To evaluate router performance, I used Jperf to run throughput tests from the LAN to WAN, and then in reverse from WAN-LAN on a local private LAN. I ran my tests three times in each direction, then switched endpoints to the opposite port, and repeated the tests. The throughput chart in Table 2 shows the average values.
I used a pair of newer Dell Laptops to transmit and receive data, each with gigabit LAN ports, one running Vista and the other XP. I tested the laptops head-head to ensure they were capable of generating and receiving data flows at speeds greater than 100 Mbps.
To test WAN-LAN and LAN-WAN throughput, I initially ran my tests with the Firewall disabled to avoid having to map ports for the WAN to LAN traffic. I re-enabled the Firewall while testing LAN1-LAN2 throughput, and noticed lower throughput results from LAN1-LAN2 than WAN-LAN and LAN-WAN. So, I re-ran all tests, measuring throughput with the Firewall enabled and disabled.
The data in Table 2 tells me two things. First, although its performance was balanced and higher than other UTM devices I’ve tested, specifically the Dlink DFL-CPG310 and the SonicWall TZ190W, the USG100 doesn’t appear to have the internal horsepower to fully take advantage of its gigabit interfaces. Second, the USG’s Firewall reduces throughput by 5-6 Mbps.
Table 2: Throughput comparison
In normal operation with the Firewall enabled, you can expect about 50-51 Mbps throughput on data flows from any interface to any another interface on the USG100, including VLAN interfaces and between LAN ports. Note that this throughput is very far below the 600+ Mbps normally measured between gigabit switch ports. But it should be more than adequate for most business Internet connections.
Further, data flow throughput is consistent, without spikes or drops. All of the plots from Jperf during my testing were relatively flat, as shown in the LAN-WAN chart in Figure 16 below.
Figure 16: LAN to WAN Jperf throughput
UTM devices are hard to compare, since there aren't easy apples-to-apples comparisons. Table 3 below shows the variation in features and pricing on three UTM devices that we have reviewed.
The “*N” in the WIFI row references the fact that although the USG100 doesn't act as an Access Point, a PCMCIA WIFI card can be installed to pick up an 802.11 signal as a WAN connection.
Table 3: Competitive feature, price comparison
Compared to the Dlink and SonicWall, the USG100 distinguishes itself with free firmware upgrades and telephone support. A robust guarantee and support program says a lot about a product, and ZyXEL stands behind the USG100 with a five year warranty.
In all, I enjoyed working with the USG100! The VLAN capability was impressive. And the USG100's multiple subnets plus VLAN functionality provides the option of using inexpensive unmanaged switches or fully leveraging the power of VLANs with more expensive managed switches.
On the downside, I was disappointed in the trouble I had with the Site-Site VPN and the lack of SSL VPN applet support for Vista. Further, I would like to have seen the USG100 take advantage of its gigabit interfaces with higher routing throughput.
Still, I have to say it was a pleasure testing a product in this price range that incorporates so many networking tools and configurable options. Although targeted at networks with up to 25 devices, the USG100 provides "enterprise" network features that typically cost thousands of dollars in a very affordable package that even smaller businesses can afford.
In particular, ZyXEL has brought HA enterprise class features to the small business market. With a retail price of $649.99, but available online for typically below $500, installing a pair of USG100s isn't cheap. But if your mission-critical network requires a complete redundancy solution, having a hot standby router to automatically take over could likely pay for itself by minimizing or eliminating down time.
But I'm not done yet. There is simply too much in the USG100 to cover in a single review. Come back for Part 2, where I'll dive into the product's UTM features.