ok so the cpu is highly loaded. afcd is the ips/p2p control otherwise known as snort. so by your numbers you are using 65 to 95% cpu. afcd is the snort engine this means you have ips/p2p turned on. This is highly cpu/ram/bus intensive. you don't have enough cpu to move 10k users through that box and that's why you can't get the performance you want. you have a few choices:
1. reduce the suers on that segment 2. get a second 625 and do an active/active cluster 3. Build a custom monster box with at least 8 3ghz cores and 16 gigs of ram
You can try disabling all ids/p2p functions..if that helps then that's a bandaid..but doesn't address the underlying issue..you have too many users on the box.
