Troubleshooting Load Spike with New Interface

I'm currently running OpenWRT router with a local network and a guest network. I have these set up using different interfaces. I have two downstream access points from the main router that are using VLANs and tagging. I've been using this setup without issue for a year or so now.

Recently, I tried to add a third network/interface that both the guest and local network can forward to. I have (what I believe to be) a correctly configured third interface setup in the Luci UI. I've specified an associated port in the switch. Unfortunately, as soon as I plug something into that port, I experience a massive slowdown. In some cases, the Wi-Fi just goes down for a bit. I've also noticed generally slower network speeds, and slower access in the Luci UI.

I took a look at the Load page in Luci. Without the new device plugged in, it usually hovers around 1.0, sometimes going up to 2.0. As soon as I plug in the device, it spikes to around 5.0. So, I think it's clear that connecting the new device is causing the issue. (I've tried connecting the device to both the guest and main local network. No issue if I do that.)

I'm not sure where to go from here in terms of diagnostics. Am I just bumping up against my routers hardware limitations? 9I know the Archer A7 isn't particularly powerful, so I'm not sure if I just need to invest in something better), or if I have something misconfigured somewhere.) Are there logs I can check to get a better understanding of why I'm seeing such a slowdown?

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Output from

cat /etc/config/network
config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fddd:f73e:eb33::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.0.1'

config device
	option name 'eth0.2'
	option macaddr 'c0:c9:e3:4f:bf:7a'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option description 'LAN'
	option ports '0t 2t 3 5'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 1'
	option vid '2'
	option description 'WAN'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option description 'GUEST'
	option ports '0t 2t'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '4'
	option description 'SHARED'
	option ports '0t 2t 4'

config device
	option type 'bridge'
	option name 'br-guest'
	list ports 'eth0.3'

config interface 'guest'
	option proto 'static'
	option device 'br-guest'
	option ipaddr '192.168.3.1'
	option netmask '255.255.255.0'

config device
	option type 'bridge'
	option name 'br-shared'
	list ports 'eth0.4'

config interface 'SHARED'
	option proto 'static'
	option device 'br-shared'
	option netmask '255.255.255.0'
	option ipaddr '192.168.4.1'

Output from

cat /etc/config/wireless
config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option ssid '<<SSID 1>>'
	option encryption 'psk2'
	option key '<<Password 1>'
	option network 'guest'
	option isolate '1'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option mode 'ap'
	option ssid '<<SSID 2>>'
	option encryption 'psk2'
	option key '<<Password 2>'
	option network 'guest'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid '<<SSID 3>>'
	option encryption 'psk2'
	option key '<<Password 3>'
	option network 'guest'
	option disabled '1'

config wifi-iface 'wifinet3'
	option device 'radio1'
	option mode 'ap'
	option ssid '<<SSID 4>'
	option encryption 'psk2'
	option key '<<Password 4>'
	option network 'guest'
	option disabled '1'

config wifi-iface 'wifinet4'
	option device 'radio0'
	option mode 'ap'
	option ssid '<<SSID 5>>'
	option network 'lan'
	option encryption 'sae'
	option key '<<Password 5>>'

Output from

cat /etc/config/dhcp
config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'guest'
	option interface 'guest'
	option leasetime '12h'
	option start '100'
	option limit '150'

config dhcp 'SHARED'
	option interface 'SHARED'
	option start '100'
	option limit '150'
	option leasetime '12h'

config host
	option name '<<name 1>>'
	option dns '1'
	option mac '<<mac 1>>'
	option ip '192.168.0.21'

config host
	option name '<<name 2>>'
	option dns '1'
	option mac '<<mac 2>>'
	option ip '192.168.0.22'

config host
	option name '<<name 3>>'
	option dns '1'
	option mac '<<mav 3>>'
	option ip '192.168.0.23'

config host
	option name '<<name 4>>'
	option dns '1'
	option mac '<<mac 4>'
	option ip '192.168.0.24'

config host
	option name '<<name 5>>'
	option dns '1'
	option mac '<<mac 5>>'
	option ip '192.168.0.18'

config host
	option name '<<name 6>>'
	option dns '1'
	option mac <<mac 6>
	option ip '192.168.0.19'

Output from

cat /etc/config/firewall
config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'guest'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'guest'

config zone
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option name 'shared'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config forwarding
	option src 'guest'
	option dest 'wan'

config forwarding
	option dest 'wan'
	option src 'shared'

config forwarding
	option src 'lan'
	option dest 'shared'

config forwarding
	option src 'guest'
	option dest 'shared'

Nothing appears unusual in your network configuration.

Does the problem happen when any device is connected to the new network, or when a particular device is connected?

1 Like

I tried plugging in a different device and your intuition as correct: there's no major impact to load with the other device.

So, it looks like it's a problem with a particular device. I'm still not sure why it matter which interface the device is using though.

What is the offending device? Is it, per chance, a usb-c docking hub with Ethernet?

The offending device is a Raspberry Pi running the Home Assistant Operating System. The other device is also a Raspberry Pi, but it's just running plain Rasbian.

I wouldn't expect that type of behavior from a pi. But is there any chance that you have wifi enabled as well as ethernet? If so, it is possible that they are bridged together (rather than being treated as independent interfaces), and that could cause a switching loop. I've seen this happen with Peloton bikes (at least a while ago) where the network would go down when ethernet was connected and wifi was enabled.

1 Like

6 months later, I was never actually able to figure this out, but it doesn't appear to be a problem anymore. Load seemed to drop back down after a while. I'm not sure what caused it.