So, I've determined that the issue happens when the veth interface is attached to the bridge with the LAN on it. Creating the veth interface on a new bridge doesn't produce the problem. I have deleted all the NAT rules. Just adding
to veth2 makes the problem go away.
Full config:
https://pastebin.com/8Y8dAuAc
Even when veth2 is attached to bridge1, it seems hardware offload is still enabled and active:
[david@RoutyMcRouterson] > /interface/bridge/settings/print
use-ip-firewall: no
use-ip-firewall-for-vlan: no
use-ip-firewall-for-pppoe: no
allow-fast-path: yes
bridge-fast-path-active: yes
bridge-fast-path-packets: 6980829
bridge-fast-path-bytes: 4853024583
bridge-fast-forward-packets: 0
bridge-fast-forward-bytes: 0
Also, when running a speed test the cpu usage generally stays below 10% though one of the cores spikes to about 40% for an instant.
Unless I can find a fix I suppose I'll just buy a new power supply and sd card for my Raspberry Pi and run Pihole in that. Let the router route...thanks for help all.