Hi,
Inter-VLAN Routing is freezing my OpenWRT Appliance.
I'm using a L2 Managed Switch for my vLAN Setup. I'd lilke to separate some of my servers into small DMZ's where only specific Ports are open.
I'm running a Router on a Stick Topology.
I have 3 Hostsystems(Hypervisors) with Proxmox VE connected to my Switch with a Trunk Port. vLAN 100 and vLAN 200 are connected to my LXC Nodes/Guests (Debian 12).
All Systems are LXC Linux Container.
- 6 Debian Stable Bookworm
- 1 OpenWRT Stable 23.05.5
testperf0 is my OpenWRT Router, connected to vLAN100 and vLAN200 running on/in LXC.
vLAN 100 192.168.10.0/28
- testperf1 192.168.10.1
- testperf3 192.168.10.2
- testperf5 192.168.10.3
- testperf0 is the Gateway with interface 192.168.10.14/28
vLAN 200 192.168.20.0/28
- testperf2 192.168.20.1
- testperf4 192.168.20.2
- testperf6 192.168.20.3
- testperf0 is the Gateway with interface 192.168.20.14/28
connectivity/ping and iperf3 works so far inside the vLAN's
- inside vLAN100 i can ping/iperf3 all hosts.
- inside vLAN200 i can ping/iperf3 all hosts.
- ping from vLAN100 into vLAN200 works
- ping from vLAN200 into vLAN100 works
### ### ###
Inside VLAN Throughput is limited at 1Gbit/s from the Switch.
### ### ###
Inside VLAN100
PVE2/testperf1 -> Switch -> PVE3/testperf5
root@testperf1:~# iperf3 -c 192.168.10.3 --bidir
Connecting to host 192.168.10.3, port 5201
[ 6] local 192.168.10.1 port 59086 connected to 192.168.10.3 port 5201
[ 8] local 192.168.10.1 port 59090 connected to 192.168.10.3 port 5201
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID][Role] Interval Transfer Bitrate Retr
[ 6][TX-C] 0.00-10.00 sec 1.08 GBytes 928 Mbits/sec 8 sender
[ 6][TX-C] 0.00-10.00 sec 1.08 GBytes 926 Mbits/sec receiver
[ 8][RX-C] 0.00-10.00 sec 1.08 GBytes 926 Mbits/sec 18 sender
[ 8][RX-C] 0.00-10.00 sec 1.08 GBytes 924 Mbits/sec receiver
iperf Done.
Inside VLAN100
PVE2/testperf1 -> Switch -> PVE4/testperf3
root@testperf1:~# iperf3 -c 192.168.10.2 --bidir
Connecting to host 192.168.10.2, port 5201
[ 6] local 192.168.10.1 port 50768 connected to 192.168.10.2 port 5201
[ 8] local 192.168.10.1 port 50782 connected to 192.168.10.2 port 5201
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID][Role] Interval Transfer Bitrate Retr
[ 6][TX-C] 0.00-10.00 sec 1.08 GBytes 929 Mbits/sec 62 sender
[ 6][TX-C] 0.00-10.00 sec 1.08 GBytes 926 Mbits/sec receiver
[ 8][RX-C] 0.00-10.00 sec 1.08 GBytes 926 Mbits/sec 0 sender
[ 8][RX-C] 0.00-10.00 sec 1.08 GBytes 924 Mbits/sec receiver
iperf Done.
Inside VLAN200
PVE2/testperf2 -> Switch -> PVE3/testperf6
root@testperf2:~# iperf3 -c 192.168.20.3 --bidir
Connecting to host 192.168.20.3, port 5201
[ 6] local 192.168.20.1 port 49656 connected to 192.168.20.3 port 5201
[ 8] local 192.168.20.1 port 49662 connected to 192.168.20.3 port 5201
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID][Role] Interval Transfer Bitrate Retr
[ 6][TX-C] 0.00-10.00 sec 1.08 GBytes 930 Mbits/sec 52 sender
[ 6][TX-C] 0.00-10.00 sec 1.08 GBytes 928 Mbits/sec receiver
[ 8][RX-C] 0.00-10.00 sec 1.08 GBytes 931 Mbits/sec 7 sender
[ 8][RX-C] 0.00-10.00 sec 1.08 GBytes 928 Mbits/sec receiver
iperf Done.
Inside VLAN200
PVE2/testperf2 -> Switch -> PVE4/testperf4
root@testperf2:~# iperf3 -c 192.168.20.2 --bidir
Connecting to host 192.168.20.2, port 5201
[ 6] local 192.168.20.1 port 57244 connected to 192.168.20.2 port 5201
[ 8] local 192.168.20.1 port 57260 connected to 192.168.20.2 port 5201
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID][Role] Interval Transfer Bitrate Retr
[ 6][TX-C] 0.00-10.00 sec 1.08 GBytes 925 Mbits/sec 92 sender
[ 6][TX-C] 0.00-10.00 sec 1.07 GBytes 922 Mbits/sec receiver
[ 8][RX-C] 0.00-10.00 sec 1.08 GBytes 929 Mbits/sec 195 sender
[ 8][RX-C] 0.00-10.00 sec 1.08 GBytes 927 Mbits/sec receiver
iperf Done.
The Gigabit L2 Switch Limits at ~930Mbit/s (~1Gbit/s).
So i can rule out the Switch as the culprit in my scenario.
### ### ###
End Switch Test
### ### ###
Inside PVE4, i'll have my LXC Guests connected to the same Linux-Bridge (vLAN aware is set).
Inside VLAN100, Inside Proxmox Hypervisor
PVE4/testperf3 -> vmbr0 -> PVE4/testperf0/OpenWRT
root@testperf0:~# iperf3 -s
-----------------------------------------------------------
Server listening on 5201 (test #1)
-----------------------------------------------------------
VLAN 100 -> OpenWRT Gateway
root@testperf3:~# iperf3 -c 192.168.10.14 --bidir
Connecting to host 192.168.10.14, port 5201
[ 6] local 192.168.10.2 port 39378 connected to 192.168.10.14 port 5201
[ 8] local 192.168.10.2 port 39380 connected to 192.168.10.14 port 5201
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID][Role] Interval Transfer Bitrate Retr
[ 6][TX-C] 0.00-10.00 sec 40.4 GBytes 34.7 Gbits/sec 0 sender
[ 6][TX-C] 0.00-10.00 sec 40.4 GBytes 34.7 Gbits/sec receiver
[ 8][RX-C] 0.00-10.00 sec 4.06 GBytes 3.49 Gbits/sec 0 sender
[ 8][RX-C] 0.00-10.00 sec 4.05 GBytes 3.48 Gbits/sec receiver
iperf Done.
VLAN 200
root@testperf4:~# iperf3 -c 192.168.20.14 --bidir
Connecting to host 192.168.20.14, port 5201
[ 6] local 192.168.20.2 port 49790 connected to 192.168.20.14 port 5201
[ 8] local 192.168.20.2 port 49794 connected to 192.168.20.14 port 5201
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID][Role] Interval Transfer Bitrate Retr
[ 6][TX-C] 0.00-10.00 sec 40.4 GBytes 34.7 Gbits/sec 0 sender
[ 6][TX-C] 0.00-10.00 sec 40.4 GBytes 34.7 Gbits/sec receiver
[ 8][RX-C] 0.00-10.00 sec 4.06 GBytes 3.49 Gbits/sec 0 sender
[ 8][RX-C] 0.00-10.00 sec 4.06 GBytes 3.48 Gbits/sec receiver
iperf Done.
That is already strange. OpenWRT can receive at 34Gbit/s.
But sending is already maxed at 3.4Gbit/s.
Why is it in a 10:1 ratio assymetric?
Now really the bad thing happens, when i do iperf3 tests crossing my VLAN's.
My Network Config
root@testperf0:~# cat /etc/config/network
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config interface 'wan'
option proto 'dhcp'
option device 'eth0'
config interface 'wan6'
option proto 'dhcpv6'
option device 'eth0'
config interface 'lan'
option proto 'static'
option device 'veth0.3'
option netmask '255.255.255.0'
option ipaddr '192.168.100.11'
option broadcast '192.168.100.255'
list dns '8.8.8.8'
option gateway '192.168.100.1'
config interface 'iperf200'
option proto 'static'
option device 'veth0.200'
option ipaddr '192.168.20.14'
option netmask '255.255.255.240'
option broadcast '192.168.20.15'
config interface 'iperf100'
option proto 'static'
option device 'veth0.100'
option ipaddr '192.168.10.14'
option netmask '255.255.255.240'
option broadcast '192.168.10.15'
config device
option name 'veth0.100'
option type '8021q'
option ifname 'veth0'
option vid '100'
config device
option name 'veth0.200'
option type '8021q'
option ifname 'veth0'
option vid '200'
My Firewall Settings. (ssh/22 and ping/icmp rules are not inserted)
root@testperf0:~# cat /etc/config/firewall
config zone
option name 'iperf100'
option input 'REJECT'
option output 'REJECT'
option forward 'REJECT'
list network 'iperf100'
config rule
option name 'vL100 :5201 from iperf200'
option family 'ipv4'
option src 'iperf200'
option dest_port '5201'
option target 'ACCEPT'
list proto 'tcp'
option dest 'iperf100'
config rule
option name 'vl100 :5201'
option src 'iperf100'
option dest_port '5201'
option target 'ACCEPT'
config zone
option name 'iperf200'
option input 'REJECT'
option output 'REJECT'
option forward 'REJECT'
list network 'iperf200'
config rule
option name 'vL200 :5201 from iperf100'
option family 'ipv4'
option src 'iperf100'
option dest_port '5201'
option target 'ACCEPT'
list proto 'tcp'
option dest 'iperf200'
config rule
option name 'vl200 :5201'
option src 'iperf200'
option dest_port '5201'
option target 'ACCEPT'
When i run iperf3 from VLAN100 to VLAN200, the system freezes already at 1-2Mbit/s.
pve2-testperf1 / VLAN100 / 192.168.10.1 -> pve2-testperf2 / VLAN200 / 192.168.20.1
Test with 1Mbit/s, works, "reliably", yay...
root@testperf1:~# iperf3 -c 192.168.20.1 -b 1M --bidir
Connecting to host 192.168.20.1, port 5201
[ 6] local 192.168.10.1 port 40690 connected to 192.168.20.1 port 5201
[ 8] local 192.168.10.1 port 40700 connected to 192.168.20.1 port 5201
[ ID][Role] Interval Transfer Bitrate Retr Cwnd
[ 6][TX-C] 0.00-1.00 sec 128 KBytes 1.05 Mbits/sec 0 28.3 KBytes
[ 8][RX-C] 0.00-1.00 sec 128 KBytes 1.05 Mbits/sec
[ 6][TX-C] 1.00-2.00 sec 128 KBytes 1.05 Mbits/sec 0 35.4 KBytes
[ 8][RX-C] 1.00-2.00 sec 128 KBytes 1.05 Mbits/sec
[ 6][TX-C] 2.00-3.00 sec 128 KBytes 1.05 Mbits/sec 0 49.5 KBytes
[ 8][RX-C] 2.00-3.00 sec 128 KBytes 1.05 Mbits/sec
[ 6][TX-C] 3.00-4.00 sec 128 KBytes 1.05 Mbits/sec 0 41.0 KBytes
[ 8][RX-C] 3.00-4.00 sec 128 KBytes 1.05 Mbits/sec
[ 6][TX-C] 4.00-5.00 sec 128 KBytes 1.05 Mbits/sec 0 43.8 KBytes
[ 8][RX-C] 4.00-5.00 sec 128 KBytes 1.05 Mbits/sec
[ 6][TX-C] 5.00-6.00 sec 128 KBytes 1.05 Mbits/sec 0 45.2 KBytes
[ 8][RX-C] 5.00-6.00 sec 128 KBytes 1.05 Mbits/sec
[ 6][TX-C] 6.00-7.00 sec 128 KBytes 1.05 Mbits/sec 0 49.5 KBytes
[ 8][RX-C] 6.00-7.00 sec 128 KBytes 1.05 Mbits/sec
[ 6][TX-C] 7.00-8.00 sec 128 KBytes 1.05 Mbits/sec 0 60.8 KBytes
[ 8][RX-C] 7.00-8.00 sec 128 KBytes 1.05 Mbits/sec
[ 6][TX-C] 8.00-9.00 sec 128 KBytes 1.05 Mbits/sec 0 48.1 KBytes
[ 8][RX-C] 8.00-9.00 sec 128 KBytes 1.05 Mbits/sec
[ 6][TX-C] 9.00-10.00 sec 128 KBytes 1.05 Mbits/sec 0 50.9 KBytes
[ 8][RX-C] 9.00-10.00 sec 128 KBytes 1.05 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID][Role] Interval Transfer Bitrate Retr
[ 6][TX-C] 0.00-10.00 sec 1.25 MBytes 1.05 Mbits/sec 0 sender
[ 6][TX-C] 0.00-10.00 sec 1.25 MBytes 1.05 Mbits/sec receiver
[ 8][RX-C] 0.00-10.00 sec 1.25 MBytes 1.05 Mbits/sec 0 sender
[ 8][RX-C] 0.00-10.00 sec 1.25 MBytes 1.05 Mbits/sec receiver
iperf Done.
Test with 10Mbit/s already fails. The 10Mbit/s are not maxed,... which is odd already. And after 9 seconds the test already fails.
root@testperf1:~# iperf3 -c 192.168.20.1 -b 10M --bidir
Connecting to host 192.168.20.1, port 5201
[ 6] local 192.168.10.1 port 35838 connected to 192.168.20.1 port 5201
[ 8] local 192.168.10.1 port 35852 connected to 192.168.20.1 port 5201
[ ID][Role] Interval Transfer Bitrate Retr Cwnd
[ 6][TX-C] 0.00-1.00 sec 1.25 MBytes 10.5 Mbits/sec 0 90.5 KBytes
[ 8][RX-C] 0.00-1.00 sec 1.25 MBytes 10.5 Mbits/sec
[ 6][TX-C] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec 0 136 KBytes
[ 8][RX-C] 1.00-2.00 sec 1.25 MBytes 10.5 Mbits/sec
[ 6][TX-C] 2.00-3.00 sec 1.12 MBytes 9.44 Mbits/sec 0 136 KBytes
[ 8][RX-C] 2.00-3.00 sec 1.12 MBytes 9.44 Mbits/sec
[ 6][TX-C] 3.00-4.00 sec 1.25 MBytes 10.5 Mbits/sec 0 136 KBytes
[ 8][RX-C] 3.00-4.00 sec 1.25 MBytes 10.5 Mbits/sec
[ 6][TX-C] 4.00-5.00 sec 1.12 MBytes 9.44 Mbits/sec 0 136 KBytes
[ 8][RX-C] 4.00-5.00 sec 1.12 MBytes 9.44 Mbits/sec
[ 6][TX-C] 5.00-6.00 sec 1.25 MBytes 10.5 Mbits/sec 0 136 KBytes
[ 8][RX-C] 5.00-6.00 sec 1.25 MBytes 10.5 Mbits/sec
[ 6][TX-C] 6.00-7.00 sec 1.12 MBytes 9.44 Mbits/sec 0 136 KBytes
[ 8][RX-C] 6.00-7.00 sec 1.12 MBytes 9.44 Mbits/sec
[ 6][TX-C] 7.00-8.00 sec 640 KBytes 5.24 Mbits/sec 2 1.41 KBytes
[ 8][RX-C] 7.00-8.00 sec 564 KBytes 4.62 Mbits/sec
[ 6][TX-C] 8.00-9.00 sec 0.00 Bytes 0.00 bits/sec 2 1.41 KBytes
[ 8][RX-C] 8.00-9.00 sec 0.00 Bytes 0.00 bits/sec
[ 6][TX-C] 9.00-10.00 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 8][RX-C] 9.00-10.00 sec 0.00 Bytes 0.00 bits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID][Role] Interval Transfer Bitrate Retr
[ 6][TX-C] 0.00-10.00 sec 9.00 MBytes 7.55 Mbits/sec 4 sender
[ 6][TX-C] 0.00-23.33 sec 9.00 MBytes 3.24 Mbits/sec receiver
[ 8][RX-C] 0.00-10.00 sec 11.4 MBytes 9.54 Mbits/sec 61 sender
[ 8][RX-C] 0.00-23.33 sec 8.93 MBytes 3.21 Mbits/sec receiver
Test with 20Mbit/s fails after 6 seconds
root@testperf1:~# iperf3 -c 192.168.20.1 -b 20M --bidir
Connecting to host 192.168.20.1, port 5201
[ 6] local 192.168.10.1 port 50478 connected to 192.168.20.1 port 5201
[ 8] local 192.168.10.1 port 50480 connected to 192.168.20.1 port 5201
[ ID][Role] Interval Transfer Bitrate Retr Cwnd
[ 6][TX-C] 0.00-1.00 sec 2.50 MBytes 21.0 Mbits/sec 0 136 KBytes
[ 8][RX-C] 0.00-1.00 sec 2.50 MBytes 21.0 Mbits/sec
[ 6][TX-C] 1.00-2.00 sec 2.38 MBytes 19.9 Mbits/sec 0 136 KBytes
[ 8][RX-C] 1.00-2.00 sec 2.38 MBytes 19.9 Mbits/sec
[ 6][TX-C] 2.00-3.00 sec 2.38 MBytes 19.9 Mbits/sec 0 136 KBytes
[ 8][RX-C] 2.00-3.00 sec 2.38 MBytes 19.9 Mbits/sec
[ 6][TX-C] 3.00-4.00 sec 2.38 MBytes 19.9 Mbits/sec 0 136 KBytes
[ 8][RX-C] 3.00-4.00 sec 2.38 MBytes 19.9 Mbits/sec
[ 6][TX-C] 4.00-5.00 sec 2.38 MBytes 19.9 Mbits/sec 0 136 KBytes
[ 8][RX-C] 4.00-5.00 sec 2.38 MBytes 19.9 Mbits/sec
[ 6][TX-C] 5.00-6.00 sec 2.38 MBytes 19.9 Mbits/sec 0 136 KBytes
[ 8][RX-C] 5.00-6.00 sec 2.38 MBytes 19.9 Mbits/sec
[ 6][TX-C] 6.00-7.00 sec 640 KBytes 5.24 Mbits/sec 3 1.41 KBytes
[ 8][RX-C] 6.00-7.00 sec 619 KBytes 5.07 Mbits/sec
[ 6][TX-C] 7.00-8.00 sec 0.00 Bytes 0.00 bits/sec 1 1.41 KBytes
[ 8][RX-C] 7.00-8.00 sec 0.00 Bytes 0.00 bits/sec
[ 6][TX-C] 8.00-9.00 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 8][RX-C] 8.00-9.00 sec 0.00 Bytes 0.00 bits/sec
[ 6][TX-C] 9.00-10.00 sec 0.00 Bytes 0.00 bits/sec 1 1.41 KBytes
[ 8][RX-C] 9.00-10.00 sec 0.00 Bytes 0.00 bits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID][Role] Interval Transfer Bitrate Retr
[ 6][TX-C] 0.00-10.00 sec 15.0 MBytes 12.6 Mbits/sec 5 sender
[ 6][TX-C] 0.00-23.33 sec 15.0 MBytes 5.39 Mbits/sec receiver
[ 8][RX-C] 0.00-10.00 sec 17.1 MBytes 14.4 Mbits/sec 22 sender
[ 8][RX-C] 0.00-23.33 sec 15.0 MBytes 5.39 Mbits/sec receiver
iperf Done.
Test with 100Mbit/s fails after 1 Second.
root@testperf1:~# iperf3 -c 192.168.20.1 -b 100M --bidir
Connecting to host 192.168.20.1, port 5201
[ 6] local 192.168.10.1 port 38716 connected to 192.168.20.1 port 5201
[ 8] local 192.168.10.1 port 38726 connected to 192.168.20.1 port 5201
[ ID][Role] Interval Transfer Bitrate Retr Cwnd
[ 6][TX-C] 0.00-1.00 sec 11.9 MBytes 99.6 Mbits/sec 0 136 KBytes
[ 8][RX-C] 0.00-1.00 sec 11.8 MBytes 98.8 Mbits/sec
[ 6][TX-C] 1.00-2.00 sec 0.00 Bytes 0.00 bits/sec 3 1.41 KBytes
[ 8][RX-C] 1.00-2.00 sec 0.00 Bytes 0.00 bits/sec
[ 6][TX-C] 2.00-3.00 sec 0.00 Bytes 0.00 bits/sec 1 1.41 KBytes
[ 8][RX-C] 2.00-3.00 sec 0.00 Bytes 0.00 bits/sec
[ 6][TX-C] 3.00-4.00 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 8][RX-C] 3.00-4.00 sec 0.00 Bytes 0.00 bits/sec
[ 6][TX-C] 4.00-5.00 sec 0.00 Bytes 0.00 bits/sec 1 1.41 KBytes
[ 8][RX-C] 4.00-5.00 sec 0.00 Bytes 0.00 bits/sec
[ 6][TX-C] 5.00-6.00 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 8][RX-C] 5.00-6.00 sec 0.00 Bytes 0.00 bits/sec
[ 6][TX-C] 6.00-7.00 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 8][RX-C] 6.00-7.00 sec 0.00 Bytes 0.00 bits/sec
[ 6][TX-C] 7.00-8.00 sec 0.00 Bytes 0.00 bits/sec 1 1.41 KBytes
[ 8][RX-C] 7.00-8.00 sec 0.00 Bytes 0.00 bits/sec
[ 6][TX-C] 8.00-9.00 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 8][RX-C] 8.00-9.00 sec 0.00 Bytes 0.00 bits/sec
[ 6][TX-C] 9.00-10.00 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 8][RX-C] 9.00-10.00 sec 0.00 Bytes 0.00 bits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID][Role] Interval Transfer Bitrate Retr
[ 6][TX-C] 0.00-10.00 sec 11.9 MBytes 9.96 Mbits/sec 6 sender
[ 6][TX-C] 0.00-13.33 sec 11.8 MBytes 7.40 Mbits/sec receiver
[ 8][RX-C] 0.00-10.00 sec 11.9 MBytes 9.96 Mbits/sec 6 sender
[ 8][RX-C] 0.00-13.33 sec 11.8 MBytes 7.41 Mbits/sec receiver
iperf Done.
OpenWRT System/Luci, Network Interface comes fully non-responsive.
I do not see any load or whatever on the OpenWRT Appliance.
I'm running following system Settings for the OpenWRT LXC Appliance:
Architecture Intel(R) Core(TM) i5-8500T CPU @ 2.10GHz
Target Platform x86/64
Firmware Version
OpenWrt 23.05.5 r24106-10cc5fcd00
LuCI openwrt-23.05 branch git-24.264.56413-c7a3562
Kernel Version 5.15.102-1-pve
The PVE Hypervisors are the following right now:
root@pve4:~# cat /etc/debian_version
11.11
root@pve2:~# pveversion
pve-manager/7.4-19/f98bf8d4 (running kernel: 5.15.102-1-pve)
root@pve4:~# pveversion
pve-manager/7.4-19/f98bf8d4 (running kernel: 5.15.102-1-pve)
I'll upgrade soon to PVE 8.3.2 and the newer kernel 6.8.12-5-pve as well as OpenWrt 24.x stable, as soon the LXC Build is available.
root@pve5:~# pveversion
pve-manager/8.3.2/3e76eec21c4a14a7 (running kernel: 6.8.12-5-pve)
root@pve5:~# cat /etc/debian_version
12.8
All Systems have 2 vCPU's and 2 GB of RAM. Everything is totally idle all the time.
I am aware of the Router-On-a-Stick drawbacks. For the Prod-Scenario i'm doing it with LACP/bonding as well as dedicated NIC's for the SAN-VLAN.
Now for he scenario i've reduced it to the minimum.
I can totally reproduce/recreate the scenario and issue. In fact, this is already a copy LXC Landscape from my productive environment to debug the issue in a new initial environment.
- Why is the OpenWRT iperf3 Transmission Speed inside the PVE Hypervisor Host so slow at 3.4Gbit/s? The Receiving Speed instead maxes at 35Gbit/s.
- Why does the Inter-VLAN-Routing break the whole system as soon as 2-3 Mbit/s are sent to the CPU?
- Why does the whole system freeze when the Connection Breaks down.