An edge router is a specialized router located at a network boundary that enables an internal network to connect to external networks. They are primarily used at two demarcation points: the wide area network (WAN) and the internet.
The edge router typically sends or receives data directly to or from other organizations' networks, using either static or dynamic routing capabilities. Handoffs between the campus network and the internet or WAN edge primarily use Ethernet -- typically, Gigabit Ethernet (GbE) over copper or over single or multimode fiber optics.
In some instances, an organization maintains multiple isolated networks of its own and uses edge routers to link them together instead of using a core router.
Edge routers are often hardware devices, but their functions can also be performed by software running on a standard X86 server.
At its most essential level, the internet can be viewed as the sum of all the interconnections of edge routers across all participating organizations, from its periphery -- small business and home broadband routers, for example -- all the way to its core, where major telecom provider networks connect to each other via massive edge routers.
In general, edge routers accept inbound customer traffic into the network. Edge routers play a fundamental role as more services and applications begin to be managed on an organization's network edge rather than in its data center or in the cloud. Services considered suitable for edge router management include wireless capabilities often built into network edge devices, Dynamic Host Configuration Protocol (DHCP) services and domain name system (DNS) services.
Edge routers are divided into two different types: subscriber edge routers and label edge routers.
Subscriber edge routers function in two ways:
Label edge routers, which are used at the edge of Multiprotocol Label Switching (MPLS) networks, act as gateways between a local network and a WAN or the internet and assign labels to outbound data transmissions. Edge routers are not internal routers that partition a given AS network into separate subnets. To connect to external networks, routers use the Internet Protocol (IP) and the Open Shortest Path First (OSPF) protocol to route packets efficiently.
Edge devices characterize and secure IP traffic from other edge routers, as well as core routers. They provide security for the core.
By comparison, core routers offer packet forwarding between other core and edge routers and manage traffic to prevent congestion and packet loss. To improve efficiency, core routers often employ multiplexing.
Core routers are generally larger routers that perform centralized routing for subnetworks within a business. Although core routers and edge routers both move packets between networks, the way they operate is vastly different, due to their locations within the network and routing duties. Core routers tend to move packets as fast as possible because they interact less with the outside access network and, therefore, have less novel security threats to consider. Edge routers encounter more complex configuration and security issues and, therefore, focus on those challenges over speed.
The definitions of edge router and branch router can sometimes overlap depending on their application. Any router model can fit into any of these descriptions -- edge, branch or core. The distinctions between them come not from the specific capabilities of a given router but from the role it plays given its context in network deployments.
The term branch router usually refers to a router that exists in a remote branch of an enterprise's network. They interface primarily with other network routers, distinguishing them from edge routers. They do so from a remote branch, however, distinguishing them from core routers, which primarily route information within centralized subnetworks. A remote branch can be defined as a piece of the network that has been segmented using a virtual local area network (VLAN) or as one LAN within a WAN. Branch routers often exist at remote sites at the edge of a WAN and connect to the corporate LAN.
Many vendors that market branch routers integrate multiple services into a single platform, eliminating the need for additional hardware to run their product.
Since edge routers serve as a connection point between external networks, security is an issue for enterprises that need to control who might try to access the corporate network.
To ensure security, edge routers can either be configured with tools that include access control lists (ACLs) or can be purchased with built-in support for firewalls. This enables more advanced security safeguards, including virtual private network (VPN) tunnels and signature matching through intrusion prevention systems (IPSes) and intrusion detection systems (IDSes).
The main benefits of edge routers are:
The main challenges of implementing an edge router revolve around edge security. As mentioned, enterprises can't control who might try and access the corporate network. If purchased with built-in firewall support, firewall rules should be configured to satisfy the security needs of a corporate network. IT administrators should also ensure that all router firmware is up to date, as outdated routers might pose a security risk when faced with newer attacks. Edge routers should also be configured to have high availability (HA), meaning they should be structured to hand over workloads to other working routers in the event of a failover.
Some popular router vendors and their respective products include the following:
22 Sep 2021