Unifi and bad PPPoE speeds, any solutions?

So I just got upgraded to 2G down 1G up on a GPON network. However, the provider uses PPPoE and Unifi says that it can handle speeds up to 3.5G with a reduction on some PPPoE implementations with the UDM SE. Well it seems I cannot get speeds greater than 1.4Gbps through the built in test, and 1.1Gbps on a device connected with 2.5Gbps adapters. I have tried turning off the IPS/IDS settings and that didn’t change anything. I also tried using the SFP+ 10G WAN port and that didn’t change speeds (saw a reddit post where that fixed it for someone).

There is another provider in my area that does DHCP and not PPPoE, but they have recently gotten a bad rap for a migration that was handled pretty badly where everyone lost their static IP. Speeds were supposed to be capped to 250Mbps, but most people were reporting lucky to get 10Mbps. I really don’t want to switch if I can help it.

Does anyone know a cheap way to maybe put a PPPoE bridge device in front that can handle 2.5Gbps (I am hoping they upgrade my plan to sequential 2.5Gbps in the coming months) that won’t cause double NAT?

Are you sure the IPS/IDS settings are really turned off? If they are, bandwidth should increase.

I toggled the setting and saved it. I couldn’t find anything that would say if I needed to restart the device or not, so I didn’t restart.

I would turn off your Dream Machine SE, leave it off for 10 minutes, and then turn on your DMSE and see if that changes the available bandwidth. When my Dream Machine SE isn’t acting normally, I turn it off and leave it off for 10 minutes, then turn it back on, which seems to fix it. You might not have any choice but to get a device from your ISP and have a double NAT to get near the full bandwidth you are paying for. I don’t think putting a PPPoE device in bridge mode before your DMSE will work. I might be wrong; I have never had an ISP that used PPPoE. I would give your IPS a call and see if you can rent a PPPoE device, put it into bridge mode, and see if you can fix your bandwidth issue that way.

Thanks, I haven’t tried that. I will turn off the IPS settings again and then pull the power from it for 10 minutes and see if that makes any changes. I will have to do this tomorrow morning when I am the only one at the house not using it though haha. I will report back later.

According to Chatgpt, avoiding a double Nat situation might be possible. The first way is to get a PPPoE device and pass through the traffic to your Dream Machine. The second way is to see if there is a more Dream Machine-compatible GPON ONT.

Did you check if Smart Queues is set to the new speed?

I have smart queues disabled. I haven’t needed them.

And DPI? That should help a bit too.

I turned off “Intrusion Prevention” which I thought was the DPI stuff. That didn’t change my speeds. However, I work in offensive security and frequently downloading stuff and while I review the code for anything I use, I am not perfect and can easily screw up and grab something malicious to myself. So, I would prefer to keep that on in the long run. I typically have my testing host as an exclusion, but if I grab something that tries to spread, the DPI will capture it.

There’s mpd(5) to my knowledge and maybe accel-ppp can also be configured as a client.

You are at pretty normal speeds for PPPoE using a Dream Machine Pro/SE due to slow CPU speed in them (1.5ghz on most models and using an architecture from 2012). PPPoE uses extra CPU processing for the overhead of the protocol, and while there are software tweaks manufacturers could do to increase PPPoE performance, there is nothing you can do on that front, and I have no idea if Ubiquiti has done those tweaks or not already anyway.
https://community.ui.com/questions/What-is-the-max-performance-for-PPPOE-on-UDM-Pro-With-Solution/67057f47-509e-4f8b-8edd-5dc29f380759

The only way to increase it is to move to a different Gateway that has higher speed capability. For instance the Firewalla Gold Pro achieves 9gbps down and 7gbps up:
Firewalla Gold Pro: 10G Cyber Security Firewall & Router Protecting Yo | Firewalla

https://www.reddit.com/r/Ubiquiti/comments/1dto912/story_time_investigating_slow_pppoe_speeds_on/
Not sure what it uses as backend and given the SoC (Annapurna) it may be hard to get third party software installed.

Know a cheaper option that won’t cause double NAT? I am pretty invested in the Unifi environment right now plus I don’t have almost $1k just to get the speeds.

Linux PPPoE is single threaded and those good enough ARM cores Unifi uses might not be cutting it. You could SSH into the Unifi router and use top to find out how much CPU the ppp daemon is using.

Also check MTU and MSS clamping as there is some protocol overhead.

Not a network person but I’d test with a beefier desktop class x86 CPU running. Try something Linux based as well as FreeBSD based.

If I remember correctly it even used to be much worse few years back - getting over 200 with ids and 600 without Mbps with ppoe was longstanding bug. Got fixed around 1.0.11+ and people reported success up to 1000 Mbps.

Other posters in relevant reddit threads alredy posted that there is no way effective way around this, either ditch pppoe or ditch unifi router.

That is what scares me lol @Shadowbane I tried the pull the power for 10 minutes and that didn’t fix it.

@EniGmA1987 the firewalla looks nice but I can’t afford it for my home. I work out of my home, but they won’t help me buy anything like that lol.

@ulzeraj it is crazy how it doesn’t hold up on PPPoE, I would have thought as a lot of ISP’s still use PPPoE they would have tested it with that.

@greatnull, it was, I got it after I read the articles that it was fixed, but I guess people were not taking it to 2Gbps at the time.

Not really. You could try and get some $600 mini PC and run a router+firewall distro on it and see what you get. As long as you use any UniFi gateway you will be stuck with 1.2-1.5gbps PPPoE right now. Even the top of the line Enterprise Fortress Gateway has the same issue because it still has lower single core clock speed and their PPPoE implementation isnt multithreaded.

You can watch these couple videos on using Firewalla+UniFi if you want to, as around half the Firewalla users have UniFi hardware stacks for the rest of the network so its a pretty common setup

https://youtu.be/Ot1Ip_lbwUA

https://youtu.be/yMyHo1YpdKI

Thanks for the links. I will watch them later today when I get some time.

I decided to link the videos @EniGmA1987 was talking about in case someone doesn’t like visiting YouTube to watch a video.

1 Like