Edge Routing Gets Service Friendly

ATLANTA -- Supercomm -- While carriers and investors mumbled about the grim economic outlook here in the hallways of the Supercomm 2002 tradeshow, equipment vendors tried to maintain their best face as they pumped up new product features on the show floor.

This week, much of the product news revolved around equipment features designed to drive new data and security revenues for carriers. Cisco Systems Inc. (Nasdaq: CSCO), CoSine Communications Inc. (Nasdaq: COSN), Network Equipment Technologies Inc. (net.com) (NYSE: NWK), Nortel Networks Corp. (NYSE/Toronto: NT), and Unisphere Networks Inc., all announced product enhancements that extend the Internet Protocol (IP) services offered on their boxes.

Past popular service buzzwords have included virtual private networks (VPNs), the first IP data services that many of these companies offered. But the equipment providers are building a range of additional features into their products, including content filtering, denial-of-service protection, and Web-based customer provisioning.

What’s interesting about most of these announcements is how similar they are. In general, the edge router vendors are starting to incorporate the services that were once pitched as a separate equipment class -- the so-called service delivery platforms. And companies with service delivery platforms, likewise, are announcing more routing features.

“The line between service platforms and edge routers is blurring,” says Michael Howard, founder and principal analyst with Infonetics Research Inc. “We used to break the market into three categories: edge routing, aggregation, and service delivery. Now we just have one.”

John Burnham, vice president of marketing at Unisphere Networks maintains that edge routers (such as Unisphere’s MRX and ERX, along with Cisco’s line of routers) have a better chance than the service-delivery platforms (such as Nortel’s Shasta and CoSine’s IPSX) because carriers have already deployed the former and they can simply layer services onto them.

But some of the service-creation players accuse the routers of mimicking their ideas.

“We find it very amusing,” says Bert Whyte, CEO of net.com, which does not offer VPNs, but has pushed the idea of service creation for the past year. “They’ve finally realized that VPNs are only a sliver of what can be offered from a service creation device. We welcome them all into our community."

Some analysts say there will be a place for both types of product in the market.

“Some carriers are going to want to add a blade for services into their big routers,” says Frank Dzubeck, president and CEO of Communications Network Architects. “But there are an awful lot out there that just want a smaller dedicated box for offering IP services.”

So who's doing what? Here is the rundown on the announcements:

  • Cisco announced enhancements to its broadband aggregation routers including the 7200, 7400, and 10000 Internet Routers (see Cisco Unleashes News Deluge). It has added features like dynamic bandwidth selection (DBS), which allows end users to turn up services; service selection gateway (SSG), which enables carriers to provide customized and branded portals for end users; and per-user network-based firewall capabilities, which gives end users the ability to select different levels of firewall protection for individual family members or employees. The company has added an additional processor to the 7200 and 7400, to help improve the throughput performance on these devices. The 10000 already comes equipped with dual processors.

  • Unisphere, another edge routing player, announced similar functionality with its new software-based product, the SDX (see Unisphere Shoots for Service Creation). It too offers enterprise users the ability to turn up new services and change existing services through a Web browser. But unlike Cisco’s implementation, Unisphere uses a protocol called COPs to communicate policies to routers. Cisco uses Radius, which Unisphere claims is a less optimal solution because it doesn’t maintain state on flows transmitted between the policy database and the routers. Cisco claims that this isn’t a problem, given that its routers maintain state of sessions.

  • Nortel announced upgrades to its service platform, Shasta (see Nortel Offerings Enable VPNs). The company said that starting in September Shasta will be able to integrate third-party applications for firewall, content filtering, and antivirus protection. For the first time, these third-party software applications can be added to the box without introducing latency. It also added BGP-based Multiprotocol Label Switching (MPLS) so that it can support Layer 3 MPLS VPNs, moving Shasta closer to the capabilities of an edge router.

  • CoSine got its start as a network-based VPN platform. It then added firewall capability from Check Point Software Technologies Ltd. (Nasdaq: CHKP). This week the company announced that it is also adding denial-of-service protection to the platform (see CoSine's Fear Factor ). The IPSX already offered routing protocols (including BGP and OSPF) and MPLS VPNs.

  • Net.com also announced product upgrades this week and made a push for its service creation community (see Vendors Hold Service Creation Love-In). The Scream platform is based on an Asynchronous Transfer Mode (ATM) infrastructure and handles multiple types of traffic, including IP. Unlike the other vendors’ products mentioned here, net.com’s Scream platform doesn’t support MPLS nor does it support VPNs. This week at Supercomm, the company announced enhancements to the platform -- traffic management features that will allow carriers to guarantee bandwidth to enterprise and residential customers. It also announced ATM multicast for delivery of real-time video. And it added the OSPF routing protocol.

— R. Scott Raynovich, US Editor, Light Reading, and http://www.lightreading.comMarguerite Reardon, Senior Editor, Light Reading
BGP_OSPF_ISIS_RIP 12/4/2012 | 10:17:55 PM
re: Edge Routing Gets Service Friendly If they have just started announcing products, they won't be having a real one for another year or so.
toohideous 12/4/2012 | 10:17:54 PM
re: Edge Routing Gets Service Friendly LR did a test of these types of boxes last month. Most of these vendors were invited but didn't show up.


What gives? Maybe BGP_OSPF_ISIS_RIP is right, it's not really ready yet.

Anyone at supercomm see this stuff demonstrated???? What about the quarry or netscreen (who did show up for the vpn test). Is their stuff demonstrated convincingly at the show???


Tim Hale 12/4/2012 | 10:17:44 PM
re: Edge Routing Gets Service Friendly Anyone at supercomm see this stuff demonstrated???? What about the quarry or netscreen (who did show up for the vpn test). Is their stuff demonstrated convincingly at the show???


I didn't see Netscreen at SuperComm, but Quarry Technologies was there with what I think was a very cool demo (of course I work for Quarry).

We had a live network with two of our iQ8000 service edge switches connected back to back with a Gigabit Ethernet link. We set up a 3DES IPsec encrypted VPN tunnel over the link and blasted Smartbits traffic through it at theoretical maximum line rate (a lot like we did for the Light Reading test). The traffic also flowed through stateful ingress and egress firewalls on the switches. We set up the Smartbits traffic with best-effort service to represent background traffic on a conjested IP backbone network.

Next, we started up a racing game between terminals on either side of the demo network. (Contestants raced each other while our Director of Product Management described the action.) The game traffic traversed the same backbone Gigabit Ethernet link, but passed through distinct virtual firewalls and ran over its own encrypted VPN tunnel. This flow was assigned a higher QoS level and given precedence over the Smartbits background traffic.

Lastly, we injected video traffic over our conjected backbone link. This traffic also passed through distinct stateful firewalls and ran over its own VPN tunnel, but in order to demonstrate security with QoS, and to show off our customer self-management capabilities, we started up the video initially using simple best-effort service. As you would expect, the video contented with the Smartbits traffic, packets were dropped, and the movie was jumpy. We showed the effect of the contending application flows using our iQMON real-time service monitoring utility, which displayed their ingress bandwidth and related packet discards, in a graphical format. To improve the movie's service quality we launched our iQSMS Service Level Manager application and changed the the QoS of the video to Expidited Service, on the fly. The picture cleared right up and the iQMON screens clerly showed the video flow taking precidence over the background flow.

Pretty convincing, huh!?

In another pod in the Quarry booth, we also showed a demo of our recently announced (6/3/02) stateful firewall and NAT support for SIP and H.323 with voice and videoconferencing applications.

Tim Hale
SaberJB 12/4/2012 | 10:17:40 PM
re: Edge Routing Gets Service Friendly I don't see how a router can provide these services with the performance and managability we require unless it was designed for this purpose from the start. Too much processing power is required and too much management detail needs to be collected to do it effectively with software or add-on hardware.


BTW - I think I saw that same demo at N+I in Las Vegas. It was pretty cool -- fun game -- but I would have liked to see the SIP FW/NAT stuff too.
asmo 12/4/2012 | 10:17:40 PM
re: Edge Routing Gets Service Friendly SaberJB,

I'm interested in understanding your point of view, what is the exact issue here.

Which services specifically have performance problems?

What is the managability issue?

Why do you think that hardware cannot be developed to support more advanced services?

I'm not flaming you, just curious.

CanMan 12/4/2012 | 10:17:34 PM
re: Edge Routing Gets Service Friendly Well its nice you guys keep developing new features, when are you going to announce a customer?
BobbyMax 12/4/2012 | 10:17:32 PM
re: Edge Routing Gets Service Friendly Neither of the companies ( Cisco, Cosine, etc.) do not have standard products that can be deployed by RBOCs,. None of these products, to the best of my knowledge, have standard products. They do not follow what is called Standard Service Delivery Platform. These products also do not integrate mobile devices.

The biggest deficiecy that these products have is that they do not support quality of service routing. Unless these products Quality of Service and large scalability, these would not be suitable for RBOCs. They will make small dents here and there.

These minor companies mentioned in the report, start-ups and even some larger companies such as Cisco have contributed to the destablization of the telecom sector.
SaberJB 12/4/2012 | 10:16:45 PM
re: Edge Routing Gets Service Friendly Asmo:

3DES IPSec encyption is the most processor intensive application by far, but also supporting other services like firewalls, NAT, QoS, etc. for potentially thousands of subscribers is beyond the capability of most general-purpose edge routers -- even with their new upgrades.

The managability issues concern both setting up the services and auditing them. Systems with add-on tunnel modules, for example, tend to have rudimentary element management apps that are poorly integrated with the host system's network management platform. Additionally, the management platforms are not able to assimilate the detail needed to monitor and bill for advanced IP services.

Add-on modules may add some capabilities to edge routers, which might be appropriate for light-duty use, but dedicated purpose-built systems are preferable for production IP services.

Sign In