Community discussions

MikroTik App
 
gfunkdave
newbie
Topic Author
Posts: 45
Joined: Tue Jan 09, 2018 12:05 am

Adding veth slows internet

Sat May 27, 2023 5:53 am

I have a RB5009 running 7.9. I added a veth interface for a Pihole container. Even without the container running, the veth interface greatly slows internet.

My nominal connection speed is 500/500. If I have the veth port disabled, I get about 590 Mbps down and 520 up. As soon as I enable the veth port I get 10-25Mbps down and 450-500 up.

Can anyone help me troubleshoot this? Does a veth port run into some hardware offloading thing, but only for the download?
 
tangent
Forum Guru
Forum Guru
Posts: 1329
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Adding veth slows internet

Sat May 27, 2023 6:35 am

Given this prior post, I’ll guess that you’ve created a routing error, sending all traffic thru the container.

Post the output of “/ip/route/print”.
 
fragtion
Member Candidate
Member Candidate
Posts: 257
Joined: Fri Nov 13, 2009 10:08 pm
Location: Johannesburg, South Africa

Re: Adding veth slows internet

Sat May 27, 2023 9:27 am

I've got a similar setup (Rb5009 with containers running) and don't experience this. My WAN is inherently slower (100/100Mbps) but I get no apparent performance impact / slowdown on the native-side routing as a result of running the containers.. so yes, sounds like something config related?
 
tangent
Forum Guru
Forum Guru
Posts: 1329
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Adding veth slows internet

Sat May 27, 2023 9:42 am

@fragtion: Are you using the recommended NAT-based network configuration for your containers, or are you doing as the OP is doing and binding the veth straight to the bridge?

I've done the latter for justifiable cause, and it can work, but I'm using these "routers" as glorified switches, so they aren't in the routing path for any inter-network traffic.
 
fragtion
Member Candidate
Member Candidate
Posts: 257
Joined: Fri Nov 13, 2009 10:08 pm
Location: Johannesburg, South Africa

Re: Adding veth slows internet

Sat May 27, 2023 9:57 am

Ah okay. No, I'm using the recommended config of binding veth to a container bridge as a bridge port. The only NAT going on is srcnat/masquerading of traffic outbound from the container. I guess that is probably the key difference here
 
holvoetn
Forum Guru
Forum Guru
Posts: 5317
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Adding veth slows internet

Sat May 27, 2023 11:40 am

I'm using the 2nd bridge approach as shown by MT and don't experience any slowdown on my device.
Also rb5009.
Containers: pihole, openspeedtest, and then iperf3 and helloworld by tangent :lol:
 
gfunkdave
newbie
Topic Author
Posts: 45
Joined: Tue Jan 09, 2018 12:05 am

Re: Adding veth slows internet

Sat May 27, 2023 6:44 pm

So, I've determined that the issue happens when the veth interface is attached to the bridge with the LAN on it. Creating the veth interface on a new bridge doesn't produce the problem. I have deleted all the NAT rules. Just adding
disabled=yes
to veth2 makes the problem go away.

Full config: https://pastebin.com/8Y8dAuAc

Even when veth2 is attached to bridge1, it seems hardware offload is still enabled and active:
[david@RoutyMcRouterson] > /interface/bridge/settings/print
              use-ip-firewall: no
     use-ip-firewall-for-vlan: no
    use-ip-firewall-for-pppoe: no
              allow-fast-path: yes
      bridge-fast-path-active: yes
     bridge-fast-path-packets: 6980829
       bridge-fast-path-bytes: 4853024583
  bridge-fast-forward-packets: 0
    bridge-fast-forward-bytes: 0
Also, when running a speed test the cpu usage generally stays below 10% though one of the cores spikes to about 40% for an instant.

Unless I can find a fix I suppose I'll just buy a new power supply and sd card for my Raspberry Pi and run Pihole in that. Let the router route...thanks for help all.
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Adding veth slows internet

Sat May 27, 2023 7:03 pm

My nominal connection speed is 500/500. If I have the veth port disabled, I get about 590 Mbps down and 520 up. As soon as I enable the veth port I get 10-25Mbps down and 450-500 up.
The asymmetric results is what's a bit odd (e.g. up is rough same with VETH in bridge, only down is slow).... I'd say this seem like a MTU/fragmentation problem, somewhere –but VETH should be using stardard 1500 MTU. But I guess you can check the MTU of the bridge interface both with the VETH enable and not enable...see if it changes.

It really should be okay to be put VETH in the main/vlan-filtering=yes bridge. I haven't seen these issue and never used a 2nd bridge for containers (only VLANs).
 
User avatar
Amm0
Forum Guru
Forum Guru
Posts: 3169
Joined: Sun May 01, 2016 7:12 pm
Location: California

Re: Adding veth slows internet

Sat May 27, 2023 7:17 pm

Or try a iperf test using UDP and see what speeds you get with VETH in the bridge?
 
tangent
Forum Guru
Forum Guru
Posts: 1329
Joined: Thu Jul 01, 2021 3:15 pm
Contact:

Re: Adding veth slows internet

Sun May 28, 2023 5:04 am


Many questions:

  1. Where's that "/ip/route/print" output I asked for? Your config is too complicated for me to reconstruct the dynamic routing rules from the static commands. Until you post what result you got from all this, my only option is to duplicate your configuration on a local router, and I'm not willing to do that merely to save you some copy-and-paste work.
  2. What's all that VRRP stuff doing in there? You haven't said anything about redundant routers. If you do have a legitimate use for VRRP, why are you doing it only for IPv6?
  3. Have you tried a reboot between interface/bridge changes? If you don't, you must sometimes wait for the ARP timeout before the configuration re-settles on a new stable state. In the intermediate time, you've got stale information from the prior state interfering with the new configuration.
  4. Is the guest VLAN 10 or 15? Pick one. :)
  5. Having never set up PiHole — nor having any desire to do so — realize that I'm asking merely to prod you into double-checking your config when I ask, can you have a DNS server on the router plus static DHCP reservations plus upstream CloudFlare DoH/DNS plus PiHole? Maybe I'm speaking from ignorance, but this looks contorted at best and non-functional at worst. I don't see how one delegates smoothly to the next. Shouldn't you need them all to be in a strict chain somehow? Shouldn't the CloudFlare DNS configuration be inside PiHole, with the RouterOS DNS delegating to the PiHole, not CloudFlare?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 18959
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Adding veth slows internet

Sun May 28, 2023 12:20 pm

Tangent on the pihole stuff, one can run a container or separate device for adguard dns, and at the same time run DOH on the router itself.
You may wish some subnets to use one or the other for example.

I worked recently on a config where the adguard container on mikrotik was strictly for three subnets going out third party wireguard, whereas the single subnet staying to local internet use the MT DOH server. So that is very possible..

However concur if the OP has the usually bloated mess of a config, impossible to troubleshoot.

Who is online

Users browsing this forum: Bing [Bot], GoogleOther [Bot], joshnielsen and 66 guests