The idea that Cisco's products are "hardware based" when compared to the two software-based routers reviewed here is a little misleading. Cisco's routers contain a power supply, internal bus, memory (main), storage (flash), a processor and an operating system -- just like any PC. They also have specialized network cards (contained in "modules") capable of handling just about every connection imaginable. In short, Cisco's hardware is nothing more than a specialized computer with modular plug-ins. The major difference is that Cisco's operating system (they call it an "IOS") includes the routing software, whereas the softrouter products we reviewed operate on the Windows family of operating systems. As a result, compatibility problems between the various subsystems of a Cisco router are all but nonexistent. Here are some other comparisons:
COST: Cisco routers will run the small to midsize organization anywhere between $300 and $6,000, depending upon the number of and throughput support of subnets, the type and speed of the uplink, the security options and whether you need voice support. Let's take one of the more common routers in use today -- the Cisco 4500-M. Its throughput capabilities are similar to the systems we tested. The 4500-M supports one 155M bit/sec ATM OC-3 Module, two T-1 ports supporting up to 2.048M bit/sec and up to 16 128K bit/sec low-speed ports. An 800-MHz PC can handle this much bandwidth, which is hardly surprising. Although the 4500-M's components are optimized to do just one thing -- route -- its Reduced Instruction Set Computing processor is only 100 MHz, and its main memory tops out at 32M bytes. If you compare the cost difference for the memory alone, 256M bytes of PC-133 memory for high-end Pentium III's cost just $100, less than one-twentieth the cost per megabyte for that used in the Cisco router.
However, cost isn't everything, and appearances can be deceiving. The 4500-M has a lot of advantages over a comparably equipped software/PC product, including more built-in LAN and WAN protocols, optimized WAN services, and the ability to centrally install and manage your internetworking infrastructure. Besides -- you'll gain a greater uptime rating with a Cisco or other mainstream router product than you will with one that runs as an application or a service on Windows. It still costs $2,000 more than either of the softrouters (including the server hardware) we reviewed, and that doesn't include hiring the services of a Cisco-certified installer. Before making a decision, first consider the target market.
PRODUCT POSITION: Tiny Software's WinRoute Pro is more appropriate for a branch office, while Vicomsoft's Internet Gateway is lends itself toward the corporate office, particularly because it can handle multiplee connections from branch offices, or even dial-up users (via a pooled remote-access server). Some corporations are beginning to take their workgroups, with their specific security requirements, and throw them behind software-based network address translation (NAT) routers such as these.
Can either product handle the needs of a large corporation, say, with 5,000 users or more? Many such corporations often connect to the Internet with nothing more than one or two T-1 lines, for less than 5M bit/sec bandwidth. Both products can handle up to six times that throughput on a fast PC. Still, Internet Gateway limited itself to 1,024 users if DHCP was being used, and WinRoute Pro's e-mail services would add significant overhead if used by more than a few dozen people. Whether you would ever use either of these products in that large and diverse of an environment would depend entirely upon your current and future internetworking needs. Most such corporations would require the significantly more diverse capabilities delivered by Cisco's line of higher-end routers.
RELIABILITY: If you installed these products on a clean system, with the latest service packs and security patches, and didn't load any other software, and enabled NAT, they'd be just as secure as any offering by Cisco. The "blue screen of death" is a phenomenon usually related to cutting-edge video cards (and their newly written drivers) or buggy network card drivers.
Although NAT was originally designed for IP consolidation and conservation, it doesn't operate from within the operating system, but installs itself between the hardware layer and the IP stack, and so has unfettered access to and control over all packets before they can be of any harm. The result is increased security. NAT is integral to Internet Gateway and WinRoute Pro, while Cisco uses NAT in its IOS with full NAT capability in IOS Versions 12.0 and beyond. Both implementations adhere to RFC 1631, which describes IP NAT in detail.
Cisco's depth of experience in internetworking is clear in its implementation of NAT because it not only hides the IP address of internal users from the outside, but it can also hide the IP address of external source addresses from those on the inside, which is a good way to keep key internetworking resources hidden from potentially malicious employees.
If you want to keep the bad guys out of your network, there's really no difference between the two in terms of their level of security. Even Cisco's use of NAT in PIX is fundamentally the same as its use in its IOS. Still, Cisco's routers are significantly better at resisting denial-of-service attacks, mainly because Cisco's IOS is both the operating system and the routing/security software in one package. Not only is this far more condensed and less complicated than Windows, but it also tends to be significantly faster, and can be quickly updated by Cisco whenever it learns of a new type of attack -- much like Symantec can update its virus definition files several times an month. The Cisco approach is far more condensed and less complicated than Windows, and tends to be significantly faster. It also can be quickly updated whenever Cisco learns of a new type of attack -- much like Symantec can update its virus definition files several times an month.
This story, "Soft vs. hard routers" was originally published by Network World.