Received packet loss - DNS issue

Hello folks,

Here are the two things I need help addressing:

• "packet loss": Is there a configuration I can do to prioritize more the VLAN10, which I only use for work?

• "DNS" issue: Sometimes, I receive the error that the browser could resolve the DNS.

I'm having a problem with my MS Teams call. I'm on the call and got packet loss for some reason. Sometimes, it is higher than 80%, which stops my video calls from losing the video and voice for several seconds.

I have several devices in my network, so I have divided it by VLAN. I use 3 VLANs, cable internet (11), WiFi (12), and work(10).

I have tried to prioritize it by using the "Ingress QoS mapping" and "Egress QoS mapping" inside the VLAN configured, but it didn't help.

The problem seems to happen when the MS Teams need more network bandwidth (19MB) for some reason. I have a fiber connection, which is more than 400 MB, up and down.

Here are my current configurations:
Model: Raspberry Pi 4 Model B Rev 1.2
Architecture: ARMv8 Processor rev 3
Target Platform: bcm27xx/bcm2711
Firmware Version: OpenWrt: 23.05.0-rc2 r23228-cd17d8df2a / LuCI openwrt-23.05 branch git-23.118.79121-6fb185f
Kernel-Version: 5.15.118

/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd97:5b53:e773::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        option ipv6 '0'

config interface 'lan'
        option device 'br-lan.11'
        option proto 'static'
        option ipaddr '192.168.0.1'
        option netmask '255.255.255.0'
        list dns '1.1.1.1'
        list dns '8.8.8.8'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'eth0:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '11'
        list ports 'eth0:t'

config interface 'wan'
        option proto 'dhcp'
        option device 'eth1'
        option peerdns '0'
        list dns '1.1.1.1'
        list dns '8.8.8.8'

config interface 'wg0'
        option proto 'wireguard'
        option private_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
        option listen_port '51820'
        list addresses '192.168.9.1/24'
        list addresses 'fdf1:7610:d152:3a9c::1/64'

config wireguard_wg0 'wgclient'
        option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
        option preshared_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
        option description 'Home'
        option route_allowed_ips '1'
        list allowed_ips '192.168.9.22/32'

config wireguard_wg0
        option description 'Home 2'
        option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        option preshared_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
        list allowed_ips '192.168.9.23/32'
        option route_allowed_ips '1'

config interface 'WorkZone'
        option proto 'static'
        option ipaddr '10.20.30.1'
        option netmask '255.255.255.0'
        option device 'br-lan.10'

config bridge-vlan
        option device 'br-lan'
        option vlan '12'
        list ports 'eth0:t'

config interface 'WiFiZone'
        option proto 'static'
        option ipaddr '10.20.40.1'
        option netmask '255.255.255.0'
        option device 'br-lan.12'

config device
        option name 'br-lan.10'
        option type '8021q'
        option ifname 'br-lan'
        option vid '10'
        list ingress_qos_mapping '5:5'
        list egress_qos_mapping '5:5'

config device
        option name 'br-lan.12'
        option type '8021q'
        option ifname 'br-lan'
        option vid '12'
        list ingress_qos_mapping '4:4'
        list egress_qos_mapping '4:4'

config device
        option name 'br-lan.11'
        option type '8021q'
        option ifname 'br-lan'
        option vid '11'
        list ingress_qos_mapping '1:1'
        list egress_qos_mapping '1:1'

/etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        list server '208.67.222.222'
        list server '208.67.220.220'

config dhcp 'lan'
        option interface 'lan'
        option start '2'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'
		
config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config host
        option name 'DinhoPC'
        option dns '1'
        option mac 'XX:XX:XX:XX:XX:XX'
        option ip '192.168.0.210'

/etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone 'lan'
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        list network 'wg0'

config zone 'wan'
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'

config forwarding 'lan_wan'
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
 option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule 'wg'
        option name 'Allow-WireGuard'
        option src 'wan'
        option dest_port '51820'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'WorkZone'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'WorkZone'

config forwarding
        option src 'WorkZone'
        option dest 'wan'

config rule
        option name 'WorkZone DHCP and DNS'
        option src 'WorkZone'
        option dest_port '53 67 68'
        option target 'ACCEPT'

config zone
        option name 'WiFi_Zone'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'WiFiZone'

config forwarding
        option src 'WiFi_Zone'
        option dest 'wan'

config rule
        option name 'WiFiZone DHCP and DNS'
        option src 'WiFi_Zone'
        option dest_port '53 67 68'
        option target 'ACCEPT'

HTOP during a "Speedtest"

image1346×711 52.3 KB

Speedtest result:

MS-Teams Call health screenshot

Home Network

image789×311 26.5 KB

Trying the idea here: High latency/pings with VLAN interfaces and wifi - #12 by brjhaverkamp

I have set the MTU size to 1496 on the VLAN (bridge) interfaces.

Didn't help... still with the problem...

I also managed to reproduce the issue in the VLAN11 and 10.

Testing different things: I have enabled "Packet Steering" (Enable packet steering across all CPUs. May help or hinder network speed.)

This setting is located at [Network > Interface > Global network options]

I can see that it now uses more CPUs with a small load.
In the first test, it reached 73%, and now after "Packet Steering" is enabled, it's 0-30.8% and 2-1.6%

image733×123 4.01 KB

I got a better download rate, but it may be something from the Speedtest server.

I will wait for my following MS Teams call to see if it improved.

It didn't fix the issue, still with packet loss with the MS Teams call.....

Enabling - "Drop invalid packets", "Software flow offloading" and "Hardware flow offloading."

image633×534 15.7 KB

Probable only next week to know if it will help or not.

Any idea or comment folks? Any idea what am I missing?

I am still losing the packages. I have now turned off only the option "Hardware flow offloading" to check if it will have any positive impact.

Anyone else have had this issue or similar before? How did you fix it?

Folks, I conducted a test by connecting my PC directly to the ONU provided by my internet service provider. The issue still persists, indicating that the problem lies with my internet service provider and not the OpenWrt router.

Indeed, the problem was with my internet provider. They have fixed problems in their network, which stopped the packet loss issue.
Cheers,

Folks,
Apologies for the delayed response. I have identified the issue as a faulty network cable between the ISP equipment and my router "OpenWrt". I have replaced the cable with a new one and the problem has been resolved. It's interesting how sometimes the solution can be much simpler than we anticipated.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.