How to solve high rate of UDP out-of-order frames on ZLD Firewall?
Zyxel Employee
Symptom
When testing UDP throughput using iPerf3 or running WireGuard VPN traffic through a USG FLEX 200 for example, a high rate of out-of-order frames is observed during download, with some out-of-order frames on upload as well. The issue increases significantly as throughput rises, even when CPU load remains well within capacity.
Cause
The root cause is a feature called UDP Disperse — a multi-core packet distribution mechanism on the USG FLEX 200. When enabled, UDP packets are spread across multiple CPU cores for parallel processing. Since each core completes processing at slightly different times, packets may arrive at the LAN interface out of sequence.
Solution
Step 1 — Check whether UDP Disperse is currently enabled
Access the USG FLEX 200 CLI via SSH and run:
debug system no-udp-disperse show
If the result shows No UDP Disperse : No, UDP Disperse is currently active.
Step 2 — Disable UDP Disperse
Run the following command:
debug system no-udp-disperse active
Step 3 — Verify the change
Confirm the setting has been applied:
debug system no-udp-disperse show
The output should now show:
No UDP Disperse : Yes
Once No UDP Disperse shows Yes, UDP packets will be processed sequentially, and out-of-order frames should drop significantly.
Zyxel_Judy
Categories
- All Categories
- 442 Beta Program
- 3K Nebula
- 229 Nebula Ideas
- 130 Nebula Status and Incidents
- 6.6K Security
- 661 USG FLEX H Series
- 359 Security Ideas
- 1.8K Switch
- 86 Switch Ideas
- 1.4K Wireless
- 56 Wireless Ideas
- 7.1K Consumer Product
- 305 Service & License
- 497 News and Release
- 95 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 5K FAQ
- 34 Documents
- 89 About Community
- 110 Security Highlight