Random latency handling delays on FLEX H at low bandwidth

PeterUK

USG FLEX 700H V1.36(ABZI.0)

So I know this to be the case with some testing I have done with BQM by thinkbroadband.com and StarTrinity CST by FLEX 700H vs FLEX 200 (non H)

With any luck this can be fixed by firmware and is not a hardware limitation?

My understanding of FLEX H is the sessions get put on fast path CPU if allowed but I'm seeing ping spikes over 100ms by BQM which ping every second and StarTrinity CST which does a UDP ping.

How I know is my BQM was on FLEX 200 and has been stable for many years then moved it to FLEX 700H and seeing random spike at not much load plus if a run StarTrinity CST in a VirtualBox to route to FLEX 200 when I see these spikes on FLEX 700H it shows fine so there is some random handling delays going on with FLEX H.

Update on issue

This problem looks to be due to my big list of trusted wildcard FQDN of about 500 when I disable this list and allow HTTPS any latency is fine.

So is there anything that can be done?

Zyxel_Melen

Hi @PeterUK

May I know the destination of the tests - thinkbroadband.com and StarTrinity CST - are in the list of your trusted wildcard FQDN?

P.S. I will check with our team if this can be improved or not.

PeterUK

Hi Melen

The issue can be as bad as over 500ms or even packet loss.

The StarTrinity CST is speed load test and UDP test which I allow the UDP to destination IP range and thinkbroadband.com is just ICMP inbound to interface but you don't need them to to see the problem just a ping out to a stable source will show the problem and by a browser like Edge if you make a favourite folder like with the following then right click on the folder and click open all the problem really shows.

https://uk.yahoo.com
https://www.grc.com/intro.htm
https://app.zerossl.com
https://www.thunderbird.net/en-US/
https://www.amazon.co.uk
https://twit.tv
https://www.softpedia.com
https://www.abuseipdb.com
https://www.virtualbox.org
https://community.zyxel.com/en/
https://www.twitch.tv
https://app.brevo.com
https://www.microsoft.com/en-us/software-download/windows11
https://www.theregister.com
https://www.zyxel.com/global/en
https://www.home-assistant.io
https://nebula.zyxel.com
https://www.realtek.com
https://www.guru3d.com

C:\Windows\System32>ping -w 1000 -t 1.1.1.1

Pinging 1.1.1.1 with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time=11ms TTL=58
Reply from 1.1.1.1: bytes=32 time=14ms TTL=58
Reply from 1.1.1.1: bytes=32 time=10ms TTL=58
Reply from 1.1.1.1: bytes=32 time=10ms TTL=58
Reply from 1.1.1.1: bytes=32 time=9ms TTL=58
Reply from 1.1.1.1: bytes=32 time=11ms TTL=58
Reply from 1.1.1.1: bytes=32 time=221ms TTL=58
Reply from 1.1.1.1: bytes=32 time=13ms TTL=58
Reply from 1.1.1.1: bytes=32 time=20ms TTL=58
Reply from 1.1.1.1: bytes=32 time=14ms TTL=58
Reply from 1.1.1.1: bytes=32 time=545ms TTL=58
Reply from 1.1.1.1: bytes=32 time=107ms TTL=58
Reply from 1.1.1.1: bytes=32 time=581ms TTL=58
Reply from 1.1.1.1: bytes=32 time=68ms TTL=58
Reply from 1.1.1.1: bytes=32 time=72ms TTL=58
Reply from 1.1.1.1: bytes=32 time=463ms TTL=58
Reply from 1.1.1.1: bytes=32 time=335ms TTL=58
Reply from 1.1.1.1: bytes=32 time=578ms TTL=58
Reply from 1.1.1.1: bytes=32 time=728ms TTL=58
Reply from 1.1.1.1: bytes=32 time=127ms TTL=58
Reply from 1.1.1.1: bytes=32 time=19ms TTL=58
Reply from 1.1.1.1: bytes=32 time=18ms TTL=58
Reply from 1.1.1.1: bytes=32 time=162ms TTL=58
Reply from 1.1.1.1: bytes=32 time=18ms TTL=58
Reply from 1.1.1.1: bytes=32 time=28ms TTL=58
Reply from 1.1.1.1: bytes=32 time=18ms TTL=58
Reply from 1.1.1.1: bytes=32 time=11ms TTL=58

Ping statistics for 1.1.1.1:
Packets: Sent = 27, Received = 27, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 9ms, Maximum = 728ms, Average = 155ms

PeterUK

But here is the full list of wildcard FQDN where I have three groups to allow them for HTTP and HTTPS then a block rule for HTTP and HTTPS.

Trusted_list.txt