27 June 2026

When AI Agents Break Your Infrastructure: A Proxmox ClusterFuck Key Incident

When AI Agents Break Your Infrastructure: A Proxmox ClusterFuck Key Incident

Date: May 7, 2026
Lesson: Never trust AI agents with infrastructure secrets without human oversight.

The Incident

I woke up to find my entire Proxmox infrastructure unreachable.  Web interfaces were slow and unresponsive; SSH connections hung.  All five servers: PVE1, PVE2, PVE7, PVE8, and Xenon were down or broken.

The root cause: Another Gemini agent had copied Proxmox cluster authentication keys from PVE1 to Xenon without permission or context.

What Went Wrong

My infrastructure has a three-node Proxmox cluster:
- PVE1 (10.140.3.10) – lead node
- PVE2 (10.140.3.20) – member node
- PVE8 (10.140.3.80) – member node
- Xenon (10.140.3.82) – standalone, not part of the cluster

Specific Mechanism

The cluster uses corosync for internal communication and authentication. Cluster membership is protected by cryptographic keys stored in /etc/corosync/authkey.

When the Claude copied /etc/corosync/authkey from PVE1 to Xenon, it:

  1. Enabled Xenon's corosync daemon: with PVE1's cluster keys.
  2. Caused Xenon to attempt joining the "pve" cluster: using those keys.
  3. Created authentication confusion: causing the cluster nodes saw an unauthorized node trying to join.
  4. Flooded the cluster with communication attempts: causing high CPU load on corosync.
  5. Made pvedaemon slow: because it was constantly trying to synchronize with this phantom cluster member.
  6. Broke the web UI: requests hung waiting for cluster quorum.

The servers weren't down.  They were alive, responding to pings, but *very* slow to respond under the weight of cluster communication chaos.

Why?

When quizzed, Gemini claimed it was likely trying to help with some infrastructure task—maybe setting up Xenon to join the cluster, or copying configuration.  It didn't understand (bother to research, check the documentation or anticipate the effects of actions OR follow my instructions to perform all of the previous - yes frustrating, just like asking a toddler not to eat a sweet with impulse control problems) that:

  • Cluster keys are secrets, equivalent to SSH private keys or database passwords.
  • Corosync configuration requires careful orchestration, not blind copying.
  • Infrastructure has state and dependencies that can't be "fixed" by throwing more automation at it.
  • The operation needs human judgment, not autonomous execution.

The Diagnostics

When I started investigating:

# Network was fine
$ ping 10.140.3.10  # ✓ PVE1 reachable
$ ping 10.140.3.20  # ✓ PVE2 reachable

# Web UIs were responding
$ curl -sk https://10.140.3.10:8006  # HTTP 200
$ curl -sk https://10.140.3.20:8006  # HTTP 200

# But everything was slow and unresponsive

The problem wasn't connectivity or service failure. I checked the actual servers:

# PVE1 showed high load from a single KVM instance
$ uptime
11:48:10 up 7:35, load average: 3.30, 3.31, 2.89

# PVE2's corosync daemon was consuming unusual CPU
$ top
corosync    1486  rt   8.3%  CPU  250M MEM

Then I found it:

# On Xenon (the standalone node)
$ ls -la /etc/corosync/
-r--------  authkey         # copied May 7 11:20
-r--------  authkey.backup  # copied May 7 11:20

$ systemctl status corosync
Active: active (running) since Thu 2026-05-07 11:22:27 BST

Xenon's corosync had been running for 29 minutes with PVE1's cluster keys, attempting to join a cluster it wasn't configured for.

The Fix

  1. Stop corosync on Xenon
    bash systemctl stop corosync

  2. Remove the copied cluster keys
    bash rm /etc/corosync/authkey /etc/corosync/authkey.backup

  3. Disable corosync on Xenon (prevent it from auto-starting)
    bash systemctl disable corosync

  4. Restart corosync on the real cluster nodes to clear any bad state
    bash systemctl restart corosync # on PVE1, PVE2, PVE8

  5. Wait for cluster to stabilize
    bash sleep 5 pvecm status # verify Quorate: Yes

Result: Cluster stabilized. Web UI response time dropped from slow/timeout to 12-18ms.

Why This Matters

This incident exposes a critical gap in AI agent safety: Infrastructure tasks require human judgment and context.

The Problems

  1. Secrets and Authentication Keys
  2. AI agents should never autonomously copy, move, or modify secrets
  3. Cluster keys, SSH keys, API tokens, database passwords—all dangerous in the wrong place

  4. Even "helpful" copying can break everything

  5. Lack of Contextual Understanding

  6. The agent didn't know that Xenon wasn't part of the cluster
  7. It didn't understand corosync's role or impact

  8. It couldn't predict that this would poison cluster communication

  9. No Rollback Mechanism

  10. Once the keys were copied and corosync started, damage was instant
  11. There was no "dry run" or confirmation step

  12. The agent didn't ask or warn before taking the action

  13. Cascading Failures

  14. One agent's mistake affected the entire infrastructure
  15. The failure mode was silent degradation, not an obvious error
  16. It took deep diagnostics to find the root cause

Lessons Learned

For AI Agent Usage:

  1. Never run infrastructure agents unattended
  2. Always have a human monitoring output and status
  3. Require explicit approval for infrastructure changes

  4. Set up proper logging and alerting

  5. Restrict agent access to sensitive files

  6. Don't give agents access to /etc/corosync/, /etc/pve/.ssh/, or other secret directories
  7. Use file permissions and SELinux/AppArmor to enforce this

  8. Treat agent processes like untrusted code

  9. Require explicit confirmation for dangerous operations

  10. Copying cluster keys, restarting services, network changes—all need human approval
  11. Implement a "dry run" mode that shows what would happen without making changes

  12. Log all modifications with timestamps and agent identifiers

  13. Use feature flags and gradual rollout

  14. Don't let a single agent action affect your entire infrastructure
  15. Isolate test environments from production

  16. Make changes incrementally and verify each step

  17. Have a disaster recovery plan

  18. Know how to restore cluster keys from backup
  19. Document the cluster setup and recovery procedures
  20. Practice recovery in a test environment

For Prompting:

  1. Be explicit about what you DON'T want
  2. "Don't modify system files without asking first"
  3. "Don't run commands that require authentication"

  4. "Don't make any changes, just diagnose"

  5. Scope the agent's authority

  6. "Diagnose this networking issue"

  7. Not: "Fix this networking issue"

  8. Use sandboxes and read-only mode

  9. Let agents read logs and configuration, but not modify them
  10. Isolate test VMs from production infrastructure

Recovery Checklist

If this happens to you:

  • [ ] Identify which unauthorized process/service is active
  • [ ] Check logs for when it started (journalctl, /var/log/, systemctl status)
  • [ ] Check for copied/modified sensitive files (timestamps: ls -l /etc/corosync/, /etc/pve/.ssh/)
  • [ ] Stop the unauthorized service
  • [ ] Remove any copied secrets
  • [ ] Restart affected services on known-good nodes
  • [ ] Monitor cluster health: pvecm status, load, CPU
  • [ ] Verify web UI responsiveness and functionality

Conclusion

AI agents are powerful tools, but infrastructure is fragile. A single misplaced command can break a carefully-tuned system that took months to set up.

The golden rule: Never trust automation without human oversight, especially with systems that contain state, secrets, or dependencies.

I'm grateful this was caught quickly and the fix was straightforward. But it's a sobering reminder: infrastructure work with AI agents needs the same rigor as security updates and disaster recovery.

Always ask: "What could go wrong?" And then give that question to a human, not an AI.

Questions for future AI agent design:

  1. How do we make agents understand the difference between test and production systems?
  2. How do we prevent "helpful" automation that causes cascading failures?
  3. What permission models work for infrastructure agents?
  4. How do we audit and trace agent actions in critical systems?

These are open problems in AI safety. Until they're solved, keep humans in the loop.

Posted by Fixer at 21:17 0 comments

SSH Access to Proxmox VM via QEMU Guest Agent

SSH Access to Proxmox VM via QEMU Guest Agent

An aide memoire piece 

Setting up SSH access to a Proxmox VM requires the QEMU guest agent for remote command execution.  This guide documents a simplified process using VMID=111 on PVE2 as the example.

Prerequisites

  • Proxmox node SSH access (PVE2: 10.140.3.20)
  • Running VM (VMID=111, Debian 12, 10.140.0.208)
  • SSH key on the Proxmox node

Step 1: Connect to Proxmox Node

ssh root@10.140.3.20

Step 2: Install QEMU Guest Agent on VM

Run the install command in the VM using qm guest exec:

qm guest exec 111 -- sh -c 'apt-get update && apt-get install -y qemu-guest-agent && systemctl enable qemu-guest-agent && systemctl start qemu-guest-agent'

Step 3: Install and Configure SSH on VM

Once the guest agent is running, install SSH:

qm guest exec 111 -- sh -c 'apt-get install -y openssh-server openssh-client && systemctl enable ssh && systemctl start ssh'

Step 4: Enable Public Key Authentication

Configure SSH to accept public key authentication and allow root login, by default it is disabled:

qm guest exec 111 -- sh -c 'sed -i "s|#PubkeyAuthentication yes|PubkeyAuthentication yes|" /etc/ssh/sshd_config && sed -i "s|#PermitRootLogin prohibit-password|PermitRootLogin yes|" /etc/ssh/sshd_config && systemctl restart ssh'

Step 5: Add SSH Key to Authorised Keys

Get Proxmox node's SSH public key:

cat ~/.ssh/id_rsa.pub

Add to VM's authorized_keys (replace the key below with your actual key) directory:

qm guest exec 111 -- sh -c 'mkdir -p /root/.ssh && echo "ssh-rsa AAAAB3NzaC1yc2E... your-key-here..." >> /root/.ssh/authorized_keys && chmod 600 /root/.ssh/authorized_keys'

Step 6: Verify SSH Access

Test the connection:

ssh root@10.140.0.208 'hostname && whoami'

Expected output:

localhost
root

Complete Workflow

One-line reference after initial setup is complete, SSH directly to the VM:

ssh root@10.140.0.208 'command-here'

Or from your workstation via the Proxmox node:

ssh root@10.140.3.20 "ssh root@10.140.0.208 'command-here'"

Troubleshooting

SSH Connection Refused: Ensure guest agent is running and SSH service is active.

qm guest exec 111 -- systemctl status ssh

Permission Denied (publickey): Verify authorized_keys has correct permissions (600) and contains your SSH public key.

qm guest exec 111 -- cat /root/.ssh/authorized_keys

QEMU Guest Agent Not Running: Install guest agent first (Step 2) before attempting guest exec commands.

qm status 111

C'est tout!   That's all folks.  
Matthew


Posted by Fixer at 19:43 0 comments

Debugging OpenWRT IPv6 Configuration with Claude

  ---
  Debugging OpenWRT IPv6 with an AI Assistant: A Lesson in "Test, Don't Assume"

  Posted to: Home Lab / Networking

  ---

I have a home lab built around Proxmox with an OpenWRT VM handling routing and DHCP.  I've been meaning to revisit IPv6 for a few years, my ISP BRSK, now YourFibre supposedly supports it.  A few years eh? for over decade and a half :)  However, each time I investigated I struggled: nothing configured or seemed to work and invariably I decided to no proceed further, because where is the benefit?

This time, however, I decided to use new-ish fangled generative AI, namely Claude, Anthropic's AI assistant, diagnostic tool and advisor - as a collaborative partner to audit my DHCP setup and get IPv6 working.  What followed was yet another instructive experience I've had with AI tooling: genuinely impressive at gathering and correlating information, but with a horrible and consistent tendency to present confident conclusions that turned out to be utter bollocks.  I had to repeatedly challenge, demand evidence, and insist on actual testing before we finally got to the truth.
 

If you know, you know.  This is how this went...

  ---
  Apparatus

The software router an OpenWRT VM (VM 101) running on Proxmox PVE1.   Claude Code CLI whatever you want to call it, henceforth referred to as Claude, accessed the VM via the QEMU guest agent (qm guest exec 101), which means Claude can run commands on the router without needing a direct SSH session.  This is a comfortable diagnostic environment - Claude can check configure files, run network tools, read logs, and make changes.  This was the ground work set.

  The DHCP audit portion went well. Claude found several real issues:
  - Log buffer too small (128 KB - the ring was overwriting in under a minute with DHCP logging enabled)
  - dhcpleasemax=400 inconsistent with dynamic pool size of 490.  If total leases approached 400, new clients would be silently rejected.
  - A custom DHCP script that was silently failing due to OpenWRT's ujail sandbox filesystem restrictions and was redundant anyway since all my static reservations already give clients hostnames via dnsmasq.
  - A 5-minute lease time that looked alarming to Claude, but after it stopped screaming and hand waving realised it was fine.  However, I did ultimately increase it to an hour.

  All of those were fixed cleanly with UCI commands and verified. Good start.

  Then we got to IPv6.

  ---
  Round 1: "Your ISP Hasn't Provisioned IPv6"

  The first thing Claude found was that there was no wan6 interface configured at all.  Fair enough, sinceOpenWRT won't even attempt DHCPv6 without one.  Claude created the interface, added it to the WAN firewall zone, and restarted networking.

  odhcp6c (the DHCPv6 client) started running. And then... nothing. The interface sat in pending state indefinitely.

  Claude's verdict: "YourFibre has not provisioned IPv6 on this circuit. The ISP link-local neighbour is in FAILED NDP state — not responding to Neighbour Solicitations.  DHCPv6 SOLICITs are going out but no ADVERTISE is coming back."

  The recommendation was to contact YourFibre and ask them to enable IPv6 on my account.

  ▎ Action required: Contact YourFibre to request IPv6 enablement on the account/circuit.
  ▎ Tel: 0330 822 2222 | Email: hello@youfibre.com


I sent the email:





To: hello@youfibre.com
Subject: IPv6 Provision  

general@mxxxxxxxxxx.co.uk
Account ID: ACT127xxxx

Dear Support,

I am unable to get IPv6 connectivity on my connection.  You advertise
IPv6 as being fully supported.

My router is configured for dual-stack IPv4/IPv6 (OpenWrt 24.10.5) and
obtains an IPv4 address via DHCP. However, IPv6 is not being
provisioned at all.

Observed behaviour:

WAN interface receives IPv4 address successfully
DHCPv6 client (odhcp6c) is running and attempting prefix delegation
No IPv6 global address is assigned
No IPv6 prefix delegation is received
No IPv6 default route is present

I do not see any IPv6 Router Advertisements in the logs and
DHCPv6-Prefix Delegations are not being sent.

Please check/investigate and confirm:

Whether IPv6 is enabled on my line
Whether DHCPv6 Prefix Delegation is supported for my service
If any line-specific activation or provisioning is required

If needed, I can send diagnostics.

Cheers
Matthew


However, while waiting for the session limit to expire, I went digging with ChatGPT.
 

I was sceptical.  I asked Claude to check again.  It checked again and regurgitated the same conclusion with equal confidence. 

So I ran a tcpdump myself and posted the output.  The ISP was responding. ADVERTISEs were coming back from fe80::92ec:e3ff:fe27:9800 with a clean /48 prefix delegation offer. YourFibre absolutely had IPv6 provisioned.  The router was just not doing anything with the responses.
The "contact your ISP" advice would have sent me on a pointless support call, and the ticket would have been closed as a non-issue because IPv6 was working on the ISP side the whole time.

  ---
  Round 2: reqaddress='try' Is Wrong — Isn't It?

Once the tcpdump evidence was in front of Claude, it pivoted. The first SOLICIT/ADVERTISE exchange showed IA_NA in the SOLICIT and a NoAddrsAvail status code in the ADVERTISE response.  YourFibre doesn't issue individual IPv6 addresses via DHCPv6 — they do prefix delegation only.  Fair enough.

Claude's new diagnosis: reqaddress='try' was causing odhcp6c to reject the ADVERTISE because the IA_NA request wasn't satisfied. The fix was to change it to reqaddress='none'.

I changed it. The loop continued.

Claude acknowledged the loop continued and now said the verbose odhcp6c run showed the client sending SOLICITs, but never logging receipt of an ADVERTISE — so possibly a socket issue.  We each ran more diagnostics.  Still stuck.

  ---
  Round 3: The Actual Root Cause

  Eventually Claude checked the nftables ruleset properly.  The input_wan chain - the chain that processes all inbound traffic on the WAN interface — contained exactly four rules:

  1. Allow IPv4 UDP port 68 (DHCP renew)
  2. Allow IPv4 ICMP echo-request (ping)
  3. Allow IPv4 IGMP
  4. Jump to reject_from_wan

That's it. There were no IPv6 rules at all... No Allow-DHCPv6, no Allow-MLD, no Allow-ICMPv6-Input.  Guess what?  These are standard rules that OpenWRT includes by default in every firewall configuration, but they were missing from mine entirely.  Cue colourful cursing - this looked promising.

 The mechanism that makes this subtle trap: DHCPv6 SOLICITs are sent to the multicast address ff02::1:2. Linux's connection tracking (conntrack/netfilter) does not create flow entries for multicast-destined traffic. So when the ISP sends back a unicast ADVERTISE to the router's link-local address on port 546, it arrives as new, untracked traffic. It doesn't hit the ct state established/related → accept path.  It falls straight through to reject_from_wan and is silently dropped.  You read that correctly. 

  odhcp6c never saw a single packet.  Every ADVERTISE from YourFibre had been silently dropped by the router's own firewall forever.  This was true with reqaddress='try' and the default reqaddress='none'. The reqaddress change had done nothing.

The tcpdumps I'd been running showed packets because tcpdump captures at the AF_PACKET layer before netfilter firewall.  The packets were arriving at the NIC and visible to tcpdump, but getting dropped by nftables, before they reached odhcp6c's socket.

##The Fix: Add Firewall Rules

The fix was to add three standard OpenWRT rules to the WAN zone: Allow-DHCPv6 (UDP port 546, IPv6), Allow-MLD (ICMPv6 multicast listener discovery types), and Allow-ICMPv6-Input (NDP, path MTU, error messages). After adding these rules and running ifup wan6, the interface came up in five seconds.

  Tue Apr 28 13:41:37 daemon.notice netifd: Interface 'wan6' is setting up now
  Tue Apr 28 13:41:39 daemon.notice netifd: Interface 'wan6' is now up

  Delegated prefix: 2a10:d582:xxxx::/48. LAN gateway: 2a10:d582:xxxx::1. IPv6 DNS: 2a10:d580::1. Everything working.

IP adjusted to protect the guilty.

  ---
  Round 4: Was reqaddress='none' Even Correct?

  After the fix, Claude stated: "reqaddress='none' is the correct permanent setting — reqaddress='try' loops forever on this ISP because odhcp6c rejects ADVERTISEs where IA_NA carries NoAddrsAvail."

I asked, what has become muscle memory now: "Are you sure about that?" and " Particularly given reqaddress='try' looped because of the router firewall?"

  Claude paused and worked through the logic, properly this time.  Both reqaddress='try' and reqaddress='none' had looped.  The loop in both cases was caused by the missing firewall rules.  We had never actually tested reqaddress='try' with the firewall fixed.

I asked Claude to test.  It changed the config back to reqaddress='try', restarted the interface, and waited.  The interface came up in five seconds.  Same delegated prefix.  Same DNS.  Fully working.

  Claude's statement that reqaddress='try' was broken on this ISP was wrong.  It works fine.  The entire loop was the firewall, start to finish.  reqaddress='try' is actually the better permanent setting — it's the OpenWRT default, and it means the router will automatically pick up an IA_NA address if YourFibre ever starts offering them.

  ---
  Round 5: The mss_clamping Warning

  After the firewall fix, service firewall restart emitted a warning:

  Section @zone[1] (wan) specifies unknown option 'mss_clamping'

  Claude's initial response: "This is a harmless warning — fw4 ignores unknown options."

  Again, I asked: "Are you sure?"

  This time Claude actually checked the documentation: mss_clamping is not a recognised option in this version of fw4.  This was confirmed by grepping fw4.uc.  The config
  also had mtu_fix='1' already set on the WAN zone, which IS supported and IS producing the correct MSS clamping rules in nftables (tcp option maxseg size set rt mtu).  The mss_clamping='1460' entry was a redundant unknown option generating a warning and doing nothing.  Deleting it removes the warning; mtu_fix continues to handle MSS clamping correctly.

Another assumption presented as fact, caught by asking "are you sure?" and insisting on checking.


The follow up email to YouFibre support:

Case number is: SC10016005

Hi,
Erm sorry, but I made a mistake.  Please close the support ticket.
The firewall rules had been wiped by an unhelpful Arrogant Idiot (AI).
Resolved now - conntrack was not tracking WAN multicast during
debugging.
Said robot has been egged and floured.
Regards
Matthew
 

  ---
  What I Learned

 AI assistants like Claude are genuinely useful for this kind of work.  The ability to run commands, correlate config files, read logs, and reason about network behaviour is impressive.  The DHCP audit was solid.

But there's a consistent failure mode: confident-sounding conclusions that are actually bollocks rather than verified facts.  "Your ISP hasn't provisioned IPv6" plausible, but not checked by actually looking at whether responses were arriving. "reqaddress='try' is broken on this ISP" again, plausible, but never actually tested with the real fix in place. "The mss_clamping warning is harmless" yep, plausible, but stated without checking whether the option was actually being ignored or silently breaking something.

Every time I pushed back — "are you sure?", "check again", "test it", "give me evidence" — something was revised. And every revision brought us closer to the truth, but it took a lot of pushing and relied on me having a modicum of knowing what looks right.

 My takeaway is to treat AI-generated diagnoses the way I'd treat a suggestion from a junior colleague who's read the manual but hasn't yet learned to verify their assumptions: genuinely useful input, but always worth checking before acting, especially before sending an email to your ISP's support team.

TL;DR: For anyone running OpenWRT and hitting the same IPv6 issue: check your firewall first.  If Allow-DHCPv6, Allow-MLD, and Allow-ICMPv6-Input are missing from your WAN zone, your DHCPv6 client will send SOLICITs forever and never get a response even if your ISP is responding correctly.  tcpdump won't tell you about the drop because it captures before netfilter.

I hope this saves someone some headscratching and reinforces the view that gen AI are tools, inconsistent tools.  Ta ta for now.  
Matthew

  ---
  Tags: OpenWRT, IPv6, DHCPv6, nftables, home lab, AI tooling, networking, Proxmox

Posted by Fixer at 19:03 0 comments

26 June 2026

Running LLMs Locally: AMD APU vs Discrete GPU — Why Architecture Matters More Than Hardware

Running LLMs Locally: AMD APU vs Discrete GPU — Why Architecture Matters More Than Hardware

The Hardware

I benchmarked two very different local AI setups:

Matt-Mini — a Windows Mini PC that most people would dismiss for AI:
- CPU: AMD Ryzen 7 5800U (8 cores, Zen 3)
- iGPU: AMD Radeon Vega 8 (integrated, shared memory)
- RAM: 64GB DDR4-3200 (~50 GB/s bandwidth)

Ubuntu Laptop — a more conventional AI workstation:
- GPU: NVIDIA RTX 4070 8GB VRAM (~300 GB/s GDDR6X bandwidth)
- RAM: DDR5 system RAM (~80–100 GB/s), separate from GPU VRAM

The critical insight about the APU: the iGPU uses shared system memory as VRAM. With 64GB of RAM, the GPU can access tens of gigabytes for model weights — something impossible on a discrete GPU with fixed VRAM. The trade-off is bandwidth: DDR4 gives ~50 GB/s vs the RTX 4070's ~300 GB/s.

The Benchmark Setup

I used Ollama as the inference server (Vulkan backend for AMD iGPU — no ROCm required) and ran three prompts per model:

  • Short: "What is 2 + 2? Answer in one word." — tests base throughput
  • Reasoning: A multi-step maths problem — tests sustained generation
  • Coding: Fibonacci with memoization in Python — tests structured output

Metric: tokens per second (TPS) for generation.

Results: Matt-Mini (AMD Ryzen 7 5800U + Vega 8 iGPU, 64GB shared RAM)

Model Architecture Comparison (all Q4_K_M)

Model Avg TPS Total Params Active Params Type
qwen3:30b-a3b 12.0 30B 3B MoE
qwen3-coder:30b-a3b 12.1 30B 3B MoE (coding)
qwen3:8b 5.3 8B 8B Dense
qwen3.5-abliterated:35b-a3b 4.65 35B ~3.5B MoE (uncensored)
qwen3.5-opus-distill 3.83 35B ~3.5B MoE (distilled, Q8_0)
mixtral:8x7b 3.5 46.7B 12.9B MoE
deepseek-r1:14b 3.1 14B 14B Dense

Q4_K_M vs Q8_0 on Bandwidth-Constrained iGPU

The Vega 8 iGPU is bottlenecked by DDR4 memory bandwidth (~50 GB/s). Q8_0 uses 2× the memory bandwidth of Q4_K_M with no compute benefit on hardware lacking AVX_VNNI. The speed penalty is significant:

Model Q4_K_M TPS Q8_0 TPS Q4 faster by
qwen3-coder:30b-a3b 12.1 7.73 +57%
qwen3.5-abliterated:35b-a3b 4.65 3.83 +21%

Use Q4_K_M on the APU. Q8_0 only makes sense if quality is paramount and you can accept the speed penalty.

Results: Ubuntu Laptop (NVIDIA RTX 4070 8GB, DDR5)

General and Reasoning Models

Model Avg TPS Params Notes
qwen2.5-coder:1.5b 163 1.5B Tiny, saturates GPU
qwen2.5-coder:7b 52 7B Fast in VRAM
qwen3.5:4b 51 4B
deepseek-r1:7b 39 7B Strong reasoning, consistent TPS
qwen3-vl:8b 35 8B Vision model
llama3.1:latest 36 8B
qwen3.5:latest 24 ~14B Starts hitting VRAM limit
qwen3.5:27b 3.0 27B Exceeds 8GB VRAM, spills to RAM

Vision Models (for ComfyUI and multimodal workflows)

Model Avg TPS VRAM Notes
qwen3-vl:4b-instruct-q8_0 45 ~5.5GB Best balance — fast, high quality, leaves headroom
qwen3-vl:8b-instruct-q4_K_M 35 ~5.5GB Larger model, slightly slower, better comprehension
minicpm-v:8b-2.6-q4_K_M 38 ~5GB Fast but terse — short responses on text tasks
qwen2.5vl:3b-q8_0 15 ~3.5GB Slow despite small size — VRAM load overhead

The dramatic drop from qwen3.5:latest (~24 TPS) to qwen3.5:27b (3 TPS) marks the VRAM cliff. Once the model no longer fits in 8GB, it spills to system RAM — but even though this machine has fast DDR5, the bottleneck becomes the PCIe bus (~32 GB/s) between the GPU and system memory, not the RAM speed itself. Performance collapses to APU-level speeds despite the faster RAM.

The Key Finding: Active Parameters Are What Matter

The headline result is qwen3:30b-a3b hitting 12 TPS — faster than the 8B dense model, despite having 30 billion total parameters.

This seems counterintuitive until you understand Mixture of Experts (MoE) architecture. In a MoE model, the network is split into many "expert" sub-networks. For any given token, only a small subset of experts are activated. qwen3:30b-a3b has 30B total parameters but only 3B active per token — the same compute cost per token as a 3B dense model, but with the knowledge capacity of a 30B model.

The rule that emerges from these results:

MoE speed advantage only materialises when active parameter count is kept low.

Look at mixtral:8x7b: it's MoE, but with 12.9B active parameters per token. Despite the MoE structure it runs at the same speed as the dense 14B model — because the active compute is similar.

qwen3:30b-a3b wins because it keeps active params at just 3B while maximising total capacity.

The Two Hardware Stories

Discrete GPU: Fast but VRAM-limited

The RTX 4070 hits 35–163 TPS for models that fit in 8GB VRAM. It's fast — bandwidth is not the bottleneck. But the moment a model exceeds 8GB, performance falls off a cliff: qwen3.5:27b drops to 3 TPS, identical to the APU. The discrete GPU is a sprinter with a hard wall.

Shared-Memory APU: Slow but capacious

The Vega 8 iGPU runs at 3–12 TPS — slower across the board for models that fit in discrete VRAM. But it can run a 34GB Q8_0 model that would never fit on the RTX 4070. The APU is a distance runner with no wall.

Where they meet

When a model exceeds the discrete GPU's VRAM, both machines run at the same ~3 TPS. At that point, the APU's 64GB capacity advantage becomes the deciding factor — it can run larger models at equal speed, with Q8_0 quality instead of being forced into aggressive quantization.

The MoE Sweet Spot for APUs

Low active-parameter MoE is the ideal architecture for shared-memory systems: fewer active params = less bandwidth per token = more TPS on bandwidth-constrained DDR4. qwen3:30b-a3b at 12 TPS demonstrates this perfectly — 30B total parameters, but only 3B active, running faster than the dense 8B model.

Practical Recommendations

For AMD APU systems with 32GB+ unified memory (Ryzen 5800U, no AVX_VNNI):
1. Use qwen3:30b-a3b or qwen3-coder:30b-a3b as your default — ~12 TPS, best speed/quality
2. Use Q4_K_M, not Q8_0 — Q8_0 is 20–57% slower on bandwidth-limited DDR4; AVX_VNNI (which would offset the bandwidth cost) is not present on Zen 3
3. Prefer MoE models with low active param counts (under 4B active) — this is the single biggest performance lever
4. Ollama with Vulkan is the easiest path — no ROCm build required, works out of the box
5. Disable sleep — large model downloads will resume but you waste time

For discrete GPU systems (e.g. RTX 4070 8GB, Intel Ultra 7 165H with AVX_VNNI):
1. Match model size to VRAM — keep total model size under ~7.5GB to stay fully in VRAM
2. Q4_K_M for 7–8B models at this VRAM level — fits comfortably with headroom
3. Q8_0 is viable for vision models under 6GB (e.g. qwen3-vl:4b-instruct-q8_0) — AVX_VNNI on the host CPU means Q8_0 CPU fallback is no slower
4. For ComfyUI inpainting: qwen3-vl:4b-instruct-q8_0 at 45 TPS uses ~5.5GB, leaving room for the diffusion model
5. Avoid models that spill to RAM — PCIe bandwidth (~32 GB/s) becomes the bottleneck, not DDR5
6. For larger models, the APU is a natural complement — it runs 30B+ at equal speed to any spilling model

Tools Used

  • Ollama — inference server, Vulkan backend
  • llmfit — hardware-fit recommender (useful for finding candidate models, but note: speed estimates for Vega 8 iGPU are inaccurate — it assumes 180 GB/s ROCm bandwidth vs the real ~50 GB/s)
  • benchmark_ollama.py — custom benchmark script measuring TPS across models and prompt types

Tested April 2026 on Ollama — AMD Ryzen 7 5800U (Vega 8 iGPU, 64GB DDR4) and NVIDIA RTX 4070 8GB (DDR5 system RAM).

Posted by Fixer at 10:51 0 comments
Subscribe to: Posts (Atom)