Featured players

A router’s features are at least as important as its performance, often far more so. To get a sense of what these routers do beyond filtering, we asked participating vendors to complete a features questionnaire for the boxes we tested and any other models the vendors offer enterprise customers.

A router’s features are at least as important as its performance, often far more so. To get a sense of what these routers do beyond filtering, we asked participating vendors to complete a features questionnaire for the boxes we tested and any other models the vendors offer enterprise customers (vendors’ answers are included as part of our online Buyer’s Guide chart).

In considering features, one caveat applies: The features here are those vendors supplied. We did not verify via testing that all features actually are supported.

Here’s a quick rundown of key router features:

Interface support: Corporations with numerous branch offices probably have numerous WAN access technologies, including T-1, E-1, T-3, ISDN and dial-up modems. On the LAN side, all routers support various flavors of Ethernet. ImageStream and Riverstone offer Gigabit Ethernet as an option (as does Cisco in other models not tested for this review). However, given the speed mismatch with most of the serial interfaces listed here, Gigabit Ethernet support is important mainly for LAN-to-LAN routing. ImageStream also supports 802.11b wireless interfaces.

Unicast routing: Because Border Gateway Protocol and Open Shortest Path First support were requirements to be in this test, all vendors support it. The key differences in protocol support cover IPX, used by Novell NetWare, and supported only by Cisco; and intermediate system-to-intermediate system, a routing protocol used mainly by ISPs and supported by all vendors except Tasman.

Multicast routing: All vendors support at least some form of multicast routing. Lucent supports only the older distance vector multicast routing protocol, while all other vendors support protocol-independent multicast in either its dense- or sparse-mode variations (or both).

Packet filtering: While source or destination IP address are the most common filter criteria, most routers support numerous other options. In the IP header, all routers support filtering by protocol number or type-of-service (TOS) field contents. All except Tasman’s support filtering on Differentiated Services Code Point, another quality-of-service mechanism that is a superset of the TOS field. All routers except Tasman’s also filter on Layer 2 criteria such as Ethernet media access control addresses and virtual LAN IDs. All routers also filter on Layer 4 criteria such as TCP/User Datagram Protocol port numbers and flag settings.

IPv6 support: Cisco and ImageStream support IPv6 forwarding. ImageStream also says it supports IPv6 routing, but the company did not specify which v6 routing protocols it uses.

Route redistribution: Redistribution – the ability to learn routes via one protocol and then re-advertise them using another – is a must-have in routing. All vendors support this feature. Note that route distribution is not the same as route leaking, in which all learned routes are shared in one common table.

SNMP support: Management Information Base (MIB) II has been around for more than 12 years, so it’s no surprise that all vendors support it. All vendors except Tasman also support SNMPv3, which provides strong authentication and encryption of management traffic – features missing from earlier versions of SNMP.

RMON support: The Remote Monitoring MIB is useful in gathering device statistics, history and alarms. Only Cisco and Riverstone support it, and only Riverstone supports both RMON I and RMON II versions of the MIB.

SSH support: Secure Shell, supported by all routers, is far preferable to telnet in that it provides authentication and strong encryption when remotely administering routers. Unfortunately, Cisco only supports SSH Version 1 despite its well-documented history of vulnerabilities. For the other routers tested, support for Version 2 does not automatically ensure a secure environment; security advisories from CERT (see here) and elsewhere counsel users to disable Version 1 as well.

Web/SSL access: Web-based management might be convenient, but it poses the same security risks as telnet: no authentication and no encryption. A better choice is Secure Sockets Layer (SSL), supported by ImageStream, Lucent and Riverstone. SSL-secured Web sessions generally are considered somewhat less secure than SSH but they are far preferable to sending traffic in the clear.

Failover mechanisms: For many users, high availability is the single-most important requirement of routing infrastructure. To that end, routers from all vendors tested except Cisco support virtual router redundancy protocol, a standards-based mechanism in which one router takes over the duties of another if one fails. Cisco supports the hot standby routing protocol, a proprietary alternative. Riverstone offers Multi-protocol Label Switching users redundancy through a failover mechanism based on the label switched protocol, and Tasman offers failover of multilink T-1 bundles.

Redundant components: There is considerable variation in the amount of hardware redundancy in these routers, ranging from none (in the Lucent and low-end ImageStream boxes) to duplicated power supplies, fans and routing modules in the higher-end ImageStream routers.

Price: The adage that no one pays list price might hold true, but even so there are big differences in the starting point for negotiating discounts. Prices for the routers listed here range from about $2,700 for the low-end ImageStream R1 to about $14,600 for the same company’s Enterprise device. Curiously, there is no difference in port density between the least-expensive device in this review – ImageStream’s R1 – and the second most expensive of the boxes tested, Lucent’s Access Point 1500.

Back to main review: “Filters on routers: The price of performance”