Archer C2600: WAN interface randomly enters high-latency state

Hello there,

For past few months I'm trying to pinpoint a strange phonenomenon on my TP-Link Archer C2600 running OpenWrt 24.10.3. Rarely, ca. onca a week, latency values on WAN link (PPPoE or DHCP, I've checked both options) skyrocket well above 50ms and stay there. They are not uniform and under a "time zoom" they appear to have a cyclic pattern (!):

ping100ms1902×427 42 KB

I've already ruled out the modem on the other end of ethernet cable and the cable itself. There are no error messages, changed interface/link statuses on LuCi or ifconfig, there is no increased CPU load. There's nothing suspicious in tcpdump, even on arp level. Replugging cables does no good either. I've also tried different disabling/enabling packet steering and QoS. I've also haven't identified any external trigger to this deterioration.

The only cure I've found for now (apart from rebooting the router) is to use "service network restart" in ssh - latency recovers instantly. I've tried just stopping/restarting interfaces in LuCi with no luck: it needs a service restart.

Any clues where to go from here?

Please do a measurement and post a result link(s) using https://www.waveform.com/tools/bufferbloat
1- wired to lan
2- wireless if involved
3- if possible PC directly to internet port in place of router
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):

Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

My issue is not traffic-related, please accept however bufferbloat test:

Bufferbloat1172×895 161 KB

My PC connection is wired. I do my monitoring (including the char above) from OpenWRT router itself (by SSH access), so I am quite sure the problem is inside the router (or a very unlikely ethernet incompatibilty with optic-fibre modem).

Below you'll find my network configuration. It is a bit extensive, I hav however already done test with a simplified versions. Not completely vanilla, since I want my home network to be usable and this latency events may not happen for weeks.

root@r2:~# ubus call system board
{
        "kernel": "6.6.104",
        "hostname": "r2",
        "system": "ARMv7 Processor rev 0 (v7l)",
        "model": "TP-Link Archer C2600",
        "board_name": "tplink,c2600",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "24.10.3",
                "revision": "r28872-daca7c049b",
                "target": "ipq806x/generic",
                "description": "OpenWrt 24.10.3 r28872-daca7c049b",
                "builddate": "1758316778"
        }
}

root@r2:~# cat /etc/config/network
config interface 'loopback'
        option device 'lo'
        option proto 'static'
        list ipaddr '127.0.0.1/8'

config globals 'globals'
        option ula_prefix 'REDACTED'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        option ipv6 '0'
        list ports 'lan1'
        list ports 'lan3'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        list ipaddr '10.0.0.1/24'
        list dns_search 'lan REDACTED'
        option delegate '0'
        list dns '1.1.1.1'
        list dns '8.8.8.8'
        list dns '9.9.9.9'
        list dns 'REDACTED'

config interface 'wan'
        option device 'wan'
        option proto 'pppoe'
        option type 'bridge'
        option username 'REDACTED'
        option password 'REDACTED'
        option ipv6 'auto'

config interface 'wlan_guest'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.191.1'
        option device 'radio1.network2'

config interface 'vpn0'
        option device 'tun0'
        option proto 'none'

config device
        option name 'br-wifi'
        option type 'bridge'
        list ports 'phy0-ap0'
        list ports 'phy1-ap0'

config interface 'wifi'
        option proto 'static'
        list ipaddr '10.0.3.1/24'
        option device 'br-wifi'
        list dns '1.1.1.1'
        list dns '8.8.8.8'
        list dns '9.9.9.9'
        list dns 'REDACTED'

config interface 'wan_ip'
        option proto 'static'
        option device 'wan'
        option ipaddr '192.168.100.5'
        option netmask '255.255.255.0'
        option defaultroute '0'

config device
        option name 'wan'
        option ipv6 '0'

config device
        option name 'phy0-ap0'

config device
        option name 'phy1-ap0'

config device
        option type 'bridge'
        option name 'br-lan-tv'
        option ipv6 '0'
        list ports 'lan2'
        list ports 'lan4'

config interface 'lan_tv'
        option proto 'static'
        option device 'br-lan-tv'
        option ipaddr '10.0.13.1'
        option netmask '255.255.255.0'

config interface 'wan_dhcp'
        option proto 'dhcp'
        option device 'wan'
        option disabled '1'

config interface 'vpn1'
        option proto 'none'
        option device 'tun1'
        option defaultroute '0'
        option delegate '0'

root@r2:~# cat /etc/config/wireless
config wifi-device 'radio0'
        option type 'mac80211'
        option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
        option band '5g'
        option cell_density '0'
        option channel 'auto'
        option txpower '20'
        option country 'REDACTED'
        option htmode 'VHT80'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option key 'REDACTED'
        option network 'wifi'
        option encryption 'sae'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option nasid '118844'
        option ssid 'REDACTED'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
        option band '2g'
        option channel 'auto'
        option txpower '20'
        option country 'REDACTED'
        option cell_density '0'
        option legacy_rates '1'
        option htmode 'HT20'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option mode 'ap'
        option key 'REDACTED'
        option network 'wifi'
        option ieee80211r '1'
        option nasid '118844'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option ssid 'REDACTED'
        option encryption 'sae-mixed'

config wifi-iface 'wifinet2'
        option device 'radio1'
        option mode 'ap'
        option ssid 'REDACTED'
        option key 'REDACTED'
        option network 'wlan_guest'
        option isolate '1'
        option encryption 'sae-mixed'
        option disabled '1'

config wifi-iface 'wifinet3'
        option device 'radio1'
        option mode 'ap'
        option ssid 'REDACTED'
        option encryption 'psk2'
        option key 'REDACTED'
        option network 'wifi'

root@r2:~# cat /etc/config/dhcp
config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'REDACTED'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option leasetime '36h'
        list dhcp_option '6,1.1.1.1,8.8.8.8,9.9.9.9,REDACTED'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'
        option start '100'
        option limit '150'
        option leasetime '12h'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config host
        option name 'REDACTED'
        option dns '1'
        option mac 'REDACTED'
        option ip '10.0.0.14'

config host
        option name 'REDACTED'
        option dns '1'
        option mac 'REDACTED'
        option ip '10.0.0.80'

config host
        option name 'REDACTED'
        option dns '1'
        option mac 'REDACTED'
        option ip '10.0.0.111'

config host
        option name 'REDACTED'
        option dns '1'
        option mac 'REDACTED'
        option ip '10.0.0.10'

config host
        option name 'REDACTED'
        option dns '1'
        option mac 'REDACTED'
        option ip '10.0.3.102'

config host
        option name 'REDACTED'
        option dns '1'
        option mac 'REDACTED'
        option ip '10.0.3.101'

config host
        option name 'REDACTED'
        option dns '1'
        option mac 'REDACTED'
        option ip '10.0.3.132'

config host
        option name 'REDACTED'
        option dns '1'
        option mac 'REDACTED'
        option ip '10.0.0.11'

config host
        option dns '1'
        option ip '10.0.13.71'
        option name 'REDACTED'
        option mac 'REDACTED'

config host
        option dns '1'
        option ip '10.0.13.72'
        option name 'REDACTED'
        option mac 'REDACTED'

config host
        option name 'REDACTED'
        option dns '1'
        option mac 'REDACTED'
        option ip '10.0.0.8'

config host
        option name 'REDACTED'
        option dns '1'
        option mac 'REDACTED'
        option ip '10.0.3.41'

config dhcp 'wlan_guest'
        option interface 'wlan_guest'
        option start '100'
        option limit '150'
        option leasetime '8h'

config dhcp 'wifi'
        option interface 'wifi'
        option start '150'
        option limit '100'
        option leasetime '24h'
        list dhcp_option '6,1.1.1.1,8.8.8.8,9.9.9.9,REDACTED'

config host
        option name 'REDACTED'
        option dns '1'
        option mac 'REDACTED'
        option ip '10.0.3.21'

config host
        option name 'REDACTED'
        option dns '1'
        option mac 'REDACTED'
        option ip '10.0.3.62'

config host
        option ip '10.0.3.166'
        option mac 'REDACTED'
        option name 'REDACTED'
        option dns '1'

config dhcp 'lan_tv'
        option interface 'lan_tv'
        option start '100'
        option limit '150'
        option leasetime '12h'

config host
        option name 'REDACTED'
        option ip '10.0.0.132'
        list mac 'REDACTED'

root@r2:~# cat /etc/config/firewall
config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'
        option drop_invalid '1'
        option flow_offloading '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        list network 'wifi'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan_dhcp'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option family 'ipv4'
        option target 'ACCEPT'
        list icmp_type 'echo-request'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config redirect
        option dest 'lan'
        option target 'DNAT'
        list proto 'udp'
        option src 'wan'
        option src_dport 'REDACTED'
        option dest_port 'REDACTED'
        option dest_ip '10.0.3.132'
        option name 'REDACTED'

config rule
        option name 'OpenVPN'
        list proto 'udp'
        option src '*'
        option target 'ACCEPT'
        option dest_port 'REDACTED'

config rule
        option name 'REDACTED'
        option family 'ipv4'
        option src 'wan'
        option dest_port 'REDACTED'
        option target 'ACCEPT'
        list proto 'udp'

config zone
        option name 'vpn'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option family 'ipv4'
        option masq '1'
        list network 'vpn0'

config zone
        option name 'guest'
        option output 'ACCEPT'
        option forward 'REJECT'
        option input 'REJECT'
        list network 'wlan_guest'

config redirect
        option dest 'lan'
        option target 'DNAT'
        option name 'REDACTED'
        option src 'wan'
        option src_dport 'REDACTED'
        option dest_ip '10.0.0.11'
        option dest_port 'REDACTED'
        option enabled '0'

config forwarding
        option src 'vpn'
        option dest 'lan'

config forwarding
        option src 'vpn'
        option dest 'wan'

config forwarding
        option src 'lan'
        option dest 'vpn'

config zone
        option name 'lantv'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'lan_tv'

config zone
        option output 'ACCEPT'
        option forward 'REJECT'
        option name 'extRouter'
        option input 'REJECT'
        option masq '1'
        list network 'wan_ip'

config forwarding
        option src 'lantv'
        option dest 'wan'

config forwarding
        option src 'guest'
        option dest 'wan'

config rule
        option src 'guest'
        option name 'Allow Guest DHCP/DNS'
        option family 'ipv4'
        option dest_port '53 67 68'
        option target 'ACCEPT'

config rule
        option src 'lantv'
        option name 'Allow TV DHCP/DNS'
        option family 'ipv4'
        option dest_port '53 67 68'
        option target 'ACCEPT'

config forwarding
        option src 'lan'
        option dest 'extRouter'

There are many problems in your setup

You get 100-150ms latency spikes under normal usage, that is very certain to be related to your internet line's bufferbloat (especially if it is VPN)

You can add custim DNS servers and doh dot dnscrypt proxies directly in dnsmasq forwarders.

Your wifi setup looks like migrated from 10 years ago. Normally you set up bridges as devices for networks, then select those networks with bridges from wifi configuration.

11R is USUALLY not needed - it promises .5s in place of more customary 1.5s roaming but only in case client.

There is nothing causing additional latency in your configuration, it should be <5ms delay with default fq_codel

The radios are added to the bridge in the wireless config so you should remove:

        list ports 'phy0-ap0'
        list ports 'phy1-ap0'

You can then also remove:

As already told you should use bridged vlans

Furthermore consider upgrading to 24.10.5.

OpenVPN firewall settings are also not very clear is this for a server setup or a client setup?

To be precise: I do not get latency "spikes". I do experience my WAN link (which is 50cm of ethernet UTP to fibre modem) to randomly enter high-latency status which stays forever (until I restart service or reboot the Openwrt). Previous happed in December, but today I've experienced it twice already:

latency984×292 17.9 KB

Yes, I know my wifi network has some obsoleties. But wifi does not play any part in this.

Both - two instances.Still, it's unlikely to be connected with my issue. I can stop openvpn service and it changes nothing.

It is about adding wrong ports to an interface

I also do not think it is related to your problem but it might need attention as it looks inconsistent but it is outside the scope of this thread

I still dont get what you are pinging and how 50ms "mode" is different from totally measurable 150ms spike.

OK, so let me elaborate.
The troublesome link is setup like this:

1. Fiber operator's modem (set at PPPoE bridge, LAN1 port)
2. UTP patchcord
3. Archer with OpenWRT (WAN port, PPPoE client)

PPPoE other end is a public IP somewhere in ISP's network. There's special 192.168.1.0/24 unrouted network on this link so I can access the modem only for configuration etc. That's what I ping and draw graphs you see. (I also ping/graph a remote IP and results are consistent)

Normally, the values are below 1ms. When latency event happens, they go up with no apparent reason to at least 50 (randomly reaching almost 500ms) and stay there till I restart OpenWRT. I emphasise: this is an unsaturated, local ethernet link which goes crazy. If I power cycle the fiber modem, nothing changes when it comes back online. So the cause is somewhere in the Archer's guts.

I'm tracing the issue for months already. Now I'm out of diagnostic options, thus looking for any clues on the forum here. It might be Archer's chipset, it might be OpenWRT's bug. I can't even rule out this is a hardware issue of my specific unit, but as I am able to fix it every time just by restarting a service, it's unlikely scenario.

I can live with that, drafting a script to detect these events and restart network then. Right now I do it manually.

Still no idea what you ping from where?

Please do bufferbloat measurement to illustrate the problem. And restart CPE to fix next time. Maybe ping something via pppoe becauše cpe local management does not represent anything for the internet.

I ping CPE from OpenWRT. They are next to each other and connected by a short cable. Restarting CPE does not change anything. I can also unplug fiber from it and these local pings stay high. I do ping "something via pppoe" and results are the same (plus normal internet latency of few ms).

I do appreciate your attention for proper test conditions, but please accept I've really done my homework investigating this on IP level and I am really sure the cause is below it.
What I would expect from OpenWRT community and experts:

• how to split "service networking restart" into smaller steps to find which of them fixes the latency
• if they are any diagnostic tools able to tell me more about link status (more than ifconfig, tcpdump, LuCi website etc.)

Interesting You simply say things that are obvious in context. Just that the measurement without that context sounded incomplete.

Some additional stuff to monitor.
Can you monitor ethtool -S wan - especially eeror over(flow) pause numbers that are normally zero. Ie one minor error @#%#^ up the network interface and it gets slow
Same with /proc/net/softnet_stat - 2nd 3rd columns are (hex numbers) with drops during softirq
Also install lm-sensors and record temperatures - same as with minor error conditions - if thermal throttle is triggered CPU may enter permanently throttled mode. Unlikely as network reconfig restores performance.

To do next time it goes slow

• measure with your palm on air exit if iit is hot
• restart only WAN interface from luci - check ping
• replug the cable - check png

Thanks for suggestions. I'll start monitoring and wait for failure to happen.
Last three common-sense (bulleted) points - done already few times.

Probably disable firewall offloading for now, you have sufficient CPU for your internet speed (probably after 1st fail)

Well, I've caught one with pants down. ethtool shows these four values change exactly at the latency-breakdown event (15:27):

ethtool results738×768 10.8 KB

Some more info and observations:

• rx_crc_error has increment few times in earlier hours, but it didn't caused a breakdown then.
• both fifo statuses seem to increment now after each run of ethtool (they didn't before the event).
• after I "cure" Archer with service network restart (green background above), rx_length stays on "elevated" level, while the two fifo parameters return to norm.
• no unexpected changes found in other parameters I've monitored: temperatures, CPU frequency and scaling, softnet_stat and interrupt counts.

Somebody smarter has to check up the driver. No problem with software as much as we can see in softnet_stat.
Things to try

ethhtool -k eth0 | grep -v fixed

then selectively disable driver offloads trying to bisect towards if there is one single offload that triggers the problem. Obviously keep recording ethtool -S

Also You can try closed driver Ipq806x NSS build (Netgear R7800 / TP-Link C2600 / Linksys EA8500) , but that is short term fixup as you deviate from standard OpenWrt without addressing the root cause...