USG 40 throughput

Options
fern
fern Posts: 2
First Comment
edited April 2021 in Security
Hello,

I am running a small network with USG 40 (no wifi). I recently increased the ISP WAN speed from 100M/10M -> 250M/50M. However, I can get only 110 Mbps throughput with the USG. If I connect a laptop directly to the WAN (bypass the USG40), I get full 250M throughput.

I searched from the forums and discovered that people have had performance issues with smaller USG devices. I have disabled all UTM profiles, antivirus, antispam etc. BWM and ADP are also disabled. The only enabled security function is Policy Control with few rules.

Is this really normal behaviour that USG40 cannot provide better performance? Any suggestions for resolving the issue? Currently my plan is to actually change the firewall to another brand.
«13

All Replies

  • Alfonso
    Alfonso Posts: 257  Master Member
    First Anniversary Friend Collector First Answer First Comment
    Options
    Hi @fern

    Welcome to the forum.

    110 Mbps throughput with USG40 looks poor performance.

    I would analyze the CPU usage during the tests.

    I hope other colleagues can help you better than me.

    Regards
  • fern
    fern Posts: 2
    First Comment
    Options
    Hi, 

    Here is more information:
    Testing with parallel download of multiple iso images from different servers.
    All ports are 1000M full dublex (verified)

    before the test:
    USG CPU is 0-1 % and memory 40 %

    during the test
    USG CPU is 57 % and memory 40 %
    and throughput circa 100 Mbps

    stats also indicate zero collisions
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,296  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited December 2018
    Options

    Hi @fern,

     

    In our office, download/upload speed is 300/100 Mbps.

    Here is the test result using Speedtest (www.speedtest.net).

    Firmware: 4.32(AALA.0)

    USG40 is running with the default configuration file.

     

    1. Laptop is connected to ISP directly.

    ISP-----Laptop

    Download/Upload (Mbps):

    238.91/98.47

    254/98.48

    242.40/100.06

    259.61/99.69

     

    2. Laptop is connected to LAN of USG40.

    ISP----(WAN)USG40(LAN)-----Laptop

    Download/Upload (Mbps):

    183.23/99.57

    182.09/99.01

    180.89/99.89

    185.61/97.40

     

    Here is another lab test using Speedtest for your reference.

    Ethernet Throughput (With Firewall Routing, NAT and ADP enabled))

    By 1 connection, with device Default Setting (Mbps)

    http(download)/http(upload)       

    336.86/230.53

     

    Can you share with us how you run the throughput?

    Do you also use Speedtest to run the test?


  • Rafi
    Rafi Posts: 2
    Friend Collector First Comment
    Options

    Hello Together

    Face same issue with USG40 running on Firmware 4.35(AALA.3)

    ISP Down stream measured between 250-300 Mbps

    Downstream within LAN (Bridge of a VLAN and LAN1) after USG40 ~108 Mbps (CPU Load 98% at that time)

    Any hint why the specified SPI firewall throughput of ~400Mbps could not be reached by fare ?

    Is it possible that the bridge functionality is eating up that much resources?

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,062  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Rafi

    Welcome to Zyxel community

    Is there any service (eg. Content Filter ,Anti-Virus) or any VPN connection running on USG40?

    Supposedly, if the CPU high will cause the low throughput.

    Can you type the command below when CPU goes high and check what service occupied the most CPU Usage?

    Router(config)#show cpu status

    Router(config)#show cpu average

  • Rafi
    Rafi Posts: 2
    Friend Collector First Comment
    Options

    Hi @Zyxel_Jerry

    Many thanks for your feedback.

    I did check the usages and came to following result after 4min of permanent download with ~133Mbps:

    Router# show cpu status

    CPU utilization: 84 %

    CPU utilization for 1 min: 98 %

    CPU utilization for 5 min: 93 %

    Router# show cpu average

    CPU       Usage

    =======================================================================

    0         99 %


    CPU average: 99 %

    Network Traffic: 99 %


    CPU  MEM  TIME                      APPLICATION

    =======================================================================

    5.0  0.0  00:00:00                  zysh-cgi

    0.5  0.0  00:22:06                  System statistics

    0.3  0.3  00:00:01                  HTTP/HTTPS server

    0.3  0.3  00:00:01                  HTTP/HTTPS server

    0.3  0.0  00:00:04                  Linux Kernel process

    0.2  0.4  00:00:03                  HTTP/HTTPS server

    0.2  0.4  00:00:01                  HTTP/HTTPS server

    0.2  0.3  00:10:36                  ttyd

    0.2  0.2  00:00:00                  Zyxel Service


    during this period the web gui and webconsole was very slow what is obvious by the high CPU load.

  • Zyxel_Jerry
    Zyxel_Jerry Posts: 1,062  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Rafi

    Can you type the command below and private message your test result and configuration file for us?

    Router#debug system ps

    Router(config)#show cpu status

    Router(config)#show cpu average

  • johannCH
    johannCH Posts: 1
    First Comment
    Options

    i have exactly the same issue like user fern:

    • USG40 with Firmware 4.35(AALA.3)
    • disabled all UTM profiles
    • disabled BWM, ADP
    • enabled Policy Control with 11 rules
    • ISP WAN Speed 300/50Mbps

    throughput directly connected to the cable modem is 315Mbps/52Mbps (download/upload).

    throughput connected to the USG40 is only 150Mbps/52Mbps.


    at downloading a 10gb file, the cpu usage goes up to 99%

    Router(config)# show cpu status

    CPU utilization: 99 %

    CPU utilization for 1 min: 99 %

    CPU utilization for 5 min: 99 %


  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Options

    @johannCH

    As out test report,

    the throughput of USG40 with http service, download/upload: 328.3Mbps/218.2Mbps.

    For the issue of high CPU utilization,

    If there is huge traffic, the all kernels resource will be keep on it, therefore, the CPU usage will go up.

    Can you type the command below and private message your test result to me during issue occur?

    Router#debug system ps

    Router(config)#show cpu status

    Router(config)#show cpu average

  • cpanagop
    Options
    Is there a fix for this issue? Do I need to run diagnostics before we are able to find out the issue?

Security Highlight