the System -> Resource menu. You can see in the CPU Load column.

Well, now how do you find out what processes make the Mikrotik CPU Load so high? The answer is easy, we just need to open the Tool menu -> Profile. For Mikrotk with more than 1 CPU Core, then we can choose which CPU Core we want to see the process, we can also see the total process for all CPU cores. Here’s what the profiler menu looks like:

Intsall Foam Inside The Keyboards C...
Intsall Foam Inside The Keyboards Case

We can see in the picture above that there are several processes running on Mikrotik, and we can see which processes are causing the high CPU load on Mikrotik. These processes are classified into several types called Process Classifiers. The following are the details of the Process Classifiers from wiki.mikrotik.com:

  • idle – shows unused CPU. Typically idle=100%-(sum of all process cpu usages).
  • ppp
  • pppoe
  • ppp-compression
  • ppp-mppe
  • ethernet – cpu used by ethernets when sending/receiving packets
  • bridging
  • encrypting – cpu used by packet encryption
  • ipsec – IP security
  • queuing – packet queuing
  • firewall – packet processing in IP firewall
  • l7-matcher – cpu used by Layer7 matcher.
  • p2p-matcher – Peer-to-peer traffic matcher in ip firewall
  • gre – Gre tunnels
  • eoip – EoIP tunnels
  • m3p – MikroTik Packet Packer Protocol
  • radius
  • ip-pool
  • routing
  • sniffing
  • traffic-accounting
  • traffic flow
  • console
  • telnet
  • ssh
  • ftp
  • tfpt
  • www
  • dns
  • snmp
  • socks
  • web-proxy
  • winbox
  • metarouter-fs
  • metarouter-net
  • kvm
  • profiling – cpu used by Profiler tool itself
  • btest bandwidth test tool
  • logging
  • flash – cpu usage when writing to NAND
  • disk – cpu usage when wiring to Disk
  • networking – core packet processing
  • serial
  • usb
  • firewall-mgmt
  • queue-mgmt
  • e-mail
  • fetcher
  • backup
  • graphing
  • health
  • isdn
  • dhcp
  • hotspot
  • radv – IPv6 route advertisement
  • ntp – NTP server/client
  • ldp
  • mpls
  • pim – Multicast routing protocol
  • igmp-proxy
  • bgp
  • ospf
  • rip
  • mme
  • synchronous – cpu usage by synchronous cards
  • gps
  • user-manager
  • wireless
  • dude
  • supout.rif – cpu used by supout.rif file creator.
  • management – RouterOS management processes that do not fall into any other classifier. For example, when routes added to kernel, internal messaging exchange between RouterOS applications, etc.
  • unclassified – any other processes that were not classified.

From the case of high Mikrotik CPU Load above, the process that makes CPU usage high is the management process. What is process management on Mikrotik? Why does the management process in Mikrotik make the CPU Load high? To answer this question, let’s first discuss what the proxy management process is:

According to wiki.mikrotik.com the classifier management profile is as follows:

RouterOS management processes that do not fall into any other classifier. For example, when routes added to kernel, internal messaging exchange between RouterOS applications, etc.

This means management processes on RouterOS that are not included in any of the other classifiers. For example, when adding routes to the kernel, exchanging internal information between RouterOS applications, etc. What is meant by this classifier are processes that appear on the profile menu as listed above. While the exchange of information between RouterOS can be in the form of SNMP (Simple Network Management Protocol).

Simple Network Management Protocol (SNMP) is an Internet standard protocol for managing devices on a network. SNMP can be used for a variety of graph data. An example of its use is on The Dude and similar applications. In order for Mikrotik to be managed, SNMP must be enabled.

From this case, the suspect is the SNMP feature on Mikrotik which causes the Mikrotik CPU load to be very high. This is because the Mikrotik Router is monitored by network monitoring applications that use SNMP features, such as The Dude and SolarWinds.

After I tried to disable the SNMP feature in The Dude application, Mikrotik CPU Load started to drop.

From the picture above, it can be seen that the management process dropped dramatically after the SNMP feature on the dude was turned off. Here what looks high is the idle process. Where this idle process is an accumulation of unused CPU which is 97%, because the CPU Load usage is only 3%.

Okay, until here we have discussed about How to Know High CPU Usage Process on Mikrotik along with high CPU Load problems caused by the Management process in Mikrotik RouterOS. For other classifier processes, I don’t need to explain, because there is already an explanation.