[Bloat] UniFi Dream Machine Pro

Stuart Cheshire cheshire at apple.com
Fri Jan 22 14:42:54 EST 2021 

On 20 Jan 2021, at 07:55, Dave Taht <dave.taht at gmail.com> wrote:

> This review, highly recommending this router on the high end
> 
> https://www.increasebroadbandspeed.co.uk/best-router-2020
> 
> also states that the sqm implementation has been dumbed down significantly and can only shape 800Mbit inbound. Long ago we did a backport of cake to the other ubnt routers mentioned in the review, has anyone tackled this one?

According to the UniFi Dream Machine Pro data sheet, it has a 1.7 GHz quad-core ARM Cortex-A57 processor and achieves the following throughput numbers (downlink direction):

8.0 Gb/s with Deep Packet Inspection
3.5 Gb/s with DPI + Intrusion Detection
0.8 Gb/s with IPsec VPN

<https://dl.ubnt.com/ds/udm-pro>

Is implementing CoDel queueing really 10x more burden than running “Ubiquiti’s proprietary Deep Packet Inspection (DPI) engine”? Is CoDel 4x more burden than Ubiquiti’s IDS (Intrusion Detection System) and IPS (Intrusion Prevention System)?

Is CoDel really the same per-packet cost as doing full IPsec VPN decryption on every packet? I realize the IPsec VPN decryption probably has some assist from crypto-specific ARM instructions or hardware, but even so, crypto operations are generally considered relatively expensive. If this device can do 800 Mb/s throughput doing IPsec VPN decryption for every packet, it feels like it ought to be able to do a lot better than that just doing CoDel queueing calculations for every packet.

Is this just a software polish issue, that could be remedied by doing some performance optimization on the CoDel code?

It’s also possible that the information in the review might simply be wrong -- it’s hard to measure throughput numbers in excess of 1 Gb/s unless you have both a client and a server connected faster than that in order to run the test. In other words, gigabit Ethernet is out, so both client and server would have to be connected via the 10 Gb/s SFP+ ports (of which the UDM-PRO has just two -- one in the upstream direction, and one in the downstream direction). Speaking for myself personally, I don’t have any devices with 10 Gb/s capability, and my Internet connection isn’t above 1 Gb/s either, so as long as it can get reasonably close to 1 Gb/s that’s more than I need (or could use) right now.

Stuart Cheshire

More information about the Bloat mailing list