Enterprise Router

[Mummy]

Hello all,

i was wondering if any of you know a router that can handle huge amount of connections, our company can't just buy one and test it (small reality) and give it back if it sucks, so maybe some of you can direct me to a router you have in your Enterprise (like 60+ ppl) that you are sure it works fine ?

Common "house" routers can't handle such workloads, NAT table gets full quick and some machines won't go over net very soon. Thanks

 

[Blazkowicz]

I don't know shit about enterprise routers but you could test a mere PC with a dedicated NAT/firewall linux distro

 

[Mummy]

We want to avoid that, pcs with parts that may break, like HDs and so on, are a no go for us.

 

[Albuquerque]

Well, an "enterprise router" for our organization would be something along the lines of hundreds of thousands of clients behind it, so I can't directly recommend a router that we use in our business that would be applicable to you. Example: two of their 7000-series is what we use in our datacenter, but somehow I don't think you need 10Gbit fiber wire-speed routing with multi-hundred-gigabit backplanes.

However, there's a reason that Cisco is the only networking equipment provider for us. Look into their 1800 or maybe 2800 series depending on the bandwidth you have available.

Now of course, this isn't going to have fifty ports to plug all your stuff in -- this is a true router so it only has like a scant few inputs (based on what your internet connection is) and a scant few outputs (based on how many internal network segments you need). Once your data has gone through the router, you'll need a seperate switch to plug all your clients into.

 

[Mummy]

Thanks Albuquerque, i'll look into them.

 

[Mize]

What features do you need?
Firewall?
Stateful packet inspection?
AV?
Web Filtering?
VPN? (and if so, what type)

 

[Albuquerque]

What features do you need?
Firewall?
Stateful packet inspection?
AV?
Web Filtering?
VPN? (and if so, what type)

Good questions, and keep in mind that even my enterprise doesn't do most of the things on this list with our Cisco router equipment.

Our firewall is a huge multi-tier DMZ wth it's own Cisco 6000-class core switch, 6000-class core router, probably six dozen servers, it's own 2TB fiberchannel SAN and probably another two dozen appliances.

Packet inspection is technically a router function, but most of our packet "sniffing" capabilities are handled through our core switches. Any traffic that warrants that kind of scrutiny in our environment will pass at least once through one of our huge 6000 or 8000-class core switches.

AV is handled at multiple points by multiple top-tier providers via multiple high-capacity server and at least two appliances, and really isn't something a router would do.

Web filtering is handled by two seperate vendors for keeping people out of certain obviously non-business sites and keeping people out of "blacklisted" sites for known phishing / trojans / etc. We also use an internet acceleration appliance for caching data. This is also not something that most routers should be expected to do IMO...

VPN endpoint routers are a specialty class, and while you can buy a router that "does it all", a business of your size (ie not that big) will probably use a server as the tunnel endpoint. We use several big Cisco VPN concentrator appliances in a redundant loop.

 

[Malo]

On my network for 120ish PCs and 150ish employees including remote and satellite office, we use a Cisco 2650 and PIX for external routing, and a 1700 for internal routing, linked to 6 3550 switches. I love Cisco gear, very robust, reliable and fast equipment.

edit: afaik the PIX are being replaced by a new line of firewalls by Cisco.

 

[Mize]

Cisco's stuff is great (albeit harder to configure for most folks) but overkill for sub 100 clients IMHO (although I have a Cisco running my wifi in my manufacturing warehouse).

A good, feature rich, router is the Safe@Office 500. You can get VPN, AV, FW (stateful - it's the CheckPoint FW-1 firmware) and rudimentary filtering for pretty cheap. Very easy to configure too. It's not going to hang with the big boys, but very affordable for a small office.