Netgate Blog

Netgate’s New SG-1100 Punches WAY Above Its Weight

SG-1100

In boxing lore, a fighter who ‘punches above his weight’ is one who can go toe-to-toe with a much bigger fighter - and win. Our newest fighter is the SG-1100.

Compact, sleek package. Low price. Big punch.

floyd-mayweather

The $159 SG-1100 has 5X the pfSense® software performance of its very popular predecessor, the SG-1000. How? Let’s check the ‘tale of the tape’:

  • Underpinned by GlobalScale/Marvell’s ESPRESSObin, a high performance 64-bit, dual core, low power consumption networking computing platform
  • 64-bit Marvell ARMADA® 3720 network processing system-on-chip (SoC)
  • 1 GB DDR4 RAM
  • 8 GB EMMC storage
  • Marvell 88E6141 networking switch which drives three GbE Ethernet (WAN/LAN/OPT) ports, one Mini PCIe slot, one USB 3.0 port, one USB 2.0 port, one Micro USB port (console) and one SATA port

Want more detail? The specifications are further chronicled in the product announcement press release, and on our store product page.

The SG-1100 is ideal for Small Office Home Office (SOHO), home lab, virtual office, small to medium business, corporate branch office, and remote worker deployments needing up to 1 Gbps of secure networking performance.

Next, let’s take a look at this fighter’s punching power. Here are three instructive graphs:

The first shows raw throughput with packet filtering disabled (yes, we have buyers who run in this mode):

pf-disabled

The SG-1100 is not only significantly more powerful than the SG-1000, it holds its own again much heavier fighters (current and legacy Netgate® appliances) in the ring.

Now let’s see what happens when we enable packet filtering:

pf-enabled

The SG-1100 essentially provides a 350% packet filtering performance boost relative to the SG-1000. And that figure holds regardless of packet size.

Let’s put the product to one last test, perhaps the most important one. Let’s see how it fares with Internet Mix (IMIX) traffic. IMIX refers to typical Internet traffic passing through network devices, like firewalls. It is regarded as a good representation of the “real-world” conditions (a mix of packet sizes and types) that will be encountered. Of course, if the product is used purely for consumer download of movie content - almost always buffered for latency management and sent via big 1500 byte frames - we don’t really need to be concerned with IMIX performance. But, if deployed as a virtual office, small to medium business, corporate branch office, or remote worker internet gateway, traffic is almost certainly going to contain a mix of file download, web application, VoIP and more. And in any of these scenarios, IMIX performance is quite important.

imix-chart

The above graph shows the SG-1100 has a nearly 5.9X packet processing performance advantage over its predecessor when processing IMIX traffic. To be conservative, we rounded down - so this is the basis for the aforementioned 5X advantage.

Any way you cut it, this little guy will send posers to the mat.

Ok, let’s talk about one more important attribute of the SG-1100. In a November 2018 blog post, we mentioned a soon to be announced Netgate appliance that would be the first product equipped with a Microchip® CryptoAuthentication Device. The SG-1100 is that product. The Microchip part assures customers they are running authentic, unaltered pfSense software. Look, it’s a fact that counterfeit and modified software is out there. We’ve seen it. While we do everything we can to protect the integrity of our products - hardware efficacy, software efficacy, and brand legitimacy - it is a cat and mouse game with those who are out to do harm. So Netgate chooses to ‘lace up’ with additional customers safeguards. The number one thing we sell is trust. Our customers trust us, they trust our products, and they trust our integrity to deliver software without backdoors. We work hard to build the best product for the money. You deserve to know that you are getting the real thing, and not a counterfeit, illegally licensed copy, or something designed for malevolent purposes.

In the end, the SG-1100 is a great product for a killer price. Broadly applicable from consumer to enterprise to service provider. You don’t need to be a boxer to know you want this fighter in your corner.

Addendum 27 September 2019

In the initial blog post, we reported IMIX testing based on our test design at the time, which utilized IMIX SFR3 as a packet traffic baseline. This particular traffic test results in a higher number of large packets, which yields high bandwidth as shown. Since that time, Netgate has standardized on Simple IMIX, a packet mix more often used by firewall vendors. It should be noted that the packet per second (PPS) performance of the SG-1100 is essentially the same under either IMIX standard. However, bandwidth throughput (Mbps) is significantly different, owing to the aforementioned difference in average number of bytes per packet across the two standards. We have updated this blog to align the SG-1100’s test results to the same testing standard (Simple IMIX) that we intend to reference on all Netgate products. In comparing the SG-1100 with the SG-1000 using Simple IMIX, the SG-1100 retains a 3X performance advantage, even though the average bandwidth is significantly less than previously reported. Lastly, readers should note that any IMIX test is generally more appropriate for medium to large size networks, where traffic is statistically spread over a relatively large number of concurrent users. Consumer-level users will likely experience significantly higher bandwidth than shown in the Simple IMIX graph, especially as content consumption bends more towards web browsing, video download, and/or streaming video.

updated-imix-chart