We are noticing that we max our WAN port out at 400 Mbps. We have a 1Gbps connection with our provider delivered over pure Ethernet (in a datacenter).
Here is an example of the max-out using crude MRTG:
We are directly connecting to our provider via Ethernet at 1Gbps. This comes in to our Cisco 2901 router and then we are then connecting directly to our Watchguard Firebox at 1Gbps Ethernet (in drop-in mode). All devices are reporting 1Gbps line speed with full duplex.
The Firebox then connects to our switch at 1Gbps. We are running a gigabit switch which connects directly to our servers (also at 1Gbps to each server).
We can't seem to achieve anything over 400Mbps through the setup. The Firebox X1250e we are running is rated at 1.5Gbps throughput for raw packet forwarding (which we are doing - no proxying or fixup is being performed on the data).
We have even fired up a command line Speedtest (Ookla) on one of the servers and it hits the 400Mbps cap.
I know people are going to say the Cisco 2901 is the issue but we are running full 1500 packets and even at 400Mbps over an extended period, this is an example of our CPU usage:
sh proc cpu
CPU utilization for five seconds: 18%/17%; one minute: 17%; five minutes: 17%
Also worth noting, we are not running any QoS on the Firebox - all QoS is disabled (the whole module unloaded).
The Cisco 2901 has CEF enabled.
We have the following configuration:
Does anybody know what may be causing this "cap"?
We would like some tips, advice and suggestions as to how we can diagnose this remotely (we can't easily go to the datacenter to perform tests).
Any help and advice are greatly appreciated; thank you in advance.