Solution case about big network hold-off time when USG3030 access from external network

Publication Date:  2012-09-14 Views:  259 Downloads:  0
Issue Description
At some site, connect internet with G0/0 of USG3030 V1R1, connect private network with G0/1. Pass G0/1 interface for priority when Internal network access the internet, pass G0/0 interface when external network access internal network server. Data from public network of internal network passed by G0/1 as policy-based routing configured, passed by G0/0 in default, and configured a default route which priority is 70 passed by G0/0 in case of G0/1 link down. The speed of internal network is normal now, but access address of G0/0 from external network very slowly, and access server from external network also slowly. Access speed become normal after shutdown interface G0/1. Topology of network as bellow:
Alarm Information
Handling Process
1、 Review the configuration of device, all works;
2、 Ping from device directly, review session then, discover two ICMP sessions; 
disp firewall session table  destination  global  ip

3、 There is just one default route in routing table now, review FIB table, discover two equivalence forwarding table:
disp fib   GSU  t[0]          GE0/0   GSU  t[0]          GE0/1

4、 Conclude from upwards that there is another default route to G0/1 exists in device, but this route couldn’t be found in configuration, review interface G0/1 again, discover that this interface act as client of DHCP, system will apply “gateway-option” and “static-route-option” parameters assigned by DHCP server in default, add default route and static route into FIB table.
5、 Disable the add route in default function of DHCP in interface G0/1, then, the speed of external network access device and server is normal after test.
[USG3000-GigabitEthernet0/1]dhcp client forbid apply static-route-option
Root Cause
Interface G0/1 gets address by DHCP, and get the upstream default route at the same time, that leads to two equivalence forwarding table exist in FIB table of device, so, device will return package with two interface address separately when access device, which leads to package dropped and slow speed of network.