Just got my UCG-Ultra. And made some tests that I was interested in. I hope they are interested no only to me. All tests are made on Gigabit WAN.
I was most interested in how this device handle bufferbloat. So without Smart Queues enabled I get Grade from C to A and +30ms Latency to download. When I enable Smart Queues (990Mbit Down and 990Mbit UP), I get A to A+ all the time, with +5ms Latency to Download. So Smart Queues helps even on Gigabit connections. CPU is loaded around 30% without SmartQueues and with enabled it rises for 10%. I was sure that enabling SmartQueues will kill CPU, but it’s not.
WireGuard VPN to local PFSense server over Gigabit connection. No Smart Queues enabled. 680Mbit Down, 75% CPU load, 350Mbit UP, CPU 50% Load. Don’t know why upload is lower, my guess is that Unifi set Wireguard client always use NAT, but I’m not sure.
WireGuard VPN to local PFSense server over Gigabit connection. Smart Queues enabled. 470Mbit Down, 75% CPU load, 270Mbit UP, CPU 50% Load. One CPU Core is maxed to 100% during this tests.
IPSEC site to site VPN to PFSense firewall over Gigabit connection. 110Mbit MAX. I’ve tryed different IPSEC settings, nothing helped. During this test one cpu is maxed to 100% with ksoftirqd process, which I didn’t see in any other tests
This results are fine for me, though it is sad that IPSEC is so slow.
EDIT:
I’ve also tested Site-Magic VPN using UCG-Ultra and UDM Pro. Just basic VPN, no QoS or IDS/IPS Enabled. Both devices 1Gig WAN connected, both have public IP addresses. I got 600Mbit with Iperf-3 between sites. CPU load on UCG-Ultra is about 70-75%. So if you need Site-to-Site VPN and have internet connection over 100Mbit, you need to use Site-Magic (which uses wireguard under the hood) since you won’t get more than 100Mbit on IPsec. You can actually connect sites using WG-Server on one site and WG-Client on the other, but in that case you will have to disable NAT on wireguard interface on the client site via CLI, and apply rules for that connection in Internet section of Firewall, because Unifi always treats VPN Client as Internet connection (which I think is wrong).
EDIT2:
Tested OpenVPN site-to-site using UCG-Ultra and UDM Pro. Got 120-130 Mbit with AES-CBC Cipher (other ciphers have lower speeds). Openvpn process eats 100% of one CPU core during this test on UCG-Ultra.
EDIT3:
One more thing. The ICMP packet RTT (round trip time) between PCs in different sites is rising on all VPN types except wireguard during this tests. On OpenVPN from 2ms to 20-30ms and I’ve seen couple of packet losses. On IPsec it rises from 2ms to 90-100ms. With wireguard it stays as low as 3-4 ms. So with UCG-Ultra you should always use wireguard based VPN if possible, if you need stable and fast VPN connection.
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Please read and understand the rules in the sidebar, as posts and comments that violate them will be removed. Please put all off topic posts in the weekly off topic thread that is stickied to the top of the subreddit.
If you see people spreading misinformation, trying to mislead others, or other inappropriate behavior, please report it!
I have 300/300mb service and enabled smart queues to see if my results matched yours. Without smart queues get an “A” rating, with one high ping data point under load. With it enabled (limits set to 300000kb/sec up/down) I get a rating of A+. But my download/upload is reduced to 260mb.
If I set the upload/download to a higher rate I can get back to the typical 350mb I see. But then the marginal benefits also disappear. I finally settled on 350000 which gets me 330mb with 0 latency spikes.
Thanks for prompting me to experiment!
My numbers seemed to match what you’re seeing in a way.
With my current setup, the UCG-U has two LAN links hooked up.
One to a UniFi 8 PoE Lite that then has some devices, an AC Mesh, an LR indoor, and 4 PoE cams hooked up.
The other goes to a UniFi 16 port PoE, which has an NVR, misc devices, an standard UniFi AP, etc.
Smart Queues helped my speed on my wired laptop hooked into the 16 port. Without I get 450-550 down, with it’s more 700-800 to the internet.
I figured this was due to the internal 1Gbps limit on the UCG-U with the camera traffic flowing through the LAN ports.
When I wire the laptop directly into the UCG-U I get 940 so I still seem to have some rewiring and what not to do.
I have 1Gig WAN connection. I have tested to SpeedTest and to local OpenSpeedTest server. This device can route 1Gig no problem. During this test CPU is about 20% to 30% load.