My network is separated in severval VLANs on my vtnet1 (LAN) interface (almost no traffic goes from/to the LAN IP/subnet directly).
When looking at the interface statistics it seems that all traffic is reported for the LAN + all VLAN interfaces, with the LAN interface seemingly the total of all VLAN traffic. This seems somewhat logical because obviously all VLAN traffic passes the LAN interface with a VLAN tag. But is this expected behavior? I presumed maybe LAN traffic would account only for the non-tagged traffic?
Quote from: mdbraber on January 10, 2025, 10:16:18 AMThis seems somewhat logical because obviously all VLAN traffic passes the LAN interface with a VLAN tag. But is this expected behavior?
Yes, of course it is. The traffic reports the low level interface counters. There is no counter anywhere for tagged vs. untagged frames.
This is one of the reasons why it is generally recommended not to mix tagged and untagged traffic on a single interface.
Read this for more info:
https://docs.opnsense.org/manual/how-tos/vlan_and_lagg.html
@Monviech
Maybe you should put it in the Tutorials and FAQs section on the forum and PIN it :D
Quote from: Patrick M. Hausen on January 10, 2025, 10:35:01 AMThis is one of the reasons why it is generally recommended not to mix tagged and untagged traffic on a single interface.
Thanks for your answer! But when tagged traffic on the LAN interface is still counted towards the statistics, doing that (not mixing tagged/untagged) would make no difference in the statistics (for the fact that all tagged traffic is still crossing the interface)?
So when there's 100% tagged traffic and 0% untagged traffic on the LAN interface it would still report (excluding WAN) a total of 50% LAN traffic and 50% made up of all the VLANs over the LAN interface (which is basically what happens in my case)
Remember traffic is (well, generally) bidirectional, too, so you see it coming and going. The Interface Stats widget is probably using netstat, so you could have a look to see what it's seeing.
For me, I have VLANs that are members of bridges. I suppose you could get the system to count each bit even more times with a few tunnels... but hey. I dumped the Interface Stats widget. The Traffic Graph gives a nice view of the selected interfaces (it might not work as well for you... since I use bridges, I only have those four selected plus one routed interface), and I label all of my rules such that the Firewall widget is reasonably readable (under light traffic - it's pretty easy to overwhelm).
Quote from: mdbraber on January 10, 2025, 11:31:21 AMThanks for your answer! But when tagged traffic on the LAN interface is still counted towards the statistics, doing that (not mixing tagged/untagged) would make no difference in the statistics (for the fact that all tagged traffic is still crossing the interface)?
When you don't have any untagged traffic on e.g. igc0, only VLANs, you do not assign igc0 in Interfaces > Assignments so it's just a physical port, not an "OPNsense interface" - no IP address, no firewall rules, and also does not show in the interface statistics. Only the VLAN tagged child interfaces are.