FAQ-Why the USG2110 throughout is small when we test by speed test website

Publication Date:  2014-07-12 Views:  235 Downloads:  0
Issue Description
The totally bandwidth for internet is 25M.
If  run  ANTI-VIRUS + SA (DPI) the throughout  is always lower than 6 Mbps .
If run ANTI-VIRUS  only, the throughout is ok More than 20 Mbps
if  run SA (DPI) only the throughout is ok, More than 20 Mbps
If run ANTI-VIRUS + SA (DPI) but I removed the IM Category Filter, the throughout is ok More than 20 Mbps
if  filter the whole category IM +  ANTI-VIRUS, the throughout is 6 Mbps only
If  enable ANTI-VIRUS and Filter the Whole category IM but allowed the subcategory IRC_CHAT from IM, 
the throughout is more than 20 Mbps.
In  conclusion, if open  SA (DPI) with IM- IRC_CHAT application blocked  and  Antivirus enabled , the throughout  will be small.
Alarm Information
Handling Process
We advised to test with professional  test tools to generate traffic and avoid too much burst traffic , this is not USG problem.

Root Cause
According the symptom ,this is likely  to be  a bug ,but We caught  the packets  and find the root cause.
1. How  does the tester work
      According to the packets ,we can see there are  a lot of IRC_CHAT Packets  request were sent  to the internet ,then  from the internet ,there  will be a   amount of response packets received  by the computer , If there is no packet loss in this period , more packets will send and receive again ,until the USG2110 cannot bear that much traffic , this is the way for website tester to measure the download speed .But if the computer cannot receive that much  packets ,the tester will show  that the bandwidth is  small .

2. When the IRC_CHAT is blocked ,the destination port will be changed
     This is happened when the firewall  blocked the IRC_CHAT packets , if  we block all the  IM on the configuration  ,the DPI knowledge can recognize IRC_CHAT packets  and filter it, on this situation ,we can see the IRC_CHAT packets’ destination port is changed to tcp 8080  automatically ,but this will be a problem .

   I f we allow the IRC_CHAT ,we can see it is a “non-http traffic”.

 3. Why the  throughout is low
       Because the IRC_CHAT destination port is  changed to 8080 http packet, also the  Anti-Virus  function can work for http, smtp and pop3 service by default ,once  when we enable the AV, there will be  lots of  http packets  transfer  to  the  AV module , and  it needs to cache all the http packets ,scan them  and then forward ,that is why  the throughout  is low.
When test the device performance ,please use the professional test tools ,it is easy to cause many problems and not so accurate.