I manage a simple network at my startup used by about 10 people connecting through a 100Mbps fiber connection running on a 560U with firmware 4.0.10.
We're experiencing problems where the becomes quite heavy on the router. One cause of this was that some file transfers were erroneously being through a WAN IP rather than the internal LAN IP. I fixed this and it helped, but the load problems continue. Some times throughout the day when traffic gets high, CPU utilization rises and eventually peaks causing poor network performance to everyone.
We aren't using any of the advanced functionality or presumably processor intensive features such as VPNs. The only custom configuration is a few simple NAT rules to expose a couple services externally.
Is it the case that the 560U simply can not handle 100Mbps of basic throughput? I've looked at diagnostics and connection tracking, but I am not sure how to utilize them to analyze the problem. I have also telnetted in, but it's obviously a very barebones environment without the usual array of linux tools that an application developer like me would rely on to profile load issues. I want to be able to take a profile of traffic and CPU activity over a certain amount of time and correlate it to individual addresses. Any advice?
With the SGs being end of life now, it is difficult to find any current performance data.
However, I have managed to dig out an old comparison matrix from 2006. It doesn't include the 560U, as that appliance didn't exist at that time. But the 560 is listed and has a "Stateful Inspection Throughput" value of 120Mbps.
The aging SG line is reaching its performance limits in todays world.
While it will perform in the 120Mbps full duplex ( 60Meg each way ), this will be a best figure, taken with 1500 byte packets.
It is the packets per second that create the heaviest load on the unit, not the data throughput.
With todays numerous modern applications using many small byte packets, the SG line is starting to show its age.
Hope this helps.
Guys thanks for the responses. Clearly we need to invest in something a bit beefier to match the capabilities of our fibre. Quick question though, is there a way to sample packet size on the unit? Average would be interesting, histogram would be better.