Last week I retired my 2 TP-link WDR4300s with openwrt and set up two brand new Netgear R7800s.
I wanted to improve my network setup at the same time and created a seperate Wifi network and VLAN for Guest and an other WIIFI+VLAN for all IOT devices in my home. This way the traffic is completely segregated.
For the devices on the IOT network I created a couple of firewall rules so they couldn't access the LAN, except for one RPI that runs domoticz. And they can not acces the router, except for DNS and DHCP.
However, with this setup the response of the IOT system went down from almost instantaneous to very sluggish, with a delay of several seconds (literally 4-5 seconds!) When I add the IOT Wifi back to the br LAN interface group, the response is back to "almost instantaneously".
My question is: Is this delay due to the firewall rules being processed? Could the firewall add such a delay? Or should I search further for a mistake in my setup?
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
Thanks for your answers. Implicitely you answered my question. This shouldn't happen and so I have to dig into my setup. Thanks for the list of files/data to look at.
I will first go through it myself to figure out what's wrong. At first sight I didn't see anything weird in the tcpdump traces. And I checked if the problem remained when I disconnect the 2nd access point: It did...
So I'm slowly narrowing it down. I'll get back asap if I can't find it on my own.
I was able to spend some time on it again this weekend. I think I found the problem.
Part of my devices were not able to access the mqtt server and started to overflow the network and spend a lot of cycles. So everything slowed down. I started from scratch and recreated all my firewall rules. Now it is working as expected. Fingers crossed that it remains this way!
I just want to update this, as the true solution may be relevant to others.
The delay/latency problems returned and I had to investigate further.
I found an other mail describing the same problem and the solution:
In a vlan 4 extra bytes are added to the frame header. On consumer routers like the R7800 this can cause problems if the total link layer frame length goes from 1518 to 1522 bytes.
Solution is to reduce the MTU size in the interface definition(advanced settings) from the default 1500 to 1496 to compensate.
I now have a stable vlan based segmentation of IOT, Guest and LAN traffic!
