I came across a network that looks like the following:
In order to have the server access to both the public internet and internal network (but without depending on the internal router) one port of the router is plugged back into the the switch and tagged with another VLAN that is passed alongside the public VLAN to the server.
Consider there's a constant bandwidth usage of around 500Mbps on the internal network. Is that traffic constantly injected back into the port 4 tagged as VLAN 200? Does it limit the available bandwidth for VLAN 101 just because some machines are transferring data on the internal network? If yes, does it also happen if the server doesn't even have an interface configured for VLAN tagging on that tag?
The switch is a cheap TL-SG108E configured as shown in the picture. The router is a GL-MT6000 running OpenWrt that bridges all LAN ports into a single br-lan interface
Thank you.
VLANs are not physical resources – they are only logical boundaries, just numbers on the packet, and they're not very different from e.g. UDP port numbers in that regard.
All VLANs on a single port therefore share the bandwidth of that port (which is usually 1Gbps in one direction and 1Gbps in the other), and for all intents and purposes, bandwidth works as if there weren't any VLANs.
(For example, if you had four TCP connections going over a single Ethernet port, three on VLAN A and the fourth on VLAN B, all four would still balance themselves to 1/4th the maximum each, as if VLANs weren't there at all.)
No. You have a switched network, which means only the port that needs to receive traffic will actually receive it.
For example, if a packet is sent to your server's MAC address, it will go only to port 4 because the switch has learned that this MAC address is on that port. Other ports won't see the packet at all.
And likewise, if a packet is sent to some MAC address that's not behind port 4 (such as your router on port 3), then the switch will not forward it to port 4 at all.
So it's not really¹ the case that there's 500 Mbps of traffic "on the network" – that would've been more accurate on shared-medium Ethernet a few decades ago. On switched Ethernet, the only things that reach all ports are a) broadcasts, which are usually a mere few kbps, and b) packets for which the switch hasn't learnt the MAC-to-port association yet, which is usually few if any. Everything else is between two specific ports.
Therefore, it doesn't really make sense to think of "traffic on VLAN A limiting the bandwidth for VLAN B" unless that traffic goes through the same physical port, in the same direction. You could have 1Gbps between ports X→Y and that wouldn't have any effect on 1Gbps going through ports Z→T.
¹ (Okay, yes, that's a little bit of a lie because there is still the matter of switching capacity, but in your case the switch is most likely capable of running all ports at full capacity – for an 8-port Gigabit switch, you will probably see "16 Gbps" as its capacity.)
What the server has configured does not really matter. Even if we're talking about broadcasts that bypass the usual switching, it's still the case that the server doesn't "pull" packets – what matters is whether the switch is configured to send VLAN200 packets through that port.