Troubleshooting Tip: High WAD user-info CPU usage due to too many discovered devices
| Description | This article describes cases where there is an exceptionally high CPU utilization for the WAD process due to too many discovered devices being handled. |
| Scope | All FortiOS versions. |
| Solution | In this scenario, this is caused by too many discovered devices in the User & Device store. This store takes the devices from the kernel, as seen in the IPS and the output of the following command:
diagnose user device list
This usually poses an issue in an environment where there are lots of transient devices (airport, hotel, coffee shop, ... etc.). These transient devices fill up the User & Device store and will put stress upon the wad user-info process if it needs to access this list due to the sheer length of it.
This typically is then observed with high CPU usage in the system space and WAD at the top of the diagnose sys top output.
FGT01 $ diagnose sys top
With the process ID of the wad process and the diagnose test app wad 1000 command, the specific WAD sub-process type can be determined.
FGT01 $ diagnose debug enable FGT01 $ diagnose test app wad 1000 Process [35]: type=user-info(5) index=0 pid=4516 state=running diagnosis=no debug=enable valgrind=supported/disabled With the process ID of the wad process and the diagnose test app wad 1000, the specific WAD sub-process type can be determined.
WAD user-info:
To show the number of discovered devices, use the diagnose user device stats command.
FGT01 $ diagnose user device stats generation.global 216394 generation.seen 174813 generation.deletion 0 count 122821 joined 0 create_failed 0 fd 12 hash 8192
Alternatively, this information can also be gathered by selecting the wad user-info process itself. For a detailed explanation of the WAD process and how to select a specific one, refer to Technical Tip: Overview of WAD process structure.
FGT01 $ diagnose test app wad 2500
When the active devices as seen by diagnose user device list are deleted, they may still be in the device list. This is because FortiOS stores some historical data in case of a reboot, so some information persists during such an event.
If FortiGate is configured with managing FortiSwitch, High CPU usage on WAD user-info may cause the FortiSwitch Ports and FortiSwitch Clients GUI to become inaccessible. The GUI page will just keep on spinning / loading. Restart the WAD user-info process and the GUI will be accessible.
WiFi & Switch Controller -> FortiSwitch Ports.
FGT01 $ diagnose debug enable FGT01 $ diagnose test app wad 1000 Process [35]: type=user-info(5) index=0 pid=4516 state=running diagnosis=no debug=enable valgrind=supported/disabled ..... FGT01 $ diagnose sys kill 11 4516 Note: 4516 is the PID seen from the 'diagnose test app wad 1000'command. Refer to Technical Tip: Overview of WAD process structure.
To reduce the number of idle devices discovered, use the command set discovered-device-timeout <days>. This will reduce devices stored to those devices discovered over the last set days. The default is 28 days. The following reduces the store to all devices discovered in the last day.
config system settings
Related articles: |