Summary: Zabbix alerted that it saw high bandwith usage on vlan1. Graph of traffic on vlan1 shows nearly 1Gbps usage at the time both inbound and outbound. When I check the switch config, it shows vlan1 assigned to switchports 5 and 6. There is nothing plugged into those ports, so I would expect the bandwidth graph to show no traffic. Zabbix shows the same traffic spike on br0, which includes vlan1, but I do not see the spike on any other interface besides vlan1 and br0, so I am really confused about where that traffic went.
Back in early June I did try a firmware release later than the one I am running, but had a DNS issue with it. I upgraded from a release dated sometime in April. With the June release that was current at the time, when a host would do a DNS lookup for a certain name, DD-WRT was returning its own IP address rather than consulting my LAN's DNS server. DD-WRT does not have any config (like static DHCP) for that name. Picked the 5/30 release at random to try a downgrade, it fixed the DNS issue. I have not tried anything newer yet.
The advice in the FAQ about upgrading, resetting to defaults, and reconfiguring manually will involve a fair amount of work that I will need to do in the middle of the night when my family is not using the Internet. I will try it, but I am not sure exactly when that can happen.
Last edited by elyograg on Mon Aug 29, 2022 22:40; edited 1 time in total
Something else confusing: vlan0 does not show up in the output of "ip a" (on an ssh login to the router) but it is seen in the switch config screenshot I included.
If I have something internal that is connecting to the wan-side address for some high-bandwidth operation and vlan1 represents the inside network, that would explain the spike. But that would mean that the switchport display in the web UI is not showing the true config -- it shows port 1 as a member of vlan0, but via ssh, Linux does not show vlan0 configured.
root@orthanc:~# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.449160b89209 no eth0
vlan1
wlan0
root@orthanc:~# ip a | grep vlan
9: vlan1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP qlen 1000
10: vlan2@eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 73.131.246.74/22 brd 73.131.247.255 scope global vlan2
I did figure out by looking at librenms graphs for my switches which machine created the traffic. It is an rsync backup job that was mistakenly configured to use a name that resolves to the dd-wrt WAN address. That has been fixed so it should go directly to the server instead of routing via dd-wrt.
Which I think means that dd-wrt is using vlan1 for the inside network, but the switch config is showing the port as a member of vlan0, not vlan1. I can't find any evidence of vlan0 via ssh. Which I think means the UI is wrong, but I do not know for sure.