Branch networking: Comparing branch office routers

This comparison of branch office routers examines the features and functionality offered by leading branch networking vendors.

Today’s branch office router offers more than simple wide area network (WAN) connectivity. While vendors compete...

in terms of the throughput, supported protocols and interfaces that their routers offer, they are also integrating features into their products that have traditionally required additional boxes, such as WAN optimization, traffic shaping, encryption, content filters and spam filters.

Read ahead for a comparison of some of the basic features and functions offered by the leading branch office router vendors along with a few newer alternative vendors. Avaya, Cisco, HP and Juniper Networks are long-established branch office router vendors. Meraki and Vyatta are newer to the market and offer products with unique, differentiating features. Netgear, better known for consumer and small business routers, also offers products that can link a branch office to a central site.

Whichever vendor an enterprise chooses, WAN managers should ensure that they can manage their branch office routers remotely, since branches typically lack on-site IT staff. WAN managers should also consider whether it is worth choosing their incumbent networking vendor’s routers so that staff can avoid having to learn a new management syntax.

Avaya: Avaya’s branch office routers are products of the company’s strengths in voice communications. Its Secure Router Series includes QoS features that optimize voice and video performance. These routers feature one to four T1/E1 interfaces, an optional ISDN Basic Rate Interface (BRI)  and an integrated Channel Service Unit/Data Service Unit (CSU/DSU).

Avaya also offers the Advanced Gateway 2330, which extends unified communications services from a central site to the branch. The unit also supports Session Initiation Protocol (SIP) and connections to the PSTN network.

Cisco Systems:  Cisco’s Integrated Services Router Generation 2 (ISR G2) Series. ISR G2 routers support a range of WAN interfaces, stateful firewalls, hardware VPN acceleration with DES, Triple DES and AES encryption, content filtering, intrusion protection, local conferencing, digital voice support and SIP. 

Cisco offers Services Ready Engines (SRE), Media Services Engines, and Enhanced EtherSwitch modules that WAN managers can plug into ISR G2 units.

  • SRE module: This blade can run Cisco, third-party and custom applications on an ISR G2.
  • Media Services Engines: This blade hosts high-density voice video connectivity, conferencing and secure voice for customers of Cisco unified communications technology.
  • Enhanced EtherSwitches: This blade enables Layer 2 and 3 switching on the ISR G2 with feature sets identical to those in the Cisco Catalyst® 3560-E and 2960 Series switches.

HP Networking:  HP’s branch office router portfolio consists of products developed by its ProCurve division and products from its acquisition of 3Com.

The V100 Cable/DSL router connects branch offices to the central site through a VPN. The unit also includes a stateful packet inspection firewall.

The HP A Series includes models designed for branch office applications plus higher capacity models designed for the core of the enterprise network.  Fixed-configuration Ethernet router models A-MSR20 through A-MSR900 support a range of Ethernet interfaces with some models supporting 802.11b/g and 3G wireless. Model A-MSR20-1x also supports T1/E1 and DSL connections. The A7000dl model is also designed for branch office use. Network administrators can insert interface modules that support T1/E1, ADSL, ISDN and serial into slots on the router.

Juniper Networks: J Series routers support multiple WAN interfaces including serial, T1/E1, FE, DS3/E3, ISDN, ADSL2/2+, G.SHDSL and Gigabit Ethernet. They include a firewall and support Layer 2 access protocols including frame relay, Ethernet and PPP/HDLC. Models within the series are designed to integrate with Avaya voice solutions and provide QoS features that enable voice traffic prioritization.

Branch office SRX Gateways combine WAN connectivity and switching with unified threat management including antivirus, anti-spam, URL filtering and firewall/VPN services. The series ranges from the SRX100 model—a fixed-form factor unit with eight 10/100 Ethernet ports—to the SRX650 that supports pluggable interface cards, up to four T1/E1 interfaces, 24 Gigabit Ethernet interfaces and two 10-Gigabit ports.

Meraki: Meraki specializes in distributed wireless LAN infrastructure and industrial environments with high levels of ambient radio frequency interference. Several towns and cities provide Wi-Fi access to their citizens and restaurant chains to their customers using Meraki products. Meraki’s new MX Multi-Service routers connect local networks to enable worldwide distributed networks.

Meraki routers and access points require no on-site configuration. A newly installed unit automatically connects to a centrally located Enterprise Cloud Controller to download settings. Ongoing monitoring and maintenance are also centralized in the controller.  

MX Series Routers combine routing functions with a firewall, Layer 7 traffic shaper, and a Children’s Internet Protection Act (CIPA)-compliant content filter. Branches are connected via redundant Internet connections through IPsec tunnels. Layer 7 fingerprinting technology enables administrators to identify and block objectionable content and applications. Administrators can prioritize critical applications like voice and video. Users are identified by name, operating system or device. If necessary, specific users can be prevented from accessing the network.

Netgear:  Netgear offers branch office routers that supply Wi-Fi access to branch employees. They support site-to-site IPsec and SSL VPN to provide connection through the public Internet to a central site.

Vyatta: Vyatta differentiates itself from other router vendors with a software-only router. Its routing software can be downloaded and installed on commodity server hardware. The software can operate within a VMware, Xen, XenServer or Red Hat KVM virtual environment or in a public cloud such as Amazon AMI. Vyatta’s virtual operation allows an enterprise to scale performance as needed with commodity hardware.

Vyatta software includes a firewall, Web filtering and intrusion protection, support for IPsec and SSL VPNs and a variety of QoS features. Vyatta also makes available appliances based on standard x86 hardware platforms.


About the author:

David B. Jacobs of The Jacobs Group has more than20 years of networking industry experience. He has managed leading-edge software development projects and consulted to Fortune 500 companies as well as software startups.

This was last published in September 2011

Dig Deeper on Branch office network design