Martin: it’s 100% repeatable for me, I can add this one Outbound policy rule and the speed is cut in half, remove it and get full speed.
To see the bug, it looks like your WAN has to have > 300mbps speeds to show the slowdown.
What speed are you testing at?
Additional notes:
I have HTTPS Persistence on (set to By Destination, but I’ve tried By Source and it makes no difference)
My Default Outbound Rule is “Least Used”. My two WANs are very different speeds (one is 25mbps and the other is 480mbps) so “Least Used” ensures that the fast one is consistently used for speed tests.
I noticed my bandwidth has been cut down in half the other day but was trying to figure out if it was due to me:
a) enabling Advanced > QoS > Application: for WiFi calling by single port 4500 UDP set as “high”
b) enabling bandwidth Advanced > QoS > Bandwidth Control
c) creating an outbound rule with a domain name, now disabled, but same speed issue
d) created a Speedfusion sub-tunnel in addition to my primary tunnel
I don’t think it was b) because I was running speed tests without issue after activating that. I think a), c), or d) introduced. Have to do some further testing but I’ve made a lot of changes this past week…
Can anyone say whether enabling any of the above A thru D should cut bandwidth/speeds down in half or even impact at all? I can understand some overhead but a 50% speed reduction seems high…
In my testing, Disabling the rule doesn’t help - the presence of the rule (disabled or enabled) triggers the bug. Can you try deleting the rule and see if that fixes it?
When the bandwidth is cut in half, in my testing the CPU is not running at 100% (which is what I’d expect if the rules were causing too high of a CPU load). I feel like this is not just normal overahead, but some sort of bug.
The more features you turn on , definitely it will impact the overall performance. For the 50% speed reduce, can you please open a ticket for support team to check on that as well ?
Will do. Please note that there seem to be several issues (possibly related?). My issue is with Outbound Policy rules, but other people are reporting issues with QoS settings (which I haven’t seen myself). We may need more than one ticket.
Note that I’m seeing the slowdown even with the rule disabled which doesn’t make much sense, and suggests some other kind of bug.
Having this issue as well… since upgrading to 8.1 to use the UDP port forwarding, my CPU load is constantly at 100% and my WAN speed is down drastically.
To give an example… I went from an ASUS RT-AC66U (minimal config, admittedly) and my speeds were 300Mbps (which is what I am paying for from ISP).
Then I swapped to my Pepwave SOHO and I am at 60Mbps max.
I do have a lot of firewall rules, event logging, and other things known to shew up CPU, but I turned all those off for testing and the CPU usage is still at 100%.
This is a known issue that mentioned (Listed in the released notes). For temporary workaround, please remove the domain outbound policy and reboot the device to clear all the state before you test again the performance.
Surf SOHO MK3 only rated as 120Mbps router throughput, this can become a bottleneck for the network, would you consider Balance One instead ? Make sure you check the product feature before you consider the model.
Part of the problem is most of my firewall rules are domain-based. I have many IoT devices and they all use AWS IP ranges. One of the devices connects to an AWS service which, if I could not use a domain-based policy, would have 100 different subnets (and those were ones I went through the trouble of summarizing myself). Rather than have extremely complex rules, I figured it would be more efficient to take advantage of the domain option. But yes in the mean time I suppose I could just permit all outbound traffic from my IoT vlan…
Regarding the Balance One… would I be able to restore a Soho config to it? Or at least is there some way to export firewall rules, dns records, dhcp reservations and grouped networks? That has been my biggest hesitation is reconfiguring a new device from scratch.
@mamc, Balance One and SOHO are different platform. You can’t restore the SOHO 's config into Balance One.
Since you mentioned you are having domain firewall rules. Can I confirm maximum 120Mbps (SOHO maximum throughput) is acceptable if changing hardware is not your option? We are preparing a special firmware to fix the known issue.
My B380 is running 8.1 with multiple outbound rules based on domain name. I don’t see any speed problems. Right now the CPU is at 7%. Apparently the issue does not affect all models.