After load testing on Nginx+Crowdsec the crowdsec service stuck on 50% full CPU


I am facing with an issue which appears permanent after a load test of 100% for more than 1 minute. Once the queue is cleared and no more traffic is coming in then the overall CPU load drops from 100% to 50% with no actual traffic at all. The system is running on NGINX as reverse proxy and doing crowdsec filtering before proxies the traffic to a different server. Am I hitting a bug or some config needs to be optimised.

Let me correct myself. I was using wrk for load testing. Once the load test ended the traffic dropped back to 0 but the CPU load was showing 50% for an extra 30 mins. It is now dropped back to 0 as it should of after the traffic was removed. I do not understand why us this behaviour, could someone explain it to me please ? Thanks

Are you running stream or live mode?

Live mode with consume more CPU / RAM as it would request to the http endpoint per request

Stream mode is more CPU intensive up front as it loads all IP’s into a map and holds them in memory which means more memory in the long run.

You can change this within the bouncer config.