Good testing ! What you are seeing is normal. There is no real IDS/IPS on upload. Also, Jumbo Frames do not work on UDM, the setting is there, but ignored (debated a lot on forums).
@@hz777 I will trust for the USG-Pro as I have only worked with many UDM-Pros and my customers. The USG-Pro simply does not have most offload options. The UXG-Pro is totally identical to the UDM-Pro, with the storage and controller removed and intended to be a replacement for any USG. By the way, this is unfortunate, as the UDM-Pro lacks power with customers that do have 200-300 connected machines and 20-50 Access Points. The USG-XG-8 was a far higher end router, but as you may know, discontinued.
thanks for this very informative, I think the discrepancy in speed might be because they are doing more packet inspection on data coming into the network vs data coming out
Simple answer.... there is no need to full scsn outbound traffic. That is for the download of the receiving side to scan and protect incoming. Why wast the cycles.
Thank you for the outstanding video, you saved a lot of headaches for most of us. i was always interested about throughput when you enabled IPS/DPS, also QOS , have you tested with QOS yet?
My theory on the upload speeds exceeding download speeds is the majority of the Suricata rules are "any -> $HOME_NET" so it may simply not be matching rules which require further inspection when uploading, which would be the reverse, "$HOME_NET -> any".
Great test, I'm looking to purchase a UDM Pro or SE and I wonder how performance looks when using PPPoE (my ISP needs it) on WAN with DPI and full IPS. I'm interested in max throughput like You have done in this video, but also what happens when WAN is capped at 1 Gbps - that's the speed I currently got, but I want to know how future proof is UDM. I would be grateful for any response!
I don't have a PPPoE server to test with yet. I may consider installing a PPPoE server on a Linux, then do some testing in my lab environment. Let me put this topic to my backlogs.
Good testing !
What you are seeing is normal. There is no real IDS/IPS on upload. Also, Jumbo Frames do not work on UDM, the setting is there, but ignored (debated a lot on forums).
I thought about whether IDS/IPS works for upload as well, but for USG Pro, it does impact upload speed, another puzzle…
@@hz777 I will trust for the USG-Pro as I have only worked with many UDM-Pros and my customers. The USG-Pro simply does not have most offload options. The UXG-Pro is totally identical to the UDM-Pro, with the storage and controller removed and intended to be a replacement for any USG. By the way, this is unfortunate, as the UDM-Pro lacks power with customers that do have 200-300 connected machines and 20-50 Access Points. The USG-XG-8 was a far higher end router, but as you may know, discontinued.
Yes, I remember the 8 port USG Pro, and its surprising price tag…
thanks for this very informative, I think the discrepancy in speed might be because they are doing more packet inspection on data coming into the network vs data coming out
Thank you for sharing, we run an older XG8 router and it has very similar results.
Simple answer.... there is no need to full scsn outbound traffic. That is for the download of the receiving side to scan and protect incoming. Why wast the cycles.
wonderful!. thanks for your testing.
Thank you for the outstanding video, you saved a lot of headaches for most of us. i was always interested about throughput when you enabled IPS/DPS, also QOS , have you tested with QOS yet?
Glad the video helps. After finishing my current backlogs, yes I will have one for QOS.
@@hz777 I would also appreciate a QoS/Smartqueue test and comparison video.
This is a great video, thank you.
Nice one. Thank you for your your videos.
My theory on the upload speeds exceeding download speeds is the majority of the Suricata rules are "any -> $HOME_NET" so it may simply not be matching rules which require further inspection when uploading, which would be the reverse, "$HOME_NET -> any".
I sent a reply earlier then realized your comment was about another video :)
Yes, I agree with your theory.
Great work! Very informative!
Great test, I'm looking to purchase a UDM Pro or SE and I wonder how performance looks when using PPPoE (my ISP needs it) on WAN with DPI and full IPS. I'm interested in max throughput like You have done in this video, but also what happens when WAN is capped at 1 Gbps - that's the speed I currently got, but I want to know how future proof is UDM. I would be grateful for any response!
I don't have a PPPoE server to test with yet. I may consider installing a PPPoE server on a Linux, then do some testing in my lab environment. Let me put this topic to my backlogs.
Thanks for the Video. been looking for a customer based test...can you do one for Unifi Dream machine as well? if possible? thanks
Unfortunately I don’t own a Dream Machine.