Complications of Router Usage?

[TechBoyJK]

How much more complicated is it to run a $10k Cisco router than it is to run a home cable/dsl 4 port router w/firewall?

 

[Poontos]

Comparison:

Home router = Using Windows XP to Surf the Net

$10K Cisco Router = Configuring and using a Unix OS to run as http, dns, nfs, samba, etc. host server.

I could not think of any other comparisons off the top of my head, but in short, it is much much more complicated. For most "home" routers, you click on Internet Explorer and then type in the IP of the router and click your way through the nice web interface to setup your router. While with a typical Cisco router, you need to know all the commands and what they do, as well as some network theory and experience on IP, TCP, routing protocols (RIP, IGRP, etc.), OSI model, etc.

I would recommend going through the Cisco CCNA course to start, if you are going to be running a Cisco router.

 

[Buddha Bart]

"Cheerleaders are Dancers, gone retarded. What you do is a tiny little pathetic subset of dancing."
-Sparky Pulaski, "Bring It On"

(draw the parallel)

 

[alpineranger]

A Cisco Router is a totally different device than a home/small office 4 port router with firewall (which probably isn't a true SPI firewall either). Saying that they are similar devices is akin to saying my cell phone is a personal computer because it's got a processor and memory and can do math. A real router (from Cisco/Juniper/Nokia/whoever) is responsible for routing packets between multiple network links (and has correspondingly that many network interfaces). A workable analogy would be that of a traffic intersection, where a given automobile has the chance to choose between a number of different paths (typically 4: the car can make a u-turn, turn right, turn left or go straight). Imagine if there was a robot at the intersection which took each incoming car and placed it on the most suitable outgoing link to get where it was trying to go.
On the other hand, we have the common home router which is often a network address translation device (NAT) bundled in the same package as a 4 port switch/hub. Think of them as two logically distinct devices. The NAT part appears to the outside world as a single device, and is responsible for mapping it's ports to distinct ports on each of it's downstream devices. For example, suppose two PCs in the LAN are running the same program, which uses port 2000, and are both attempting to communicate to hosts over the internet. The NAT device could assign it's own port 4000 to the former connection and 4002 to the latter. Thus the outside hosts, connect to ports 4000 and 4002 on a single IP address instead of connecting to port 2000 on two distinct IP addresses. NAT has the benefit of among other things, naturally hiding certain ports (ie. if there is an port on your PC that is unsecure and typically open, like TNetBios over TCP and your computer does not attempt to initiate a connection to an outside host from that port, the NAT will not map the port from your computer to the outside world). This is the "firewall" aspect of most NAT devices. Although I believe that a few home routers now have a true SPI firewall (or so they claim), such devices are still the exception.

Poontos: Cisco routers use their own proprietary OS

The early routers were not much more than PCs with multiple network interfaces, but the importance and volume of network traffic has necessitated radical evolutionary changes to the architechture of these devices. To be able to route packets fast, these devices will use a fast switching fabric which allows packets to flow directly from input buffer to output buffer (provided that the input and outputs are buffered in that particular device). Of course, you could construct a poor man's router out of a normal PC, but performance would inevitably be hampered by limited memory/bus bandwidth.

I'm no expert on any of these matters, and this is a very cursory treatment of such things, but I hope that a realization of the tremendous differences between these two distinctly different classes of devices is sufficient to show that such comparisons are typically invalid.

 

[Poontos]

alpineranger:

Having been around an envrionment with several Cisco routers for the last four years, and specfically for the last year and half in my program which similtaneously uses Nortel & Cisco (now 3rd semester CCNA) cirriculum, I am very much so aware that Cisco routers use their own proprietary OS.

My point, which you missed, was to illustrate the comparison between the two routers via practical comparison between the OS TechBoyJK is probably running and a Unix variant, and the differences in complexity to configure, maintain, utilize, secure, etc. Furthermore, the command line interface on a Cisco router is much more similar to a Unix one, than WinXP. Get my drift?

 

[ScottMac]

There isn't really much of a comparison: The "home" routers are pretty much purpose built and optimized for 99% of the implementations. There'll be one WAN connection, and one LAN connection (which may be expressed on multiple switch ports). One Gozinta, one gozoutta - no trick there at all. No routing protocols (static/default only), IP only, Ethernet only, no big trick there.

"Real" routers frequently have at least one active LAN and WAN port, but it could be dozens of either or both. Generally, they support all of routing protocols (RIPv1 & v2, IGRP, EIGRP, EBGP, IBGP, ISIS....etc) for IP, plus they usually will support other networking protocols (IPX, Appletalk, DECNet...).

Then you put it into an environment where that one router has to work cooperatively with anywhere from a couple to thousands of other routers in the same organization. The planning come in to make sure that only the right data ges to the right place (that's the rumor anyhow). All of that PLUS making sure that you don't congest your skinny li'l T1 pipes with useless data or routing protocols or broadcasts or management information.

On top of the router stuff, you also have to configure and manage the switching fabric (QOS, VLANs, redundant connections, Spanning Tree ...), coordinate the firewall system, the intrusion detection system, management systems, dozens-to-hundreds of servers, dozens to tens-of-thousands of desktops, applications .... all of the parts have to work together or nuthin' works. Then you have the one smart guy out there that's gonna toss in a "router" under his desk and muck it all up .......ooops...getting waaayyy OT...sorry.

I guess the point is; the level of complexity expands rapidly with each routed segment. "Real" routers have to take into account many more variables than a home system, "real" routers have to be much more dependable than home systems.

For a larger organization, the better analogy is plugging in and using your toaster versus building and operating a nuclear power plant (when you add in all the other network elements to make everything work well).

BTW: $10K for a corporate router is still a small router. Big routers, loaded, go up into the hundreds of thousands of dollars. The principles are the same, but the scale and scope is much broader.



FWIW

Scott

 

[H.A.R.M]

CISCO offers routers that operate off the full configurable IOS for less than $600, not $10K (try $250 if you are a enrolled in the CISCO NetAcad). I know that Insight (www.insight.com) was offering the CISCO 806 for $500 about half a year ago. It only has 10BaseT (but full duplexed) ports but your ISP bandwidth is WAY LESS than that anyways. I do have to say though that the Linksys and D-Link Routers are very feature rich offering NAT and DHCP servicies for a very good price.

 

[spidey07]

CISCO offers routers that operate off the full configurable IOS for less than $600

Name one.

Please understand that the IOS features do indeed vary from model to model, depending on the switching involved and the features/performance needed.

For instance - can that 600 dollar router base forwarding decisions on layer 7 information?

I'm only trying to make sure other folks understand that there are significant differences between router software and hardware.

 

[H.A.R.M]

RE-READ MESSAGE...CISCO 806 cost under $600. The 806 is running release 12 of the Cisco IOS. FYI: Switches work at the Network Layer (3) with IP addresses and switches work at Data Link Layer (2) with mac addresses based the OSI Model. You may be thinking of QOS or VLANs which work at uppper levels (maybe the Application level, I don't remember). Yes, my Cisco 806 Router will do VLAN, PAT, ACLs, etc, most anything a regular $$$ Cisco router will do. It is the IOS that offers the features...not the router (as long as you have enough slots and flash memory). Right now my 806 only supports IP, I could pay and upgrade the IOS to support IP and IPX or other features.

 

[Garion]

Actually, if you want to compare "real" apples to apples, the appropriate device to compare to a SOHO router would be a Cisco PIX 501. It's a firewall, with the added features like a DHCP server, port forwarding, etc. An 800-series has similar features, but a far more robust routing mechanisim, something you wouldn't need (unless you are trying to learn it). The PIX would be more functional.

- G

 

[spidey07]

H.A.R.M.

When I say switching (in the context of routers) I'm talking about the actual swithing of IP frames within the router. There are many different kinds of switching on cisco routers. From CEF, to d-CEF, etc.

CEF enabled routers can perform all of the packet switching and QoS tagging and policing in hardware and support much more robust queuing strategies.

Just wanted to make sure folks understood the difference that the 800, 1700, 2600, 3600 series lack some of the features of the 7000/12000.