Integrated Routers: Too Much in One Place?

Vendors are starting to load up routers with lots of extra functionality. Is it a good idea or should a router just be a router?
Posted November 15, 2005
By

Sandra Gittlen


Would a router by any other name still be effective?

That's the question the IT industry is pondering as some vendors, including Cisco Systems, Inc., are clamoring to load the next generation of routers with functionality that now exists in stand-alone appliances.

For instance, Cisco's latest Integrated Services Routers (ISR) boast support for firewalls, virtual private networking, wireless networking, and Voice Over IP call management. Experts predict routers will soon include wide area file system tools, SSL acceleration, content caching and compression, and route optimization.

Tom Gonzales, senior network administrator at the Colorado State Employees Credit Union in Denver, calls this overkill.

''Let a router be a router,'' says Gonzales. ''It's not a firewall. It's not a switch and it's not a VPN concentrator. If you make it those things, it won't be a good router anymore.''

Gonzales says putting too many features into the router will not only slow performance and create a bottleneck, but suddenly networks will have a single point of failure. ''All your eggs are in one basket,'' he adds. ''If you have to reboot it to upgrade the operating system on one of your components, then your whole network is down. You are really vulnerable to that one component going down and losing all the associated services on there.''

Instead, he recommends keeping routers separate from best-of-breed appliances and components. ''With a little redundancy, you have a more survivable network,'' he says.

But Christopher Kouzios, director of network services at SXC Health Solutions, Inc. in Lombard, Ill., disagrees. He says the ISRs he deployed at five locations across the U.S. and Canada six months ago are expected to show a return on investment within 12 months.

The built-in Voice Over IP features alone allow his 300-user company, which provides transaction processing services and IT solutions to the pharmaceutical industry, to save on long-distance calling, PBX maintenance, outsourced services and international data lines.

Before the IRS devices, he was using a mix of routers, firewalls, VPN concentrators and standard PBXs. ''The integrated routers have allowed us to not only replace our existing routers, but our switches and firewalls,'' Kouzios says.

One of the biggest benefits he's seen is in the cost savings on skilled personnel.

''We don't have to figure out how to keep a bunch of disparate technologies working together, and we were able to cut our support to just a single platform,'' Kouzios explains. ''All of the engineers are now able to manage all of the equipment at all of the sites whereas before each engineer had a specialty.''

That kind of consolidation is a plus, according to Andreas Antonopoulos, senior vice president at Nemertes Research in New York City.

''There is a strong demand and trend toward consolidated devices at the branch office where there is little to no IT staff,'' he says.

Antonopoulos says branch offices and small offices can see significant total cost of ownership gains in managing a fleet of consolidated devices from a single location. But he warns that integrated routers are not yet a fit for large enterprises.

''The operational and cost savings are not enough to justify the loss of flexibility and loss of best-of-breed features,'' he says ''For instance, appliances that address Voice Over IP security have more depth and sophistication than something attached to a broader suite.''

Like Gonzales, Antonopoulos says placing all your security in a single box breaks the layered defense model for larger enterprises.

''Integrated routers have to share feature interfaces so that makes them vulnerable to attacks. If you have six different appliances in layers, then the attack doesn't get the whole way through your network,'' Antonopoulos says.

Another consideration is cost. While Kouzios says the price works for his company, he could see it spiraling out of control for a larger firm. ''I don't think they are going to be cost effective enough to use for a large number of very small remote sites, although they fill the SMB market we're in nicely,'' he says.

Some vendors say the integrated routers are just one option for consolidation and that others soon will emerge.

''Functionality may integrate into the router or maybe some other device in the network,'' says Pat Patterson, director of security solutions at Nortel Networks, Inc. in Raleigh, N.C. ''If an organization is worried about security, they may buy a unified threat box that's honed for security. Or maybe you'll get all your application optimization in another device.''

Patterson contends that one problem with burdening the router is that advanced features are application-aware and require deep packet inspection.

''This is not something a router would typically be doing,'' says Patterson. ''To expect a router to do something that it doesn't normally do might be asking too much and be too onerous... When a device does everything, it does a little bit of something for everybody, but not a lot for anybody.''






0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.