Would a router by any other name still be effective?
That’s the question the IT industry is pondering as some vendors,
including Cisco Systems, Inc., are clamoring to load the next generation
of routers with functionality that now exists in stand-alone appliances.
For instance, Cisco’s latest Integrated Services Routers (ISR) boast
support for firewalls, virtual private networking, wireless networking,
and Voice Over IP call management. Experts predict routers will soon
include wide area file system tools, SSL acceleration, content caching
and compression, and route optimization.
Tom Gonzales, senior network administrator at the Colorado State
Employees Credit Union in Denver, calls this overkill.
”Let a router be a router,” says Gonzales. ”It’s not a firewall. It’s
not a switch and it’s not a VPN concentrator. If you make it those
things, it won’t be a good router anymore.”
Gonzales says putting too many features into the router will not only
slow performance and create a bottleneck, but suddenly networks will have
a single point of failure. ”All your eggs are in one basket,” he adds.
”If you have to reboot it to upgrade the operating system on one of your
components, then your whole network is down. You are really vulnerable to
that one component going down and losing all the associated services on
Instead, he recommends keeping routers separate from best-of-breed
appliances and components. ”With a little redundancy, you have a more
survivable network,” he says.
But Christopher Kouzios, director of network services at SXC Health
Solutions, Inc. in Lombard, Ill., disagrees. He says the ISRs he deployed
at five locations across the U.S. and Canada six months ago are expected
to show a return on investment within 12 months.
The built-in Voice Over IP features alone allow his 300-user company,
which provides transaction processing services and IT solutions to the
pharmaceutical industry, to save on long-distance calling, PBX
maintenance, outsourced services and international data lines.
Before the IRS devices, he was using a mix of routers, firewalls, VPN
concentrators and standard PBXs. ”The integrated routers have allowed us
to not only replace our existing routers, but our switches and
firewalls,” Kouzios says.
One of the biggest benefits he’s seen is in the cost savings on skilled
”We don’t have to figure out how to keep a bunch of disparate
technologies working together, and we were able to cut our support to
just a single platform,” Kouzios explains. ”All of the engineers are
now able to manage all of the equipment at all of the sites whereas
before each engineer had a specialty.”
That kind of consolidation is a plus, according to Andreas Antonopoulos,
senior vice president at Nemertes Research in New York City.
”There is a strong demand and trend toward consolidated devices at the
branch office where there is little to no IT staff,” he says.
Antonopoulos says branch offices and small offices can see significant
total cost of ownership gains in managing a fleet of consolidated devices
from a single location. But he warns that integrated routers are not yet
a fit for large enterprises.
”The operational and cost savings are not enough to justify the loss of
flexibility and loss of best-of-breed features,” he says ”For instance,
appliances that address Voice Over IP security have more depth and
sophistication than something attached to a broader suite.”
Like Gonzales, Antonopoulos says placing all your security in a single
box breaks the layered defense model for larger enterprises.
”Integrated routers have to share feature interfaces so that makes them
vulnerable to attacks. If you have six different appliances in layers,
then the attack doesn’t get the whole way through your network,”
Another consideration is cost. While Kouzios says the price works for his
company, he could see it spiraling out of control for a larger firm. ”I
don’t think they are going to be cost effective enough to use for a large
number of very small remote sites, although they fill the SMB market
we’re in nicely,” he says.
Some vendors say the integrated routers are just one option for
consolidation and that others soon will emerge.
”Functionality may integrate into the router or maybe some other device
in the network,” says Pat Patterson, director of security solutions at
Nortel Networks, Inc. in Raleigh, N.C. ”If an organization is worried
about security, they may buy a unified threat box that’s honed for
security. Or maybe you’ll get all your application optimization in
Patterson contends that one problem with burdening the router is that
advanced features are application-aware and require deep packet
”This is not something a router would typically be doing,” says
Patterson. ”To expect a router to do something that it doesn’t normally
do might be asking too much and be too onerous… When a device does
everything, it does a little bit of something for everybody, but not a
lot for anybody.”