Various industry sources show trends in globalization and distribution, of employees moving towards the branch. Branch office users comprise 30 to 90 percent of enterprise employees globally, with remote locations and users consuming 70 to 90 percent of business resources. To be successful, these employees require access to the same applications, systems, and tools as employees located at a corporate headquarters. They need a borderless network, where one can turn up any service, anywhere at any time. Furthermore, when working with these tools, they expect the LAN-like user performance found in headquarter offices. They expect a borderless network with a high quality user experience. Fueling this branch movement are advances in branch access speeds. The primary technology for this advancement is Ethernet Wide Area Networks (EWAN).
Ethernet has evolved from just a LAN technology to a scalable, cost-effective and manageable WAN solution for businesses of all sizes. Ethernet offers numerous cost and operational advantages over conventional WAN solutions. An EWAN offers robust and extremely scalable high-quality services that are superior to any traditional WAN technology.
Customer Premise Equipment Choices for EWAN
When choosing Customer Premises Equipment (CPE) to connect to an EWAN service, it comes down to the choice of either a router or a switch. Over the past decade the line between what is a router and what is a switch has been blurred. This trend stems from advances in Application Specific Integrated Circuits (ASICs) and their ability to perform more complex forwarding functions. The original definitions for switches and routers were simple in that switches perform Layer 2 forwarding and routers performed more process intensive operations at Layer 3. However, as networks grew and as the EWAN market matured, switches were required to do more. They now run Layer 3 routing protocols and moved Layer 3 forwarding into ASICs. In the mean time, routers advanced with faster Central Processing Units (CPUs), the integration of unified voice, collaborative video, video surveillance, firewalling, intrusion protection, custom applications and Layer 2 switching, etc.
How does one define these two devices in today's network? The original definitions center around what layer traffic was forwarded. However, this old paradigm no longer accurate, since both switches and routers have taken on new feature sets. A newer, more practical differentiation is defined as:
• Switches forward traffic through hardware, in ASICs, providing a targeted set of pre-defined network services at Gigabit speeds.
• Routers forward traffic through software in a CPU and provide a flexible, expandable and rich set of network services at sub-Gigabit speeds.
While the definition above is accurate, it does not necessarily answer the question on whether one should choose a switch or a router when attaching a branch-office to an EWAN service. A more comprehensive examination of what routers and switches offer is necessary.
Because Ethernet is a Layer 2 technology, a common misconception is that a Layer 2 switch is required when attaching to a Layer 2 Metro Ethernet EWAN service. Although many EWAN services are Layer 2 switched services, Layer 3 devices can attach to them. Furthermore, even with a Layer 2 EWAN service customers typically route or switch at Layer 3, instead of spanning chatty Layer 2 domains across a WAN circuit or Virtual Private Network (VPN).
For most vendors, switches come in two categories, general-purpose LAN and Metro Ethernet. General-purpose switches are designed for LAN applications and are not intended for WAN deployments. Metro Ethernet Switches retain much of the LAN feature sets found in general-purpose switches but add WAN connectivity features, including:
• Hierarchical Quality of Service (HQoS) to efficiently shape customer traffic to meet the service provider's Service Level Agreement (SLA)
• Several variations of Multiprotocol Label Switching (MPLS), used to interact with the service provider's network
• Ethernet Operations, Administration, and Management (EOAM) protocols used to configure, manage and detect errors across the EWAN
In certain branch deployments where services are not a critical requirement, or where services are performed by appliances, Metro Ethernet switches offer an alternative to routers. By using an ASIC architecture to forward traffic, Metro Ethernet switches provide line-rate Gigabit Ethernet services with SLA guarantees.
Cisco Metro Ethernet switches offer termination of fiber and copper Ethernet. A single switch scales across multiple performance segments, sub-10 Mbps up to 1 Gbps. In certain instances, CPE and the service provider access device or user provider edge [UPE]) can be combined in a single Ethernet device.
Cisco offers three EWAN switches:
• Cisco® ME 3400 Series Ethernet Access Switches (ME3400): Basic business Layer 2/3 services with control plane and port security, EOAM, and Metro Ethernet Forum (MEF) certifications
• Cisco ME 3400E Series Ethernet Access Switches (ME3400E): Advanced business access Layer 2/3 services builds upon the Cisco ME 3400 Series and adds traffic shaping, selective IEEE 802.1Q Tunneling (QinQ), redundant power supplies and fans, and alarming
• Cisco Catalyst® 3750 Metro Ethernet Switch (C3750-Metro): Premium business Layer 2/3 services builds upon the Cisco ME 3400E Series and adds Multi Protocol Label Switching (MPLS), Ethernet over MPLS (EoMPLS), Hierarchical Virtual Private LAN Services (H-VPLS), and HQoS
Branch routers come in two categories, General Purpose and Integrated Services. General purposes routers typically focus on basic WAN routing, supporting a limited number of routing protocols and a variety of WAN interfaces. General purpose routers can be a good choice when one is interested in simple routing. A typical use case arises when customers need Layer 3 visibility with a full Internet routing table for a branch network with multiple WAN exit points, or when the service provider requires the customer to peer with the their network. An Integrated Services router allows the customer to take advantages in advanced technologies, allowing them to more effectively meet their strategic business challenges. Integrated Services routers allow customers to deploy a borderless network, giving them on-demand services, anywhere at any time, without a truck roll.
In order to meet these challenges, branch-office networks need to be secure, available, remotely manageable and must deliver application performance and a quality experience that is as good as in the headquarters office. Although the benefits of technological advancements and policy compliance are fairly tangible, the costs and complexity of owning and operating a full-service branch is difficult to predict. Does the existing equipment have enough headroom to support branch-office growth needs? What are the complexities in introducing a new application in the branch office? Is there a significant cost and learning curve to implement a new solution?
Cisco Integrated Services Routers (ISRs) meet these needs, by providing a fully integrated, secure networking and converged IP communications routing and switching solution, built for branch-office applications. From a single Cisco ISR platform, one can connect IP phones; wireless access points controlled by an internal wireless LAN controller module, IP-based video cameras to the network and power all of them using the IEEE 802.3af Power over Ethernet standard.
With the optional integration of Cisco Unified Communications Manager Express, the router can also provide call processing for the phones. ISRs provide a wide variety of security features, one of which is Identity Based Network Connection (IBNC), where as users attempt network access through an EtherSwitch Service Module, the module can use IEEE 802.1x and a large number of Cisco 802.1x extensions to validate the credentials of the end device and place the user in the appropriate VLAN or block it from the network all together. As end-user data leaves the LAN, the router can encrypt the traffic and place it on a multitude of firewalled, VPNs, securing communications between branch offices and central sites.
This high degree of convergence simplifies the network architecture and allows for cost-effective deployment of advanced services at the branch-office level. Furthermore, because many of the Service Modules in the ISR are based on other Cisco equivalent devices, they will run the same software features as used in headquarter or hub sites. This provides pervasive features throughout the company-wide network, reducing hardware counts, increasing network availability, simplifying software validation efforts and delivering a consistent user experience from all points in the network.
Cisco provides Integrated Services Routers of all sizes, ranging from smaller branches with the ISR 800 series to larger branches with the Cisco Integrated Services Router Generation 2 1900, 2900 and 3900 series. These routers cover the needs of customers ranging from teleworkers to large branch offices.
Router and Switch Value Propositions
The lists below detail the value propositions for a switches and routers.
Switch Value Proposition
• Designed for customers concerned about the initial capital expenditures (CapEx)
• Line-rate forwarding over multiple ports
• Useful when the network does not require advanced services or deploys advanced services with appliances
Routers Value Proposition
• Designed for flexibility, investment protection, and lowest total cost of ownership (TCO) branch-office solutions
• All-encompassing WAN interfaces, third-generation (3G), T1/E1, T3/E3, DSL, cable, satellite, etc.
• Branch-office solution with high availability and redundancy
• All-encompassing feature set that is highly evolvable
• Advanced and highly scalable WAN routing and multicast features
• Greater VPN flexibility, point to point, multipoint, fixed and on-demand tunnel initiation, etc.
• Sub 1-Gbps performance on EWAN uplink ports when a heavy load of features is applied
• Advanced services:
– Unified communications, analogue and IP telephony, voicemail, Automated Attendant, Survivable Remote Site Telephony (SRST), etc.
– Application integration: Custom, third-party, by industry market, horizontal, etc.
– Video: Surveillance and video caching
– Wide Area Applications Services (WAAS)
– Network Address Translation (NAT) and Port Address Translation (PAT)
– Security: Intrusion prevention system (IPS), VPN, and firewalling
– Monitoring tools: NetFlow and IP SLA
– VPN and IP Security (IPsec) encryption
– Integrated LAN switching
– Collaboration services
Making a Selection
The primary selection criteria revolve around five questions:
• What is the required throughput of the EWAN interface?
• Does the CPE need to hold the Internet routing table?
• Is Ethernet the only WAN interface needed and are EWAN services ready to use?
• Is your purchasing modal based on CapEx or operating expenses (OpEx)?
• Can advanced technologies such as integrated wireless, voice, video, WAAS, application integration, or security help you with your business strategy?
Choosing a switch or a router based on speed is simple. Since routers are CPU based their performance decreases with the number and type of services added. On the other hand, since switches forwarding is performed in ASICs, they continuously forward at line rate Gigabit speeds . As rule of thumb, if one needs over 1 Gbps, bidirectionally, a switch is required.
Routing Table Size
Currently a full Internet routing table is 240,000 routes. This number can typically be summarized down to 100,000 routes at the branch office. A large number of routes is typically needed when there are multiple WAN exit points and paths from the branch to the WAN. Most switches can hold between 12,000 and 32,000 routes. Therefore, if the EWAN service or connectivity policy requires a large number of routes, a router is needed.
Multiple WAN Interface Media
High availability WAN requires multiple interfaces. Typically, this is an active-standby arrangement, where only one link is active at a time. In many cases the backup link is of lower speed and of a different medium type, 3G, xDSL, cable, satellite T1/E1, etc. These interface types are not supported by switches. Thus, a router is required. In the case where both links are active, sophisticated load balancing and Layer 3 visibility is required and thus, so is a router.
3G connectivity, found in ISRs, provides the option to instantly turn up services while waiting for an EWAN service to be provisioned by the service provider, allowing business to get underway. Later on, the 3G interface can be used as a backup medium or can be redeployed at another branch.
CapEx Or OpEx
Switches are generally less expensive than routers; the price varies from device to device. In an integrated branch office, where one uses appliances such as security appliances, voice, wireless, WAAS, video, etc., one can reduce CapEx by 5 to 30 Percent by using a Cisco ISR. However, CapEx is only part of the picture. According to a Gartner Group study in 2005, CapEx constitutes 20 percent of branch TCO, whereas OpEx constitutes 80 percent. OpEx benefits of Cisco ISRs include higher availability with fewer parts to fail, operating efficiency with few devices to manage, and simplified system support with one device to troubleshoot and one point of contact for customer support. Over a 3-year lifecycle the savings is estimated to be 70 percent per year when using an integrated Cisco ISR instead of standalone devices.
The Right Way To Deploy Advanced Services
It is not enough to simply support the bandwidth requirements of the evolving branch office. Many businesses have realized the financial gain made from consolidating branch-office equipment and services into fewer and more controllable entities. Adding to this business benefit, integrated custom application engines allow one to design new services to gain a competitive advantage and drive create new revenue streams.
The Cisco ISR Generation 2 (ISR G2) supports an industry-leading array of services. But simply adding services is not enough. A proper hardware and software deployment architecture is needed to fully realize the service advantages and to scale into the future. The Cisco ISR G2 takes services a step further. With its Services Ready Engine (SRE), the Cisco ISR G2 supports a services-on-demand application model that allows one to activate and pay for new services as they are needed, without a complete system upgrade or a truckroll. This benefit plays an important role when choosing a new branch-office CPE in that it can both accommodate consolidation and it allows one to easily introduce new services into the network.
Furthermore, the architecture of the Cisco ISR G2 is intelligently designed with services in mind. The Cisco ISR G2 has an integrated multigigabit fabric, connecting services modules to its wireless controllers and EthernetSwitch switching modules. Therefore, unlike other routers, traffic can be switched from the users directly, via the EtherSwitch, to and from the SRE and other modules, decoupling the LAN and advanced services from WAN performance.
In the short term a simple switch may seem to be the answer, but in the long run the Cisco ISR G2 and Borderless Networking provides the branch-office with the lowest TCO and the right tools to accelerate business at any time, everywhere in the network.