Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Networking

    Cisco Routers Gain Power

    By
    Andrew Garcia
    -
    November 15, 2004
    Share
    Facebook
    Twitter
    Linkedin

      Cisco Systems Inc.s Integrated Services Routers provide outstanding throughput and encryption performance, making the devices an attractive option for small and midsize businesses or branch offices that want to simplify their network without sacrificing security or application support.

      Click here to read the full review of Ciscos 2800 Series routers.

      2

      Cisco Systems Inc.s Integrated Services Routers provide outstanding throughput and encryption performance, making the devices an attractive option for small and midsize businesses or branch offices that want to simplify their network without sacrificing security or application support.

      eWEEK Labs tests show Ciscos Integrated Services Routers offer security and voice services on one platform without degrading performance in real-life deployments. Integrated hardware cryptographic accelerators provide improved encryption performance using Triple DES (Data Encryption Standard) or AES (Advanced Encryption Standard). New module interface slots provide throughput capabilities to support advanced services while remaining backward-compatible with most legacy interface cards.

      However, companies that are comfortable with their current security infrastructure or that have no near-term interest in VOIP (voice over IP) may balk at the built-in premium that comes with such an expandable platform. These companies, instead, should look to similarly feature-rich integrated solutions from Juniper Networks Inc. or Enterasys Inc. that offer improved firewalling in the base offering. Other alternatives include more-affordable basic solutions from 3Com Corp. or Adtran Inc. or even Ciscos previous-generation platform.

      We tested the 1U (1.75-inch) Cisco 2801 and 2U (3.5-inch) Cisco 2851, each of which is designed to support multiple T-1 (1.544M-bps) WAN connections. Both models are available now.

      We focused on the performance impact of enabling multiple services in each device, examining the effects on throughput performance. As we layered on additional security services, we scrutinized the impact of IPSec (IP Security) encryption and Ciscos IPS (intrusion prevention system).

      For the base price of $1,995, the Cisco 2801 includes two Fast Ethernet ports, 128MB of DRAM (dynamic RAM), 64MB of CF (CompactFlash) and an embedded hardware cryptography accelerator. The Cisco 2801 also includes four HWICs (high-performance WAN interface cards) and two AIMs (Advanced Integration Modules).

      The Cisco 2851 device includes two Gigabit Ethernet ports, 64MB of CF and 256MB of DRAM for the base price of $6,495. The Cisco 2851 offers four HWICs, two AIMs, one Enhanced Network Module and one Extension Voice Module slot to increase voice services or density, plus the cryptography accelerator.

      To each device, we added the Cisco IOS (Internet Operating System) Security feature set, which includes the advanced Cisco IOS Firewall and IPS features, for $1,000 more each ($900 when purchased with the router). We also added a double-wide, nine-port Fast Ethernet switch HWIC ($800) to each router tested.

      The base version of Ciscos IOS that comes with these routers includes basic ACL (access control list) capabilities, but we would like to see Cisco offer the more-robust, stateful-inspection Cisco IOS Firewall as part of the base package.

      However, we appreciated the modularity of the intrusion prevention engine. The IPS upgrade process is decoupled from IOS, so administrators can upgrade to the latest signatures without upgrading the core operating system.

      To measure the routers throughput, we used NetIQ Corp.s Chariot with the benchmark endpoints installed on two IBM Gigabit Ethernet-enabled eServer 325s, each configured with Advanced Micro Devices Inc. dual-Opteron processors and 2GB of RAM.

      We performed two sets of tests for each set of services. The first tests were designed to maximize throughput, using eight concurrent traffic streams that each used 1,518-byte packets. The second set of tests measured a more realistic traffic load, with the eight streams carrying a mix of 64-byte, 570-byte and 1,518-byte packets.

      Testing raw throughput through each device with no advanced services enabled, we found the Cisco 2801 could support 184MB of full-duplex traffic, while the Cisco 2851 topped out at slightly more than a gigabit of full-duplex traffic.

      We then configured the routers back to back, linked via their Ethernet interfaces, and used RIP (Routing Information Protocol) to route traffic between the endpoint networks. The large-packet tests showed a maximum of 135M-bps full-duplex throughput, while the mix of traffic sizes topped out at 124M bps.

      We configured an IPSec tunnel between the devices using Triple DES for strong encryption and a preshared key. We used Network Instruments LLCs Observer 10 to capture and examine data to verify that traffic was encrypted. The large-packet tests showed a maximum throughput of 74M bps, and the traffic mix yielded 29M bps.

      The IPS service had the biggest performance hit among the services we tested. Throughput performance dropped significantly when we set up the IPS service to scan for all known signatures except two: signature 1101 (Unknown IP Protocol) and 3040 (Null TCP Packet). The large-packet tests resulted in 64M bps unencrypted and 24M bps encrypted, while the traffic mix yielded 34M bps and 12M bps, respectively.

      Technical Analyst Andrew Garcia can be reached at [email protected].

      Check out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.

      Avatar
      Andrew Garcia
      Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at [email protected]

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×